It is natural for well rounded companies to protect their data as much as possible, for instance we protect our personal data by installing Firewalls and Anti-Virus programs in our personal devices be it a laptop or a smart phone, but having these things applied to workstations alone is not enough to be secured now a days. Knowing this, Security should also be applied to the internal networks of companies , by adding devices that could block /prevent/detect certain types of anomalies happening in their network.
There are a lot of ways to add levels of security for our networks , an example would be adding a Cisco ASA firewall that would be a dedicated firewall for the network, deploy on keypoints to add layers of defence for every important asset/Workstation for the company. Now Imagine a computer which is basically has a much more processing power than that of routers for example and install an operating system that has multiple functions for network security ,plus a computer is more scalable than a regular router/ firewall this gives it an easy way to upgrade its hard drives etc. An example would be PFsense which is an operating system that can act as a router plus a firewall and many more.
Pfsense is an open source FreeBSD software that is dedicated for network security , it has functions similar to , firewalls, routers , etc . It is easy to install the image file can be downloaded from their site and can be used to create a usb installer to install the software in a old computer for example just make sure that it has at least the basic requirements for pfsense to run. It also has a web UI for easy configuration of the software. (Note in this tutorial I will be installing PFsense in a Virtual Machine).
First Acquire your copy/iso of PFsense from their website (you could just Google it) , and download your preferred PFsense version.
After the network has been configured ( in VMware you still need to configure your VLANs)
The next task is to designate where will PFsense be installed.
Basically we need to install PFsense in the hard drive.
Note : I suggest to keep everything on default unless you know what you’re doing or changing.
And enter on quick and easy install .
Note: you could do a custom install Just be knowledgeable enough to know what you’re doing.
Next is just wait for it to finish.
Just pick standard kernel, after the kernel has been installed , just click yes to reboot the system.
After the Reboot PFsense can then be accessed via any internet browser
You can change your PFsense IP addresses by simply entering the Set interface(s) IP address option ( which is number 2 )
and just follow through the steps.
Just go to the address of PFsense ( in our case the LAN network since this is interface that is I’ve set as bridged network with my machine )
This is the first time accessing the web UI of PFsense. The default credentials will be
Username : root
Then the installation wizard will come next.
Just click on next twice and you’ll arrive to where you will configure the hostname and domain, and default DNS .
Fill up the hostname as your preferred hostname , your domain will be of course your network domain on your company, ( domain is set to localdomain since it’s just a demo) and I used the Google open DNS as my primary DNS which is 184.108.40.206 .
Next is we set the clock of the machine, using the NTP protocol, just select which timezone suits your area.
Next is we will be setting up the WAN configuration of the pfsense machine.
You can select static if you want to configure your own network, but in this case it is set as DHCP ,
I you’re plugging this machine directly after your ISP please check the Block RFC1918 Private Networks
If Block bogon Networks is set private IPs that are not registered will be blocked by PFsense. So be careful and be mindful on setting these two options.
The next window would be setting up the LAN interface of the PFsense.
Next would be setting up the admin password for PFsense.
Click on reload.
Now you can access the PFsense web UI configurator.
This is the main dashboard and as you can see there is a nav-bar that houses a lot of different options pertaining to PFsense’s functions.
If you want to change the IP address of your interfaces via the Web-UI , first access the web-ui and go to Interfaces.
Clicking on the interface tab will show this window, where you can add edit and delete interfaces. ( For example adding a wireless access point and then configure the access point)
As of now the pfsense is up and running as a “normal” firewall, it will block incoming traffic specified in the configuration. The next interesting part is going to the packages ( System -> packages – >Available Packages)
Here’s a big list of packages that can run in PFsense, (examples are Snort, Squid , Nmap, Zabbix , etc), it depends on your need on which packages you will install basically.
In conclusion this would be a more powerful machine that can act as a router/firewall/ which also depends on what packages you install , and of course the capabilities of the hardware where PFsense is installed. In the succeeding blogs I will be showing you how to install different packages to run in PFsense. So stay tuned.