Logovideo to article
00:00 - 00:03

we've mentioned a few times in other

00:01 - 00:06

videos that we use pfsense as our

00:03 - 00:07

firewall here at 2guystek it's the

00:06 - 00:09

system that protects our virtual servers

00:07 - 00:12

and pcs from the internet filters and

00:09 - 00:14

blocks bad ip and dns addresses and acts

00:12 - 00:16

as our vpn endpoint brandon thought it

00:14 - 00:17

would be a great idea to walk you

00:16 - 00:20

through setting it up start to finish

00:17 - 00:22

let's get to it what is pfsense well

00:20 - 00:24

pfsense is a high performance software

00:22 - 00:26

firewall that's built on top of freebsd

00:24 - 00:28

psense is made and maintained by the

00:26 - 00:30

company netgate and as a product comes

00:28 - 00:32

as either pure software or as a physical

00:30 - 00:34

hardware appliance netgate also provides

00:32 - 00:35

a community edition of pfns which is

00:34 - 00:37

free to use all you need to do is bring

00:35 - 00:38

your own hardware we'll be installing

00:37 - 00:40

the community edition of pfsense in this

00:38 - 00:42

video we started using pfsense here in

00:40 - 00:43

the channel because it has all the

00:42 - 00:45

features of an enterprise-grade firewall

00:43 - 00:47

has a massive community behind it and

00:45 - 00:48

has plug-ins and packages that extend

00:47 - 00:50

its functionality beyond just being a

00:48 - 00:52

firewall it's also open source which is

00:50 - 00:53

something we're big supporters of this

00:52 - 00:55

would be a good time to talk about

00:53 - 00:57

network setup and how you'd connect and

00:55 - 00:59

cable in pfsense into your home network

00:57 - 01:00

pfsense will sit at the edge of your

00:59 - 01:03

network between your internet service

01:00 - 01:05

provider or isp and your home network

01:03 - 01:07

its job is to protect the devices and

01:05 - 01:10

systems behind it from outside access

01:07 - 01:12

and attack while also managing outbound

01:10 - 01:13

traffic from the clients behind it let's

01:12 - 01:15

look at a network diagram to visualize

01:13 - 01:17

this better at the top here we see the

01:15 - 01:19

internet in all that's cloudy goodness

01:17 - 01:22

and directly connected to it is our soon

01:19 - 01:23

to be pf sense firewall think of the

01:22 - 01:25

lines connecting between the pictures

01:23 - 01:27

here as physical connections in the real

01:25 - 01:29

world as in the ethernet cable coming

01:27 - 01:31

from your cable modem or fiber ont

01:29 - 01:32

connecting directly to your pf sense

01:31 - 01:34

host on the other side of the pf sense

01:32 - 01:36

host we have another connection that

01:34 - 01:37

will run to a network switch that all of

01:36 - 01:39

our devices connect to including

01:37 - 01:41

wireless access points which are not

01:39 - 01:42

shown here from the diagram you can see

01:41 - 01:44

how things connect together and it's

01:42 - 01:45

pretty simple

01:44 - 01:48

okay let's get the requirements out of

01:45 - 01:49

the way for pfsense to run pfsense

01:48 - 01:52

you're going to need a minimum of a 500

01:49 - 01:55

megahertz 64-bit cpu and a minimum of

01:52 - 01:57

512 megabytes of ram that being said you

01:55 - 01:59

need to make sure you choose hardware

01:57 - 02:01

that will meet your requirements the

01:59 - 02:03

pfsense.org website has a great

02:01 - 02:04

breakdown of how much cpu power you will

02:03 - 02:06

need depending on your expected

02:04 - 02:08

throughput for example if you've got a

02:06 - 02:10

one gigabit internet connection at home

02:08 - 02:12

then you need to make sure your cpu has

02:10 - 02:14

multiple cores and runs at at least two

02:12 - 02:16

gigahertz you'll also need one gigabyte

02:14 - 02:17

of storage to house the full install

02:16 - 02:19

we'd also recommend that your host has

02:17 - 02:21

at least two network interfaces one to

02:19 - 02:23

connect to your isp and one to connect

02:21 - 02:25

to your homeland

02:23 - 02:27

requirements out of the way let's open

02:25 - 02:29

up a browser and head to pfsense.org

02:27 - 02:31

click on the download on the right

02:29 - 02:35

select our architecture we'll choose

02:31 - 02:37

am64 for 64-bit cpu select usb mem stick

