This guide will introduce you to pfSense® software. You will grasp what pfSense® software is, its major features, and its benefits. You will also see examples of pfSense® software installation on a VirtualBox virtual environment, as well as various additional setups. Let's get started.
pfSense® software is a FreeBSD-based operating system designed to install and configure a firewall that can be easily configured via the web interface and installed on any PC.
With all of the enterprise-grade features and security that pfSense® software offers, it's hard to believe that it's a free and open-source solution.
In their own words:
pfSense® software is a free, open-source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.
In addition to being a powerful and flexible firewall and router platform, it has a long list of features and a package system, which is quite advantageous. This package system not only gives the operating system the flexibility to expand but also prevents security holes in distribution.
pfSense® software is used by organizations all over the globe to deliver trustworthy, full-featured firewall security in the cloud.
Figure 1. Sample pfSense® software Dashboard
Chris Buechler and Scott Ullrich founded the pfSense® software project in 2004 as a branch of the m0n0wall project, and the first version was in 2006. The name comes from short usage of PF packet-filtering (pf)
Electric Sheep Fencing, LLC owns the federally registered brand pfSense® software.
Figure 2. Most commonly compared to pfSense® software
The pfSense® software project is a free network firewall distribution based on the FreeBSD operating system with a modified kernel and third-party free software packages for extra capabilities. With the aid of the package system, pfSense® software may deliver the same or more capability as conventional commercial firewalls, without any artificial limits. It has effectively replaced every major commercial firewall on the market, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and others, in countless installations across the world.
pfSense® software is primarily used as a router and firewall software and is frequently set up as a DHCP server, DNS server, WiFi access point, and VPN server, all on the same physical device. pfSense® software also enables the installation of third-party open-source programs like Snort or Squid via a built-in Package Manager, making it the preferred option of many network administrators.
Popular usage areas can be listed below.
pfSense® software can function as both a LAN and a WAN router. As you may be aware, a LAN is essentially a collection of computers and other devices that share a common communication line or wireless link to a server. A LAN is often made up of devices that are linked together within a confined space, such as an office or a business enterprise. A WAN is a private telecommunications network that connects numerous LANs geographically. A WAN, for example, may connect numerous branch offices within a business. A router connects a local area network (LAN) to a wide area network (WAN).
pfSense® software can function as a wifi hotspot. The pfSense® software appliance is far more useful and customizable than conventional SOHO security equipment. It is also a little more difficult to set up. pfSense® software has several wonderful capabilities, such as the ability to host a guest Wi-Fi network outside of the main firewall, even utilizing a separate public IP to NAT behind.
A VPN is used to increase the security and privacy of private and public networks such as Wi-Fi hotspots and the internet. VPNs are most commonly used by businesses to safeguard sensitive data. The pfSense® software, which is deployed as a separate Virtual Private Network appliance, offers VPN capabilities without interfering with the current firewall infrastructure and supports several VPN protocols.
A perimeter firewall is the most frequent use for pfSense® software. pfSense® software can support networks with multiple Internet connections, LAN networks, and DMZ networks.
pfSense® software can function as a DNS or DHCP server. DHCP is a network communications protocol used by system administrators to centrally control and manage the network configuration of devices connected to an IP network. It eliminates the need to manually set IP addresses and allocates an IP address to a device even when it is moved to a new place. DHCP is compatible with both IPv4 and IPv6, the Internet Protocol versions. The use of DHCP and domain name resolution entirely on the firewall simplifies configuring network traffic exactly the way you need it
Squid is a full-featured web proxy cache server application that provides proxy and cache services for HTTP, File Transfer Protocol (FTP), and other common network protocols.
The Squid proxy cache server is an outstanding proxy and caching server solution that extends from branch office to corporate-level networks while offering comprehensive, granular access control mechanisms and monitoring of important parameters through the Simple Network Management Protocol (SNMP). You can integrate the Squid Proxy into pfSense® software and you can use it as Proxy Server.
