So I’m used to working with expensive firewall solutions which, in fairness, protect SMBs and enterprises against a multitude of threats. A common theme amongst all smaller companies is that they cannot afford proper hardware to cater for additional UTM features like AV scanning etc. These can cascade into the tens of thousands of pounds. So PFSense caught my eye. A free firewall which i’ve been playing around with. Here’s the install procedure.
I’m installing within VMWare but this essentially works on any old hardware. The processing power is negligible so a high grade i3 system with 3 Ethernet ports is all you need. You can pick up a genuine intel multiport PCI card for cheap enough which can then be used to connect your WAN and distribute it.
Whilst you can add loads of NICs onto one old PoS machine you might want to offload LAN traffic onto a switch and maybe use PFSense to managed inter-VLAN traffic….. on with the show.
So I have a VM configured with 2 network ports. One for the outbound WAN link, or in my case the link to the core network and another to connect to the internal network. To do this, ive NAT’d the primary network adapter and the second network adapter goes to a custom internal VM network. The host machine will be hosted within VMNet2 using the firewall as its gateway.
VM configured we now boot the CD image. This is available from https://www.pfsense.org/download/ the version at the time of this post was 2.4.2
Youll be given the choice of options, leave this and let it boot through. After a minute youll reach the copyright and distribution notice. Accept this.
Select “Install” and then select your keyboard type (American by default). Then launch the guided disk setup. This should install relatively quickly. Youll then be prompted to reboot. Don’t forget to remove your CD/ISO image as youll just loop back into the installation phase again.
This actually picked up the WAN port for me running on em0
First things first, let change the default password. We need to login from the LAN end. Thankfully by default the WAN port does not allow access to the management console (known in PFSesne as the “Web Configurator”).
Default Username: admin
Default Password: pfsense (lowercase)
The wizard will help you configure the raw settings for the firewall. Since im on an internal LAN I have little configuration to do as my home router will take care of addressing so everything is DHCP. I set a static on my internal LAN. Reset the admin password then reloaded the config.
All done. Next…. firewall rules