Install pfSense on VMware ESXI 7 (Standalone ESXI)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everyone thank you so much for being here thank you so much for watching today's video is a video that i've decided to do after getting a lot of requests and questions from you guys so i decided to create a video about installing pf sense which i love in the door on vmware esxi version 7 and unlike a previous video i did on this topic we are going to focus today on a standalone esxi server and not from center so we are going to install pfsense we are going to see as an extra or as a bonus how to properly configure vlans if you are interested in using them we are going to see some basic firewall configurations and the creation of rules and we are going to jump right in and start configuring stuff join me all right guys so we are at the computer and we are getting ready to start our installation there are a few prerequisites that i would like you to review and make sure you have configured on your site the first one is an es6i server already installed we are not going to do an esxi installation in this video you need to have an already prepared esxi server installed on a computer and you also want to make sure that you have at least two network interfaces on your esxi server one will be connected eventually directly to your isp modem and the second one will be connected to your network switch and from there to the other computers on your network one more thing that you need to prepare is your computer that you're working on you need to set it with a static ip address on the same subnet so that you will be able to access the esxi web interface and the last thing as a prerequisite you need to go to pfsense website download the pf sense iso unzip it and upload it to the esxi data store i'm going to review some of these prerequisites together with you the first thing that i want to er to show you that my computer currently i have no internet as can be indicated right here that's because i have a cable connected from my computer directly to my esxi server my s6i server has an aesthetic ip address of 182 168.1.4 and i've also set my computer with a static ip address from the same subnet 182.168.1 all right the same subnet mask the same gateway all the gateway and dns for now are not really that important that's the first thing that i need to do in order to make myself able to get into the es6i web interface before we get started a quick illustration i know this is a very dumb and basic illustration so what we are going to do we are going to install a 6i server that's already installed a pf sense virtual machine and two network interfaces one will be connected with the isp modem and the other eventually will be connected to a switch although right now it's connected directly to my or your computer all right that's the that's the situation that we need to to get to and we launch we will launch a web browser and i'm going to type the ip address of my esxi server as you will see this is a pretty vanilla esxi server installation i've done nothing with it other than get the iso from pfsense and upload it to my a data store which is done right here on the storage tab this is my datastore i'm going to click browse datastore i've created an iso folder and uploaded a a few isos one is for pfsense and the other for an elementary os installed just as a test device nothing more than that i haven't configured anything and this is the place that we will need to start configuring before we create the virtual machine all right so as we said we have two at least two network interfaces one we will dedicate to our isp and one we will dedicated we will dedicate to our local network and vlans if we are interested in using them so we'll start configuring them on the es6i side we'll go to networking as you can see we already have one default virtual switch that's we will a we will regard that as the internal network all right so let's create a new a virtual switch we will call it isp we will give it a an available physical network interface for me zero is already connected to my computer and to the existing virtual switch so i'll take one virtual nic and assign it to the new virtual switch click on add all right now we need to go into port groups vm network and management networks are just default in port groups that are that are created by default from the esxi installation we will use vm network we will use vm network and virtual management network i'm sorry we will not use them we will create our own let's create port groups the first one we'll call len and this will not have a any in villain id we'll assign it to virtual switch 0 we will create a a power group named all this will be actually our trunk port this will be a the the the internal leg of the pf sense virtual machine and in order to make it a trunk port in esxi we'll need to give it a villain id of 4095 this will make it in all networks a trunk port and we will also create port groups for our a dedicated or a future vlans for example we will create uh i don't know a server vlan with vlan id then that's villain tag and let's also create a client villain or villain i villenteg 11 and these are all port groups that we've created on virtual switch zero this means our internal network and now we need to create one last port group that we will call isp no vlan id unless your mileage is varies i'm going to assign it to the virtual switch called isp that we've created earlier and click on add all right so at this point logically we are ready to install pfsense and also utilize a vlans when we when we already have the pf sense in firewall installed so this is exactly where we'll go right now in order to install the virtual machine we'll go to the virtual machines tab right here create a new vm click on next let's call it pfsense i'm going to assign it a guest family of other and freebsd 12 64 bit the the pfsense version that we're installing is 2.5.1 which has a underlying freebsd version 12. i've checked that in pfsense documentation this is the correct os guest os version click on next we will assign it to the only data store that we have and now let's give it at least 2 gigabytes of memory i'm going to give it 16 gigabytes hard drive thing provisioned i am going planning to install some