How To Install And Setup pfSense Firewall On VMware Workstation Pro - InfoSec Pat 2024

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey what's up everyone welcome back to another video have you ever thought about creating your own lab firewall you're going to be able to do that today what I want to show you guys how to do is set up pfSense so we're going to do it in VMware but you can also get a little computer like I have right here I have a polywell computer that is my firewall on my test Network which I disassembled just for this video so this is it right here this is a little poly poly wall I don't know if you can see the ports so I have my Wan port and my landan port over here and this is my pfSense firewall in my I guess my lab production Network so yes so we're going to be setting this up from Soup To Nuts getting it installed getting it configured and being able to talk on this network and then in further videos we'll get into deeper detail with vpns maybe some V lens and all that stuff but again this is all in my virtual environment if you want to guys if you guys want to set it up up on a server you know do as you will but in this video today we're going to be doing this in VMware and yeah if you have any questions leave it in the comments and let's get started all right folks so now we are on the desktop so now the first thing that we have to do is download the pfSense ISO so you can just go right out to Google and just pfSense download and you can download the pfSense Community Edition right so you can see the latest stable community Edition is 2.7.2 the architecture you can do is AMD 64-bit and the installer if you want to use a USB but in my case I downloaded the ISO file so once you download it you should get it in your downloads so what I want to do really quick now is I have a Windows 11 machine here and I do have a pfSense in my lab in this lab I have a few pfSense because I really enjoy it and I use open sense too but now what we're going to do is come up here and do control I mean new new virtual machine and typical right now just do typical and this is my download from my ISO file for the PF sense so we can go ahead and click next and we can name this uh PF sense uh fw2 because I think I have an FW already over here okay and I want to throw it right where right where it's at and I want to do for an example 40 gigs let's do do 50 gigs just to keep it special right and I want to go ahead and make some modifications right so for the memory I can put 8 gigs processor I want to go ahead and put two processors in my case Okay Nat Network so in any firewall you have two interfaces right one that goes into your uh router or your modem or whatever so you can get out to the internet then you have the land interface which is going to Traverse traffic between your land segment right and you know in in your case maybe you have 19216811 for your home router so if you plug in a new computer or you connect your TV you're going to get an IP address from that segment and then you have from your ISP from whatever Comcast Xfinity FiOS whatever they're going to give you an IP address that you can get on get online get on the internet so we have to do that same thing here so we have to have a lan interface and then we have have a when interface so I want to go ahead and see what IP address I want to go ahead and set this up with but before we do that we need to add another Nick so our Nat is going to be getting out to the interwebs right so let's go ahead and add another adapter and this adapter we're not going to have Nat because we can't have n twice we're going to go ahead and do specified Network virtual Network and this one is going to be number one okay so I want to show you guys I'm just looking over here to check that out so we're going to go ahead and hit I'm not going to power it on yet I want to show you guys something before we go any further so here we can go to edit if you're using VMware if you're using virtual box just look at your virtual editor your virtual Network editor okay so once this is up we can see that there's a natat network on 192.168 00 that's what's going to get me out to the internet and host only right so vnet one is going to be My Lan segment I just have that written down over here so I don't forget documentation is key right all right cool deal so now we have our land segment and our land segment perfect so now we can hit okay here and let's power this bad boy up and once we Power It Up we can hit or whatever let it do its thing it was too fast all right so we'll let that cook and let's make this full screen it's not going to make it any bigger maybe I can try to zoom it in as you guys know I'm not the best editor I just go with the float all right so we can hit accept here and we're going to install the first one install pfSense hit okay and what we want to use here is guided UF U ufs disc setup right so go ahead and there and we're going to do the entire disc okay and then let's go ahead let's see what is that uh partition I want to do GPT okay head finished commit and let it do its thing now this is going to go ahead and install the pfSense operating system on this VM then once this thing is up and running then we can go to our you know whatever IP address it gives us we can go onto our Windows 11 machine which is a client this is equivalent to like plugging your Lan interface to your laptop and configuring a router or a file wall or whatever same kind of concept but this is all in the virtual world and so let's go ahead and just reboot we're going to go ahead and uh give that a reboot and once it's up and completed it shouldn't take very very long to install pfSense it literally takes you can see a couple minutes and once your pfSense is up and running it'll give you your IP address and we're going to make some modifications I have some notes here that we're going to do in this video I don't want the video to be too long but hopefully we can get to as many things as possible so let me see let me get out of here for a second and what