How to Install pfSense - Start to Finish!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

we've mentioned a few times in other videos that we use pfsense as our firewall here at 2guystek it's the system that protects our virtual servers and pcs from the internet filters and blocks bad ip and dns addresses and acts as our vpn endpoint brandon thought it would be a great idea to walk you through setting it up start to finish let's get to it what is pfsense well pfsense is a high performance software firewall that's built on top of freebsd psense is made and maintained by the company netgate and as a product comes as either pure software or as a physical hardware appliance netgate also provides a community edition of pfns which is free to use all you need to do is bring your own hardware we'll be installing the community edition of pfsense in this video we started using pfsense here in the channel because it has all the features of an enterprise-grade firewall has a massive community behind it and has plug-ins and packages that extend its functionality beyond just being a firewall it's also open source which is something we're big supporters of this would be a good time to talk about network setup and how you'd connect and cable in pfsense into your home network pfsense will sit at the edge of your network between your internet service provider or isp and your home network its job is to protect the devices and systems behind it from outside access and attack while also managing outbound traffic from the clients behind it let's look at a network diagram to visualize this better at the top here we see the internet in all that's cloudy goodness and directly connected to it is our soon to be pf sense firewall think of the lines connecting between the pictures here as physical connections in the real world as in the ethernet cable coming from your cable modem or fiber ont connecting directly to your pf sense host on the other side of the pf sense host we have another connection that will run to a network switch that all of our devices connect to including wireless access points which are not shown here from the diagram you can see how things connect together and it's pretty simple okay let's get the requirements out of the way for pfsense to run pfsense you're going to need a minimum of a 500 megahertz 64-bit cpu and a minimum of 512 megabytes of ram that being said you need to make sure you choose hardware that will meet your requirements the pfsense.org website has a great breakdown of how much cpu power you will need depending on your expected throughput for example if you've got a one gigabit internet connection at home then you need to make sure your cpu has multiple cores and runs at at least two gigahertz you'll also need one gigabyte of storage to house the full install we'd also recommend that your host has at least two network interfaces one to connect to your isp and one to connect to your homeland requirements out of the way let's open up a browser and head to pfsense.org click on the download on the right select our architecture we'll choose am64 for 64-bit cpu select usb mem stick installer in the installer drop down select vga in the console dropdown and we'll leave the mirror location as new york usa if you live closer to frankfurt singapore or austin texas you can choose one of those mirrors for a faster download and now we'll click download save the file and expand it you'll need something to expand the gzip compress file like winrar if you're on windows now that we have the install image let's burn it to a usb stick for install we'll be using imaging tool called etcher which is a free iso and image to usb flashing tool we'll leave a link for it in the description below the flashing process is super quick and easy first things first we'll head to flash from file and select the expanded img file we downloaded and extracted now we'll select our target device select our 8 gigabyte usb stick and then we'll click flash you'll get a privilege escalation request to run the process so click ok and etcher will start flashing the usb stick it takes some time to complete so let it finish okay now that's done let's install this thing before we boot off our install usb stick we need to connect our pf sense hosts when uplink this is the connection that will serve as the internet connection side of things so either connect it to your isp's ethernet connection or whatever system you intend to use as your access to the internet now we'll boot off our freshly created usb stick and start the installation on our hardware we'll be installing pfsense on f12 brings up our boot menu which key you hit to get your bios boot menu up will likely be different but once you get your boot menu up select the install disk and boot from it just for a quick moment we'll see the pf sense installer boot menu you can hit enter or wait the three seconds for it to continue loading the installer okay the first screen we're greeted with is their copyright and distribution notice stuff in a nutshell it's telling you that pfsense is open source and distributed under the apache 2.0 license and you can't charge people for the use of it and don't pretend that's something that you made great we're not worried about any of this so hit enter to continue all right cool now we're actually starting the installation at the welcome screen here we have a few different options obviously install is what we're looking for here but if you want to get to the rescue shell or restore a configuration from a previous pfsense install you could do that here too