# OPNsense Firewall Installation in VMWare Workstation
## STEP 1: Create the OPNsense VM
1. Click Create a New Virtual Machine
2. Select Typical
3. Install OS → Choose I will install the OS later
4. OS Type → Other → FreeBSD 64-bit
5. Name → “OPNsense FW”
6. Disk → 20GB (is enough)
7. Finish\
***
## 🔌 STEP 2 — Add the Network Adapters
Go to VM Settings → Network Adapter
#### Configure the NICs in this order:
1. Adapter 1 → VMnet2 (Management / LAN)
2. Click Add → Network Adapter\
Adapter 2 → VMnet3 (Corp)
3. Add another\
Adapter 3 → VMnet4 (DMZ)
If you want WAN/internet later, add:\
4\. Adapter 4 → VMnet8 (NAT) (optional)
⚠ IMPORTANT:\
OPNsense assigns NICs by the order they appear to the OS, not VMware’s name.\
We will map them correctly during setup.
#### Network Interfaces & Concept
| Interface | Network | Purpose |
| -------------- | ------------- | ------------------------------------ |
| LAN | 10.10.10.0/24 | MGMT — full admin control |
| OPT1 | 10.10.20.0/24 | CORP — internal users, AD, endpoints |
| OPT2 | 10.10.30.0/24 | DMZ — web apps, honeypot, targets |
| WAN (optional) | NAT | Internet |
#### Why this matters:
* You learn real segmentation (essential for SOC and pentesting).
* You avoid “flat networks,” which hide security issues.
***
## 💿 STEP 3 — Boot OPNsense ISO
1. Download OPNsense ISO (DVD installer)
2. Mount ISO in VM settings
3. Start VM
4. Choose Install OPNsense
***
## 🧭 STEP 4 — OPNsense Installation
When booted:
1. Login as:\
Username: installer\
Password: opnsense
2. Choose Install
3. Partitioning → Guided (Quick/Easy)
4. Root Password → set your own
5. Reboot
Now login with:
* root
* password: your root password
***
## 🌐 STEP 5 — Assign Interfaces
At the console menu, you will see:
Do you want to configure VLANs?\
Type: n
Then you must assign interfaces.
#### You must discover which NIC is which:
Type: ifconfig
You will see network interfaces like:
* em0
* em1
* em2
* em3 (if WAN exists)
Typically in VMware:
* First NIC = em0
* Second NIC = em1
* Third NIC = em2
* Fourth NIC = em3
#### Assign like this:
| VMware Adapter | VMnet | OPNsense Interface | Assign as |
| -------------- | ------ | ------------------ | --------- |
| Adapter 1 | VMnet2 | em0 | LAN |
| Adapter 2 | VMnet3 | em1 | OPT1 |
| Adapter 3 | VMnet4 | em2 | OPT2 |
| (Optional) 4 | VMnet8 | em3 | WAN |
#### Type in console:
* LAN: em0
* WAN: (press ENTER to skip since you don’t want WAN now)
* OPT1: em1
* OPT2: em2
When finished → type y to confirm.
***
## 🌐 STEP 6 — Set LAN IP (Management Network)
OPNsense will ask you:
Do you want to configure the IPv4 address on LAN?\
Type: y
Enter:
* LAN IP: 10.10.10.1
* Subnet mask: /24
* Gateway: (leave blank)
* DHCP server: y
* DHCP range:
* Start: 10.10.10.100
* End: 10.10.10.200
***
## 🧱 STEP 7 — Configure OPT1 (Corp Network)
Type:
7\) Configure interfaces
Then choose em1:
* Enable IPv4 → Yes
* IP → 10.10.20.1
* Mask → /24
* DHCP server → Optional
* Block private networks → No
***
## 🧱 STEP 8 — Configure OPT2 (DMZ Network)
Select em2:
* Enable IPv4 → Yes
* IP → 10.10.30.1
* Mask → /24
* DHCP server → Optional
***
## 🖥 STEP 9 — Access Web GUI
From a VM on VMnet2 (Management):
Open browser →
Login:
* user: root
* pass: your root password
***
## 🔥 STEP 10 — Configure Firewall Rules
By default, OPNsense blocks all non-LAN traffic.
#### Add rules:
#### LAN → Allow Everything
Already exists.
#### OPT1 (Corp) → Allow Outbound
Go to:\
Firewall → Rules → OPT1 → Add
Allow:
* Source: OPT1 net
* Destination: any
#### OPT2 (DMZ) → Web-only outbound
Firewall → Rules → OPT2 → Add
Allow:
* Source: OPT2 net
* Destination: any
* Protocol: TCP
* Ports: 80, 443
#### Block DMZ → Corp
Add blocking rule:
* Source: OPT2 net
* Destination: 10.10.20.0/24\
→ Block
#### Block Corp → Management
* Source: OPT1 net
* Destination: 10.10.10.0/24\
→ Block
This creates proper isolation.
***
## 🎉 YOU NOW HAVE A WORKING 3-ZONE FIREWALL LAB!
* Management zone (admin access)
* Corp network (clients)
* DMZ (public services)
* All routed through OPNsense
* Firewall rules controlling segmentation