Configure Pfsense Firewall
In this article our focus is Pfsense setup, basic configuration and overview of features available in the security distribution of FreeBSD. In this tutorial we will run network wizard for basic setting of firewall and detailed overview of services. After the installation process following snapshot shows the IP addresses of WAN/LAN and different options for the management of Pfsense firewall.
After setup , following window appear which shows the url for configuration of Pfsense.
Open above given URL in the browser and login with username admin and password pfsense
After successful login, following wizard appears for the basic setting of Pfsense firewall. However setup wizard option can be bypassed and user can run it from the System menu from the web interface.
Click on the Next button to start basic configuration process on Pfsense firewall.
Setting hostname, domain and DNS addresses is shown in the following figure.
Setting time zone is shown in the below given snapshot.
Next window shows setting for the WAN interface. By defaults Pfsense firewall block bogus and private networks.
Setting LAN IP address which is used to access the Pfsense web interface for further configuration.
By default password for web interface is "pfsense". Enter new password for admin user on the following window to access the web interface for further configuration.Click on the "reload" button which is shown below. It applies the setting and redirect firewall user to main dashboard of Pfsense.
As shown in the following snapshot, Pfsense dashboard shows system information (such as cpu details, os version, dns detail, memory consumption) and status of ethernet/wireless interfaces etc.
PFsense consist of System, interfaces, firewall,services,vpn,status,diagnostics and help menus.
- Configuration of web interface
- Firewall/Nat setting
- Networking setting
- System tuneables setting
- Notification setting
In the Cert manager sub menu, firewall administrator generates certificates for CA and users.
In the Firmware sub menu, user can update Pfsense firmware manually/automatically. User can take full backup of Pfsense configurations.
In the General Setup sub menu, user can change basic setting such as hostname and domain etc.
As menu title indicates, user can enable/disable high availability feature from this sub menu.
Packages sub menu provides package manager facility in the web interface for Pfsense .
User can perform gateway and route management using Routing sub menu.
Setup Wizard sub menu opens following window which start basic configuration of Pfsense.
Management of user can be done from the User manager sub menu.
This menu is used for the assignment of interfaces (LAN/WAN), VLAN setting,wireless and GRE configuration etc.
Firewall is the main and core part of Pfsense distribution and it provides following features.
Aliases are defined for real hosts, networks or ports and they can be used to minimize the number of changes.
NAT (Network Address Translation)
NAT binds a specific internal address to a specific external address. Incoming traffic from the Internet to the specified IP will be directed toward the associated internal IP.
Firewall rules control what traffic is allowed to enter an interface on the firewall. After traffic is passed on the interface, it enters an entry in the state table is created.
Firewall rules can be scheduled so that they are only active at certain times of day or on certain specific days or days of the week.
Traffic shaping is the control of computer network traffic in order to optimize performance and lower latency.
Virtual IPs add knowledge of additional IP addresses to the firewall that are different from the firewall's real interface addresses.
Services menu shows services which are provided by the Pfsense distribution along firewall.
New program/software installed for some specific service is also shown in this menu such as snort. By default following services are listed in services menu.
The captive portal functionality in Pfsense allows securing a network by requiring a username and password entered on a portal page.
The DHCP Relay daemon will relay DHCP requests between broadcast domains for IPv4 DHCP.
User can run DHCP service on the firewall for the network devices.
DNS Forwarder/Resolver/Dynamic DNS
DNS different services can be configured on the Pfsense firewall.
User can configure IGMP on the Pfsense firewall from services menu.
Load Balancing is one of the important feature which is also supported by the Pfsense firewall.
SNMP (Simple Network Management Protocol)
Pfsense supports all versions of snmp for remote management of firewall.
Wake on Lan
Using this feature packet sent to a workstation on a locally connected network which will power on a workstation.
It is one of the most important feature of Pfsense. Its supports following types of vpn configuration.
IPsec is a standard for providing security to IP protocols via encryption and/or authentication.
L2TP/IPsec is a common VPN type that wraps L2TP, an insecure tunneling protocol, inside a secure channel built using transport mode IPsec.
OpenVPN is an Open Source VPN server and client that is supported on pfSense.
It shows the status of services provided by Pfsense such as dhcp server, ipsec and load balancer etc.
This menu helps administrator/user for the rectification of Pfsense issues or problems.
This menu provides links for different useful resources such as FreeBSD handbook,developer wiki, paid support and pfsense book.
In this article our focus was on the basic configuration and features set of Pfsense distribution. It is based on FreeBSD distribution and widely used due to security and stability features. In our future articles on Pfsense, our focus will be on the basic firewall rules setting, snort (IDS/IPS) and IPSEC VPN configuration.