but installation is our objective so we'll hit enter here on the keymap selection screen you can choose your keyboard language layout if you'd like or need to use the arrow keys to move around till you find your particular key map and use the spacebar to select it for us since we're in the us we'll leave it default and hit continue on to the partitioning screen we have a few options to choose from here depending on your hardware's configuration the first option auto zfs guides you through setting up the disk and partitioning using zfs as the file system format zfs is awesome and has tons of features that are useful for redundancy and fault tolerance if you have multiple disks which we don't the next two options auto ufs bios and auto ufs uefi pertain to how your computer's bios is configured to boot your host most modern hardware fully supports both boot methods with uefi being the modern standard compared to bios which is considered the legacy boot mode you need to choose the right option here depending on how your host's hardware is configured when in doubt reboot your host pop into your bios or system setup menu and have a look this host is configured to boot into legacy mode so we'll be choosing auto ufs bios the last options are manual giving you the ability to set up your partitions through the installer and shell which allows you to drop to a shell and issue partition commands directly if that's your thing anyway select the option you want to use and hit enter to continue we'll be asked if we want to use the entire disk or partition a chunk of space for pfsense this is going to be a dedicated pf sense box and only a pfsense box and the disk inside is just for that purpose so we'll be leaving it set to entire disk and hit enter obviously doing this will lead to the destruction of any data that is currently on the target disk so you'll get one last chance to back out hit enter to move on next we'll need to select our partition scheme for install the pf sense documentation recommends using gpt first and if your hardware has issues booting after installing try using mbr so we'll be following the recommendations and selecting gpt and hit enter to continue before the installation begins we get a quick look at the partitions that will be written to disk ada0 is our internal ssd that is the target for our install we can see all of the partitions and mount points that will be committed to disk as part of the installation below we can also see the partitions on the usb stick named da0 nothing will be applied to the usb stick so don't worry we'll hit finish to move on and we'll be asked one more time if we're really really really sure about committing these changes to disk let's hit enter and get this thing moving alright pfsense is installing as we speak this is a pretty quick installation depending on your target disk so let it finish one more thing before we reboot we're being asked if we want to drop to a shell to make any final manual modifications no we don't so we'll hit enter to continue congratulations your installation of pfsense is complete last thing to do is to hit reboot pull out our usb install disk and let the system boot normally let's do it first boot takes a bit as the os generates a few things moves stuff around and gets set up for its first time be patient and let it complete welcome to the console screen of pfsense this is all you'll ever see from the console side of pfsense with all of the actual configuration and work being done on the web ui you can make changes here like set up ipaddresses and interfaces reset to factory defaults reboot and of course drop to a shell what we're interested in seeing here are our ip addresses our host has two defined network interfaces on it one is set up to be the wan port or the internet facing side of the firewall and the other is the lan port being the interface that will serve and protect your home networking devices within by default pfsense will start a dhcp server running on the lan side of the host if you connect this interface to your existing network that already has a dhcp server running on it you're going to have a bad time pfsense attempts to detect which port should be used as your ram port on first boot so make sure to check and see if your wan ip address looks correct to you if not use option one to walk through assigning your adapters to different roles or swap your physical network connections on your host our next step is to connect the pc with the web browser to the lan connection on our new pf sensors and get on the web ui on your computer connected to the lan side of your new pf sense host open a browser and head over to https colon forward slash forward slash 192.168 the address we saw on the pf sends console you should be greeted with the pfsense web ui login the default credentials here are admin and the password is pfsense all lowercase once you've logged in you'll immediately be directed to the pfsense setup wizard this will help us get everything quickly configured and you on the internet in no time click next to continue netgate offers support for purchase for those looking for that added peace of mind if you're interested in learning more about this you can click the learn more button we'll click next alright on the general information page here you need to give your new firewall a hostname you can use any name you'd like or you can even leave the hostname default spfsense we'll be using the hostname the wall next step is to provide your internal domain name for your home network again this can be any name you want but it's best