This is part two of a two-part series.
As I mentioned in Part One, this configuration is written as two parts for a specific use case. First is a 'base-config' that has all common settings and part two covers settings that would be different between my friend's clients. Between the two parts, you can put together a fully functional OPNSense Layer 7 firewall with ZenArmour for personal or small business use. Just like with Part One, you can adjust as needed such as importing the config.
Base-Config Deployment Process
Put the downloaded Part-One config on a separate FAT32 USB stick as /conf/config.xml for import during install. Do not put on the install media.
Follow Part One to install OPNSense until the Initial Wizard via HTTPS step.
You would simply type the device name and it will import the configuration from part one. In this example, you simply enter 'da0'. Continue the boot and let it autoconfigure the networks.
NOTE: If not running on Intel emX based NICs (such as igcX) you can modify the config file for interfaces before import as this will save time later. Boot the installer USB and it will state the device NICs.
TIP: search for ‘>em0<’ for example as older vlans could be ‘em0_vlan400’ for so including brackets will exclude the vlans for later replacement.
From another PC on the LAN goto HTTPS://192.168.1.1, login with root/opnsense