pfSense firewall setup

Posted on

A pfSense firewall is an open-source, highly customizable firewall solution that provides robust protection for your network. It’s an ideal choice for both small and large-scale environments due to its flexibility, scalability, and extensive feature set. By using pfSense, you can easily implement network security policies, control traffic, and protect against external and internal threats. Whether you’re setting it up for home use, a business, or an enterprise network, pfSense allows you to tailor your firewall to meet specific needs, such as VPN support, traffic shaping, and intrusion detection.

Below is a step-by-step guide for setting up and configuring a pfSense firewall, where you’ll learn how to implement all the necessary components and settings for a fully functional firewall solution.

Step-by-Step Guide to Setting Up pfSense Firewall Lab

Step 1: Set Up Virtualization Environment

To set up pfSense in a virtual lab, you’ll need a virtualization tool like VirtualBox or VMware. This allows you to create a virtualized environment to run pfSense.

  1. Install VirtualBox or VMware:
    • Download and install VirtualBox from here or VMware Workstation (for paid options) from here.
  2. Download pfSense ISO:
    • Go to the official pfSense website: pfSense Downloads and download the appropriate ISO image based on your hardware architecture (e.g., AMD64 for most modern systems).

Step 2: Create a New Virtual Machine (VM)

  1. Create a New VM in your virtualization software (e.g., VirtualBox or VMware).
    • For VirtualBox: Click New and select Other for the OS type. Choose a name (e.g., pfSenseFirewall) and allocate at least 1 GB of RAM.
    • For VMware: Click Create a New Virtual Machine, select Custom, choose the operating system type as Other, and allocate 1 GB of RAM.
  2. Set Virtual Hard Disk:
    • Create a 20 GB virtual hard disk for pfSense (or adjust based on your needs).
  3. Configure Network Interfaces:
    • Adapter 1 (WAN Interface): Set the first adapter to Bridged Adapter or NAT if you want the firewall to interact with your host machine’s network.
    • Adapter 2 (LAN Interface): Set the second adapter to Internal Network or Host-Only Adapter (for local network testing).
  4. Load pfSense ISO:
    • In the VM settings, set the ISO you downloaded as the bootable medium for the CD/DVD drive.

Step 3: Install pfSense

  1. Start the VM and boot from the ISO.
  2. Follow the pfSense installation process:
    • Select Install pfSense and choose the default options for most settings (you can customize these if needed).
    • Accept the default settings and wait for pfSense to install.
  3. Reboot the VM once installation is complete, and remove the installation ISO from the virtual CD/DVD drive.

Step 4: Configure pfSense

  1. Initial Setup Wizard:
    • After rebooting, pfSense will provide an IP address for the WAN interface (e.g., 192.168.1.1).
    • Connect to pfSense by opening a browser on your host machine and typing the WAN IP address in the address bar.
  2. Login to pfSense:
    • Default username: admin
    • Default password: pfsense
  3. Setup the Basic Configuration:
    • After logging in, pfSense will present a wizard for basic setup.
    • Assign WAN and LAN interfaces (WAN will typically connect to your internet or external network, and LAN will connect to your internal network).
    • Configure the LAN interface with a static IP (e.g., 192.168.1.1/24).

Step 5: Configure Firewall Rules

  1. Access the Firewall Rules:
    • Go to Firewall > Rules in the pfSense web interface.
    • WAN Interface: Add a rule allowing HTTP/HTTPS or the necessary protocols to pass through if you want remote access to pfSense.
      • For example: Add a rule to allow any traffic from the WAN interface to access the LAN interface for testing purposes.
  2. LAN Interface:
    • On the LAN interface, create rules to allow outgoing traffic. By default, pfSense allows outgoing traffic on the LAN interface.
    • Add specific rules if you need more granular control over which types of traffic are allowed.

Step 6: Test the Network Configuration

  1. Test Connectivity:
    • From the LAN network, ping the pfSense LAN IP address to ensure connectivity.
    • Test the internet connection from a device on the LAN network by pinging an external site (e.g., ping google.com).
  2. Check Firewall Logs:
    • Go to Status > System Logs > Firewall to monitor traffic logs and verify that the firewall rules are functioning as expected.

Step 7: (Optional) Configure Advanced Features

  1. VPN Setup:
    • If you want to set up a VPN (e.g., OpenVPN), go to VPN > OpenVPN and follow the configuration steps to enable secure remote access to your network.
  2. DNS and DHCP:
    • DHCP Server: Enable DHCP under Services > DHCP Server for the LAN interface to automatically assign IP addresses to devices on the network.
    • DNS Settings: You can configure pfSense to use external DNS servers (like Google DNS or Cloudflare) under System > General Setup.
  3. Traffic Shaping (Optional):
    • Set up Traffic Shaping if you need to prioritize certain types of traffic (e.g., VoIP or streaming) on your network.

Step 8: Save Configuration and Backup

  1. Save Configuration: Go to Diagnostics > Backup & Restore to back up your pfSense configuration settings.
  2. Snapshot/Restore Points: Take a snapshot of the VM once everything is configured to preserve your setup for future reference.

SHARE ON

Facebook
Linkedin
Twitter