not to use a domain name that exists on the public internet so don't name your internal domain microsoft.com we'll be using 2guystek.home as our internal domain name below we can specify dns servers that we'd like our pfsense firewall to use for name resolution by default pfsense obtains dns server information from the dhcp lease received from your isp if you have a specific set of public or private dns servers you'd like to use to override the ones provided by your isp add them here we'll be leaving hours default and clicking next next step is to set up time service on our firewall we'll leave the default one here you can enter an alternative if you have a preferred one in the time zone drop down find your local time zone or leave it set to utc if you leave the setting on utc then you'll need to do some mental conversion of utc to your local time zone when trying to match timestamps to local time we'll be setting ours and moving on hit next to continue next step is to further set up your wan connection to the internet by default we're set to dhcp which typically works for most everything but you might have a more unique wan configuration required if you do you already likely know what the settings are that you need to provide here we're on dhcp so we'll scroll down and hit next next page allows you to change your lan ip address and range if the defaults aren't acceptable remember that a change here will disconnect you from the firewall once the changes have been made and you'll need to reconnect at that new address we're fine with the defaults here so we'll hit next now we need to change the default administrator password since it's not secure and everyone in the world knows it enter your new password for the admin account and click next next step is to reload pfsense with the new configurations we've made here again if you've changed your lan ip address you'll need to connect back at that new ip address now we'll wait for the reload to take effect and boom we're done congratulations on getting pfsense configured and ready as a basic firewall let's hit finish and do a quick walkthrough around the ui once again we're greeted with the same copyright and trademark notices page that we accepted during the install just click accept at the bottom and if you feel like taking the survey you can we'll hit close welcome to the dashboard of your pf sense host at the top of the screen you have a menu system where you can move through the different sections that are grouped based on the settings they contain under system you'll find settings directly related to the os and pf sense itself here you can check for updates install packages that will add functionality and features to your psense host and more under the interfaces section you can modify your existing interface connections as well as add more interfaces both physical and virtual as needed under the firewall section is where you'll create firewall rules make changes to your nat rules create port through rules and more under the services section you'll find additional services that are running on your pfsense host these include things like dhcp services ntp snmp dns forwarding services and more the vpn section is where you'd configure any vpn services for your pfsense box this includes functionality like being a vpn endpoint for clients or configuring site-to-site vpn by default pfsense includes ipsec l2tp and openvpn functionality out of the box with wireguard being installable via package using the package manager under the systems menu the status section provides you access to the status of various services running on pfsense under diagnostics you can find tools for troubleshooting like ping trace route packet capture current firewall states and more and that leaves us last with the help section which contains helpful links to community forums documentation paid support and more one last thing of note the dashboard is completely customizable using the available widgets to make it your own for example we can add a real-time graph of our network interfaces drag the widget around where we'd like them to be remove unwanted widgets and more just remember to click the save icon at the top when you're done to keep your dashboard there is so much more to pf sense than just a basic natting firewall we highly recommend looking through the available packages to install joining the community forums and looking at more videos online so you can learn how to extend the functionality even further tell us what you think of this video we would love to hear from you would you like to see more how to's let us know in those comments below if this is the first time we've seen us subscribe do it now we're on twitter and instagram so go follow us and be all social and finally we have a discord that we would love to have you join talk about the videos we make home lab and more it's a great community and we'd love to have you thank you for watching we will see you again soon [Music] you

Info

Channel: 2GuysTek

Views: 64,267

Rating: undefined out of 5

Keywords: pfSense, pfsense installation and configuration, pfsense firewall, pfsense setup, pfsense build, pfsense tutorial, Pfsense installation adn configuration, pfsense firewall setup, pfsense firewall training, pfsense firewall tutorial, pfsense firewall configuration step by step, pfsense firewall build, pfsense firewall installation step by step, pfsense firewall installing and configuring, Pfsense firewall installing adn configuring

Id: CmEYf1W3EqQ

Channel Id: undefined

Length: 14min 8sec (848 seconds)

Published: Wed Sep 08 2021