Manual pfSense Configuration - micahgrinnell/CC-Capstone-Project GitHub Wiki

Overview

The steps that are shown below outline the complete process I took to configure pfSense for a 4 port Protectli device. This guide is for those who want to manually configure pfSense through the web interface rather than use Ansible. If you don't fall under that category, go back one page or you can find the Ansible pfSense Configuration here.

Manual Configuration

  1. Reset to factory defaults
    • em0 was assigned a DHCP address of 10.0.0.34/24
  2. Change the root password
    • Enter shell with option 8)
    • Type: passwd
    • Enter a new password
  3. Connected PC to Protectli LAN
  4. Navigate to 192.168.1.1 and log in with the default credentials
    • User: admin
    • Pass: pfsense
  5. Complete the installation wizard and use defaults except for:
    • Change hostname to fw-pfSense
    • Set DNS servers to Google DNS (8.8.8.8)
    • Unchecked "Block RFC1918 Private Networks"
    • Changed web admin password
    • Reboot device
    • Web GUI upon completion:
      pfSenseWEBGUI
  6. Enable Secure Shell (sshd)
    • Login to the device via SSH for better accessibility
    • pfSense management menu accessed via SSH:
      pfSense SSH2
  7. Set WAN interface IP address
    • Change address with option 2)
    • Type 1 for WAN
    • Type n for Configure IPv4 address WAN interface via DHCP
    • Enter the address (10.0.0.200)
    • Enter the subnet mask (24)
    • Since I am configuring the WAN interface I have to set an upstream gateway (10.0.0.1)
    • Type n for Configure IPv6 address WAN interface via DHCPv6
    • Enter no new IPv6 address
    • Do not revert to HTTP
  8. Set NAT forwarding Rule
    • Login to web GUI
    • Firewall > NAT
    • Hybrid Outbound Nat > Save
    • Click add new mapping
    • Interface: WAN
    • Protocol: any
    • Source: Network | 192.168.1.0/24
    • Destination: any
    • Address: Interface Address
    • Click Static Port
    • Description: "LAN to WAN NAT"
    • Save
  9. Update system
    • My version of pfSense was 2.3.3 and the current version is now at 2.4 so some updates were required
    • Prior NAT rule is required to connect to necessary update repositories
    • Back to web GUI
    • System > Update > Update Settings
    • Set version to 2.3.X (NOT developer)
    • Save and reboot for good measure
    • In pfSense menu select option 13)
    • Proceed with upgrade
  10. Update again
    • My system only updated to 2.3.5 the first time so I had to update again
    • Set Branch version to 2.4.4
    • Complete update and reboot
  11. Ready for further configuration and use!