02:35 - 02:41

installer in the installer drop down

02:37 - 02:42

select vga in the console dropdown

02:41 - 02:44

and we'll leave the mirror location as

02:42 - 02:45

new york usa

02:44 - 02:47

if you live closer to frankfurt

02:45 - 02:49

singapore or austin texas you can choose

02:47 - 02:52

one of those mirrors for a faster

02:49 - 02:54

download and now we'll click download

02:52 - 02:56

save the file and expand it you'll need

02:54 - 02:59

something to expand the gzip compress

02:56 - 03:00

file like winrar if you're on windows

02:59 - 03:03

now that we have the install image let's

03:00 - 03:04

burn it to a usb stick for install we'll

03:03 - 03:06

be using imaging tool called etcher

03:04 - 03:08

which is a free iso and image to usb

03:06 - 03:10

flashing tool we'll leave a link for it

03:08 - 03:12

in the description below the flashing

03:10 - 03:14

process is super quick and easy first

03:12 - 03:17

things first we'll head to flash from

03:14 - 03:19

file and select the expanded img file we

03:17 - 03:21

downloaded and extracted now we'll

03:19 - 03:23

select our target device select our 8

03:21 - 03:25

gigabyte usb stick

03:23 - 03:26

and then we'll click flash

03:25 - 03:28

you'll get a privilege escalation

03:26 - 03:30

request to run the process so click ok

03:28 - 03:32

and etcher will start flashing the usb

03:30 - 03:34

stick it takes some time to complete so

03:32 - 03:36

let it finish

03:34 - 03:38

okay now that's done let's install this

03:36 - 03:40

thing before we boot off our install usb

03:38 - 03:42

stick we need to connect our pf sense

03:40 - 03:44

hosts when uplink this is the connection

03:42 - 03:45

that will serve as the internet

03:44 - 03:47

connection side of things so either

03:45 - 03:49

connect it to your isp's ethernet

03:47 - 03:50

connection or whatever system you intend

03:49 - 03:52

to use as your access to the internet

03:50 - 03:54

now we'll boot off our freshly created

03:52 - 03:56

usb stick and start the installation on

03:54 - 03:59

our hardware we'll be installing pfsense

03:56 - 04:01

on f12 brings up our boot menu which key

03:59 - 04:02

you hit to get your bios boot menu up

04:01 - 04:04

will likely be different but once you

04:02 - 04:06

get your boot menu up select the install

04:04 - 04:08

disk and boot from it

04:06 - 04:10

just for a quick moment we'll see the pf

04:08 - 04:12

sense installer boot menu you can hit

04:10 - 04:14

enter or wait the three seconds for it

04:12 - 04:16

to continue loading the installer

04:14 - 04:18

okay the first screen we're greeted with

04:16 - 04:19

is their copyright and distribution

04:18 - 04:21

notice stuff in a nutshell it's telling

04:19 - 04:23

you that pfsense is open source and

04:21 - 04:25

distributed under the apache 2.0 license

04:23 - 04:27

and you can't charge people for the use

04:25 - 04:29

of it and don't pretend that's something

04:27 - 04:30

that you made great we're not worried

04:29 - 04:32

about any of this so hit enter to

04:30 - 04:34

continue all right cool now we're

04:32 - 04:35

actually starting the installation at

04:34 - 04:37

the welcome screen here we have a few

04:35 - 04:39

different options obviously install is

04:37 - 04:40

what we're looking for here but if you

04:39 - 04:42

want to get to the rescue shell or

04:40 - 04:44

restore a configuration from a previous

04:42 - 04:46

pfsense install you could do that here

04:44 - 04:48

too but installation is our objective so

04:46 - 04:49

we'll hit enter here on the keymap

04:48 - 04:51

selection screen you can choose your

04:49 - 04:53

keyboard language layout if you'd like

04:51 - 04:54

or need to use the arrow keys to move

04:53 - 04:56

around till you find your particular key

04:54 - 04:58

map and use the spacebar to select it

04:56 - 05:00

for us since we're in the us we'll leave

04:58 - 05:02

it default and hit continue on to the

05:00 - 05:03

partitioning screen we have a few

05:02 - 05:05

options to choose from here depending on

05:03 - 05:07

your hardware's configuration the first

05:05 - 05:09

option auto zfs guides you through

05:07 - 05:12

setting up the disk and partitioning

05:09 - 05:14

using zfs as the file system format zfs

