SlideShare une entreprise Scribd logo

Hacom%20pf sense%20quick start%20guide

HARRY CHAN PUTRA
HARRY CHAN PUTRA

BSD

Formation
1  sur  24
Télécharger pour lire hors ligne
Hacom's pfSense Quick-Start Guide Bao Ha Copyright © 2008 Hacom Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. 12 November 2008 Table of Contents Hacom's pfSense Quick-Start Guide..........................................................................................................1 Introduction...........................................................................................................................................2 Setup and Configuration........................................................................................................................4 Web Administration............................................................................................................................10 Backup and Restore of configuration..................................................................................................18 Firmware Update.................................................................................................................................19 Maximum Firewall States...................................................................................................................25 1
Introduction PfSense is a complete, embedded firewall software package that provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software). It is based on FreeBSD. The software is available at the URL, http://www.pfsense.com/. Hacom implements pfSense on our hardware to take advantages of their features, as well as , to provide complete packaged supports for commercial customers: small, medium and enterprises, who desire a one-stop shop. Documentation Since pfSense is similar to M0n0wall, the documentation of the M0n0wall systems can be perused at the following URL, • The M0n0 Users Manual (http://m0n0.ch/wall/docbook/) • M0n0wall Quick Start Guide (http://m0n0.ch/wall/quickstart/) • pfSense FAQ (http://faq.pfsense.com/) • pfSense tutorial (http://www.pfsense.com/index.php?id=36) Hacom's pfSense Hacom offers three groups of commercially packaged pfSense systems with choices of support services: Phoenix , Mercury and Mars . The following comparison table can be used to select appropriate equipments depending on a network environment. Performance* Phoenix Mercury Mars Suggested Users 5-25 10-50 10-250 Throughput 90Mbps 200Mbps 400Mbps Concurrent Connections 80,000 200,000 200,000-400,000 3DES IPSec Throughput 8-10Mbps 20Mbps 25-40Mbps AES IPSec Throughput 10-40Mbps 80Mbps 40-60Mbps • Performance depends on network environment and configuration of the firewall. 2
Hardware Phoenix Mercury Mars Specification Systemboard ES466B CV700A CV700A CV763A CI852A 333Mhz AMD 500Mhz 1Ghz 1.6Ghz CPU 1Ghz VIA C7 Geode GX VIA C7 Celeron-M Celeron-M Memory 256MB 512MB 512MB 1GB Storage 1 GB CF (Compact Flash) or 1GB DOM (Disk-On-Module)** 3x10M/10 4x10M/10 Ethernet 3x10M/100M 4x10M/100M/1G 0M/1G 0M/1G ** Disk-on-Module is more durable than compact flash due to its built-in wear leveling function. This quick-start guide is also applicable to other Hacom's pfSense pre-loaded systems. Requirements to Access to pfSense's Console. You will need a keyboard and a monitor to access the console of Hacom's pfSense. Serial console is available on certain models. Input/Output Phoenix Mercury Mars Systemboard ES466B CV700A CV700A CV763A CI852A Monitor VGA Keyboard USB USB or PS/2 Optional (Required Serial Optional hardware Console (Required a serial-console enabled BIOS update) modification at factory!) 3
Setup and Configuration The simplest pfSense configuration is a 2-zone firewall: WAN and LAN. WAN is the Internet, the outside world. LAN is the local internal network protected by the firewall. Following is a diagram of the 2-zone pfSense firewall. When the system is booted up, a Grub screen is shown. There is a five (5) seconds delay for user to access Grub directly. 4
