{"id":3192,"date":"2025-02-23T02:35:44","date_gmt":"2025-02-23T08:35:44","guid":{"rendered":"https:\/\/chrisrgaunt.com\/?p=3192"},"modified":"2025-03-01T00:27:32","modified_gmt":"2025-03-01T06:27:32","slug":"pfsense-firewall-setup","status":"publish","type":"post","link":"https:\/\/chrisrgaunt.com\/?p=3192","title":{"rendered":"pfSense firewall setup"},"content":{"rendered":"\n<p>A pfSense firewall is an open-source, highly customizable firewall solution that provides robust protection for your network. It&#8217;s an ideal choice for both small and large-scale environments due to its flexibility, scalability, and extensive feature set. By using pfSense, you can easily implement network security policies, control traffic, and protect against external and internal threats. Whether you&#8217;re setting it up for home use, a business, or an enterprise network, pfSense allows you to tailor your firewall to meet specific needs, such as VPN support, traffic shaping, and intrusion detection.<\/p>\n\n\n\n<p>Below is a step-by-step guide for setting up and configuring a pfSense firewall, where you&#8217;ll learn how to implement all the necessary components and settings for a fully functional firewall solution.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Step-by-Step Guide to Setting Up pfSense Firewall Lab<\/strong><\/h3>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Step 1: Set Up Virtualization Environment<\/strong><\/h4>\n\n\n\n<p>To set up pfSense in a virtual lab, you\u2019ll need a virtualization tool like <strong>VirtualBox<\/strong> or <strong>VMware<\/strong>. This allows you to create a virtualized environment to run pfSense.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Install VirtualBox or VMware<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Download and install <strong>VirtualBox<\/strong> from <a href=\"https:\/\/www.virtualbox.org\/wiki\/Downloads\" target=\"_blank\" rel=\"noopener\" title=\"here\">here<\/a> or <strong>VMware Workstation<\/strong> (for paid options) from <a href=\"https:\/\/www.vmware.com\/products\/workstation-pro.html\" target=\"_blank\" rel=\"noopener\" title=\"here\">here<\/a>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Download pfSense ISO<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Go to the official pfSense website: <a href=\"https:\/\/www.pfsense.org\/download\/\" target=\"_blank\" rel=\"noopener\" title=\"pfSense Downloads\">pfSense Downloads<\/a> and download the appropriate ISO image based on your hardware architecture (e.g., <strong>AMD64<\/strong> for most modern systems).<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Step 2: Create a New Virtual Machine (VM)<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Create a New VM<\/strong> in your virtualization software (e.g., VirtualBox or VMware).\n<ul class=\"wp-block-list\">\n<li>For <strong>VirtualBox<\/strong>: Click <strong>New<\/strong> and select <strong>Other<\/strong> for the OS type. Choose a name (e.g., pfSenseFirewall) and allocate at least <strong>1 GB of RAM<\/strong>.<\/li>\n\n\n\n<li>For <strong>VMware<\/strong>: Click <strong>Create a New Virtual Machine<\/strong>, select <strong>Custom<\/strong>, choose the operating system type as <strong>Other<\/strong>, and allocate <strong>1 GB of RAM<\/strong>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Set Virtual Hard Disk<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Create a <strong>20 GB<\/strong> virtual hard disk for pfSense (or adjust based on your needs).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Configure Network Interfaces<\/strong>:\n<ul class=\"wp-block-list\">\n<li><strong>Adapter 1 (WAN Interface)<\/strong>: Set the first adapter to <strong>Bridged Adapter<\/strong> or <strong>NAT<\/strong> if you want the firewall to interact with your host machine\u2019s network.<\/li>\n\n\n\n<li><strong>Adapter 2 (LAN Interface)<\/strong>: Set the second adapter to <strong>Internal Network<\/strong> or <strong>Host-Only Adapter<\/strong> (for local network testing).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Load pfSense ISO<\/strong>:\n<ul class=\"wp-block-list\">\n<li>In the VM settings, set the ISO you downloaded as the bootable medium for the CD\/DVD drive.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Step 3: Install pfSense<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Start the VM<\/strong> and boot from the ISO.<\/li>\n\n\n\n<li>Follow the pfSense installation process:\n<ul class=\"wp-block-list\">\n<li>Select <strong>Install pfSense<\/strong> and choose the default options for most settings (you can customize these if needed).<\/li>\n\n\n\n<li>Accept the <strong>default settings<\/strong> and wait for pfSense to install.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Reboot the VM<\/strong> once installation is complete, and remove the installation ISO from the virtual CD\/DVD drive.<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Step 4: Configure pfSense<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Initial Setup Wizard<\/strong>:\n<ul class=\"wp-block-list\">\n<li>After rebooting, pfSense will provide an IP address for the <strong>WAN interface<\/strong> (e.g., 192.168.1.1).<\/li>\n\n\n\n<li>Connect to pfSense by opening a browser on your host machine and typing the WAN IP address in the address bar.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Login to pfSense<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Default username: <code>admin<\/code><\/li>\n\n\n\n<li>Default password: <code>pfsense<\/code><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Setup the Basic Configuration<\/strong>:\n<ul class=\"wp-block-list\">\n<li>After logging in, pfSense will present a <strong>wizard<\/strong> for basic setup.