05:12 - 05:15

is awesome and has tons of features that

05:14 - 05:17

are useful for redundancy and fault

05:15 - 05:20

tolerance if you have multiple disks

05:17 - 05:23

which we don't the next two options auto

05:20 - 05:25

ufs bios and auto ufs uefi pertain to

05:23 - 05:27

how your computer's bios is configured

05:25 - 05:29

to boot your host most modern hardware

05:27 - 05:31

fully supports both boot methods with

05:29 - 05:33

uefi being the modern standard compared

05:31 - 05:35

to bios which is considered the legacy

05:33 - 05:37

boot mode you need to choose the right

05:35 - 05:38

option here depending on how your host's

05:37 - 05:40

hardware is configured

05:38 - 05:43

when in doubt reboot your host pop into

05:40 - 05:44

your bios or system setup menu and have

05:43 - 05:46

a look this host is configured to boot

05:44 - 05:48

into legacy mode so we'll be choosing

05:46 - 05:50

auto ufs bios the last options are

05:48 - 05:52

manual giving you the ability to set up

05:50 - 05:54

your partitions through the installer

05:52 - 05:55

and shell which allows you to drop to a

05:54 - 05:57

shell and issue partition commands

05:55 - 05:58

directly if that's your thing anyway

05:57 - 06:00

select the option you want to use and

05:58 - 06:02

hit enter to continue we'll be asked if

06:00 - 06:04

we want to use the entire disk or

06:02 - 06:06

partition a chunk of space for pfsense

06:04 - 06:09

this is going to be a dedicated pf sense

06:06 - 06:11

box and only a pfsense box and the disk

06:09 - 06:13

inside is just for that purpose so we'll

06:11 - 06:15

be leaving it set to entire disk and hit

06:13 - 06:16

enter obviously doing this will lead to

06:15 - 06:18

the destruction of any data that is

06:16 - 06:20

currently on the target disk so you'll

06:18 - 06:22

get one last chance to back out hit

06:20 - 06:24

enter to move on next we'll need to

06:22 - 06:26

select our partition scheme for install

06:24 - 06:28

the pf sense documentation recommends

06:26 - 06:30

using gpt first and if your hardware has

06:28 - 06:32

issues booting after installing try

06:30 - 06:34

using mbr so we'll be following the

06:32 - 06:36

recommendations and selecting gpt and

06:34 - 06:37

hit enter to continue before the

06:36 - 06:39

installation begins we get a quick look

06:37 - 06:42

at the partitions that will be written

06:39 - 06:44

to disk ada0 is our internal ssd that is

06:42 - 06:45

the target for our install we can see

06:44 - 06:47

all of the partitions and mount points

06:45 - 06:49

that will be committed to disk as part

06:47 - 06:50

of the installation below we can also

06:49 - 06:53

see the partitions on the usb stick

06:50 - 06:55

named da0 nothing will be applied to the

06:53 - 06:57

usb stick so don't worry we'll hit

06:55 - 06:59

finish to move on and we'll be asked one

06:57 - 07:01

more time if we're really really really

06:59 - 07:03

sure about committing these changes to

07:01 - 07:05

disk let's hit enter and get this thing

07:03 - 07:07

moving alright pfsense is installing as

07:05 - 07:08

we speak this is a pretty quick

07:07 - 07:11

installation depending on your target

07:08 - 07:11

disk so let it finish

07:14 - 07:17

one more thing before we reboot we're

07:15 - 07:18

being asked if we want to drop to a

07:17 - 07:20

shell to make any final manual

07:18 - 07:22

modifications no we don't so we'll hit

07:20 - 07:24

enter to continue congratulations your

07:22 - 07:26

installation of pfsense is complete last

07:24 - 07:28

thing to do is to hit reboot pull out

07:26 - 07:31

our usb install disk and let the system

07:28 - 07:33

boot normally let's do it

07:31 - 07:35

first boot takes a bit as the os

07:33 - 07:37

generates a few things moves stuff

07:35 - 07:41

around and gets set up for its first

07:37 - 07:41

time be patient and let it complete

07:41 - 07:45

welcome to the console screen of pfsense

07:44 - 07:47

this is all you'll ever see from the

07:45 - 07:49

console side of pfsense with all of the

07:47 - 07:52

actual configuration and work being done

07:49 - 07:54

on the web ui you can make changes here

07:52 - 07:56

like set up ipaddresses and interfaces

07:54 - 07:58

