I was fighting randomly dropped network connections through OPNSense. The drop would last for about 30s and then reconnect. This obviously was frustrating for the users.
Solution is obvious (now) and thus I wanted to share as I have more grey hair now than when I started.
The OPNSense firewall with the problem is assigned a block of public IP addresses.
WAN = XXX.XXX.XXX.50 / 28
ZT running on OPNSense will use the first WAN IP address by default that will appear as the public IP in ZT Web Gui. It uses that first IP >99% of the time and sometime for hours, but it will randomly change to another IP for a few seconds UNLESS the other public WAN addresses are blacklisted in the local.conf area of OPNSense.
Again obvious now, but wasn’t easy for me to see happen.
Hope this helps someone else.