= Advance Configurations = Maintaining a pfSense can be problematic if the configurations are not fine tuned to meet your network requirements. == pfSense Advanced Settings == The advanced settings available under System > Advanced. There are there for additional tweaking or for those who need the functionality given. === Admin Access === ==== webConfigurator ==== These will change settings related to web interface of your pfSense instance - Protocol: HTTPS - TCP Port: defaults to 443 but you may change to a non-common port in production - Max Processes: 2 (number of webConfigurator processes to run allowing more users/browsers to access the GUI concurrently), and many more... ==== Secure Shell ==== You need to enable ssh to access its CLI remotely. SSH key methods and port number can be configured ==== Serial Communication ==== If you desire to use serial communication as of a router or a switch you may configure these options. ==== Console Options ==== If you dont tick the option, it will allow anyone to access the physical console of the pfSense server === Firewall & NAT === In production, depending on number of hosts and concurrent connections, you may need to increase values of '''Firewall Maximum States''' or '''Firewall Maximum Table Entries'''. If you tick '''Disable Firewall''' option, it will convert the pfSense in to a normal routing device, remember it will remove NAT functions as well. === Networking === You may control IPv6 capabilities of the pfSense from this section and enable/disable IPv6 on the device. > We recommend not to touch this. By any chance, if you need to change WAN interface addresses regularly, it is a good option to tick '''Reset All States''' === Notifications === In production environment, it is a good idea to configure SMTP settings for your pfsense. == Package Manager == You will find the package manager which controls installing and uninstalling of different 3rd party packages in System drop down menu. === Installed Packges === You can Remove , Update , Reinstall any installed package using this tab. === Available Packages === Any new 3rd party packages can be installed very easily using this tab and it gives a nice UI where you can search what you want and install if available. == Routing == Static routing for gateways are done on this page located at System > Routing === Gateways === Your upstream and any downstream routers / L3 devices that are connected through routed interfaces must be configured on this page. One gateway for each interface and for each address family. Initially, two gateways for WAN interface should have been created to define IPv4 and IPv6 addresses of your WAN gateway. Also on to the bottom of the page, you will find the selected gateways as your default Gateways. ==== Add New Gateway ==== If you have a L3 device as your downstream and if you have defined vlans on it then you must define a static route pointing those vlans. This must be accomplished by creating a new gateway and creating static routes. To add a new gateway click **+ Add** button on Gateways page - Select the interface facing that end point (WAN or LAN) - Address Family - Name: something identifiable - Gateway: IP address of the gateway or the interface address of the L3 device connected on the other side. Consider Address Family as well - Description: Some description about the gateway or the link and save. === Static Routes === To create a new static route, Click **+ Add** on Static Route Page, - Define your Destination Network and Mask, eg: 172.16.0.0 / 16 , 2401:dd00:wxyz:1000:: / 52 - Gateway: Select Gateway that is on that routed link - Description: Add a suitable description Make sure you add the reverse route to the other device as well. == Update == You may update your installation using this menu, we will skip it for the workshop. == User Manager == You can create multiple users to give access in handling pfSense authentication. System > User Manager is responsible in creating and maintaining Local users as well as remote users like LDAP or Radius. To create a new user you can use **+ Add** and give, - Username - Password - Full Name (optional) - Expiration Date (optional) and click Save Once the new User is created click on the edit (Pencil) mark to add user privileges. On Effective Privileges of the edit page can be used to customize how that user can interact with pfSense. Click Add and select one or more privileges according to the needs If you have more than one user with specific custom privileges, the best way assigning them is to create a user group with common privileges and assign users to that. You may create a group on **Groups** tab and once the group is created go to edit and assign privileges and users.