Virtualize pfsense on Proxmox

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in this video we'll be installing pfSense firewall as virtual machine in proxmox and set up a simple Network before we start here is a netgate documentation in virtualizing pfSense with proxmoxve this includes creating the network interfaces for L and W and it has recommendations for the specs of the VM check the link in the description first thing we need to do is to download the pfss community Edition will go for the latest stable version 2.7.2 select AMD 64bit for the architecture and choose the DVD image ISO installer select the closest region for the mirrored server and just click download I have downloaded the ISO file already and uploaded the file as well to the mounted USB flash drive named ISO files please check my previous video posted in the description to review the process of uploading an ISO file let us go ahead and proceed creating this VM by right clicking the node and select create VM under General tab we leave node and VM ID as it is and name this VM as PF sense nothing to select here in resource pool and we'll click next under OS tab select the pfSense ISO file Linux will be the guest OS type and select 6.x d2x kernel for the version under system tab will change only the graphic card to spice and leave other settings as it is then go to [Music] next under diss I'll select ver iio block for the BS SL device local lvm or local storage for the storage 32 gig for disk size right back for cash take disc card and the next under CPU I assign two cores and the type is host host to match the CPU on the hypervisor hardware under memory I set it to 8 gig under Network our only option here is V MBR Z and leave the vert IO par virtualize for the model we'll just click finish to confirm the allocated specs for this VM we have now a new entry here for the PF s VM going to the hardware section of this VM we can see that it has only one network device Net Zero is this enough to set up this pfSense firewall the answer is no a router or firewall in general need to have at least two network interfaces one for Lan or the internal Network or private IP addresses resides second for the wi to get internet access allow me to El rate this to explain further of what I'm going to set up here this is my Hardware which is a Mini PC sur5 model running proxmox with a management IP of 192.168 18250 as you can see it has only one physical ethernet port and is named np1 s0 from this port it is physically connected or caed to the router with a Gateway IP of 1921 16881 I have a physical PC on the same 192.168 X Network for managing proxmox emp1 s0 is virtually connected to vmbr0 how does this happen what is this vmbr0 vmbr0 can be thought of as a virtual switch H the representation of a switch here by default vmbr0 is Auto created and emp1 a0 is associated or linked to it you can find emp1 s0 and vmbr0 by clicking this node and going under system select network vmbr0 is a Linux Bridge type which is again think of this as a virtual switch and it's Associated or linked to the physical interface emp1 s0 here is the web management IP of proxmox and Gateway IP of the router1 s0 is Again by default linked to vmbr0 going back to the illustration here this pfSense vm's network interface net0 is also Associated or linked to vmbr0 as we saw during setting up the network for this VM and this Net Zero is virtually connected to VM V Z so the whole purpose of this vmbr0 is to interconnect any physical portter interface and virtual interface from the VM as if they are physically connected let me point out that this part of the router is the land [Music] Zone from pfSense perspective though this part here will be the W Zone let us put a label here for w take note this is just a simulated win as this is still behind the land of this router with a private IP address subnet of 192.168 18.0 sl24 this wi interface or Net Zero of pfSense here will obtain a DHCP IP address in this network range 192 to 168 8.x from DHCP of the router so what is missing in pf since firewall a land zone right let me move this line to the right side so that we can have some space so here is what we're going to do first create a virtual switch and name this [Music] vm1 [Music] second in the pfSense VM Hardware settings add a second Network device it will be Auto named as net1 and Link this to VM [Music] br1 once we install pfSense it will get an auto assigned IP address of 192.168.1.1 for the land how can we access this 192.168.1.1 to manage pfSense let us add a Windows 11 VM and Link its network interface net0 to VM [Music] br1 when this BF sense is up and running it will provide an IP address through DHCP to this Windows 11 VM in the 192.168.1 dx24 subnet range and this Windows 11 can then reach 192.168.1.1 to manage PF sense [Music] [Music] now that we have established what we're trying to accomplish here let's go back to the propm dashboard we'll go ahead and create a virtual switch VM br1 click create and select Linux Bridge [Music] name this as VM br1 following the same naming scheme vmbr0 then click create vmb br1 is a Linux Bridge type same as vmbr0 and it's not active yet looking below there is a message saying pending changes either reboot or apply apply configuration to make it active we'll just click apply configuration button here and we'll select yes to apply the pending Network [Music] changes we don't have that message down here and VM br1 now is active as we can see under ports SL slaves column it has no association to any ports we'll go now to pfSense vm's Hardware settings and add a second Network device for the [Music] land this time we'll select VM br1 model will still be vert iio par [Music] virtualized as you can see the psy Network device or interface is auton named as net1 and is linked to vm1 and this will be for Lan while Net Zero is linked to vmbr0 and this will be for w let us proceed with pfSense installation then click accept for the terms and okay to install pfSense click okay for auto ZFS proceed with installation we okay here for stripe no redundancy check the box for Vero block device and click okay we'll go with yes here to format the dis and install [Music] pfSense [Music] [Music] we can see the pfss name the interfaces differently VT net 0 and VT net 1 which are equivalent to net 0 and net one in the VM as we saw earlier we are now required to enter the one interface name which will be VT not [Music] 0 for the land