pfSense Basics - Part 2 - First Steps After Installation

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
sarcasm and you would prompt top solutions again and today we're going to be going over the first steps after PSF installation that we covered in the previous video so usually the first items that I do we're going to go go down go down the list and just kind of run you through all of them and so as you remember from the last video where our router is 192.168.1.1 is calm the next item here is going to be what a what version you're running in PSN's in this case we install 2.3 to release version going to show this not they available in this case so there is an update available so we're applying that here shortly give you some information about the hardware that is running on in this case it shows as a Intel Xeon 2.88 CPU it's actually run on a virtual machine in my case it will actually show you your uptime how long the system has been up and running since the last last reboot or shutdown and restart you'll have your current date and time your DNS servers last time the configuration was changed and just a lot of other useful information here so using my first step whenever I install one of these is going to be to go ahead and update the system to the latest stable version there's actually two different version tracks and to do that my default it comes with with the updater set to only install the stable version so we're going to click right here on this little clown icon showing next to the notification telling us that it updates available so as soon as you click that you have this little gear icon turning here and it's going to show you the current base system which is 2.3 dot 2 and it's shown on the version of the available update in this case 2.3.3 underscore 1 just real briefly touch over here on the update settings and as I said there actually is two different branches you've got your stable branch which is what I would recommend to run in any production environment however if you are a glutton for punishment and don't mind some bugs and I just look at the play around the development snapshots come out on a pretty regular basis almost nightly and that's going to have any new features any bug fixes it may also introduce some other bugs hence why I don't recommend running that on a production system but if you do want to play around and kind of get a preview of the any upcoming changes Bini change to the experimental version in this case we're not going to do that so back to our update over here and as soon as you're ready to to do the update hopefully made a back up of the configuration as I show the tail into the previous video we'll provide a link up to the previous video so you will confirm and what it's going to do is it's actually going to show you the progress of the update here and depending on the speed of your hardware this can take anywhere from just a minute or so to as much as I seem take 20-30 minutes before on little embedded platforms that don't have much processing power it's also dependent on the speed of your internet connection so really at this point there's nothing to do but wait ok and we're done with the update process the firewall you can see it's going to reboot and you get a little countdown timer here showing typically about how long it takes to reboots usually anywhere from a minute to two or three minutes so that's it that all-timer there's not always going to be accurate such as the VM I suspect it will be pretty quick though okay guys the router is successfully rebooted so you have to log back in to of course and [Music] so back to the dashboard one of the first things that I typically do after updating as you can see successfully updated here check the version make sure that the update actually applies and in this case it did 2.3.3 ash release sp1 so and as you see here actually tells you the system is on the latest version and so just one by one when I go down the list of the first steps I usually take when installing these and first places we go is going to be here of your system advanced and I'll make sure that I'll set to HTTPS and I will typically move the system off of standard port 443 a reason being is if somebody is going to attempt to hack the thing I don't want to make it easy for them so I give up I'm going to at least not leave on the default port not to mention if you need to put forward port 443 through the firewall to a perhaps a secure web server on the inside of the firewall I don't like leaving it on the default port so in this case for a change this to 480 443 and click Save on that and pfSense is automatically after 20 seconds going to redirect this to same IP address just on the new port ok now that the other three directors we're back at the same system advanced admin access tab the next spot and I only enable this if it's actually required and in 99.9% of itself you don't need to do this most of everything you would need to change to be done through the web interface but if for some reason you do need SSH access into the firewall if you scroll down scroll down to this section right here so secure shell you go ahead and enable secure shell there and again I would set this not on the standard port of 22 that it shows and put it on a non default port go ahead and save that and something you will notice after saving the change for secure shell is up here the next time that we reload that it can actually be a little notification icon and what it's doing is it's creating for the