<\/li>\n\n\n\n<li>Assign <strong>WAN<\/strong> and <strong>LAN<\/strong> interfaces (WAN will typically connect to your internet or external network, and LAN will connect to your internal network).<\/li>\n\n\n\n<li>Configure the <strong>LAN interface<\/strong> with a static IP (e.g., 192.168.1.1\/24).<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Step 5: Configure Firewall Rules<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Access the Firewall Rules<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Go to <strong>Firewall &gt; Rules<\/strong> in the pfSense web interface.<\/li>\n\n\n\n<li><strong>WAN Interface<\/strong>: Add a rule allowing <strong>HTTP\/HTTPS<\/strong> or the necessary protocols to pass through if you want remote access to pfSense.\n<ul class=\"wp-block-list\">\n<li>For example: Add a rule to allow <strong>any<\/strong> traffic from the <strong>WAN interface<\/strong> to <strong>access the LAN<\/strong> interface for testing purposes.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>LAN Interface<\/strong>:\n<ul class=\"wp-block-list\">\n<li>On the <strong>LAN<\/strong> interface, create rules to allow outgoing traffic. By default, pfSense allows outgoing traffic on the LAN interface.<\/li>\n\n\n\n<li>Add specific rules if you need more granular control over which types of traffic are allowed.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Step 6: Test the Network Configuration<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Test Connectivity<\/strong>:\n<ul class=\"wp-block-list\">\n<li>From the <strong>LAN network<\/strong>, ping the pfSense LAN IP address to ensure connectivity.<\/li>\n\n\n\n<li>Test the internet connection from a device on the LAN network by pinging an external site (e.g., <code>ping google.com<\/code>).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Check Firewall Logs<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Go to <strong>Status &gt; System Logs &gt; Firewall<\/strong> to monitor traffic logs and verify that the firewall rules are functioning as expected.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Step 7: (Optional) Configure Advanced Features<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>VPN Setup<\/strong>:\n<ul class=\"wp-block-list\">\n<li>If you want to set up a VPN (e.g., OpenVPN), go to <strong>VPN &gt; OpenVPN<\/strong> and follow the configuration steps to enable secure remote access to your network.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>DNS and DHCP<\/strong>:\n<ul class=\"wp-block-list\">\n<li><strong>DHCP Server<\/strong>: Enable DHCP under <strong>Services &gt; DHCP Server<\/strong> for the LAN interface to automatically assign IP addresses to devices on the network.<\/li>\n\n\n\n<li><strong>DNS Settings<\/strong>: You can configure pfSense to use external DNS servers (like Google DNS or Cloudflare) under <strong>System &gt; General Setup<\/strong>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Traffic Shaping (Optional)<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Set up <strong>Traffic Shaping<\/strong> if you need to prioritize certain types of traffic (e.g., VoIP or streaming) on your network.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Step 8: Save Configuration and Backup<\/strong><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Save Configuration<\/strong>: Go to <strong>Diagnostics &gt; Backup &amp; Restore<\/strong> to back up your pfSense configuration settings.<\/li>\n\n\n\n<li><strong>Snapshot\/Restore Points<\/strong>: Take a snapshot of the VM once everything is configured to preserve your setup for future reference.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-group is-content-justification-center is-nowrap is-layout-flex wp-container-core-group-is-layout-1 wp-block-group-is-layout-flex\">\n<p class=\"has-white-color has-text-color\">SHARE ON<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fchrisrgaunt.com%2F%3Fp%3D72\" target=\"_blank\" rel=\"noreferrer noopener\">Facebook<\/a><\/div>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fchrisrgaunt.com%2F%3Fp%3D72\" target=\"_blank\" rel=\"noreferrer noopener\">Linkedin<\/a><\/div>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/twitter.com\/intent\/tweet?text=https%3A%2F%2Fchrisrgaunt.com%2F%3Fp%3D72\" target=\"_blank\" rel=\"noreferrer noopener\">Twitter<\/a><\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A pfSense firewall is an open-source, highly customizable firewall solution that provides robust protection for your network. It&#8217;s an ideal<\/p>\n<p><a href=\"https:\/\/chrisrgaunt.com\/?p=3192\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\">pfSense firewall setup<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":3194,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[10],"tags":[],"class_list":["post-3192","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-projects"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/posts\/3192","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3192"}],"version-history":[{"count":3,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/posts\/3192\/revisions"}],"predecessor-version":[{"id":3377,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/posts\/3192\/revisions\/3377"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=\/wp\/v2\/media\/3194"}],"wp:attachment":[{"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3192"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3192"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chrisrgaunt.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}