reset to factory defaults reboot and of

07:56 - 08:00

course drop to a shell what we're

07:58 - 08:02

interested in seeing here are our ip

08:00 - 08:04

addresses our host has two defined

08:02 - 08:05

network interfaces on it one is set up

08:04 - 08:07

to be the wan port or the internet

08:05 - 08:09

facing side of the firewall and the

08:07 - 08:10

other is the lan port being the

08:09 - 08:12

interface that will serve and protect

08:10 - 08:14

your home networking devices within

08:12 - 08:16

by default pfsense will start a dhcp

08:14 - 08:18

server running on the lan side of the

08:16 - 08:20

host if you connect this interface to

08:18 - 08:21

your existing network that already has a

08:20 - 08:24

dhcp server running on it you're going

08:21 - 08:26

to have a bad time pfsense attempts to

08:24 - 08:28

detect which port should be used as your

08:26 - 08:29

ram port on first boot so make sure to

08:28 - 08:32

check and see if your wan ip address

08:29 - 08:33

looks correct to you if not use option

08:32 - 08:36

one to walk through assigning your

08:33 - 08:37

adapters to different roles or swap your

08:36 - 08:39

physical network connections on your

08:37 - 08:41

host our next step is to connect the pc

08:39 - 08:43

with the web browser to the lan

08:41 - 08:45

connection on our new pf sensors and get

08:43 - 08:47

on the web ui on your computer connected

08:45 - 08:49

to the lan side of your new pf sense

08:47 - 08:52

host open a browser and head over to

08:49 - 08:54

https colon forward slash forward slash

08:52 - 08:56

192.168

08:54 - 08:58

the address we saw on the pf sends

08:56 - 09:00

console you should be greeted with the

08:58 - 09:02

pfsense web ui login the default

09:00 - 09:05

credentials here are admin and the

09:02 - 09:06

password is pfsense all lowercase

09:05 - 09:08

once you've logged in you'll immediately

09:06 - 09:10

be directed to the pfsense setup wizard

09:08 - 09:12

this will help us get everything quickly

09:10 - 09:14

configured and you on the internet in no

09:12 - 09:16

time click next to continue netgate

09:14 - 09:18

offers support for purchase for those

09:16 - 09:19

looking for that added peace of mind if

09:18 - 09:20

you're interested in learning more about

09:19 - 09:22

this you can click the learn more button

09:20 - 09:24

we'll click next alright on the general

09:22 - 09:27

information page here you need to give

09:24 - 09:29

your new firewall a hostname you can use

09:27 - 09:31

any name you'd like or you can even

09:29 - 09:33

leave the hostname default spfsense

09:31 - 09:35

we'll be using the hostname the wall

09:33 - 09:37

next step is to provide your internal

09:35 - 09:39

domain name for your home network again

09:37 - 09:40

this can be any name you want but it's

09:39 - 09:42

best not to use a domain name that

09:40 - 09:44

exists on the public internet so don't

09:42 - 09:46

name your internal domain microsoft.com

09:44 - 09:48

we'll be using 2guystek.home as our

09:46 - 09:50

internal domain name below we can

09:48 - 09:51

specify dns servers that we'd like our

09:50 - 09:53

pfsense firewall to use for name

09:51 - 09:55

resolution by default pfsense obtains

09:53 - 09:57

dns server information from the dhcp

09:55 - 09:59

lease received from your isp if you have

09:57 - 10:01

a specific set of public or private dns

09:59 - 10:03

servers you'd like to use to override

10:01 - 10:06

the ones provided by your isp add them

10:03 - 10:08

here we'll be leaving hours default and

10:06 - 10:10

clicking next next step is to set up

10:08 - 10:12

time service on our firewall we'll leave

10:10 - 10:14

the default one here you can enter an

10:12 - 10:15

alternative if you have a preferred one

10:14 - 10:18

in the time zone drop down find your

10:15 - 10:19

local time zone or leave it set to utc

10:18 - 10:21

if you leave the setting on utc then

10:19 - 10:23

you'll need to do some mental conversion

10:21 - 10:26

of utc to your local time zone when

10:23 - 10:28

trying to match timestamps to local time

10:26 - 10:30

we'll be setting ours and moving on hit

10:28 - 10:31

next to continue next step is to further

10:30 - 10:34

set up your wan connection to the

10:31 - 10:35

internet by default we're set to dhcp

