As someone who has spent most of his professional life configuring Cisco devices, I found it a bit strange when I first encountered pfSense. I must admit, I didn’t even know what pfSense was and I was wondering why anyone would want to use such as system as their edge routing/firewall device.

I was wrong. Apparently, a lot of people use pfSense at all levels of organizational size and compared with the price of dedicated appliances (like Cisco boxes), you may want to take a look at these open source options. The goal of this series is not to discuss whether you should go open source or not; the goal is to open your eyes to the features of one of such open source systems – pfSense.

In this first article, you will be introduced to pfSense and then we will walk through installing pfSense on a Virtual Machine that we can use in our lab environment. We will be using VMware but you can also use VirtualBox.

pfSense Overview

As you may have guessed from the introduction, pfSense is an open source routing and firewall system based on FreeBSD. Even though the distribution is freely downloadable, there are also dedicated hardware appliances provided by the pfSense guys. pfSense supports features that you will generally want to see in a router/firewall such as stateful firewall, filtering, NAT, DHCP, VPN and so on.

pfSense Installation

We will be using the free distribution of pfSense which can be downloaded here. The latest version as of this writing is 2.2.6 and since I’m using a 64-bit system, I have downloaded the 64-bit version of the “Live CD with Installer” option. The ISO file itself is contained in the zipped package that you download so you need to extract it to a location of your choice.

For starters, we will be using a simple setup: pfSense with two interfaces – one for WAN and one for LAN. A conceptualization of our lab environment will be something like the diagram below:

To start the installation, open VMware and click “New Virtual Machine”. This brings up the New VM wizard. Unless you want to do the custom virtual machine configuration, you can leave the “Typical” option selected and then click Next.

On next screen, we can choose where to install the OS from. If you select the “Use ISO image” option and choose the pfSense ISO file you downloaded, you will get an error message “Could not detect which operating system…” as shown below:

Therefore, let’s just go ahead with the “I will install the operating system later” option. On the next screen, select the Guest OS as “Other – FreeBSD” (for 32-bit) or “Other – FreeBSD 64-bit” (for 64-bit).

You can run through the other options for creating the VM. A summary of my own settings is shown below:

A couple of things to note here:

  • I am using 8GB for the Hard Disk. The recommended size from pfSense is 1GB for the initial installation. Of course, depending on what you want to use pfSense for, you may need more space.
  • I have added another network adapter. The first network adapter is in Bridged mode which connects to my Wi-Fi NIC. This will serve as the WAN interface. The second network adapter is in Host-only mode and will be the LAN interface. You can find more information about VMware network types here.
  • Even though it’s not required, I have disabled some unnecessary devices such as sound and USB controller.

Once we are done creating the VM, we can go to the Settings page to specify the ISO file as shown below:

When you power on the VM, you will be presented with a screen with different options as shown below:

Hitting ‘Enter’ will select the first option or you can just leave the autoboot to count down to the end. After a while, you will be required to specify if you want to boot the LiveCD or install. In our case, we want to install so type “i” and press Enter (before the auto boot counts down to the end).

From here on, you can follow the settings below for the different screens that are displayed:

  • Configuration Console: Accept these Settings
  • Select Task: Quick/Easy Install
  • Are you SURE?: OK
  • Install Kernel: Standard Kernel
  • Reboot: Reboot

Note: For the last option, you should normally remove the installation media before the system boots up again. Therefore, you can use the VMware power button to turn off the VM, remove the ISO file and then turn on the VM again.

When the pfSense VM reboots, we will be required to configure some settings, such as whether we want VLANs or not, including interface settings. Notice in the screenshot below that the pfSense system has detected two interfaces which it names em0 and le0. Using the MAC address, you can confirm which interface belongs to the network adapter you assigned when setting up the VM.

In my case, em0 is my WAN interface while le0 is my LAN interface. I noticed that auto-detection did not work for me so I did the manual interface assignment.

When you are done with your configuration settings, you are presented with the Welcome to pfSense screen as shown below:

As you can see from the above screenshot, the default behaviour is for pfSense to use DHCP for the WAN interface (my wireless network is 192.168.8.0/24) and use a static IPv4 address of 192.168.1.1/24 for the LAN interface. You can view a list of the default configurations here.

I don’t want this default LAN IP address so I will change it by selecting option 2 (type “2” and press Enter).

As you can see, I have changed the LAN IP address to 172.16.215.100/24 and because I entered “y” for the “Do you want to revert to HTTP as the webConfigurator protocol?” question, the webGUI is now accessible via http://172.16.215.100/:

To test that I can ping my host system (172.16.215.1), I will select option 7 from the pfSense home page and enter the IP address I want to ping:

Cool, we have connectivity. One of the cool things about pfSense is that it has a webGUI where you can do your configuration. The webGUI will be accessible from http://<pfsense_ip_address> or https://<pfsense_ip_address> if you are using HTTPS.

The default username/password combination is admin/pfsense. On first login, you are presented with a setup wizard where you configure basic settings such as hostname, domain name, NTP, interface settings and change the admin password.

Once you are done with the wizard (or if you quit the wizard), you are presented with the pfSense dashboard as shown below:

This is where we will spend a lot of time in upcoming articles of this series.

Summary

This brings us to the end of this article where we have installed pfSense in VMware for use in our lab environment. pfSense is an open source router/firewall system that is based on FreeBSD. In other articles in the series, we will look at how to configure the different features of pfSense.

References