first time you can enable secure shell essentially creating the SSH keys that are used for that so it's not it way they've set up that that I kind of looks like an alarm like something really bad has happened but we'll touch on right here in just a second okay so the next change that I'll typically do is over here on your services you put down and go to the DHCP server I'm going to go down and look at the DHCP range there was seven we first go into the install wizard and make sure that this range here let's say that I've got static devices starting at 241 on up all the way to 54 I don't want this range conflict' and you know accidentally or inadvertently give out an IP address that I've assigned to a device statically I will modify the DHCP range to make sure that I've excluded IP addresses of anything that I'm going to assign a static IP address to like in this case for instance let's say that we have a free PBX box on its network and we're going to assign that to 192 168 dot 1 or 2 dot 240 well in that case we're going to change this range to end at dot 239 so it will only give out dhcp addresses between 192 168 while to 10 and 192 168 1 to 39 in this case if we want to actually utilize anything above that you do have the option here to add pool so let's say you've only got static devices between 240 and 249 and you want to use 250 251 252 253 254 you can actually add a pool for just that range above your static range right here your servers will see that you have a domain where you're acting as a DHCP server but you've got a Windows Active Directory domain you can actually put in your alternate Lin server and be a server here a lot of actors of Active Directory setups require that the Windows client machines use the Windows domain controller as a DNF server so this would give you the capability of doing that normally as you leave these blank the DHCP server on pfSense is going to hand out the DNS server address of the PSF box itself and see here and one other item look that I will usually touch on on setting these up I set up a lot of free PBX boxes in conjunction with PSN so the TFTP option down here if you put in the IP address if you'll recall we said 240 was going to be our free TV xbox put in the IP address of the PSN spot or pardon may be free PBX box under TFTP server down here then what that's going to do is anytime you plug in a phone on that network it's pulling DHCP from PSN's box if it supports option or DHCP options 66 that the DHCP server on PSS is going to tell that phone this is where you go get your configuration from Fuji BX if you don't if you're not using a free PBX box or have no need for that you can safely leave it blank okay so when we're ready to save those changes that we just made we'll click the Save button and that's something while that's saving just briefly touch on is some changes in pfsense act in a similar fashion as like those of you that have watched the Christmas video series on freaky BX by installation and configuration if you make a change in freaky BX for instance there's going to be a little button up in the upper right where red button that says apply config and the case of free PBX you can go in and make you know 50 different changes and none of them are going to go a lot until you click that apply button on the cases pfsense it's it's now 50 50 what the DHCP server here for instance as soon as you click that Save button that change goes live the HTTP server whereas for instance if you're if you're creating firewall rules whenever you create those you can create you know 10 20 different firewall rules and each time you save one it's just going to show up at the top of the firewall page and apply settings but applying config button so in the cases some areas and pfSense you actually do have to apply the settings in other areas such as the DHCP server you don't it just goes live immediately so the next area I do is I will go over here to status under dashboard and I like to go ahead and customize the dashboard to show the information that I want and to do that you get this little plus right up here these are all the different little widgets that you can put on the dashboard and a lot of times the first one that I'll put on there is this picture and I will drag it to the upper left and so what this picture will do so work on a lot of these I like to actually upload an image into this picture widget that that tells me what system I'm working on a lot of times I'll put the company logo of that company in in this picture widget I'm going to click to save the changes that make so far ok so on this picture widget if you click the little wrench here you can actually browse select the file and upload it and like I said I recommend you know if you have a several different customers that have these put that customers company logo in this picture here and that way wherever you log in to the PSN router says the first place the EC is this dashboard you're going to see that picture there and automatically now ok this is you know Joe's a sandwich shop or whatever the case may be another another one of the widgets I like to add is right here the traffic graph and again it's just nice to be able to write on the main page as soon as I log in I've got a graph in real-time of the traffic that's flowing through the PSS box at that very moment you know scenario being a customer's call up before you know why is my internet running so slow I'll log into the router and I'll have this traffic graph up on the dashboard