10:34 - 10:37

which typically works for most

10:35 - 10:39

everything but you might have a more

10:37 - 10:41

unique wan configuration required if you

10:39 - 10:43

do you already likely know what the

10:41 - 10:45

settings are that you need to provide

10:43 - 10:46

here we're on dhcp so we'll scroll down

10:45 - 10:48

and hit next

10:46 - 10:50

next page allows you to change your lan

10:48 - 10:52

ip address and range if the defaults

10:50 - 10:53

aren't acceptable remember that a change

10:52 - 10:55

here will disconnect you from the

10:53 - 10:57

firewall once the changes have been made

10:55 - 10:59

and you'll need to reconnect at that new

10:57 - 11:00

address we're fine with the defaults

10:59 - 11:02

here so we'll hit next

11:00 - 11:03

now we need to change the default

11:02 - 11:05

administrator password since it's not

11:03 - 11:07

secure and everyone in the world knows

11:05 - 11:09

it enter your new password for the admin

11:07 - 11:11

account and click next

11:09 - 11:13

next step is to reload pfsense with the

11:11 - 11:14

new configurations we've made here again

11:13 - 11:16

if you've changed your lan ip address

11:14 - 11:18

you'll need to connect back at that new

11:16 - 11:20

ip address now we'll wait for the reload

11:18 - 11:22

to take effect and boom

11:20 - 11:25

we're done congratulations on getting

11:22 - 11:27

pfsense configured and ready as a basic

11:25 - 11:29

firewall let's hit finish and do a quick

11:27 - 11:30

walkthrough around the ui

11:29 - 11:32

once again we're greeted with the same

11:30 - 11:34

copyright and trademark notices page

11:32 - 11:35

that we accepted during the install just

11:34 - 11:37

click accept at the bottom and if you

11:35 - 11:39

feel like taking the survey you can

11:37 - 11:41

we'll hit close welcome to the dashboard

11:39 - 11:42

of your pf sense host at the top of the

11:41 - 11:44

screen you have a menu system where you

11:42 - 11:45

can move through the different sections

11:44 - 11:47

that are grouped based on the settings

11:45 - 11:49

they contain under system you'll find

11:47 - 11:51

settings directly related to the os and

11:49 - 11:53

pf sense itself here you can check for

11:51 - 11:54

updates install packages that will add

11:53 - 11:56

functionality and features to your

11:54 - 11:58

psense host and more under the

11:56 - 12:00

interfaces section you can modify your

11:58 - 12:02

existing interface connections as well

12:00 - 12:04

as add more interfaces both physical and

12:02 - 12:05

virtual as needed under the firewall

12:04 - 12:08

section is where you'll create firewall

12:05 - 12:10

rules make changes to your nat rules

12:08 - 12:12

create port through rules and more under

12:10 - 12:13

the services section you'll find

12:12 - 12:15

additional services that are running on

12:13 - 12:19

your pfsense host these include things

12:15 - 12:21

like dhcp services ntp snmp dns

12:19 - 12:23

forwarding services and more the vpn

12:21 - 12:25

section is where you'd configure any vpn

12:23 - 12:27

services for your pfsense box this

12:25 - 12:29

includes functionality like being a vpn

12:27 - 12:31

endpoint for clients or configuring

12:29 - 12:34

site-to-site vpn by default pfsense

12:31 - 12:35

includes ipsec l2tp and openvpn

12:34 - 12:37

functionality out of the box with

12:35 - 12:39

wireguard being installable via package

12:37 - 12:41

using the package manager under the

12:39 - 12:43

systems menu the status section provides

12:41 - 12:44

you access to the status of various

12:43 - 12:46

services running on pfsense under

12:44 - 12:48

diagnostics you can find tools for

12:46 - 12:50

troubleshooting like ping trace route

12:48 - 12:52

packet capture current firewall states

12:50 - 12:54

and more and that leaves us last with

12:52 - 12:56

the help section which contains helpful

12:54 - 12:58

links to community forums documentation

12:56 - 13:00

paid support and more one last thing of

12:58 - 13:01

note the dashboard is completely

13:00 - 13:04

customizable using the available widgets

13:01 - 13:05

to make it your own for example we can

13:04 - 13:07

add a real-time graph of our network

13:05 - 13:09

interfaces drag the widget around where