I have on here we're going to install some packages in here we're going to change the the the IP address for the land segment because by default a pfSense gives you 192.168.1.1 right obviously we're not on that same network right so same concept like if you got a brand new router in or firewall or whatever and you have a current firewall say for example you're at 1010101 right for your land segment the the local area network and then now you get your new PF sense box it's going to be 192.168.1.1 so anything that sits inside of your network is not going to be able to communicate right as you see here ah man I want to really try to uh you know what this is what I want to do just in case I'll try to zoom it in but I want to try to cheat because I'm not the best editor but I can do this I can take a snippet of that make this bigger and here we go think about this as your Zoom wh I didn't mean to do that but you can see here right 192.168.1.1 and then the W is the Ned Network right remember that from the beginning so hopefully that makes sense so now that's at 192.168.1 100.2 let's come here and see if we can get to that box see if we can ping it all right let's see if we can pain this oh come on let's try this again whoops all right what I want to do here on my windows 11 machine in my lab I want to do an IP config okay so we are 192.168.1 100.2 okay perfect so now what I want to do is what was the IP address I totally forgot already 22 221 let's see if we can ping 192 1681 100221 was it 221 I think that was it but it's not pinging maybe because icmp but that's fine what we're going to do is we're going to make some changes right we're going to we're going to change the IP address to something that it sits in our Network right so remember we're at one uh that 99 right so what we have to do is set interface so that's going to be number two right is that yeah number two enter and then we're going to deal with the land interface which is number two in this case and ipv land via dhtp no we don't want to do DHCP we want to have it manual so my IP address is going to be whoops one I oh shoot 192.168.1 100 no this is. 99 sorry 99.00 okay hit enter we're going to do 24 bits right so we're going to do 24 and for a land interface that's fine hit enter uh no I don't want to hit anything with IPv6 uh do you want to enable yes I want to be able to have DHCP so what we're going to do now is set up the DHCP scope on that interface so my windows 11 machine can get an IP address from that Network because right now it's not getting anything so we're going to make it 192.168 99150 okay that's where it's going to start and where it ends is going to be 192.168 99200 okay that should be fine uh no not right now nope all right so now it's going to go ahead and let's go ahead and hit enter and now we're at 100 right so now let's come back to here let's see if I can uh what's going on here all right so what I want to do is do an IP config if I can spell release so we're going to release the IP address and then we're going to renew and it should pull a dhtp server from our PF sense box so let's give that a a second let's see if it a it's able to pull it and we should be y right here okay so now what we're going to do is try to paying 192 168 that what is it 99.00 and we're able to get get there okay perfect so now let's go ahead and open up a page and go to 192.168 99.00 okay now we can hit we can see here it's a self-signed certificate there's no certificate and now we have a login by default is admin and then it's pfSense okay and voila we now we have pfSense up and running but we're not done yet right so let's go ahead and click on next and go ahead and click next we have nine steps and we can put pfSense D infos p-f firewall 2 okay because this is be my second and then my domain can be infos SEC Pat do. home that's fine for me and my primary DM DNS can be 8.8.8.8 that's fine with me and override DNS no we don't want that at least in my case I don't okay that should be fine so time zone for me I'm in America so let's go back up to America and then New York New York all right there we go all right so for the W if you're on a in the lab you're probably going to use dhtp in the real world you might statically assign this and get an IP address from your ISP right and whatever they give you you go ahead and do obviously General configuration if you have a MAC address you know you can do your Mac address mtus Etc but we're going to leave all that blank right now and like I said if we put static address you can put your IP address your subnet mask and your Upstream Gateway for your ISP and you should be golden right and then if you have a DHCP host name you can go ahead and put that there PP o ppoe I remember when I had AT&T di not dialog uh DSL we had to configure this if you remember those old days but we're not in the old days we're in the new school days all right so we just keep coming down pptp everything is so this is interesting so if you want to have your RFC 1918 networks blocked you can leave this on but I don't want that because in the past I remember when I set up when I first set it up on this little box I had that enabled because I don't know I guess I was just in a rush and some things just didn't route didn't work right so I would just uncheck it right that's just my preference you can Tinker with it but uncheck it so my Lan IP interface yep that can be 99.00 and I'm able to get to that because we changed that by uh by going through the CLI okay subnet mask is 24 bits let's go ahead and hit okay my fancy admin password I want to go ahead and give my fancy pancy password okay and then go ahead and click on reload let this do its thing there's a few security things that we're going to change and and I want to convey that in a second we can go ahead and hit finished and we should get bring into the dashboard okay cool cool all right so let me just try to zoom this out a little bit that should be good uh I guess I'll just leave it zoomed in so we can X out of here we don't need that so we have two