pfSense Basics - Part 1 - Installation

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome to crosstalk religion my name is Chris in this video we're going to be doing something a little bit different we're going to be talking about how to install pfSense from scratch now I don't know how to install pfSense I've never done it I've never experimented with it it seems like a really cool product and of course I'm a big fan of open source and pfSense seems solid it's been around for a long time and I'm very interested in the product I'd like to get into it someday but I personally have not gone through that learning curve yet so one of cross talks free PBX experts andrew is also an expert in PF sense and he was nice enough to put together a video which will hopefully be the first and a series of videos on PF sense to help you understand how to install and work with that product so this is Andrews first time creating content for the channel so everyone please be nice give them a big warm welcome to the crosstalk Solutions Channel and without further ado I'm going to pass it off to Andrew to talk about how to install pfSense take it away what's up guys Andy with crosstalk solutions and today I'm going to be going over the installation of the pfSense open source firewall so I guess first off what is PF sense well pfsense is an open source firewall distribution that'll basically enables you to take any PC hardware even just a old PC sitting in your closet an old Pentium based computer and turn it into a extremely powerful router and firewall some of the advantages of running an open source firewall such as pfsense are just a plethora of features that come with PF sense that you wouldn't otherwise have on your standard off-the-shelf consumer grade router / firewall some of these include expandability as I said P essence has an extremely wide array of features that come with it and chances are if it does not have a feature out of the box that you would that you're looking for in a router somebody's probably made a package that you're that you can install right there from the web GUI within pfSense itself as I say there's an app for that some of the other advantages are hardware versatility I've seen pfSense installed on everything from rack mounts server grade Hardware all the way down to there are some special made embedded devices real small form-factor low power consumption devices designed for placing you know the source router / firewall distributions on them another reason you might want to run pfSense versus your standard routers you have a lot more granular control over your network be it bandwidth restrictions or bandwidth control / traffic shaping quality of service for VoIP applications or gaming you've also got certain things such as content filtering you can even block entire domain from being reached off of your network and best of all it's open source so did I mention that it's free so what all you need to create or install pfSense for the purposes of this video you would need a just a standard PC anything with about 512 Meg of RAM or more opinion or better CPU and yes I did say Pentium it doesn't really take a whole lot of hardware horsepower to run one of these and a 8 gig eight-year of hard drive space now for your firewall I mean the solid state drives nowadays have gotten so inexpensive I would recommend just getting yourself an 8 or 16 gig solid-state drive to run this on let's see and most importantly you need at least two network interfaces on the machine one for the LAN side of the public facing side of your firewall and then the second one for the land or the internal network which is any of your machines your PC's your your Xbox whatever the case may be inside your home or small office so what we're going to cover in this video is like I said the installation on just standard PC hardware using a ISO CD image so without further ado let's get right to it so we are going to go to the pfsense website which is just quite simply WTF SMC org and once there we're going to go straight to the download tab right over here and for the hardware or in this case the virtual machine that I'm planning to install this on for our demo most machines nowadays are only 64 bit or better you're going to want the file type install architecture in my case is going to be AMD 64-bit if you do have a machine that's only 32-bit they do offer a 32-bit variant as well and then platform for standard PC hardware we're just going to use the CD image right there and then of course here you can select the locations closest to you in my case Austin is closest to me since I'm in Fort Worth and then you would just simply click the download button and away we go I've already downloaded it so I'm not going to actually click to download in this case and so let's go straight to actually your first boot so you'll burn that CD you'll put a CD drive on the machine they've chosen to be your hardware your hardware firewall and boot the Machine up and one of the first things you should see is this screen right here will let it go ahead and count down or you can hit enter if you want to speed the process up a bit it's going to run through a whole bunch of gobbledygook like this and what we're actually looking for is it's going to prompt us if we want to enter the installer or not and you'll press I on the keyboard to enter into the installer there we go you got to be quick about it you've got only 10 seconds to do it ok in the first screen it's going to bring us up to it is going to be this configure console this gives you a chance to if you're perhaps in another country running this on a keyboard from another country that a different keyboard layout you can change that change your video font here etc etc for our purposes we don't need to do any of that so I'm just going to arrow down to accept these settings and hit enter and and 99.9% of the installs that I've done the quick easy install will pretty much handle everything we need so I'm just going to select quick easy install and hit enter and it's going to warn us here that it's going to erase all contents on the first hard disk this action is irreversible do you really want to continue in this case yes we do so we're going to hit OK and this install can take depending on the speed of your hardware I've seen it take in as little as a minute to as much as 20 or 30 minutes on slower machines especially some of the small embedded platforms I've seen it take a minute in this particular case it was pretty quick so this embedded kernel no VGA console or keyboard is that would be used on those embedded devices that I was referring to in this particular case we're going to go with the standard kernel which is the default choice since we do have keyboard monitor hooked up to this okay so at this point it's going to ask you to reboot you'll remove the CD from the drive and until you want to reboot since this is a virtual machine it does not have a physical drive so I'm gonna have to power this off for just a moment and go over here and virtually remove the disk for the driver it's just going to read it right back up into the installer and we don't want that there we go got the disk removed and now time to boot it back up and so if your install successfully completed you should see this screen here just sit back and wait this looks almost identical to the boot screen for the CD the only difference is you'll notice that we do not get prompted to run the installer since this is actually running off of the drive in your machine so someone noticed on my virtual machine here is that it automatically detected the LAN interface that is not always the case sometimes it does not automatically detect