Because pfSense® software supports multiple WAN connections, it can load balance or failover traffic from a LAN to several internet connections. Load balancing distributes traffic from the LAN across the available WANs on a connection-based, round-robin basis. With redundancy, traffic is routed to the highest-priority WAN until it fails. The next one is then utilized. pfSense® software monitors each WAN connection using either the gateway IP address or an alternative monitor IP address, and if the monitor fails, the WAN is disabled. This also decreases user latency. Load balancing can be accomplished by the use of hardware, software, or a combination of the two.
pfSense® software may also be used to forward ports or perform network address translation (NAT). The process through which a network device, often a firewall, provides a public address to a computer or group of computers within a private network is known as NAT. The primary function of NAT is to restrict the number of public IP addresses that an organization or corporation must utilize for economic and security reasons. NAT improves security while reducing the number of IP addresses required by an enterprise. NAT gateways are devices that lie between two networks: the internal network and the external network. Inside network systems are generally allocated IP addresses that cannot be forwarded to external networks.
Apart from the fact that the pfSense® software firewall is entirely free to use and customize, there are several more reasons why you should use it, whether you wish to personalize it or just have a trustworthy and dependable firewall.
The pfSense® software firewall allows you to add and integrate extra features as code, and it is adaptable enough to function as both a basic firewall and a comprehensive security system.
You can integrate (IPS/IDS) to detect hackers attempting to gain access to your network, as well as mass list blocking, which involves introducing a database of known malicious software sites, malicious IP addresses, and hacker sites in case you accidentally stumble upon one.
Open-source software isn't only free to use, but it's software with its full source code available for the public to investigate and alter without fear of copyright.
pfSense® software is a collaborative public project in which anybody skilled may contribute to the program's improvement and have their work verified for quality and authenticity by others.
Firewall software is usually a bit complex for beginners. However, pfSense® software offers a user-friendly system that is easy to manage with its uncomplicated interface, apart from other firewalls.
The strength of your firewall is determined not just by the rules you set for it, but also by how precisely it follows them, such as being able to recognize data flows that fit your criteria for what is harmful.
pfSense® software includes a wealth of features and advanced capabilities that guarantee it always adheres to either default or custom rules. It also distinguishes between traffic originating from your internal network of devices and traffic coming from the open internet, allowing you to define distinct rules and policies for each.
Figure 3. pfSense® software support page
pfSense® software publishes security and feature updates regularly. You never have the impression that you are using outdated software.
pfSense® software has its documentation site, which is large, searchable, and updated regularly. Everything from how-tos to technical documentation is available.
The pfSense® software support forum is robust, well-informed, and responsive. You may get answers to nearly any question here, as well as help troubleshooting or developing features.
There are also paid support options.
- pfSense® software is a powerful firewall with so many useful features. This enables you to have a single device that performs all of the operations required at the network's edge.
- pfSense® software also offers high availability, which implies that multiple devices may be grouped.
- One of the most major advantages is that pfSense® software is completely free. The software is available for free download from the website. Although virtualization is supported, you will need to invest money in the hardware on which you will install the software. However, when all factors are taken into account, it is more cost-effective than alternative options.
- pfSense® software can be deployed on any hardware, making it extremely flexible and scalable.
- pfSense® software is also quite adaptable. It is supported by a strong and committed community. They have created and provided a large number of helpful add-ons to the pfSense® software platform. The majority of these add-ons are also entirely free.
pfSense® software can be used on virtual or physical servers and is very easy to install and configure. After the first installation, almost all configurations are made through a user-friendly web interface. Since it is Open Source, you can find a lot of documents, videos, and even forums on the internet.
- Download and install the most recent Oracle VirtualBox software.
- You can get the pfSense® software image here.
When downloading, be sure to choose DVD Image (ISO) Installer and the closest mirror to you.
I'll install pfSense® software in Ubuntu using VirtualBox. However, the methods outlined here are identical to those outlined for other operating systems, such as MAC or Windows, with the exception that you will need to download and install the relevant Virtualbox software packages.
- Setup the pfSense® software VM in VirtualBox.
- Configure the pfSense® software Memory.
- Setup the hard disk.
- Set up the Network.
- Attach the pfSense® software ISO image.
- Start the pfSense® software VM instance.
- Initiate the pfSense® software installation.
- Detach the pfSense® software disk image.
- Validate the configuration.
- Access the pfSense® software web GUI in VirtualBox.
- Finish the initial setup wizard.
- Test the connectivity with the end-user machine.
- Verify the DHCP lease.
To build a new virtual machine, launch the VirtualBox program and select
Figure 4. Creating a new virtual machine on Virtual Box
A new window will be opened. You will need to give the VM a name, such as pfSense-fw. Also, choose where you want the pfSense® software virtual hard drive files saved.
