SOHO Router Checklist

Steps to setting up (from scratch) an OPNsense router in a SOHO setting. They are NOT in order, rather by subject. Assumes you have a network plan in place. Also assumes a single router, with no HA type setups.

Hardware

1. Hardware assembly and bringup
2. BIOS setup
3. Implement maintenance (cron)
4. Implement Event and Statistics Logging
5. Implement Monitors, Reporting, Analysis and Alerting (e.g. ntopng, monit, munin)

OS

1. OS install and bringup; package update
2. OS access and auth
3. OS backup setup (local)
4. OS backup setup (remote)
5. Implement maintenance (cron)
6. Implement Event and Statistics Logging
7. Implement Monitors, Reporting, Analysis and Alerting (e.g. ntopng, monit, munin)

System Services

1. Setup local logging
2. Setup remote logging to logging server
3. Config cron service
4. Config monit service
5. Config munin service
6. Setup NTP server on router; backup server on LAN host
7. Implement maintenance (cron)
8. Implement Event and Statistics Logging
9. Implement Monitors, Reporting, Analysis and Alerting (e.g. ntopng, monit, munin)

Network Links

1. Network hardware bringup
2. LAN link(s) bringup (dual stack)
3. WAN link(s) bringup (dual stack)
4. Implement maintenance (cron)
5. Implement Event and Statistics Logging
6. Implement Monitors, Reporting, Analysis and Alerting (e.g. ntopng, monit, munin)

Network Routes

1. Link aggregation bringup and/or LTE/5G failover link(dual stack)
2. Setup VLAN (and other things like bridges)
3. Gateway(s) configuration
4. Setup aliases
5. Setup any static routes required (including SNAT)
6. Setup bi-directional network pings (dpinger,monit)
7. Implement maintenance (cron)
8. Implement Event and Statistics Logging
9. Implement Monitors, Reporting, Analysis and Alerting (e.g. ntopng, monit, munin)

VPN

1. Setup VPN (and things like tunnels)
2. Setup any static routes required (including SNAT)
3. Implement maintenance (cron)
4. Implement Event and Statistics Logging
5. Implement Monitors, Reporting, Analysis and Alerting (e.g. ntopng, monit, munin)

Network Services

1. Setup DHCP/SLAAC; Router Advertisement
2. Setup DNS for local network lookups
3. Setup DNS for external lookup caching; secure DNS
4. Setup DNS for external hosts; setup dyndns
5. Implement maintenance (cron)
6. Implement Event and Statistics Logging
7. Implement Monitors, Reporting, Analysis and Alerting (e.g. ntopng, monit, munin)

External Hosts

1. Setup IPv4 firewall rules for external access (e.g. port forward, etc)
2. Setup IPv6 firewall rules for external access (e.g. port opens, etc)
3. Implement maintenance (cron)
4. Implement Event and Statistics Logging
5. Implement Monitors, Reporting, Analysis and Alerting (e.g. ntopng, monit, munin)

Network Security

1. Config firewall
2. Config spamhaus drop lists
3. Config bogon drop lists
4. Config DNSBL (e.g. Unbound DNS)
5. Config IDS (e.g. surricata and CrowdSec)
6. Implement maintenance (cron)
7. Implement Event and Statistics Logging
8. Implement Monitors, Reporting, Analysis and Alerting (e.g. ntopng, monit, munin)

Network Performance

1. Setup web caching (e.g. http proxy)
2. Setup QoS/traffic shaping
3. Implement maintenance (cron)
4. Implement Event and Statistics Logging
5. Implement Monitors, Reporting, Analysis and Alerting (e.g. ntopng, monit, munin)