Advance Configurations

Maintaining a pfSense can be problematic if the configurations are not fine tuned to meet your network requirements.

pfSense Advanced Settings

The advanced settings available under System > Advanced. There are there for additional tweaking or for those who need the functionality given.

Admin Access

webConfigurator

These will change settings related to web interface of your pfSense instance

• Protocol: HTTPS
• TCP Port: defaults to 443 but you may change to a non-common port in production
• Max Processes: 2 (number of webConfigurator processes to run allowing more users/browsers to access the GUI concurrently)
• Alternate Hostnames: pfsense.instXY.ac.lk (this is, if you need to access webUI by its domain name) and many more...

Secure Shell

You need to enable ssh to access its CLI remotely. SSH key methods and port number can be configured

Serial Communication

If you desire to use serial communication as of a router or a switch you may configure these options.

Console Options

If you dont tick the option, it will allow anyone to access the physical console of the pfSense server

Firewall & NAT

In production, depending on number of hosts and concurrent connections, you may need to increase values of Firewall Maximum States or Firewall Maximum Table Entries.

If you tick Disable Firewall option, it will convert the pfSense in to a normal routing device, remember it will remove NAT functions as well.

Networking

You may control IPv6 capabilities of the pfSense from this section and enable/disable IPv6 on the device.

We recommend not to touch this.

By any chance, if you need to change WAN interface addresses regularly, it is a good option to tick Reset All States

Notifications

In production environment, it is a good idea to configure SMTP settings for your pfsense.

Package Manager

You will find the package manager which controls installing and uninstalling of different 3rd party packages from System drop down menu.

Installed Packges

You can Remove , Update , Reinstall any installed package using this tab.

Available Packages

Any new 3rd party packages can be installed very easily using this tab and it gives a nice UI where you can search what you want and install if available.

Search for mailreport and click + Install and confirm. It will take some time to install and once it shows Success go to Status > Email Reports

With this package you can add custom email reports based on given Schedules.

Routing

Static routing for gateways are done on this page located at System > Routing

Gateways

Your upstream and any downstream routers / L3 devices that are connected through routed interfaces must be configured on this page. One gateway for each interface and for each address family. Initially, two gateways for WAN interface should have been created to define IPv4 and IPv6 addresses of your WAN gateway.

Also on to the bottom of the page, you will find the selected gateways as your default Gateways.

Add New Gateway

If you have a L3 device as your downstream and if you have defined vlans on it then you must define a static route pointing those vlans. This must be accomplished by creating a new gateway and creating static routes.

To add a new gateway click + Add button on Gateways page

• Select the interface facing that end point (WAN or LAN)
• Address Family
• Name: something identifiable
• Gateway: IP address of the gateway or the interface address of the L3 device connected on the other side. Consider Address Family as well
• Description: Some description about the gateway or the link

and save.

Static Routes

To create a new static route, Click + Add on Static Route Page,

• Define your Destination Network and Mask, eg: 172.16.0.0 / 16 , 2401:dd00:2009:WX10:: / 60
• Gateway: Select Gateway that is on that routed link
• Description: Add a suitable description

Make sure you add the reverse route to the other device as well.

Update

You may update your installation using this menu, we will skip it for the workshop.

User Manager

You can create multiple users to give access in handling pfSense authentication. System > User Manager is responsible in creating and maintaining Local users as well as remote users like LDAP or Radius.

To create a new user you can use + Add and give,

• Username
• Password
• Full Name (optional)
• Expiration Date (optional) and click Save

Once the new User is created click on the edit (Pencil) mark to add user privileges.

On Effective Privileges of the edit page can be used to customize how that user can interact with pfSense. Click Add and select one or more privileges according to the needs

If you have more than one user with specific custom privileges, the best way assigning them is to create a user group with common privileges and assign users to that.

You may create a group on Groups tab with

• Group Name
• Scope: Local
• Description

Once the group is created go to edit and assign privileges and users.

On Settings tab you may specify Session timeouts and Authentication Refresh Times as per your institute policy.