Figure 5. Naming virtual machine for pfSense® software on Virtual Box
Make sure to pick BSD as the type and FreeBSD (64bit) as the version in the Type field.
Figure 6. Setting memory size for pfSense® software VM
You must provide the RAM for the pfSense virtual machine here; I am providing 2 GB.
The 1GB might suffice as well. After you've defined the RAM, click Next.
Figure 7. Creating hard disk for pfSense® software VM
Next, let's set up the VM's Hard Disk. Select Create a virtual hard disk now and click Create.
You can continue with the recommended size (16 GB) or you can allocate more space.
Figure 8. Setting harddisk file type for pfSense® software vm on Virtual Box
By default, VirtualBox should select VDI as the hard drive. You may still select VDI, but if you want to use this VM hard disk on other hypervisors such as VMware workstations in the future, choose VMDK and click Next.
Figure 9. Storage on physical hard disk for pfSense® software VM
Select Dynamically allocated under Storage on Physical Hard Disk.
Figure 10. Setting harddisk size for pfSense® software vm on Virtual Box
You must now specify the hard drive storage capacity; I chose 16 GB as the storage size; you may pick the same or a different amount based on your needs, and then click Create.
Before you begin the VM, you must set up the pfSense® software Network adapter in VirtualBox to be used by the pfSense® software VM.
The pfSense® software firewall has two interfaces: one that connects to the internet and one that connects to internal users. As a result, while implementing pfSense® software, you must utilize two NICs (network interface cards).
Because we would need two interfaces, one for the WAN and one for the LAN. Click on Settings after selecting the pfSense® software VM.
Figure 11. Setting Networks for pfSense® software vm on Virtual Box
If you select the NAT interface, the VirtualBox NAT engine launches in a new tab. has to convert the WAN IP address to the IP address of the host computer, which adds extra overhead to the packet
In addition, if you select the Bridge interface, it will function as a switch between the local network and the Virtualbox bridge interface.
Because your local router serves as a DHCP server, it receives an IP address from the DHCP server as well. The pfSense® software can connect to the internet using that IP address.
Select the first device as the WAN interface, Bridge Adapter.
A second adapter named VirtualBox Internal Network, which will serve as a LAN adapter.
Figure 12. Setting Networks for pfSense® software vm on Virtual Box
The internal Network, as the name implies, creates an internal network in which only the VMs that are part of the network may communicate with each other, and it separates from the Host computer.
So, in short, the only method for the host computer or anyone on the local network to communicate with the LAN side of the pfSense® software is through the pfSense® software WAN interface.
Add the ISO image that we obtained previously while we're in the settings.
- Select Storage.
- Select Empty Disk file from the storage devices menu.
Figure 13. Storage Settings for pfSense® software vm on Virtual Box
- To attach the ISO file that we had downloaded, click on the Disk icon and then on Choose a disk file.
- And then click OK.
Figure 14. Choose a virtual optical disk file for pfSense® software vm on Virtual Box
Figure 15. A virtual optical disk file was loaded for pfSense® software vm on Virtual Box
The necessary configuration is now complete; let us proceed to start the VM by choosing it and clicking on Start.
Figure 16. Start pfSense® software vm on Virtual Box
Figure 17. Locate iso file for pfSense® software vm on Virtual Box
When the VM instance boots up, it will prompt you to select an ISO bootable image, and because we have previously attached the pfSense® software ISO image to the VirtualBox, it will prompt you to select an image.
Choose the pfSense® software image from the list and press the start button.
After a few seconds, you will be prompted with a pfSense® software installer prompt; select Accept to continue the installation.
Figure 18. Copyrigt and distribution notice for pfSense® software vm on Virtual Box
To begin the installation, select install pfSense® software then click OK
Figure 19. Install pfSense® software vm on Virtual Box
Using the Keymap Select the default option or one based on your language choose.
Figure 20. Keymap Selection for pfSense® software vm on Virtual Box
Auto (UFS) BIOS and click on OK.
Figure 21. Partitioning Selection for pfSense® software vm on Virtual Box
Figure 22. pfSense® software installer is running on Virtual Box
The installation will now begin automatically and will be completed in a matter of seconds. When finished, it will ask you whether you wish to enter the shell to make more changes or not. Click No.