At the first boot up, pfSense was not configured. User will see a setup screen asking for network interface configuration. PfSense requires that at least two (2) network interfaces are available to set up a firewall. Hacom systems typically have at least three (3) network interfaces. Depending on the systems, they are typically based on the Realtek chipset and will be detected by pfSense as: rl0: first Realtek 10M/100M Ethernet adapter rl1: second Realtek 10M/100M Ethernet adapter rl2: third Realtek 10M/100M Ethernet adapter For the Intel Gigabit Ethernet systems, pfSense will detect the following network interfaces, instead: em0: first Intel Gigabit 10M/100M/1G Ethernet adapter em1: second Intel Gigabit 10M/100M/1G Ethernet adapter em2: third Intel Gigabit 10M/100M/1G Ethernet adapter In some of our systems, an Atheros-based wireless network interface will also be detected as: ath0: first 802.11/b/g Wifi network interface 5
In our simple 2-zone firewall configuration, (1) We don't need VLAN setup. (2) We want rl0 (the first Realtek Ethernet interface) to be our LAN: the local internal network. (3) We want rl1 (the second Realtek Ethernet interface) to be our WAN: the access to the outside Internet. (4) Since we are not ready to set up the DMZ, we will leave the OPT interfaces blank (un- configured) for the time being. Once the network interfaces are set up, pfSense is ready and the console menu is shown as in the following. In the console menu, there are several additional configuration choices. Following are the most important for the initial setup of the firewall to be ready: 1. Assign Interfaces. It is basically the initial network setup that we have just followed. 2. Set LAN IP address. It will be our next step so we can access the web-based configuration tools on a local internet network. By default, the LAN IP is set to be 192.168.1.1, which is very common among other firewalls gateways. It is advised to make this change prior to connecting the firewall to an internal network, to avoid network problems. 6
3. Reset WebConfigurator password. This is to reset the “admin” password to “pfsense”. The password can be changed from the web. 4. Reset to factory defaults. This will wipe out all of the configuration data. Our next step is to change the LAN IP address from the default 192.168.1.1 to an appropriate one in a local network. If there is no need to change the IP address, just skip this step! For our network, we have a company gateway at 192.168.1.1. We want to change the LAN IP to an unused IP in our local network. It was decided to put this pfSense firewall to the end of the class c range of the 192.168.1.0 network. Following is our LAN IP: 1. IP address: 192.168.1.254 2. Subnet masks: 255.255.255.0 (or 24 bits) This is related to our choice of using 192.168.1.0 network as a class C with a maximum of 255 hosts withing the subnet. For some other installations, which need a larger subnet, like 500 hosts within an accessible subnet to all, a class B subnet with s subnet mask of 255.255.0.0 (or 16 bits) may be more appropriate. For example, a 10.0.0.0/16 will accommodate for a range from 10.0.0.1 to 10.0.255.254, or a maximum of 65535 hosts. 7
Now, we are ready to go the web configuration! 8
Web Administration At the first access to the web-based administration tool, we will be lead to a wizard. The wizard can always be choosen from System → Setup wizard. Or we can always use the following URL: http://192.168.1.254/wizard.php?xml=setup_wizard.xml Just change the ip address to the correct one for your installation! The first step is to update some general information: 9
1. Hostname: pfsense or any other hostname you want the firewall to be called. 2. Domain: Default is local. Use your domain name here. We set it up to be baoha.net. 3. DNS servers: It is best to use the DNS servers from your Internet providers. Our Internet provider is dslextreme.com, and the DNS servers they provide are 66.51.205.100 and 66.51.206.100. 10
The second step is to set up the time server information. 1. Time server dns name is defaulted to 0.pfsense.pool.ntp.org. Don't change it unless there is valid reason. 2. Time zone may be changed to local time zone. In our case, it is the US Pacific Time Zone. 11