your network cards so I'm actually going to force it to go through the assign interfaces process so that you can see that so in those instances where it does not detect the card it's going to come up on the first boot and it's going to have this prompting you here should be LANs be set up now yes no in this particular case we're not going to mess with VLANs today so we're going to say no and a trick that that you can use to identify which network card it sees as what is during your doing this auto detection phase I can't do it on my virtual machine but if it was a physical piece of hardware you can unplug both network cards from any other devices so there's no link present and then you can hit this a for auto detect and whatever you do unplug or replug those devices it's actually going to pop up on the screen link detected on and as you see there we've got m0 em1 to different mix the PF sense the text here in this particular case I know that a m0 is the LAN and then I know that a m1 is my land and I don't have any other interfaces so I'm just going to hit enter for that prompt do we want to proceed yes sometimes it takes it a moment to configure everything so this relation already there we go it auto-detected the LAN all right in at this point you should be able to go ahead and plug in the computer on the LAN side the what your network card you've determined to be your land side of the firewall and let me make sure that I've pulled an IP address in this case I have a stale one so I'm going to renew and make sure I have one on the correct subnet for our new firewall there we go if you're not using a virtual machine like I am for this demo you can do that simply just by unplugging the network card from your network cable from your machine wait about 30 seconds and plug it back in so once you're connected to the landside the first place the default address for PS sense you go and put 1 9 2 1 6 8 1.1 into the address bar of your browser it's chances are because it uses a self-signed certificate it's going to give you an error your connection is not secure don't worry about that do whatever you have to do just to get past that in Firefox which case you click advanced add exception confirm the security exception and there we go there's our web interface for our new pfSense router so default password is admin and then all lowercase pfSense as you can see it's going to try to walk me through a wizard if you've got a little experience with these and you know what you're doing you can just click on the PSF logo up here and that will actually bypass this lizard but in this particular case we're going to go ahead and use the wizard so click Next they're trying to sell you some of the PSF gold some pay service we can skip that in this particular instance host name we're just going to leave this as PS actually I'm going to call this TF since demo and the domain name if you run this in a small office and you do have a domain in your office you can put that domain name here for the purpose of this video we're going to call it crosstalk solutions comm primary DNS server why don't we just use Google you can use whatever DNS servers you want in here already and times on them in Fort Worth Texas so I'm going to select America / Chicago since that's in the same time zone as me that way tsm's can automatically set its time if your isp uses dhcp you go ahead and leave that as dhcp come down here and click Next if you have a static IP I'm going to show you doing that the selected type you'll select static and normally this would be a public IP but since I'm setting this up in a test land this is going to be a actually going to be a private address but notice on a one that I can use to a four should be free this particular case my subnet mask is a Class C or slash 24 which can also be denoted with 255 255 dot 255 dot 0 again these details here you would get from your isp upstream gateway again obtained from your isp this particular case i'm going to use the router on the land and down here so basically block RFC 1918 private networks and the Bogue on networks that is any of the networks that are considered to be private IP space normally you would leave these checked but since I am actually using this the LAN side of this demo in private space I'm going to go ahead and uncheck those to make sure I don't have any issues with connectivity so we click Next and that should have that set and my personal preference on the LAN interface here just about every router out there 50 million different types of routers all use one 92168 1.1 as their address or in some cases 1 9 2 1 6 8 0.1 if you ever plan to use this with a VPN which I'll cover in another video and I would highly suggest changing this to something not standard so why don't we call it one nine two one six a 102 dot one so that we're not just using the default subnet that just about every other router on the planet has and then here you're going to want to put in twice your super-secret double-oh-seven style massively secure password in my case just one two three four five six seven eight nine ten yeah just something easy for you to remember and difficult for others to guess just to add a note the admin password that you set here in the web interface on pfSense actually does double as the root password on the console of PSN sir if you enable SSH access into pfSense unlike a free PBX for instance where those are different in this case it is the same password so that has got everything pretty much set since I did change the subnet I'm going to have to release and renew my IP again again if you're using a physical machining is unplug the network cable from the network card for about 30 seconds plug it back in and that will accomplish the same thing that I'm having to do through software here actually I did not I jumped ahead of myself I need to click reload so it'll actually apply those settings before before releasing and renewing my IP so I'm gonna have to do that again we're going to finally get an IP and so let's test internet access off of this keep in mind we just change the eyepiece where you need to put in the new IP for the pfSense box up here in the address bar in this case 192 168 1 Oh 2.1 we're going to confirm our security exception again and there we go this is going to be admin and your super-secret double-oh-seven style password there and there we go on our dashboard we've got our hostname pfSense demo crosstalk solution is comm our version number looks like there is an update available just a side note before you ever pull these updates I would recommend doing a backup of your configuration which you can find right here under Diagnostics come down to backup and restore and right there backup area all just click this button right here download configuration as XML and we're going to save the file and there you go now you've got a backup of your current configuration before you pull any upgrades alrighty we're going to go back to our dashboard and I believe that pretty much will sum this up we're going to go and test for internet access right click and there you you've got a up running perfectly functional open-source firewall if you liked this video don't hesitate to give me a thumbs up and if you want to see more like it don't forget to click subscribe thanks and y'all have a great day [Music]

Info

Channel: Crosstalk Solutions

Views: 146,359

Rating: undefined out of 5

Keywords: pfsense, pfsense install, pfsense installation, pfsense setup, install pfsense, pfsense hardware, pfsense download, pfsense 2.3, pfsense hyper v, pfsense router, pfsense firewall

Id: DthbnPLBbRA

Channel Id: undefined

Length: 20min 32sec (1232 seconds)

Published: Thu Mar 16 2017