Figure 23. Manual Configuration for pfSense® VM on Virtual Box
You will eventually be prompted to reboot pfSense® software; but, before you do so, you must remove the ISO image that we added previously.
Figure 24. Eject image file for pfSense® VM on Virtual Box
After ejecting image file you can reboot your virtual pfSense® software
Figure 25. Reboot pfSense® VM on Virtual Box
Figure 26. After Reboot pfSense® VM on Virtual Box
The pfSense® software firewall would obtain an IP address from the local internet router after being restarted.
As you can see, the IP address 192.168.1.28 was obtained from my wifi network. However, the second issue is that both the WAN and the LAN are on the same network; we will alter that today.
Type 2 to change the LAN side's IP address.
Figure 27. LAN Settings for pfSense® VM on Virtual Box
After selecting option 2, you will be prompted to select the interface for which the IP address has to be updated. Press 2 once again, as the LAN side indicates 2.
Figure 28. LAN Settings for pfSense® VM on Virtual Box
Enter the IP address that will serve as the default gateway for LAN users; I used 10.1.1.1, but you may use any network you like.
After that, input the subnet mask and press enter when finished.
Figure 29. LAN Settings for pfSense® VM on Virtual Box
Because we are not setting IPv6, select no.
We also need to configure the DHCP address for the LAN side; for the question, hit ‘y'. Enter the start and end of the DHCP address and press enter.
You will also be asked if you want to alter the web gui protocol, to which you should reply no.
Figure 30. WAN Settings for pfSense® VM on Virtual Box
After you've finished configuring everything, you'll get the WAN address from your local network as well as the LAN address you specified a minute ago, which is 10.1.1.1/24.
Figure 31. Ping google pfSense® VM on Virtual Box
Essentially, we have successfully configured pfSense® software on VirtualBox. One advantage of pfSense® software is that it is relatively simple to set up, and you don't need to specify any rules or Nat in order to connect to the internet. It will take it automatically after the WAN and LAN IP addresses are set.
Let's try pinging the internet IP address by pressing 7, and as you can see, I can access it just fine.
You will need to use the Web GUI after installing pfSense® software for any further adjustments.
So, how can we use VirtualBox to access the pfSense® software web GUI?
We have previously configured the Win10 operating system on the VirtualBox, and I will access the pfSense® software web GUI using the same virtual machine.
Right-click the Win10 OS and choose Settings.
The Network is configured with NAT by default; you must modify this to the internal network to which we have linked the pfSense® software LAN adapter.
Figure 32 internal network setting to reach pfSense® VM on Virtual Box
This connects the pfSense® software LAN and the VirtualBox VM to the same network.
Figure 33 Connect from another VM to pfSense® VM on Virtual Box
Open your available internet browser and navigate to the pfSense® software web GUI by entering
https://10.1.1.1 into the address bar.
You can disregard the security warning and proceed to the login screen.
Enter admin as the username and pfSense® software as the password, and then click Sign in.
Figure 34 Welcome to pfSense® VM on Virtual Box
The initial setup wizard page will appear, with the default settings remaining unchanged. Only in step 6, when configuring the admin password, may you enter your own password.
Although in this tutorial we left the default settings in the setup wizard, you are free to alter them if necessary.
At the end of the process, you will get a notification stating that pfSense® software was successfully installed.
On the screen, press the Finish button.
Figure 35. pfSense® software wizard completed
To test the connection, we will use Win10 OS hosts that I've already put on VirtualBox.
I modified the Win10 settings to be part of the VirtualBox internal network established on the pfSense® software LAN side,
Examine the IP setup.
As you can see, I received the first IP address from the pfSense® software DHCP server and can ping the public IP address.
Figure 36 Make some internet traffic on windows machine
Figure 37 ipconfig
Didn't the IP address be assigned automatically when we set up the VMs?
On the LAN side of the firewall, pfSense® software allocated that; the same can be confirmed using the DHCP lease on the pfSense® software firewall by clicking on the status > DHCP leases; as you can see, I have one IP that I obtained from the DHCP server.
Figure 38 DHCP Leases on pfSense® software
- No licensing fees
- Free upgrades
- Simple but effective design
- Lowered cost for redundancy
- Open-source (Linux software)
- Hardware agnostic
- Easy Installation
- Limited free support
- Little brand recognition
- Limited safetynet
- No updated schedule