Defensive Lab Series: PFSense Installation

This is the first blog for defensive lab environments set up for corporate and home users. In this blog, we will learn about PFsense Installation in VMware workstation.

OVERVIEW :

A firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network.

pfSense^® software is a free, open-source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via the web interface. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. In this post We’ll be performing PFSense router installation as a virtual machine.

PRE-REQUISITES

• VMWARE OR VIRTUAL BOX
• PFSENSE ISO
• FAIRLY POWERFULL SYSTEM

NOTE: We are going to replicate Netgate SG-3100. So all the configurations and system resources are going to be the same as of the SG-3100 but can be changed according to the user’s needs easily.

For Product specifications and details

VISIT: https://www.netgate.com/solutions/pfsense/sg-3100.html

NETWORK CONFIGURATION

Before we install and configure the pfsense router we need to configure virtual network ports so that the whole network has stable interconnectivity and also has access to the internet. To do so we need to create 3 more virtual networks in the virtual network editor.

Open VMware and go to edit > Virtual Network Editor

To edit the settings, we need admin privileges if not already then give VMware for once.

We already have 3 preconfigured we do not need to change anything in them.

Click  ADD NETWORK > select a virtual network from the menu > click OK

To make it less confusing we are renaming it as LAN

Now select Host-Only as it also says in the description it will create a VM’s internal network. Do not enable DHCP service here as we are going to do that in our pfsence configurator so for now, leave it unchecked.

IN Subnet IP: 10.0.0.0

Subnet Mask: 255.255.255.0 Click apply

As mentioned in the beginning we are going to add total of 3 networks

• LAN
• LAN2
• DMZ

To create a new network for LAN 2

Subnet IP: 192.168.3.0

Subnet Mask: 255.255.255.0

DMZ

Subnet IP: 172.16.0.0

Subnet mask: 255.255.0.0

Once Done click ok and clocse the Network Editor.

NOTE: If you are using Virtual Box same settings needs to be done. To do so

TOOLS > NETWORK ADAPTERS

And from there the configurations will be the same

PFsense Virtual Machine

Donload the latest build from here:

https://www.pfsense.org/download

Create a new virtual machine Use Default settings for now as will change them afterward before installation.

OS type: FreeBSD 11 64-bit

Hard Disk: 32 GB, Split ( because SG-3100 supports max 32 GB with m.2 SSD )

Click Finish and Edit virtual machine settings

IN Memory assign 2GB

Processors: 1 x 2

Now add pfsence iso

IN this case, we do not need a USB Controller and Sound card so we are removing them but depends on user needs.

In options set snapshot preferences to avoid future problems and reverting to the previous state easily.

Now we need to add 3 more network adaptors to assign the networks we created at the beginning Click add

Now assign the networks that we created

Once that is done our machine’s virtual hardware is configured and we need to install our pfsense on the machine.

Installing PFsense

Installation is just a basic click next procedure as shown below.

Firstly accept Terms of use.

As this is the first installation so select INSTALL

Rescue Shell will be useful if in future our machine crashes then it will give a recovery shell.

Recover config is for if we need to import our configurations from any previous install.

Now either you can choose you Keymap or continue with your system default.

Go with the auto as in future changing any hardware resources like disk expansion etc will be easy or if you are sure you won’t need that in future and you know what you need and are doing than chose from the other 3 but in this doc, we are going with auto.

We don’t need to make any modification here so go with no.

Now reboot the system to complete the installation.