add-ons but not so much so i do give it some more a hard drive space but not all that much now network adapter one is connected to our all network and we'll need to add another network adapter that will be connected eventually to the directly to the isp modem so we'll click isp just make sure they are both vmx net 3 vmx net 3 and along the way we'll need to go back and verify their mac addresses in order to verify that we are assigning npfsense the correct network port to the correct network npf sense let's click on next oh sorry we need to attach the iso of pfsense in order to install it and make sure that the connect is ticked right here otherwise it will just disregard the iso click on next and finish and at last we have the pf sense virtual machine ready to be installed let's click on power on now just as a sanity check i have my computer directly connected with a cable to my esxi server right now my isp modem is not connected at all to the esxi server i am going to connect it once i get everything correctly configured so right now i have a virtual machine with two virtual network interfaces but only one is actually connected all right click on accept install click on enter i'm going to stick with auto in ufs all right so this is the first time that pfsense has been booted up and is ready to be configured as you can see we have our uh network interfaces and mac addresses shown and it's asking us should we configure vlans now i'm going to click on no i'm going to configure valence later and now it's asking me which of your network interfaces is dedicated as when which will be connected to your isp so i am going to click on right click on the virtual machine click on edit settings i'm going to select the virtual interface that's connected to the isp virtual switch and check its mac address i can see that it ends with 6e66 that's the a network interface that's connected to my isp so pf sense is asking me do you want to connect to a to a sign in the one interface to vmx0 vmx1 vmx0 is a in 6e5c no vmx1 is 6e6 that's exactly the interface that we want to assign to our isp let's say vmx1 we've verified that a mac address is the one that's connected to my isp virtual switch vmx1 that's great and which will be our lan let's click on vmx0 let's click on yes all right so pf sense is booted up and since i don't have my isp already connected physically to my esxi server it did take two or three minutes because bfsense tried to configure the when interface it it couldn't because it doesn't have anything connected and it retried and retried don't give up if you're like me and don't connect the when at the beginning just let it work it's not stuck all right at this point what i like to do is from this option menu i click on the on option two set interface ip addresses i'm going to select len i want to to give my pf sense a static ip address and along the way to configure a basic dhcp a pull so i'm going to give it 192 168.1.1 i'm going to give it a 24 subnet mask click on enter click on enter do i want to set up a dhcp yes why not start address will be from 190 to 168.1.100 to 182.168.1.200. just as a starters let's click on yes all right so now actually we are ready to launch a new browser tab and go into our pfsense installation at this point what i am going to do is also connect my isp modem to my esxi server all right so my isp modem is connected to the network interface that i've that i've created a virtual switch for which if you recall call is called isp let's click on enter let's click on enter maybe it will already pick up a dhcp address from my isp if not maybe it will pick up later let's just verify that our pf sense installation is indeed intact and try to log in to the web interface indeed we see a pfsense login screen i if i'm not if i'm not mistaken the default username is admin and the password is pf sense that's right all right host name if you want to change it that's the that's the time i'm going to change a primary dns server to google's dns server and to a quad one override i do not want to override them with my isp dns servers click on next i actually for now skip in the time zone settings my when interface if you have a your one interface on pppoe or something that's the time to give it to a sec to select pppoe and give it a username and password mine is dhcp so i'm just going to browse down and click on next this is my lan ip address indeed admin password you should give your pf sense firewall a very complex password i'm going to give it a simple one just for this demonstration next and reload and now pfsense will do the final configurations and click on finish give it a minute or two accept the eula and we are ready to roll this is our pf sense firewall and as you can see and as you can see i've already gotten an ip address from my isp this means that our our vmware configuration is working the interfaces are set correctly both on vmware and both on pf sense so it's able to detect my a real isp connection and now just as a as a review we have an esxi server with a virtual machine that's virtually holds the network connections to my lan and to my when to my isp and it seems like everything is working next a subject we've created vlans if you recall right here we've created several vlans and now we want to reflect them on pfsense inside pfsense so we've taken care of the vmware portion let's start configuring vlan 10 and vlan 11 in pf sense so we'll go to interfaces assignments vlans all right click on add my primary interface is vmx 0 make sure it's not the when selected here it's the lan vlan tag 10 and click on save one more time lan valenteg 11 click on save go to interface assignments and we have our vlans ready to be assigned as you can see vlan 10 and vlan 11. let's click on 10 click on add i'm going to click save just so i will be able to make sure that my work is is saved click on add click on save right so our vlan 10 is actually our server network so let's go into vlan 10 on the link right here instead of opt-1 we will name it server network we'll give it a static ipv4 address which will be 192.168. 