A firewall is a security system (hardware or software) that will define and control the flow of data. It will analyse what is allowed to enter and leave your network. Your modem provided by your internet service provider is a hardware firewall for example. It has few functions, but it is still a firewall. A firewall is said to “enforce security policy” through action rules for network traffic. In simple terms, it will only accept the types of communications defined in the rules. On the other hand it will reject anything that is not explicitly allowed.
In this article, we will install Pfsense and do the basic configurations before thinking about the advanced options.
Pfsense architecture and requirements
Here is a representation of the virtual infrastructure used throughout our article.
| Norton Secure VPN 2023 for up to 5 Devices | |
 | 19,99 $ |
Pfsense is administered via a web interface, so you need a client computer with a web browser. The client must have an IP address in the same local network as the firewall. So I have a virtual machine (VM) client under Windows 10 with a classic installation to be able to access pfsense afterwards and a second VM which will be my firewall.
As far as the pfsense VM configuration is concerned, it is quite light (made under VMWare Workstation):
On the other hand, for pfsense acting as a router, it is imperative to have 2 network cards, on 2 different networks: the WAN network (Internet) and the LAN network (local). The first card will correspond to the WAN interface of pfsense, it has been positioned in NAT.the second will be the LAN interface, it is positioned here in a private network (vmnet3).
Installation of Pfsense
Once your 2 virtual machines are ready, you can easily follow us. Let’s start by installing pfsense. After inserting the pfsense ISO in a dedicated VM or on a bootable device, you can boot the machine. The setup will start automatically after a few seconds.
The installation will be done by keyboard. Press Enter to accept. Make sure you are on “Install” (should be selected in dark blue as in the picture below, otherwise move with the arrows on your keyboard) and press Enter to do OK.
You have to select the keyboard (which is not very useful because the keyboard will remain in qwerty anyway…). Choose the keyboard you want and continue. The setup will ask you to partition the storage disk of the machine. Unless you need a very specific configuration, stay on “Auto (UFS)” and press Enter
The installation is now launched. Wait a few seconds, it is very fast.
You will then be asked to open a shell (terminal) if you want to make any changes. Move over the “No” box and press Enter. To complete this system installation, reboot and boot directly into the new, freshly installed pfsense. On startup, pfsense will launch, test and configure the services it needs. In the image below, you can see that pfsense has tested the presence of the WAN interface and configured it, and the same for the LAN interface. It has also started the DNS service for domain name resolution.
Once the boot is complete, you will have the following view of the machine:
Pfsense interface configuration
We can see our two network interfaces (WAN and LAN). We can also see that the WAN interface has been given an IP address automatically by DHCP (which corresponds to the public IP address). Concerning the LAN, it assigns a static address by default that we will change.
You have 16 menus that will allow you to do different actions and configurations. To use them, you have to enter their number and press Enter. We have one last thing to do before we go to the Pfsense web interface for the final configuration. We need to assign the correct IP address to the LAN interface, i.e. the one that corresponds to our local network (for me in this article, 192.168.3.1). To do this, at the menu choice, type 2 then Enter. I am asked which interface I want to modify. The LAN interface here is the 2nd, so I type 2 and press Enter.
Then enter the IP address that you give to this interface which will be the exit gateway of your local network. When you have entered the IP address, press Enter to move on.
Set the subnet mask of the local network in CIDR notation only, so 24 for me. Pfsense then asks if the network has a gateway to which to forward flows. This is not the case for me, the WAN interface is already doing the job and I don’t have another router in my network so I just press Enter to leave it blank.
I don’t want to set any IPv6 addresses, so I leave it blank. I also don’t want to enable DHCP service for the local network so I type “n” to answer “no” and Enter. And finally, the last question is about the protocol used to go to the web interface. By default it is HTTPS so it is secure. You can choose to switch it to HTTP if you wish by answering “y” for “Yes”. Personally I will answer “n”.
The configuration of the LAN interface is finished. I see on the screen the URL to use to go to pfsense which is https://192.168.3.1/, its IP address.
| Norton Secure VPN 2023 for up to 5 Devices | |
| 19,99 $ |
The configuration of pfsense on the command line is now finished, let’s go to the web interface. From a PC on the local network with a fixed IP address if DHCP is not active, open a web browser and access your pfsense.
See the first part of the guide
Also check on :