Skip to content

Module 3 of 16 · 📖 5 min read · ⏱ 60 min total

FUTO 03 pfSense Installation (EN)

Table of contents (6 sections)
  1. Concepts and Background
  2. Architecture Diagram
  3. Practical Steps
  4. Common Pitfalls
  5. Further Resources
  6. Knowledge Check

FUTO 03 pfSense Installation

In this module, you will install a pfSense firewall as a central component of your self-managed IT infrastructure. You will learn the basic configuration of network interfaces, setting up VLANs, and creating initial firewall rules to securely separate your network segments.

pfSense is based on FreeBSD and provides a powerful, flexible firewall solution that is ideal for small and medium-sized businesses as well as technically savvy individuals. Upon completion of this module, you will have a working basic firewall configuration that serves as a basis for further security measures.

Concepts and Background

pfSense
An open-source firewall distribution based on FreeBSD that functions as a router, firewall, and VPN endpoint. It provides a web-based configuration interface and extends FreeBSD's package management with specialized firewall features.
OPNsense
A fork of pfSense with a more modern codebase, active development cycle, and enhanced features. Both systems share many concepts, but OPNsense has established itself as a successor with stronger community support.
Firewall Rules
Filter rules that allow or block traffic between network interfaces based on source and destination IP, port, protocol, and other criteria. They are typically evaluated from top to bottom.
WAN/LAN Setup
The basic configuration of network interfaces: WAN (Wide Area Network) for connecting to the internet, LAN (Local Area Network) for the internal network. These interfaces define the firewall's security zones.
VLAN
Virtual Local Area Networks that allow a physical network to be logically divided into multiple segments. VLANs enable improved network organization and security by separating network traffic.

Architecture Diagram

flowchart LR
  A[Internet] --> B(pfSense)
  B --> C[LAN]
  B --> D[DMZ]
  B --> E[WLAN]

Practical Steps

  1. Download the current pfSense ISO image from the official website and create a bootable USB stick with dd under Linux: 
    dd if=pfSense-CE-2.7.0-RELEASE-amd64.iso of=/dev/sdX bs=1m
  2. Connect the computer to the pfSense box via serial console or network cable, boot from the USB stick, and select "Install" from the menu.
  3. Partition the hard drive with the default settings (automatic partitioning) and confirm the installation.
  4. After reboot, access the web interface at https://192.168.1.1, log in with the default credentials (username: admin, password: pfsense), and immediately change the password.
  5. Configure network interfaces under Interfaces > Assignments: Assign the physical interfaces to the zones WAN, LAN, and optional VLANs.
  6. Under Interfaces > WAN, set the WAN interface to DHCP (for dynamic IP) or static if you have a fixed IP address from your ISP.
  7. Under Interfaces > LAN, configure the LAN interface with a static IP address in the subnet of your internal network (e.g., 192.168.100.1/24).
  8. Under Firewall > VLANs, create new VLAN interfaces if you want to segment your network, and assign these to physical interfaces.
  9. Under Firewall > Rules, define the basic rules for LAN and WAN, starting with a rule that allows all traffic from LAN to WAN.
  10. Under System > General Setup, enable the DNS Forwarder and configure a DNS server (e.g., 1.1.1.1 or 9.9.9.9) for name resolution.

Common Pitfalls

Further Resources

Knowledge Check

Four questions for self-assessment. Click on each question to see the correct answer and explanation.

What is the main difference between pfSense and OPNsense?
  • A) OPNsense is a paid version of pfSense
  • B) OPNsense is a fork of pfSense with a more modern codebase
  • C) pfSense is based on Linux, OPNsense on FreeBSD
  • D) OPNsense does not support VLANs

Correct Answer: B. OPNsense is actually a fork of pfSense with a more modern codebase and more active development cycle, while both are based on FreeBSD and support VLANs.

How are firewall rules in pfSense typically evaluated?
  • A) Randomly for load balancing
  • B) From bottom to top
  • C) Based on the requester's IP address
  • D) From top to bottom

Correct Answer: D. Firewall rules in pfSense are evaluated from top to bottom, which makes the order of rules crucial for functionality.

What is the main purpose of the WAN interface in a pfSense configuration?
  • A) For internal network communication
  • B) For connecting to the internet
  • C) For system administration
  • D) For connecting to other firewalls

Correct Answer: B. The WAN interface is responsible for connecting to the internet, while the LAN interface is used for the internal network.