= Pfsense Initial Setup= The pfSense project is a free, open source tailored version of FreeBSD for use as a firewall and router with an easy-to-use web interface. There are two ways of installing pfSense. - Full installation - Embedded Installation Here you are going to create a pfSense virtual machine using full installation method to install pfSense. == Setting up virtualbox == === Downloading pfSense iso image === - [ftp://ftp.learn.ac.lk/pfSense-CE-2.3.2-RELEASE-i386.iso Download] pfSense image from the LEARN mirror - Note down the location of downloaded iso file === Creating PFSense VM === - Start virtualbox and Click on New button (at top-right) to create new virtual machine - Enter name of the VM as: '''pfsense.'your domain'.ws.learn.ac.lk'''. You can get your domain from [wiki:ipallocation here] eg: - pfsense.user1.ws.learn.ac.lk - Select OS Type: '''BSD''' - Select Version: '''FreeBSD (64-bit)''' - Then click on '''Continue''' button - Set VM's memory size to '''512MB''' and click on Continue button - Set VM's hard disk option to '''Create a virtual hard disk now''' and then click on '''Continue''' - Select disk type to '''VDI''' - Select storage type to '''Fixed size''' and '''Continue''' - Make sure virtual hard disk file name in following format '''pfsense.'your domain'.ws.learn.ac.lk''' - adjust the disk size to '''8.0GB''' and click on '''Create''' to create the VM This might take couple of minutes (Note down the location of vdi image file when virtualbox flashes it on the screen) === Setting up Network Interface === - Select the VM from left panel on Virtual box, right click and open '''Settings''' - Click on the '''Network''' title - On '''Adapter 1''' While ''Enable'' Network Adapter selected choose Attached to be '''Bride Adapter'''. This virtual interface will work as the WAN port of the firewall (Can be connect from out side). - On '''Adapter 2''' While '''Enable''' Network Adapter selected choose Attached to be '''Internal Network'''. Default name is '''intent'''. keep it that way. This virtual interface will work as our LAN port (Can't connect from out side). === Setting up boot device and Booting=== - Click on '''Storage''' title and select '''CD ROM icon''' under the '''Controller:IDE''' Click on CD ROM icon under the '''Attribute''' on the left side to select - Choose '''Virtual Optical Disk File''' - Locate the '''PFSense CD image''' file you downloaded from the LEARN ftp - Right click on VM to make a '''Normal Start''' VM. You should now see a separate window with PFSense Installation screen == Pfsense Installation == === Initial Installation === - When the pfSense starts booting, a prompt is displayed with some options and a countdown timer. At this prompt, press '''1''' to get install '''pfsense by default'''. If we don’t choose any option it will start to boot option 1 by default. - Next, press '''I''' to install fresh copy of pfsense, - On the next screen, it will ask you to '''Configure Console''', just press '''Accept these settings''' to move forward for installation process. - Choose '''Quick / Easy Install''' option to take make things easier. Once you are familiar with pfsense installation you can try '''Custom Install'''. - The install will proceed, wiping the target disk and installing pfSense. Copying files may take some time to finish. - After the files have been copied to the target disk, a choice is presented to select the '''Console Type'''. Standard Kernel defaults to the VGA console. Embedded Kernel defaults to serial console. Choose '''Standard Kernel''' - Now the Installation is finished So it will ask to reboot. Choose '''Reboot''' and remember to '''remove the disc''' from vm so it will not fall back to the installation (Some times your vm might hang when you remove your disk. If this happens '''Right click''' your vm ( pfsense.'your domain'.ws.learn.ac.lk) on '''virtualbox manager''' window. Go to the '''close''' attribute and click on '''power off'''. It will shut down your vm. After it shuts down '''Right click''' your vm (pfsense.'your domain'.ws.learn.ac.lk) on '''virtualbox manager''' window and Click '''start'''. It will start your vm again. === First Bootup === '''note :''' If you reboot your vm manually you will be prompted straight to the pfSense [#point1 configuration user interface]. But do not worry it will not effect on your firewall After rebooting, you will get the a screen with available interfaces to configure the network. - The first option is presented as '''VLAN’s''', simply here say No by pressing '''n''' and '''enter'''. - There are two interface’s em0 and em1, pfSense will ask which interface to use as WAN and which interface to use as LAN. Press '''a''' and '''enter''' to auto configure the interfaces. please note that in this case pfSense is intelligent to assign correct virtual interfaces as WAN and LAN ports, Because only one interface can be connect from out side. Even if the interfaces are wrong you can assign them correctly later. - It will ask for the '''confirmation''' and you can proceed with '''Y''' and press '''enter''' to continue to the == [=#point1 pfSense Console Configuration] == pfSense console configuration interface has the basic configuration options in pfSense. You can select these options by typing there index number and pressing enter. === Assign WAN & LAN Interfaces === - Note that WAN and LAN Interfaces are assigned by PFSense itself. To change that press '''1''' and '''enter''' - The first step is presented as '''VLAN’s''', simply here say No by pressing '''n''' and '''enter'''. - To select em0 as WAN interface type '''em0''' and press '''enter''' - To select em1 as LAN interface type '''em1''' and press '''enter''' - We do not need optional interfaces so press '''enter''' at the next step - Do you want to proceed? press '''y''' to say yes and '''enter''' === Assign WAN IP addresses === - To change the interface IP address press '''2''' and '''enter''' - WAN IP is set by DHCP by default. To change the WAN interface IP Address press '''1''' and '''enter'''. - We are going to have a static IP for WAN Interface. So press '''n''' and '''enter''' to avoid pfSense to configure the interface IP by DHCP. - Enter the WAN '''IP address assign''' to you and '''enter'''. Give '''subnet mask''' and '''gateway''' in the next steps. You can find your IP allocation from the [wiki:ipallocation IP table] - We are going to have an IPv6 address by DHCP. Press '''y''' and '''enter''' to let pfSense get an IPv6 address - Press '''n''' and '''enter''' to disable http on WAN interface - You will be prompted back to main interface. === Assign LAN IP addresses === - To change the interface IP address press '''2''' and '''enter''' - To change the WAN interface IP Address press '''2''' and '''enter'''. - Enter the LAN Ip address as ''' 10.1.1.254'''. Enter subnet mas as '''24'''. We are going to have this IP address as our LAN's gateway IP. Do not give any parameters to gateway on LAN. Just press enter. - We are not going to have an IPv6 address for LAN. So just Press enter. - To enable DHCP server on LAN press '''y''' and press enter - For this workshop our LAN DHCP range is 10.1.1.10 to 10.1.1.50. Give start and end IP addresses in next steps. - Press '''n''' and '''enter''' to disable http on WAN interface - You will be promted back to main interface. You have now set up both WAN and LAN IP addresses. === Reset WEB Configurator password === This step is optional as This step will reveal you the default user name and password for the webconfigurator. Press '''3''' and '''enter'''. Above the line 'Do you want to proceed' you will see the default username and password on the web access. Note down the default password and Press '''n'''