interfaces the first thing I like to do in my PF sense is go to system go to General setup and in here there's a few things that I like to do dashboard columns I have a widecreen monitor so two is I can bump that up to three right that's the first thing that I like to do you can keep it if you have a more narrow Arrow screen you can do whatever you will so and then you can change your login screen but I think that's it for now let's go ahead and save that so now when we save that whenever it saves there we go now we can come back to the home screen and we have three screens now or three columns right so let's for example bring this dis over here and what we have here we can save this now we have three columns right my big head's in the way but you get the gist all right so the first thing we can do is let's go ahead and add a few things so we can add a few things to our dashboard in order for us to manage I like to do firewall logs that's that's something I like to do let's add another one we can get the gateways that's something I can just put over here and I'll put this over here and I'll do Gateway I like I don't know I'm a little weird so this is how I like to have have mine all right so let's see what else I like to add I want to do the install packages let's just save this so I don't forget and installed packages where's the installed packages installed packages and I like to keep that here and we'll install a few packages in this video and let's see what else do we like to do there's a status I like to do status where's my status uh status here we go and we can see the status of the services everything is green everything is good to go bang bang all right so we have the general setup configured right so now what we can do is go to system let's go to Advanced there's a few things that we need to I like to do in here right so TCP Port this is to enter when you configuring the web configur configurator so you can change that as well and let's see what else do I like to do in here I like to enable SSH so we can talk to that uh let's see what else all right so for my TCP Port I want to customize this you can customize so right now if you're in a network if I know that Network's IP address scheme whatever in this case2 168 that 99 if I do an IP config for an example and if I see the Gateway right like I can say okay I'm getting 1921 16899 100 I can just go to that IP address and you know if it's default what we're going to change our default stuff and we're going to add a new user so I'm going to use for an example 11443 right I do that I don't know that's just I'm weird all right so 11 1443 and let's hit save here and once this is saved we can come up here we'll give this a second and then it's going to redirect us to 11443 in a second once in 20 seconds hopefully it's sooner than 20 seconds and bum bum bum bum let's see come on you can do it let's go there we go so now up here in the in the uh login we just have to make sure we remember 11443 which I will because that's what I use I use 1044 443 11443 and the reason why I'm doing 11 443 is because the other one was 10443 okay so let's see anything else disable redirect rule I'm not going to do that right now all right so I think we should be golden here all right so that's all saved right so the interfaces we only have two interfaces right we have the W interface which going out to em0 and then VLAN uh landan one all right so Wireless we don't have any Wireless in here VLS you can do VLS all right so inside the firewall let's go to rules really quick the landan rules we can see that this is going to allow it the anti-lockout rule it's literally what it means anti-lockout right so you can check out this you can see the the port is you know 11443 and you can see the rule right here right so we can see file nting F uh file wall and that and you can go through here as well and Tinker with it I'm not going to go too crazy today I just want to get this set up and a few things running right so I want to add a package so installed packages none so available package what I want to do is install a few I want to do ARP or ar ping this you know obviously if for art package on your network we can install this confirm and hopefully that'll do it really quick there we go now we should have that one okay the next one I want to do is uh it's I perf so this is a a tool to for testing the Network's throughput loss and Jitter I like this because it gives me a little more insight of the network and let's see once this is done cooking we can come back here there is another one if you want to use dark start a dark dark stat you can use that HR proxy obviously for high avilability and there's a whole bunch of stuff that you can just tinkle with the whole bunch and whatever you want to do you can you can tinle with all right so now we can see the status we can see the interfaces we can do monitoring we can have a little monitor but obviously we don't have nothing going on yet but now what we can do is come here and let's do CLS and now let's do SSH to uh all right before we do that let's go ahead and create a new user right because if we do the default we can do admin and if they have a password spraying list you know then you're going to be screwed so user manager we have one one admin user one one username named admin so I want to go ahead and just put infosat and then put my fancy password hopefully no one can see that and hack it which I just going to put Patrick uh admins yes I want to move him to the admins group and that should be good okay perfect now we have infos Pat now I want to go ahead and see we we enabled the U SSH so this gives us this little message we can hit okay Mark as red and let's go ahead and log out and log in as infos Pat infos SEC Pat and boom and what you can do now once we're in here this is what I do I'm just showing you guys what I do we can do action and disable this right this user cannot log in so I'm want to disable this because I don't need the admin set up right so let's go ahead and disable that and that gives