The third step is to configure the Wide Area Network (WAN) information. There are several configuration choices: (1) static IP, (2) DHCP IP, (3) PPPoE, (4) PptP, and (5) Big Pond. For our configuration, we choose static IP 1. Static IP address: 208.127.150.33 (Use your own IP!!!) 2. Default gateway: 208.127.150.1 (Use your own gateway!!!) When scrolling to the bottom, there is also a choice of “Block RFC1918 Private Networks.” We left it set to prevent spoofing. 12
The fourth step is to set the Local Area Network (LAN). It is just a confirm of what we have changed at the console menu. 13
The last step is to change the “admin” password. We changed it from the default “pfsense” to *****. 14
Now, the firewall is ready to reload its new configuration data. 15
The following screen shows the pfSense's system status upon reloaded. 16
Backup and Restore of configuration The configuration data should be back up to a local storage of the system administration for recovery purposes. To access the backup and restore tools, got to Diagnostic → Backup/Restore. The page is self-explanatory. We would recommend to back up every time a configuration change was made. Also, periodic backup should also be performed. It is also recommend to test the restore function after the initial backup, as well as every time the firmware is updated. 17
Firmware Update There are several ways to update the firmware. 1. For Hacom systems prior to pfSense version 1.2.1, it is recommended a. to back up the configuration b. to flash the new firmware c. to restore the configuration. 2. Starting from version 1.2.1, firmware can be updated reliably on-line. Important notes: Hacom pfSense systems are based on the full firmware, including headless systems. ● When updating the firmware, use the full-update version. ● The compact flash (CF) based systems require the platform information to be changed from “embedded” to “pfSense” before the updating process. It should be changed back to “embedded” after the update. The CF-based system can be used as “pfSense” platform if the mount command shows the following: ... pfSense:~# mount /dev/ad2s4a on / (ufs, local, noatime) devfs on /dev (devfs, local) /dev/md0 on /var/run (ufs, local) /dev/ad2s4d on /cf (ufs, local, noatime) devfs on /var/dhcpd/dev (devfs, local) pfSense:~# ... The “noatime” option on the root / and /cf allows the CF to last several years under normal use. It is recommended to use industrial-grade CF or Disk-on-Module (DOM) with their built-in static wear leveling function. ● The DOM based platforms are “pfSense” and ready to use just like a solid state drive. 18
Following is the procedure to update the firmware. First, the platform is changed to “pfSense”. This step can be skipped for DOM-based systems or systems which are already “pfSense”. The following procedure is done as a shell using the console. It can also be performed using the web- based administration: go to Diagnostic → Command. 19
The second step is to enable the Firmware upload. Go to System → Firmware. 20
The third step is to upload the firmware. 1. The new firmware should have been downloaded into a local storage. 2. Browse to the local folder to upload the new firmware. 3. If asked about the kernel, select the Uniprocessor or Multiprocessor kernel, as appropriate. Do not select embedded kernel since that will disable the display, keyboard and mouse. 4. Click on upgrade firmware and wait. 21
If the firmware is uploaded successful, it will take a while for the updating process. It takes more than 10 minutes for an OpenBrick-E cv700a3r50 to complete the firmware update. 22
Following is the screen showing a successful update. 23
Maximum Firewall States It is recommended to change the maximum firewall state from the default 10,000 to at least 100,000 for systems with 256MB RAM memory, or 200,000 for systems with more than 512MB RAM, or 400,000 for systems with more than 1GB RAM. Each state uses about 1k of RAM memory. Sometimes, the maximum number of firewall states is also referred as maximum number of concurrent connections. Go to System → Advanced, and scroll all the way to the bottom to see the option. 24

