OPNSense Playlist, covers all of this: kzbin.info/aero/PLXHMZDvOn5sVAhOGZOUVk5Hfk0k1q-It2&si=zM9GAcIwvzkMnH0P

Been working with pfsense for about 4 years now absolutely love it. Just remember to back up your configuration often. Trust me it will save you a lot of headaches. When you break things and you will. It just comes with the territory.

Awesome video as usual, very information and easy to follow a long. I have been waiting for this pfSense part 2 for longggg time haha! Thank you so much for upload the vid, can not wait for the next one.

Thanks for the great video. I really appreciate seeing a for detailled insight in IDS and IPS. Cheers

Thank you for the video :)

Thanks for sharing your work!

Outstanding job Jim! Never watched a video about pfsense (I have fork version opnsense) but was easy to follow although networking, vlans and so on are tough topics... Thanks for putting so much effort to share all your wisdom to the world :)

great vid! Maybe site-to-site on wg next time?

Hi Jim; Great video as always. What I couldn’t get is if Vlan20 and 40 are just virtual systems (not physical devices like IOT, Cameras, Office Laptops etc), why do they need to be configured on the Switch itself. Does that mean, one has to have an individual / physical port for each virtual VLAN (ie no underlying physical device) created in Proxmox / PfSense ?

Good video! Have you looked into Suricata instead of Snort for IDS/IPS? Curious what your opinion is on it.

Thank you for this. Great work! This is first to see Nordvpn setup. You have setup accross all LANs. I wonder if there is a way to specifiy as a gateway. Also, there is no mention of kill switch mechanism. May be through packet tagging, not sure.

Last I heard KEA DHCP was not feature complete, be cautious!

Could you cover traefik and PfSense with the port 443/444 for internal external access? Hairpin/NAT Reflection is a pain to get working in PfSense. Split DNS is recommended instead, but that doesn't support port changing if i understand correctly.

Great video! Is there already a way of using MFA in VPN (either from pfsens or OPNSense) without entering the OTP+password / password+OTP when authenticating? Should be a 2nd phase separately as it is in any other solution. Thanks

Opnsense please! 😀

First 🙌

Now kind Sir, you're talking my language. Unfortunately we all aren't in position to "hijack" the entire network for ourselves or our homelab and just tell the rest of the family to use neighbor's wi-fi (regardless if you're a "dad-in-charge".. when ever wife is kind enough to let you believe in such.. hmm, nonsense... or a "regular" part of a family) so thank you for this distinction. Let's rock'n'roll - for younger viewers then is the ONLY real genre of music and you poor young souls have no idea what you're missing. (The opinions are my own and not of my employer - pls don't send h8 and spread only love via these internet comments)

Hi, great video I have a UCG Ultra right now connected to my modem and i tried switching it like this ISP-pfsense-ucg-accesspoints But in this scenario my pfsense only sees ucg ip in logs and not individual hosts connected to AP. I want to monitor network connections in a SIEM. Can you suggest how can i overcome this? Thanks

What's the additional hardware requirement from running Wireguard, OpenVPN and snort? I'm in a virtualised environment on Proxmox and looking to keep resource allocations as meagre as possible. Currently running pfSense with just 1 core and 512MB of memory (I know the reqts are higher), so wondering what I will need to tweak if I add snort and Wireguard?

Chet Jim, great content as usual. You are one of the Goats!! Did not know you were Could you do a review of Wazuh next?

Thanks for the great video. Could you do another video to cover QinQ (IEEE 802.1ad) Vlan on Pfsense ?

great video!! now, given your previous experience with OPNsense, and now that you've switched to pfSense, have you formed a preference for either firewall?

RE the NAT piece re WireGuard, I assume you're only doing that due to running full tunnel setup? I'm still on pfsense, I started looking at v21 Early Access Sophos XG, but back here.. SDN is of interest on Sophos XG, but I am using multiple WAN. Virgin and 4G failover, I don't like the monitor IP option on pfsense as it essentially creates a static route underneath. Next thing I'll be doing re "homelab" is spinning up an internal CA and lets encrypt only for the pfsense box. WG for my IOS devices, OpenVPN for laptop and IPSec for s2s to other family firewalls.

Very cool vid, and yes I might be interested by a IDS/IPS deep dive video :D