OPNsense Firewall Redesign, Cleanup & Optimization

Posted 2 weeks ago

Worldwide

Summary

We need an experienced OPNsense administrator to perform a complete review, cleanup, simplification, and optimization of our production OPNsense firewall (version ~26.1). The firewall currently has high rule count (~110+), legacy components, and complexity that we want to reduce significantly while maintaining strong security and adding better monitoring. Make any suggestions for Optimization or Performance or Security Enhancement. Current Environment Summary Hardware: Intel i5-6500T, multi-WAN (Shaw Static + Dynamic + Webserver), LAGG + VLAN segmentation. Key networks: Corporate, Webserver, CCTV, Service, FelixWelding, ACG. Security: CrowdSec (Free), GeoIP + ASN blocking, OpenVPN + WireGuard. Goals: - Remove bloat (Zenarmor, Tailscale, unused VLANs/aliases) - simplify VPN, strengthen inbound controls, improve monitoring. Scope of Work Required: Full review of current configuration Document current rules, NAT, interfaces, VPN, aliases, tunables. Cleanup & Removal Remove Zenarmor completely (including all remnants). Remove Tailscale. Delete unused VLANs (Management, Creekside, ACGMigration) and related DHCP/NAT/rules. Delete obsolete aliases (EXC01, KEMP, PBX, PMG, Ayush, India, Remote Workers, etc.). Remove redundant inter-VLAN block rules and outdated NAT reflection rules. Simplification & Optimization Consolidate and reorganize firewall rules (floating & interface specific) Implement clean default-deny posture with proper GeoIP + ASN + CrowdSec blocking. Optimize OpenVPN Add WireGuard Remote workers Group A → Webserver Remote workers Group B → Corporate Optimize NAT (especially hairpin/reflection). Tune sysctls, monitoring (Device Monitor, Telegraf, alerts), logging, and performance for the hardware. Testing & Handover Full testing of all networks, VPN access, published services, inter-VLAN access. Provide final clean config export + documentation. Knowledge transfer / recommendations for ongoing maintenance.

  • $250.00

    Fixed-price
  • Intermediate
    Experience Level
  • Remote Job
  • One-time project
    Project Type
Skills and Expertise
Mandatory skills
WordPress
Network Security
Nice-to-have skills
Web Design
PHP
Activity on this job
  • Proposals:10 to 15
  • Last viewed by client:2 weeks ago
  • Hires:
    1
  • Interviewing:
    2
  • Invites sent:
    0
  • Unanswered invites:
    0
About the client
Member since Jun 11, 2020
  • Canada
    Winnipeg7:08 PM
  • $21K total spent
    13 hires, 3 active
  • 3,101 hours

Explore similar jobs on Upwork

Setup PIKVM for remote accessHourly‐ Posted 4 weeks ago
Network Administration
Network Engineering
VPN
OpenVPN
Fortinet
MikroTik
PfSense
Firewall
Zabbix
SolarWinds VoIP & Network Quality Manager
Cacti
Network Monitoring
Windows Server
Linux
TCP/IP
Routing
Technical Support
IT Infrastructure
Aruba clearpass configurationHourly‐ Posted 4 weeks ago
Aruba
Wireless Communication

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo