Version 5 (modified by 6 years ago) ( diff ) | ,
---|
Advance Configurations
Maintaining a pfSense can be problematic if the configurations are not fine tuned to meet your network requirements.
pfSense Advanced Settings
The advanced settings available under System > Advanced. There are there for additional tweaking or for those who need the functionality given.
Admin Access
webConfigurator
These will change settings related to web interface of your pfSense instance
- Protocol: HTTPS
- TCP Port: defaults to 443 but you may change to a non-common port in production
- Max Processes: 2 (number of webConfigurator processes to run allowing more users/browsers to access the GUI concurrently), and many more...
Secure Shell
You need to enable ssh to access its CLI remotely. SSH key methods and port number can be configured
Serial Communication
If you desire to use serial communication as of a router or a switch you may configure these options.
Console Options
If you dont tick the option, it will allow anyone to access the physical console of the pfSense server
Firewall & NAT
In production, depending on number of hosts and concurrent connections, you may need to increase values of Firewall Maximum States or Firewall Maximum Table Entries.
If you tick Disable Firewall option, it will convert the pfSense in to a normal routing device, remember it will remove NAT functions as well.
Networking
You may control IPv6 capabilities of the pfSense from this section and enable/disable IPv6 on the device.
We recommend not to touch this.
By any chance, if you need to change WAN interface addresses regularly, it is a good option to tick Reset All States
Notifications
In production environment, it is a good idea to configure SMTP settings for your pfsense.
Package Manager
You will find the package manager which controls installing and uninstalling of different 3rd party packages in System drop down menu.
Installed Packges
You can Remove , Update , Reinstall any installed package using this tab.
Available Packages
Any new 3rd party packages can be installed very easily using this tab and it gives a nice UI where you can search what you want and install if available.
Routing
Static routing for gateways are done on this page located at System > Routing
Gateways
Your upstream and any downstream routers / L3 devices that are connected through routed interfaces must be configured on this page. One gateway for each interface and for each address family. Initially, two gateways for WAN interface should have been created to define IPv4 and IPv6 addresses of your WAN gateway.
Also on to the bottom of the page, you will find the selected gateways as your default Gateways.
Add New Gateway
If you have a L3 device as your downstream and if you have defined vlans on it then you must define a static route pointing those vlans. This must be accomplished by creating a new gateway and creating static routes.
To add a new gateway click + Add button on Gateways page
- Select the interface facing that end point (WAN or LAN)
- Address Family
- Name: something identifiable
- Gateway: IP address of the gateway or the interface address of the L3 device connected on the other side. Consider Address Family as well
- Description: Some description about the gateway or the link
and save.
Static Routes
To create a new static route, Click + Add on Static Route Page,
- Define your Destination Network and Mask, eg: 172.16.0.0 / 16
- Gateway: Select Gateway that is on that routed link
- Description: Add a suitable description