In this article, our focus is Pfsense setup, basic configuration and overview of features available in the security distribution of FreeBSD. We will run the network wizard for the basic setting of firewall and a detailed overview of services. After the installation process following snapshot shows the IP addresses of WAN/LAN and different options for the management of Pfsense firewall.
After setup, the following window appear which shows the url for the configuration of Pfsense.
Open above given URL in the browser and login with username admin and password pfsense
After successful login, following wizard appears for the basic setting of Pfsense firewall. However, the setup wizard option can be bypassed and user can run it from the System menu from the web interface.
Click on the Next button to start the basic configuration process on Pfsense firewall.
Setting hostname, domain and DNS addresses is shown in the following figure.
Setting time zone is shown in the below given snapshot.
The next window shows the setting for the WAN interface. By default Pfsense firewall block bogus and private networks.
Setting LAN IP address which is used to access the Pfsense web interface for further configuration.
By default password for web interface is “pfsense”. Enter new password for admin user on the following window to access the web interface for further configuration.Click on the “reload” button which is shown below. It applies the setting and redirects firewall user to the main dashboard of Pfsense.
As shown in the following snapshot, Pfsense dashboard shows system information (such as cpu details, os version, dns detail, memory consumption) and status of ethernet/wireless interfaces etc.
Menu detail
PFsense consists of System, interfaces, firewall, services, VPN, status, diagnostics, and help menus.
System Menu
Sub menus of System is given below:In the Advanced sub menu user can perform the following operations.
- Configuration of web interface
- Firewall/Nat setting
- Networking setting
- System tuneables setting
- Notification setting
In the Cert manager sub menu, firewall administrator generates certificates for CA and users.
In the Firmware sub menu, user can update Pfsense firmware manually/automatically. User can take full backup of Pfsense configurations.
In the General Setup sub menu, user can change basic setting such as hostname and domain etc.
As menu title indicates, user can enable/disable high availability feature from this sub menu.
Packages sub menu provides package manager facility in the web interface for Pfsense.
User can perform gateway and route management using Routing sub menu.
Setup Wizard sub menu opens the following window which start basic configuration of Pfsense.
Management of user can be done from the User manager sub menu.
Interfaces Menu
This menu is used for the assignment of interfaces (LAN/WAN), VLAN setting, wireless and GRE configuration, etc.
Firewall Menu
Firewall is the main and core part of Pfsense distribution and it provides the following features.
Aliases
Aliases are defined for real hosts, networks or ports and they can be used to minimize the number of changes.
NAT (Network Address Translation)
NAT binds a specific internal address to a specific external address. Incoming traffic from the Internet to the specified IP will be directed toward the associated internal IP.
Firewall Rules
Firewall rules control what traffic is allowed to enter an interface on the firewall. After traffic is passed on the interface, it enters an entry in the state table is created.
Schedules
Firewall rules can be scheduled so that they are only active at certain times of day or on certain specific days or days of the week.
Traffic Shaper
Traffic shaping is the control of computer network traffic in order to optimize performance and lower latency.
Virtual IPs
Virtual IPs add knowledge of additional IP addresses to the firewall that are different from the firewall’s real interface addresses.
Services Menu
Services menu shows services that are provided by the Pfsense distribution along firewall.
New program/software installed for some specific service is also shown in this menu such as snort. By default following services are listed in services menu.
Captive portal
The captive portal functionality in Pfsense allows securing a network by requiring a username and password entered on a portal page.
DHCP Relay
The DHCP Relay daemon will relay DHCP requests between broadcast domains for IPv4 DHCP.
DHCP Server
User can run DHCP service on the firewall for the network devices.
DNS Forwarder/Resolver/Dynamic DNS
DNS different services can be configured on the Pfsense firewall.
IGMP Proxy
User can configure IGMP on the Pfsense firewall from services menu.
Load Balancer
Load Balancing is one of the important features which is also supported by the Pfsense firewall.
SNMP (Simple Network Management Protocol)
Pfsense supports all versions of snmp for remote management of firewall.
Wake on Lan
Using this feature packet sent to a workstation on a locally connected network which will power on a workstation.
VPN Menu
It is one of the most important features of Pfsense. It supports the following types of vpn configuration.
VPN IPsec
IPsec is a standard for providing security to IP protocols via encryption and/or authentication.
L2TP IPsec
L2TP/IPsec is a common VPN type that wraps L2TP, an insecure tunneling protocol, inside a secure channel built using transport mode IPsec.
OpenVPN
OpenVPN is an Open Source VPN server and client that is supported on pfSense.
Status Menu
It shows the status of services provided by Pfsense such as dhcp server, ipsec and load balancer etc.
Diagnostic Menu
This menu helps administrator/user for the rectification of Pfsense issues or problems.
Help Menu
This menu provides links for different useful resources such as FreeBSD handbook, developer wiki, paid support and pfsense book.
Conclusion
In this article, our focus was on the basic configuration and features set of Pfsense distribution. It is based on FreeBSD distribution and widely used due to security and stability features. In our future articles on Pfsense, our focus will be on the basic firewall rules setting, snort (IDS/IPS) and IPSEC VPN configuration.