13:07 - 13:11

we'd like them to be

13:09 - 13:13

remove unwanted widgets and more just

13:11 - 13:14

remember to click the save icon at the

13:13 - 13:16

top when you're done to keep your

13:14 - 13:18

dashboard there is so much more to pf

13:16 - 13:20

sense than just a basic natting firewall

13:18 - 13:21

we highly recommend looking through the

13:20 - 13:23

available packages to install joining

13:21 - 13:25

the community forums and looking at more

13:23 - 13:27

videos online so you can learn how to

13:25 - 13:29

extend the functionality even further

13:27 - 13:30

tell us what you think of this video we

13:29 - 13:32

would love to hear from you would you

13:30 - 13:34

like to see more how to's let us know in

13:32 - 13:36

those comments below if this is the

13:34 - 13:38

first time we've seen us subscribe do it

13:36 - 13:41

now we're on twitter and instagram so go

13:38 - 13:42

follow us and be all social and finally

13:41 - 13:44

we have a discord that we would love to

13:42 - 13:46

have you join talk about the videos we

13:44 - 13:48

make home lab and more it's a great

13:46 - 13:49

community and we'd love to have you

13:48 - 13:52

thank you for watching we will see you

13:49 - 13:52

again soon

13:53 - 14:09

[Music]

14:07 - 14:09

you

Setting Up pfSense: A Comprehensive Guide

In this article, we will delve into the world of pfSense, a robust firewall system used by many to safeguard their virtual servers and PCs. From understanding the basics to setting up pfSense, we will walk you through the entire process step by step.

Introduction

pfSense, crafted on FreeBSD and maintained by Netgate, comes in both software and hardware forms. We will focus on the community edition, which is free yet powerful. By integrating enterprise-grade firewall features and boasting a supportive community, pfSense stands out as an open-source firewall solution.

Network Setup

To kickstart the setup, envision pfSense as the guardian sitting at the edge of your network, shielding your devices from external threats. Connecting pfSense between your ISP and home network is crucial. This establishes a secure perimeter, ensuring both incoming and outgoing traffic are monitored effectively.

Hardware Requirements

Choosing the right hardware is pivotal for pfSense to operate smoothly. A 500 MHz 64-bit CPU, 512 MB of RAM, and 1 GB of storage are the minimum requisites. Furthermore, having at least two network interfaces is advisable – one for ISP connection and the other for internal networking.

Installation Process

To initiate the installation, head over to the pfSense website for the setup image. Burn the image to a USB stick using tools like Etcher. Boot your system from the USB stick, and follow the installation prompts carefully. Once the setup is complete, reboot your system and access the pfSense console.

Configuration via Web UI

With the initial setup done, it's time to configure pfSense through the user-friendly web interface. Set up your hostname, domain name, DNS servers, time zone, WAN connection, LAN settings, and administrator password. After reloading the configurations, you'll have pfSense up and running as a basic firewall.

Dashboard Navigation

Explore the various sections within the pfSense dashboard to customize settings, modify interfaces, configure firewall rules, set up VPN services, and delve into diagnostics and help resources. The dashboard is fully customizable, allowing you to tailor it to your preferences.

Conclusion

Congratulations on successfully configuring pfSense! This article provided a detailed walkthrough of setting up pfSense, from understanding the basics to navigating the web UI. Remember, there is a vast array of functionalities within pfSense that you can explore further by installing packages and engaging with the community.

In conclusion, mastering pfSense can elevate your network security to new heights. With its robust features and the ability to extend functionality through plugins, pfSense is a powerful tool in ensuring your network's safety. Dive in, explore, and unleash the full potential of pfSense!

If you have any questions or need further assistance with pfSense, feel free to reach out. Stay tuned for more informative content to level up your network security game!