24 network and apply changes sorry i forgot to enable the interface so i'll select it right now and click on save going back to interfaces now opt to enable name it clients ipv4 configuration we'll give it an ip address of 192.168.11.1 on a 24 subnet mask network and click apply changes at this point we have our pf sense connected to the internet we won't get ping replies yet because i think we didn't configure the firewall but we have configured the when interface the lan interface and vlans so what we need to do right now in order to make it work again your mileage may vary just for this demonstration i would like dhcp server to be enabled on both in my vlan so let's go into services in dhcp server select the server tab which is the server vlan actually and enable dhcp sorry and give it a range from 180 to 168.10 100 to 182.168.10.200. you can specify dns servers if you'd like to gateway domain name there are a lot of dhcp options in pfsense this is not the topic of our video so we'll skip them let's go to clients enable 182.168.11.102 182.168.11.200 and save all right the the thing that i want to try now before i try anything else is launch a virtual machine that i've already pre-created and assign it to one of my new newly created vlans let's for example connect it to the clients vlan and what i want to do right now is to make sure that this virtual machine boots up gets an ip address in the 11 network in the in the 11 vlan i don't care if it has a internet connectivity right now because we haven't really touched firewall rules i just want to make sure that the assignments and the villain tagging indeed works let's open the console all right let's go into network network settings and as you can see indeed we are getting a an address from the 11 network that's great that means that everything that we have done up to this point is working as expected that's great now we've come to the last portion which is firewall rules let's go into firewall and rules and as you can see we already have some predefined rules we are not going to touch them we also have a predefined rule on the land tab i'm recommending not to use them and deleting them after creating a set of custom firewall rules below them but let's go to the server and client tab you can see that they are empty that means that virtual machines or machines that will physically be connected through a switch to these networks will not get internet connectivity and no connectivity at all to nowhere so what we want to do is to create firewall walls to create some connectivity between them and just for the demonstration right here i'm going to create an alias this is the way that i like to do stuff again this is not a production install so i am skipping over a few things let's call it rfc 1918 this will be networks all right now that we have the alias created i can now refer to it in a firewall rule for example let's go to rules let's go to clients and this and just as a sanity check if i'll open a terminal and try to ping 808.8 i'm i'm not getting a reply so i'm going to create a firewall rule and i'll click on add the action will be pass and not block the interface is clients let's stick with ipv4 protocol let's click on any source will be my clients net and the destination here's the here's the trick i'm going to select invert match i'm going to select an alias and select rfc 1918 what we've done by creating this rule we have allowed the clients network to go anywhere except internal networks and why i'm doing it because i want to create firewall rules that are customer dedicated to where i'm allowing this network to go internally for example if i would like to allow the client's network to access the server network i'm going to create a firewall rule just to to define permission but i'm not going to just create a rule and and select the client set and then to any that's that's that's really defeating the purpose of vf sense pfsense allows you to be fine-grained and in control of what goes where so this is how i configured in just as internet access i'm doing it with this alias and now let's see if this alias is working let's go back to our virtual machine ping 8.8.8 and indeed we get a reply that means that our firewall rule and if we refresh the page we can see right here the traffic is starting to go through this rule and now just as a as a demonstration if i want to also allow this client's villain access to the internet but also to my server network i will do it with a a dedicated firewall rule i will click on add below select the clients network source clientsnet destination servernet all right so this is how i would allow traffic both to the internet and both internally to my internal vlans i'm i'm really recommending not to use the any option at all all right so we've installed pfsense we've created vlans we've created the interfaces we've created dhcp firewall rules one thing before we forget we're talking about a pf sense that is a virtual machine and as a virtual machine almost like any other virtual machine on vmware we should install vmware tools or at least some solution for vmware tools and there's a package for that in pf sense if i'm not free if i'm not mistaken it's called open vm tools that's right right here i will install open vm tools just so the hosts the hosts sorry the host and client can communicate and get a and the host will be able to pull a data and telemetry data from the virtual machine and interact with it all right so open vm tools is installed this was a a quick at least a semi-quick overview of how to install pfsense on a virtual machine in vmware vs es6i sorry version 7 briefly configuring vlans configuring firewall rules and i hope this video was informative if you like this video give it a like subscribe to our channel and i'll see you all in the next video bye bye guys

Info

Channel: Tech Me Out

Views: 4,525

Rating: undefined out of 5

Keywords: Install pfsense on vmware esxi 7, install pfsense on vmware esxi 7, pfsense, pfsense setup, vmware, how to install pfsense, pfsense firewall, install pfsense, pfsense install, esxi, pfsense installation and configuration, home lab, pfsense vmware, pfsense tutorial, virtual machine, firewall, install pfsense on vmware esxi, homelab, networking, virtual firewall, virtual, lan, install pfsense on vmware, firewall pfsense, vsphere, vswitch, vmnic, pfsense router, esxi 7.0, vsphere 7.0

Id: SsaGeXx2qh0

Channel Id: undefined

Length: 27min 57sec (1677 seconds)

Published: Tue Jun 15 2021