= Advance Configurations = Maintaining a pfSense can be problematic if the configurations are not fine tuned to meet your network requirements. == pfSense Advanced Settings == The advanced settings available under System > Advanced. There are there for additional tweaking or for those who need the functionality given. === Admin Access === ==== webConfigurator ==== These will change settings related to web interface of your pfSense instance - Protocol: HTTPS - TCP Port: defaults to 443 but you may change to a non-common port in production - Max Processes: 2 (number of webConfigurator processes to run allowing more users/browsers to access the GUI concurrently), and many more... ==== Secure Shell ==== You need to enable ssh to access its CLI remotely. SSH key methods and port number can be configured ==== Serial Communication ==== If you desire to use serial communication as of a router or a switch you may configure these options. ==== Console Options ==== If you dont tick the option, it will allow anyone to access the physical console of the pfSense server === Firewall & NAT === In production, depending on number of hosts and concurrent connections, you may need to increase values of '''Firewall Maximum States''' or '''Firewall Maximum Table Entries'''. If you tick '''Disable Firewall''' option, it will convert the pfSense in to a normal routing device, remember it will remove NAT functions as well. === Networking === You may control IPv6 capabilities of the pfSense from this section and enable/disable IPv6 on the device. > We recommend not to touch this. By any chance, if you need to change WAN interface addresses regularly, it is a good option to tick '''Reset All States''' === Notifications === In production environment, it is a good idea to configure SMTP settings for your pfsense. == Package Manager == You will find the package manager which controls installing and uninstalling of different 3rd party packages in System drop down menu. === Installed Packges === You can Remove , Update , Reinstall any installed package using this tab. === Available Packages === Any new 3rd party packages can be installed very easily using this tab and it gives a nice UI where you can search what you want and install if available. == Routing == Static routing for gateways are done on this page located at System > Routing === Gateways === Your upstream and any downstream routers / L3 devices that are connected through routed interfaces must be configured on this page. One gateway for each interface and for each address family. Initially, two gateways for WAN interface should have been created to define IPv4 and IPv6 addresses of your WAN gateway. Also on to the bottom of the page, you will find the selected gateways as your default Gateways. ==== Add New Gateway ==== If you have a L3 device as your downstream and if you have defined vlans on it then you must define a static route pointing those vlans. This must be accomplished by creating a new gateway and creating static routes. To add a new gateway click **+ Add** button on Gateways page - Select the interface facing that end point (WAN or LAN) - Address Family - Name: something identifiable - Gateway: IP address of the gateway or the interface address of the L3 device connected on the other side. Consider Address Family as well - Description: Some description about the gateway or the link and save. === Static Routes === To create a new static route, Click **+ Add** on Static Route Page, - Define your Destination Network and Mask, eg: 172.16.0.0 / 16 , 2401:dd00:wxyz:1000:: / 52 - Gateway: Select Gateway that is on that routed link - Description: Add a suitable description Make sure you are the reverse route to the other device as well.