and I'll log in and the first thing that I see is I see you know the wind bandwidth pegged out at you know pulling a megabit down and obviously you know you've got somebody or actually you've got a bunch of somebody's streaming movies or music or whatever the case may be and there actually is a way to I'll probably cover that in a more advanced video later on there's a way to drill down and figure out what machines on the network are eating that bandwidth up but it's nice just to have this run on the dashboards where when you log in right away you can see how much mantle is being pushed through the router and if that customer calls up saying hey my Internet's really slow can you take a look at it you log in first thing you see is that you can say well duh you know you're met your bandwidth is being maxed out by something on your network right on to that you know that there's there's an issue able to drill down further into C and another common thing of the other first things that I do is any devices a couple examples being like it says let's say that they have a customer has a web server or you're running a web server behind the firewall or a TV arm that allows you to view your cameras remotely in order to accomplish that with pfsense in place you're going to have to forward support through to those devices in the case of free PBX for instance let's say the you have phones that are remotely connecting sitcoms that are remotely connecting you're going to have to actually set up port forwards for purpose if for 50 60 and also for the RTP audio ports so we'll use we use our fictional PBX as an example so let's say that we need to forward through 5060 and then the port range UDP sorry UDP 5060 in the port range UDP 10,000 to 20,000 to do that you're going to come over here to the firewall tab and select NAT and then right here if you click on the Add button what that's going to do is it's going to pop up our app port forward redirect entry as they call it here so the interface that you're your most electives whatever interface is your way in interface which by default PSN is just calls when appropriate enough and cases sip we're going to do UDP you can get and actually in the case of the PBX I do recommend this you can get a little bit more advanced we won't cover it in this example here you can select this source the show advanced and you can actually specify let's say you've only got one remote worker or PBX only needs to talk to just the SIP provider outside of your network you can come in here and actually say single host and put in the IP address that's allowed to use this port forward rule in this case we're not going to do that so we're going to go hide the advanced and so destination on port forward is typically just going to be the LAN address or the LAN side interfaces address on the PSN spot and since we are doing sips it's got a selection here where you can select through a whole bunch of standard ports and as you'll see if we select v it will grade these areas out but just to show you if you select other and sip is UDT 5060 so I put our port number that we want to push through and it's just a single port you just make the second port over here the exact same now our PBX we said or our fictional TV entry says that one nine two one six eight dot 100 to 240 so you're going to want to put in here the IP address on the local land of whatever device you're wanting to push this port from the outside through to on the internal land and this case like I said is going to our PBX our port down here again you can select it at the standard port select the protocol that it is we're not going to do that because I'm going to show you something so redirect just 5060 on the internal land if for some reason you need to change what port it it's the local machine on you can put that port here so let's Sammy outside you know the device is going to connect to you on fifty sixty but internally your port forward to fifty sixty two so it's going to hit the internal machine on port 5060 two even though the device outside of your network connected to the port 5060 in most cases you won't need to use that so we're not going to do that in this case for the useful description here remote zip to PDX that not parsed so that's just for your reference and that asked for fifty sixty put through for us and I just said earlier here's your apply config so if you want to do a whole bunch of poor forwards and don't want to be alive go ahead and come back here we're going to go ahead and add the other range that I mentioned so again interface is going to be ran for RTP audio it's going to be protocols EDP destination can be are an address and now for a port range the custom fields up to the left it can be the starting point of the range in this case we're going to start at ten thousand and then our endings port on the range 20,000 so in this particular case the port value on the left hand side of the beginning of the range and the port value on the right hand side is the end of the ranch so this is going to forward any port you know ten thousand ten thousand one two thousand two all the way up to port 20 thousand two the IP address that we're going to specify here which again is going to be our fictional PBX one not two once you say why to 240 and so here's where it's a little interesting so you'll notice that the redirect target port only has one field while we specified a range up here and so it's kind of counterintuitive but what you what you do down here is you always