interface name enter VT net [Music] one so when is for vet zero Len is for vet 1 go with yes to proceed [Music] [Music] we are at the welcome to PFS screen with a menu option from here we can view the W VT net0 as a DHCP assigned IP address of 192.168 18114 while the Lan vt1 is aut to configured with a static IP of 192.168.1.1 going now to the windows 11 VM Hardware settings we need to set the network device Net Zero to VM brr1 as you can see it is still in vmbr0 and edit the network device and change it from vmbr0 to VM br1 click okay and start this [Music] [Music] VM [Music] after this Windows 11 VM is up and running we jump to the command prompt to verify the IP address assigned to this machine it obtain a DHCP assigned IP address of 192.168.1.100 with Gateway IP of 1 19216811 .1 which is the same as the pfSense SL IP in Microsoft edge browser enter the IP 192.168.1.1 to get to pfSense web management we get this your connection isn't private due to self-sign ca from pfSense we'll click advaned and continue to sign in enter admin for the username and the default password is pfSense we are greeted welcome to pfSense and we'll just complete the setup wizard I'll leave the host name as PF sense for domain I'll change it to PF sense. [Music] loo I'll enter 8.8.8.8 for the primary DNS server and 1.1 1.1 for the second DNS next is to set up the time [Music] server for this setup to configure the W interface I leave it as DHCP and everything else as default we'll just scroll down and hit next I don't want to change land interface IP assignment of 192 2168 d1.1 with a mask of sl24 I will just click next I'll enter my preferred admin [Music] password we have completed the setup Wizard and pfSense is now configured we'll just click finish [Music] here after finishing the setup wizard we are in the pfSense dashboard now under system information we can view details about the firmware version CPU type up time system time DNS servers memory usage CPU usage disk usage Etc under interface faces we can see the wi and Lan IP addresses as you can see this Windows 11 VM can get to the internet and it's because it's been allowed already to verify this we go to firewall rules and under land tab there is a default rule that allow any land subnets to any destination now let's say I wanted to place another VM that is a Windows ser 2022 on another interface of thef sense and call this Zone as DMZ we will go through the steps of setting this up and we'll see how it [Music] goes it will be the same steps of what we did earlier when adding aian Zone first step is to create a virtual switch and name this VM br2 second step is to add a network device in pf sense which will be Aon named net 2 and Link this to [Music] vm2 we assigned a static IP address of 192.168.20.10 a2024 so that it can provide IP to server 2022 we'll also create a firewall rule to allow the 1 192.168.20.10 [Music] looks like prox Marks Auto populated this already we'll just select create and apply the configuration vmb br2 is now active let jump here to PFS VM Hardware settings and add a network [Music] device select vmb [Music] br2 this is the third network device and it's Al named net2 by default why net 2 because the network device naming scheme starts at Net Zero back in the windows 11 VM console where we have web management access to pfSense go to interfaces and then assignments we have now a third available Network Port VT net2 which will be used for our DMZ we'll click add them the interface is auto named opt1 let us change this name to DMZ change description to DMZ take enable interface select static ipv4 under static ipv4 configuration we'll enter [Music] then let's click save it says in here changes must be applied to take effect and don't forget to adjust the DHCP server range we'll apply the changes and then set up DHCP server for the DMZ we go to services and select DHCP server there is a banner message saying end of life here but we'll ignore this for now the DHCP server FL is already configured by default let us select DMZ and check this box to enable DHCP on the DMZ interface add an IP range for DHCP pool I'll start at 192.168.20.10 a2200 for DNS server the default is 192.168 do210 [Music] [Music] going now to server 2022 VM Hardware settings change the network device from vmbr0 to vm2 and start this [Music] V [Music] [Music] clicking at the network icon at the bottom right right corner here it appeared it detected a [Music] network when opening the network status it says you're connected to the internet verifying the IP address here as expected it obtain an IP address of 192.168.20.10 CP server [Music] [Music] pool when opening edge browser and going to google.com it says you're not connected what is going on here why is the server 2022 can't connect to the internet if even though it has acquired a valid IP address from PF dmc's DHCP range we can suspect it has something to do with the firewall rule let us check pfSense then and go to firewall and select rules as we have seen before there is already a default firewall rule for land subnet going to any destination [Music] under DMZ as we can see there is no rule defined yet all incoming connections will be blocked by default until a pass rule is added let's add a rule then for Action we'll leave it as pass the interface is already set to DMZ for protocol call will set list to any for the source select DMZ subnets that is [Music] 192.168.20.10 the newly added firewall rule so this rule means that any DMZ subnets or any in the network range [Music] [Music] 192.168.20.10 refresh this page we can now reach google.com in the DMZ firewall rule it shows some traffic usage under the states column so this means that it's matching this DMZ far rule thank you if you have reached this far in the video If you find this helpful please like and consider subscribing in the next video will virtualize a sofos firewall until then take care and see you on the next video video

Info

Channel: Practical Kri

Views: 4,470

Rating: undefined out of 5

Keywords: virtualize pfsense in proxmox, pfsense as virtual machine in proxmox, pfsense firewall in proxmox, installing pfsense in proxmox, pfsense installation and configuration in proxmox, how to virtualize pfsense in proxmox?, how to install pfsense in proxmox?, setup pfsense in proxmox, how to setup pfsense as virtual machine in proxmox?

Id: 2YZ_C8Ze0CM

Channel Id: undefined

Length: 27min 31sec (1651 seconds)

Published: Sun Mar 03 2024