How to Deploy an OPNSense Firewall

OPNSense is one of the most popular open-source firewall and routing platforms. It’s known for its flexibility, robust features, and ease of use. OPNSense is based on FreeBSD, which provides advanced security features such as intrusion detection, VPN, traffic shaping, and monitoring. By deploying OPNSense on Kamatera cloud platform, you can:

Adjust server resources based on network traffic.
Implement complex firewall rules, VPN configurations, and network monitoring without expensive hardware.
Deploy OPNSense on multiple data centers improving network performance and redundancy.
Manage and update firewall rules, VPNs and other security systems from anywhere with OPNSense’s web management interface.

Let’s go through the steps to deploy an OPNSense Firewall using Kamatera’s Service Image.

Enter your credentials to access the Kamatera management console and click Login.

2. Navigate to My Cloud on the left-hand side and select Servers. On the left-hand side navigation menu, click on Create New Server, or use the Create New Server button on the right-hand side.

3. Choose zone:

Choose the zone according to your requirements.

Asia
North America
Europe
Middle East

Depending on the zone you select, the available countries will be displayed.

Note: For this setup, we used the Asia server domain to set up the OPNSense Firewall.

4. Choose an image:

Kamatera offers a variety of App and Server Images to help users set up preconfigured resources. Users can explore options such as

Server OS Images
Desktop OS Images
App Images
Service Images
My Private Images

5. Choose Service Images and select OPNSense.

6. In Choose Version, select the latest version of OPNSense Firewall.

7. Upon selecting the version, OPNSense URL, Username, and Password are displayed.

8. Toggle the Detailed view button to ‘ON’ to view the detailed description, including the price.

9. Choose Server Specs:

Note: Type- B (General), CPU- 2, RAM- 8 GB, SSD DISC#1- 80 GB are selected.

Toggle the Daily Backup and Management Services button to ‘ON’ according to your requirements.

Field	Description
Type	Type B-General Purpose– Server CPU are assigned to a dedicated physical CPU thread with reserved resources guaranteed. Type D–Dedicated – –Server CPU are assigned to a dedicated physical CPU Core (2 threads) with reserved resources guaranteed. Type T – Burst – Server CPU are assigned to a dedicated physical CPU thread with reserved resources guaranteed. Exceeding an average usage of 10% will be extra charged for CPUs usage consumption. Type A-Availability- Server CPUs are assigned to a non-dedicated physical CPU thread with no resources guaranteed. Note: More information on CPU types is available on the My Cloud- Pricing page.
CPU	Choose the number of vCPUs that will be installed on the server. Type B/T can be configured with upto 104 vCPUs per server. Based on Intel’s latest Xeon Processors, 2.7 GHz+.
RAM	Choose the amount of RAM that will be installed on the server. Type B/T/D can be configured with upto 512GB RAM per server.
SSD DISK	Choose SSD Storage Size. You can add upto 15 SSD Disk. SSD Storage includes unlimited IOPS and unlimited storage bandwidth, free of charge.
Daily Backup	Toggle the switch to enable extended daily backups of your server’s storage to external backup storage.
Management Services	Toggle the switch to enable Management Services to the server’s operating system by Kamatera Technical Support Team.

10. Choose Networking:

Simple mode:

Field	Description
Public Internet Network	Check to connect the server to a network interface connected to Public Internet Network.
Private Local Network	Check to connect the server to a network interface connected to Private Local Network.

Advanced mode:

You can add network by clicking on +Add Network.

Field

Description

NIC #1

Select WAN from the options available in the drop-down menu.

WAN
LAN
New LAN

Select auto from the options available in the drop-down menu.

Auto
Network

Select auto from the options available in the drop-down menu.

Auto
IP

WAN Traffic

Select 5000 GB per month/ on 10 Gbit per second port.

11. Advanced configuration:

Hide – To hide the advanced configuration.

Show – To see the advanced configuration.

Field	Description
Install Script	Enter the script here to execute once the server is created. Note: For Windows system use Power Shell.
Keep Server On Failure	Do not terminate server if start up script or provisioning fails
Server Notes	Enter any server notes to be noted.
Tags	Select the Tags from the drop-down menu and click Add.

12. Finalize Settings:

Finalize settings by setting the password, re-validating it, selecting the number of servers, specifying the server’s name, and enabling the Power On Servers option.