put the if you're forwarding a range you just put the beginning of the range so in this case it's going to be 10,000 and the firewall will actually automatically know to redirect anything between 10,000 and 20,000 it knows that this is going to be a range on the internal end as well so we're going to label this one RTP audio to from remote phones to PBX click Save and now we are ready to apply our changes and anytime that you're the apply change is going to pop up with this little monitor and what that's going to allow you to do is it will actually give you the reload status as there's an error a problem reloading if there's error in your rules you'll actually be able to see it here now unfortunately it doesn't it doesn't necessarily spot human error but if there's a for some reason or rule can't be applied you'll actually get an error message here okay and lastly for the purposes of this video something else that I do quite frequently is if you know if I'm installing this at a customer site and they're going to be asking me to remotely maintain this box or this router I will actually set up rules under firewall rules to allow admin access on the LAN interface and you'll notice in here that we've got some rules associated with our NAT or our pork forwards in here so we're just going to leave those alone what I'm going to do is to allow remote web access I typically don't allow SSH I will come in here and create a rule for that if I need it and then remove the rule when I'm not using it but for web interface for instance let's under firewall rules or and we're going to enable remote administration so action is for anything that we want to allows always going to be pass the interface that this traffic again command on one since we're going to be remotely maintaining it it's going to be the LAN interface of the public facing interface and then to the ipv4 and web traffic is TCP so we're going to say TCP for the protocol now again you can get a bit fancier let's say if you're only going to be remotely administering this box from a specific IP address and nowhere else you can actually display the advanced and source such a single host or alias put in the IP address that you're going to be reliably maintaining it from and it will only allow that IP to connect to this port in this case we're going to keep it simple we're not going to do that a destination so this nation is going to be our laner dress we're actually connecting to the firewall itself and our destination port range since we change this to a custom port it says the normal 443 for HTTPS we change it to 8 443 so this is where you actually put in that custom port that we set up video 2 8 4 4 3 I'm not doing a range so just like over on that port forward we're just going to put same chord in both ends of it and I like to especially on a remote administration I like to enable log so that means that anybody that attends to remotely access the web interface is going to log any activity on this on this rule and again a useful description to me just says basically what the rule is supposed to do it's allowing us to access the web interface click Save on that and then apply changes and so now you will be able to connect to the to this web administration interface from the public facing side of the box allowing you to remotely make changes this will be the same username password you set up in the previous video the just admin plus whatever password you set up and I believe that about does it for the immediately after installation changes that online neck I hope you enjoyed this video if you like this video please give me a thumbs up and if you want to see more videos like this don't forget to put subscribe until next time have a good [Music] you
Info
Channel: Crosstalk Solutions
Views: 60,517
Rating: undefined out of 5
Keywords: pfsense, pfsense setup, pfsense installation, how to set up pfsense, how to setup pfsense, how to install pfsense, how to configure pfsense, pfsense basics
Id: qt4jR_P69_A
Channel Id: undefined
Length: 27min 11sec (1631 seconds)
Published: Fri Mar 24 2017
Related Videos
pfSense Basics - Part 3 - Private Internet Access VPN Setup
Crosstalk Solutions
39K
pfSense Basics - Part 1 - Installation
Crosstalk Solutions
146K
How To Setup VLANS With pfsense & UniFI. Also how to build for firewall rules for VLANS in pfsense
Lawrence Systems
336K
Scammer Update - What to do When You Get Scammed!
Crosstalk Solutions
15K
UniFi Alternatives?
Lawrence Systems
90K
Nice Rack!
Crosstalk Solutions
23K
The Value of Ubiquiti
Crosstalk Solutions
84K
Netgate SG-2100 pfsense Firewall Hardware Review
Lawrence Systems
106K
✅ pfsense - turn those extra router ports into switch!
Nick's Hardware
23K
Tutorial, Setting up Snort On pfsense 2.4 With OpenappID
Lawrence Systems
124K
pfSense Firewall - pfSense Administration Full Course
Knowledge Power
30K
2018 Getting started with pfsense 2.4 from install to secure! including multiple separate networks
Lawrence Systems
491K
Is pfSense always this complicated? My Journey...
Byte My Bits
22K
Secure IoT Network Configuration
Crosstalk Solutions
319K
pfSense Transparent Squid Proxy, SSL Man In The Middle, Clam AntiVirus, and Windows Updates
Rocket City Tech
31K
Suricata Network IDS/IPS Installation, Setup, and How To Tune The Rules & Alerts on pfSense 2020
Lawrence Systems
82K
Tutorial: pfsense LAGG & LACP & Setup
Lawrence Systems
32K
Testing pfSense High Availability with PingPlotter
Rocket City Tech
489
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.