Installing pfSense Open Source Firewall over a CPU
The Firewall configuration is a main essential part of an organisation’s networking environment. It prevents all the malicious traffic from interfering with the system and maintaining secure browsing over the internet. The present Firewall that we are using is pfSense which is an open source and firewall software based on the BSD.
Prerequisites:
Hardware components:
Physical CPU : 1
RAM Storage : 8 Gb
SSD Storage : 256 Gb
NIC Port : 2(WAN, LAN)
Flash Drive : 1(Minimum 8 Gb)
Software Components:
pfSense image file
Rufus application in client system
Step 1:
Download the pfSense software file from the official website on your local computer. Give the necessary details as shown in the image below.
Download Link: https://www.pfsense.org/download/
Save the file in your local computer.
Step 2:
Download the rufus to your computer to create a bootable flash drive of the pfSense file.
Download link: https://rufus.ie/en/#google_vignette
Step 3:
Insert a USB flash drive to the system. Open rufus application or downloaded file from step 2.Create a bootable image and save it to a USB flash drive by selecting the pfSense downloaded file in rufus Boot selection option.
Once the image is selected the Rufus tool will auto-select some settings for you, which is further discussed.
Once the Pfsense image is selected then the Pfsense will auto-update the following settings, Partition scheme as MBR, Target system as BIOS (or UEFI-CSM), and File System as FAT32 (Default). It is important to note that there are some old machines that do not support the UEFI system, but this auto-selection will work for both, older and newer ones in most cases.
Once the Image is selected then just press the START button, this will firstly, make the selected USB device bootable and then copy the necessary Pfsense installation files on it.
Run the Pfsense Installation Setup from the USB:
Insert the Flash Drive into the target CPU in which we need to install the pfSense software into. Turn ON the device and once the flash drive was detected by the system we need to select the “Boot From USB” option to allow the system to install the software package.
Select the “Accept” option once the copyrights and distribution notice appears. SInce we are installing the bootable mode we need to use the arrow keys and enter options only.
Click “Ok” after accepting the copyrights and make sure the Install option is selected.
Next, just select the default standard Us keyboard unless using a non-standard keyboard.
Next, you will see the partition screen.
Here you will be asked to Erase the entire disk, and Pfsense will select a hard disk partition other than your USB device so select Entire Disk.
After this, it will default select GPT so press OK.
After this, you need to enter the Partitioning Information, for this just select the default selected option which can be Auto UFS BIOS (Legacy BIOS) or it can be Auto (UFS) UEFI. After you select Ok you will be presented with the following screen.
So if all looks ok to you, then press Finish then select Commit to start the installation.
Once the installation is complete the last prompt asks you to enter any shell information, but if you are installing Pfsense for the first time then selecting NO will suffice.
After selecting NO, you will be asked to reboot your Pfsense firewall, so just take the USB Device out of your system and then select reboot.
Once we are done with installing Pfsense from USB, it is time to access its web interface so that we can further configure our firewall. To do this, first, we need to make sure that our firewall has LAN and WAN Access, and then we can access our firewall’s web interface on its LAN address. Assuming that you have inserted both Lan and Wan Cable in your Pfsense firewall, then after the reboot, you will see the following screen.
Select appropriate ports for LAN and WAN. Here we have configured the LAN and WAN for the firewall as bge0 and re0 respectively.
Once the ports are assigned for the console will be like given below.
The default gateway for LAN is 192.168.1.1
The WAN network is given with the public IP of the ISP.
Configuring pfSense using GUI Console:
Since the LAN gateway is configured with IP 192.168.1.1 it will be the console url for the firewall.
Username : admin
Password: pfSense( by default but need to change once logged in for the first time).
General Configuration:
Enter hostname and keep the rest default and click on next.
Set the Time zone
If your Wan interface gets an IP address automatically through DHCP, then choose WAN Selected Type as DHCP. If you need to statically assign an IP address then choose Selected Type as Static and type in the related settings, after this scroll down and select Next.
By default, Pfsense enables DHCP server on the LAN interface, so just adjust the IP address and the subnet mask according to your need, or else, If you are happy with the default settings then hit the Next button.
Set Admin Password
Next click on Reload option and once all the settings are configured the pfSense setup is shown as completed.
Once the firewall setup is completed. Check whether the DHCP is automatically assigning IP addresses to connected devices. Connect to the Wifi network through multiple devices and check if the Internet is working fine or not.
If you are at this point means you might have finished up the setup of firewall. In PfSense we have several options such Captive Portal, Open VPN and many more.
In my next blog, I am going to show how to setup a OpenVPN for a user in pfSense firewall portal.