Field	Description
Password	Select password Password allowed characters: a-z, A-Z,0-9 !@#$^&*()~ and must need the following requirements: At least 14 characters At most 32 characters At least one lowercase character At least one upper case character At least one number Includes allowed characters only
Validate	Re-enter the password to validate.
Servers	Select the number of servers the user wants.
Name # 1	Enter the name of the server.
Power On Servers	Switch on the toggle button to see the details

13. Billing Cycle and Pricing:

Once the user enters the details in Finalize Settings, they can select either the Monthly Billing Cycle or Hourly Billing, depending on their requirements. After choosing the billing cycle, click on CREATE SERVER.

Note: The Server Summary displays the location, operating system (including server specifications), add-on services, servers, and pricing.

14. The server will be added to the Tasks Queue.

15. Once the server is created, you will see the status as success.

The server will appear under Server Management.

Click Open, and a new screen will open.

16. On the right side, the overview of Windows Server that you just created is displayed.

Click CONNECT, and a new screen will open.

17. In the new screen, under the

Connection Credentials section: Connection Type, Username and Password are displayed.
Remote Console section, click Open Remote Console.

18. A new tab opens, connecting to the new server displaying LAN, WAN, and other details. Login with username and password and hit Enter.

Now, the firewall is in live environment. We can interact with Live environment using Local console, HTTPS or SSH.

You can login to the shell using the username (go to step-17, to see username) and password (that is entered when you created a server) to operate the live environment via the local console.

The GUI is accessible at https://172.16.0.1/ (that is LAN) using username and password.

Using SSH, we can access the firewall at IP 172.16.0.1.

19. The console menu shows 13 options. From 0 to 13, enter an option and configure the system according to your requirements.

OPNsense has a command line interface (CLI) tool called “opnsense-update”. By entering option 8) Shell from the menu, the user can get to the shell and use opnsense-update.

Now, you are in shell. For help, type the below command and press Enter.

Command: man opnsense-update

The other method to update the system is via console option 12) Update from console.

You can even assign interfaces by selecting option 1) Assign interfaces.

Ping the host by selecting 7) Ping host and enter your IP address.

An update can be done through the GUI. Go to System-> Firmware-> Updates.
Now, you are in OPNSense dashboard.
The Dashboard is the first page you will see after you log into OPNsense. Additionally, it can be accessed via Lobby ‣ Dashboard. The Dashboard provides an overview of your system status.

Configuration:

What is shown on the Dashboard can be configured by adding and removing widgets. Some widgets also allow further configuration.

By default, the following widgets are present:

System Information: Shows information about the installed OPNsense version, updates etc.

Memory: Shows memory usage.

Disk: Shows disk usage.

CPU: Shows CPU usage.

Gateways: Shows used gateways.

Interface Statistics: Shows the number of packets, bytes and errors handled by each interface.

Firewall: Collects logged events from the moment the dashboard has loaded to represent a snapshot of what the firewall is currently seeing. Can be expanded to show a live log.

Traffic Graph: Shows traffic passing through the system.

In the upper right corner of the page, you can find the following buttons:

Edit dashboard (pencil icon): Enter edit mode. Unlocks the dashboard temporarily so you can move, resize, remove, or configure widgets.

Add widget (plus icon): Opens a dialog window with a list of widgets that can be added to the Dashboard. Simply click on an entry in the list to add it to the Dashboard.

Restore default layout (widgets icon): Restores the dashboard to its default configuration discarding all your modifications.

Save: After editing the dashboard, you can make all changes persistent by clicking this button. Otherwise, the changes will be discarded as soon as you reload the page.

If the dashboard is in edit mode, the following buttons are available in the upper right corner of every widget:

Edit (pencil icon): Click this to modify the widget settings. This button is only present if the widget is configurable.

Remove (cross icon): Removes the widget from the Dashboard.

If the widget is not in edit mode, you can find a link in the upper right corner of each widget if applicable, which will take you to the relevant configuration page.
All widgets can be resized by dragging on one of the corners of the widget.

The Disk Usage widget shown as diagram will change to table mode when the widget is enlarged to at least two rows.

Even for the Firewall diagram, when its size is one row, it shows less information.

Enlarging this firewall widget to three rows will turn into table mode and firewall log.

And that’s it! Congratulations, you have succesfully deployed an OPNSense Firewall using Kamatera.

How to Deploy an OPNSense Firewall on Kamatera