one less attack surface for an attacker right so at least for for my sake all right so now we're going to go ahead and SSH and then we'll go through all this this information in a second so let me go SSH to infosat at uh what is it 19268 do uh 100 no 99.00 I think okay uh info uh SSH right this is correct let me see something did I screw something up U we can see what's going on there but I'll look at that later let's code back to system system Advanced let's see enable SSH okay let me just uh should be good all right for for now I just want to try to I want to enable this guy just to see something all right we're and now let me go ahead and see because we're able to get out to the internet because we I can spell okay SSH [Music] to PF sense okay granting access okay we should do that that's fine enabling it admin yeah so admin okay so let me try to do this again uh let let's go ahead and put admin SSH all right let me see something SSH Das uh yeah so it's SSH username admin at I think that's my I think that's the uh that's the IP address right 99.00 99.00 what's going on what am I doing wrong I like to do this all live because then you guys can see that I am human let's see something really quick I don't think I have putty on here but I want to download putty just because it's way easier and let's go ahead and just download the 64bit shouldn't take shouldn't take very long let's just open this file yes next all right so I didn't want to open that up it's all good so now I have putty install let's let's try putty out and then SSH to2 168 that 99.00 SSH okay accept log in admin there we go so I don't know if I can make this bigger can I make this bigger uh change settings appearance change the font maybe to like 22 apply there we go all right so now we have SSH access right so now we can manage this through SSH and we can say okay we want a shell we can type eight and now we can do LS we can see everything inside of our firewall right and then obviously we can just do uh how do we get out of this thing uh exit yeah just type in exit so there you go so this is how you set it up initially right so let's let's go back here and go over what the what the dashboard is you know is giving us so obviously the name of the firewall is the name of the firewall obviously the user is infos Pat that's who I'm logged in as and it's on VMware Workstation it's a virtual machine NE gear because NE gear is the company we have the latest release 72 uh 722 or 272 I'm hungry all right so everything else here DNS you know we can take out this DNS server we can put something else but that's just a loop back we can get out to the internet through Google and just the usage of you know the load the CPU memory swap file that's the first row second row is the dis we have you know 50 gigs or whatever we assigned it we can see that it's only used two gigs we installed a few different few different packages we can see the status of of each service and then the gateways we only have one Gateway right which is 192.168 200 I mean 100.2 and you can see that here the interfaces we only have our Lan and our W because it's a virtual machine we can add more uh we can add more Nicks but I'm not going to do that in this video you can Tinker with that and the F will logs right so that's pretty much it and then you can go to rules we can mess around with land rules and all that stuff what else is cool to do here you can see the uh interfaces like I think I showed you guys before interface groups Wireless vlans all this good stuff and let's see the status we can see DHCP let's go to interfaces we can see you know release when if you want to check out that and let's go ahead and go to DHCP leases and let's go ahead and show all leases it should have been this machine should have got a lease let's see uh enable all right so yeah this is this is the pool one this is what we what we gave what is my IP address for my local machine whoops ip config all right so I'm at 120 uh 218 let me see something 218 oh no I'm actually on the one it's 128 so this is the range I wonder I guess I'm just pulling DHCP from from my from my my VMware but that's not a problem who cares right now I'm not going to worry about that but at this point you guys should know how to set it up and you know there's so much more to pfSense there's so many more services or packages or different things what we could probably do is maybe set up an IP SEC tunnel and we can do like u l l2tp tunnels and we can do use openvpn I'll probably do an openvpn video I actually have openvpn on here so when I do my little ctfe nerdy things people can VPN into that and I also have a ubiquity but that's more for my production stuff how I can get into my prod stuff and then I have an extra network over there that this thing sits behind but yes hopefully this is this is all good information and yeah if you guys have any questions at all please leave it in the comments below hopefully you guys find this informative I really enjoyed doing this video I put a little you know tweet and I did a little Instagram post and you guys wanted to see me set this up and I figured I'd just do a video setting this up and then whatever you guys want to see next put it in the comments below let's hear what you guys want to see and I'll tinker and I'll go off of that so thank you so much for viewing and until next time have a beautiful day

Info

Channel: InfoSec Pat

Views: 3,493

Rating: undefined out of 5

Keywords: pentester, virtualbox, linux, Kali Linux, exploit, how to, kali, wifi, pentesting, how to hack, domain, how to install, PenTester, IT Certifications, Cyber Security, how to setup a infosec lab, how to setup a cyber security lab, how to setup a home lab, how to setup a pentest lab, how to setup a pentesting lab, OSCP, pentest, kali linux, pfsense setup, pfsense firewall, pfsense install, opensource firewall, infosec pat, pfsense setup and initial configuration, pfsense setup home network

Id: Ayr_av2EX_U

Channel Id: undefined

Length: 32min 2sec (1922 seconds)

Published: Tue Feb 20 2024