The open-source firewall pfSense is based on FreeBSD and is like OPNSense, ready to use in a few minutes. pfSense relies on the packet filter “pf”. The administration is done via a web interface. The firewall is also available as an appliance with matching hardware.
Set up open-source firewall pfSense
pfSense is based on FreeBSD, just like OPNSense. We have shown in the article “Home Office with OpenVPN and OPNsense” how an OpenVPN server can be built based on OPNSense.
pfSense is also available on cloud platforms such as Amazon AWS or Microsoft Azure as a cloud appliance. The free Community Edition can be downloaded from the developers. Of course, pfSense can not only be used as a firewall, but it is also possible to operate the system as a VPN server based on OpenVPN. It is also possible to use pfSense as a DHCP server. The setup is done via a wizard or after the setup via the web interface.
Download and installation of pfSense
The open source firewall pfSense can be installed on hardware in the same way as on a VM. The computer should have a CPU with at least two cores and at least 2 GB of RAM. The firewall requires about 20 gigabytes on the hard disk.
If you want to use the firewall in a company, you can also buy hardware from the developers on which pfSense is already pre-installed as an appliance. The appliances are particularly useful for small networks or in the home office. It is important that the computer has at least two network adapters.
The basic installation of the system files is completed in a few minutes. Only the partitioning and the selection of the language for the keyboard are done here. The other settings are made after the installation. First, the terminal is used to define which network adapters are responsible for the LAN and the WAN. VLANs can also be created here. Then the system is started.
Setting up the IP addresses and other settings for initial operation
After starting the installed system, basic settings such as the IP settings are defined. Subsequently, further administration is carried out via the web interface. This is reached via the URL https://<IP address>. The IP address can be seen in the terminal when the server is started. The default user name for logging into the interface is “admin” the default password is “pfSense”. The login data should be changed as soon as possible. For this purpose, the wizard also displays a note after logging in.
The first steps after calling the web interface are to adjust the login data. Then the hostname and the domain of the firewall are configured and the DNS servers with which the firewall should work.
After that, time servers and settings for the WAN interface are configured. In the wizard, you can also adjust the IP address and the subnet mask for the LAN interface. These settings are also available in the terminal. If you have not yet adjusted the admin password, the wizard displays corresponding information. Once the setup is complete, you will see the pfSense administration web interface.
The pfSense dashboard contains general information about pfSense. Here you can also see data about the computer, the load on the system, and the installed version of pfSense. Information about the network adapters is also displayed.
Managing pfSense with the web interface
Once the web interface has been accessed, pfSense can be comprehensively managed. By default, the firewall dashboard opens with the most important information. Menus for managing the firewall functions can be found in the upper area.
The firewall rules can be found via “Firewall\Rules”. Further areas are available here, such as the NAT settings and Virtual-IPs. Settings for routing can again be found at “System\Routing”. The system settings of the network adapters are configured via “Interfaces”. Adapters can also be temporarily disabled here.
If the dashboard shows a new version of pfSense, “System\Update” can be used to update the firewall via the web interface. After the update, the firewall also restarts automatically on request.
Services” is used to manage the services that have been activated on the firewall. These are, for example, the DHCP server, the load balancer, NTP, DNS, SNMP, or PPPoE server. In the “Services” area, you can also set “Auto Configuration Backup” so that pfSense automatically saves a backup when the configuration changes or at regular intervals. This can be used for recovery in case of problems. If problems occur with the firewall, various help tools can be called up in “Diagnostics”, for example, to adjust system files, ping computers, or call up logs.
VPN with pfSense
The pfSense firewall can also be operated as a VPN server via the “VPN” section. Here, besides IPSec, L2TP also OpenVPN is available. The setup of the VPN server is basically the same as when using other appliances, such as OPNSense. The virtual OpenVPN server is configured in the web interface and then the firewall waits for requests on the corresponding port. If pfSense is operated behind a firewall or router, the corresponding ports must of course be forwarded to the pfSense appliance.