Recommandé

66_pfSenseTutorial
66_pfSenseTutorial66_pfSenseTutorial
66_pfSenseTutorial
tutorialsruby
 
Vortex86 Sx Linux How To
Vortex86 Sx Linux How ToVortex86 Sx Linux How To
Vortex86 Sx Linux How To
Rogelio Canedo
 
Cisco IOS (internetworking operating system)
Cisco IOS (internetworking operating system)Cisco IOS (internetworking operating system)
Cisco IOS (internetworking operating system)
Netwax Lab
 
Configuracionde router camilaloaiza
Configuracionde router camilaloaizaConfiguracionde router camilaloaiza
Configuracionde router camilaloaiza
Once Redes
 
Initial Configuration of Router
Initial Configuration of RouterInitial Configuration of Router
Initial Configuration of Router
Kishore Kumar
 
Introduction to-cisco-routers
Introduction to-cisco-routersIntroduction to-cisco-routers
Introduction to-cisco-routers
97148881557
 
Aix install via nim
Aix install via nimAix install via nim
Aix install via nim
muhammad adeel
 
05 module managing your network enviornment
05 module managing your network enviornment05 module managing your network enviornment
05 module managing your network enviornment
Asif
 

Recommandé

66_pfSenseTutorial
66_pfSenseTutorial66_pfSenseTutorial
66_pfSenseTutorial
tutorialsruby
 
Vortex86 Sx Linux How To
Vortex86 Sx Linux How ToVortex86 Sx Linux How To
Vortex86 Sx Linux How To
Rogelio Canedo
 
Cisco IOS (internetworking operating system)
Cisco IOS (internetworking operating system)Cisco IOS (internetworking operating system)
Cisco IOS (internetworking operating system)
Netwax Lab
 
Configuracionde router camilaloaiza
Configuracionde router camilaloaizaConfiguracionde router camilaloaiza
Configuracionde router camilaloaiza
Once Redes
 
Initial Configuration of Router
Initial Configuration of RouterInitial Configuration of Router
Initial Configuration of Router
Kishore Kumar
 
Introduction to-cisco-routers
Introduction to-cisco-routersIntroduction to-cisco-routers
Introduction to-cisco-routers
97148881557
 
Aix install via nim
Aix install via nimAix install via nim
Aix install via nim
muhammad adeel
 
05 module managing your network enviornment
05 module managing your network enviornment05 module managing your network enviornment
05 module managing your network enviornment
Asif
 
SR-IOV benchmark
SR-IOV benchmarkSR-IOV benchmark
SR-IOV benchmark
Tommy Värre
 
第6讲 操作与配置Cisco Ios
第6讲 操作与配置Cisco Ios第6讲 操作与配置Cisco Ios
第6讲 操作与配置Cisco Ios
F.l. Yu
 
How to recover the password for cisco 2900 integrated services router
How to recover the password for cisco 2900 integrated services routerHow to recover the password for cisco 2900 integrated services router
How to recover the password for cisco 2900 integrated services router
3Anetwork com
 
IBM System Networking Easy Connect Mode
IBM System Networking Easy Connect ModeIBM System Networking Easy Connect Mode
IBM System Networking Easy Connect Mode
IBM System Networking
 
CCNA at a glance
CCNA at a glanceCCNA at a glance
CCNA at a glance
Vikas Raut
 
Ciscointro
CiscointroCiscointro
Ciscointro
97148881557
 
Admin Passwords For Routers
Admin Passwords For RoutersAdmin Passwords For Routers
Admin Passwords For Routers
hee
 
IBM Flex System Fabric EN4093 and EN4093R 10Gb Scalable Switches
IBM Flex System Fabric EN4093 and EN4093R 10Gb Scalable SwitchesIBM Flex System Fabric EN4093 and EN4093R 10Gb Scalable Switches
IBM Flex System Fabric EN4093 and EN4093R 10Gb Scalable Switches
IBM India Smarter Computing
 
Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3
Mohamed Al-Natour
 
H6175 symmetrix-vmaxse-ss
H6175 symmetrix-vmaxse-ssH6175 symmetrix-vmaxse-ss
H6175 symmetrix-vmaxse-ss
Abdul Azeem Shaikh
 
Building a Converged Infrastructure based on FCoE, Dell Blades and Force10 sw...
Building a Converged Infrastructure based on FCoE, Dell Blades and Force10 sw...Building a Converged Infrastructure based on FCoE, Dell Blades and Force10 sw...
Building a Converged Infrastructure based on FCoE, Dell Blades and Force10 sw...
juet-y
 
ccna cheat_sheet
ccna cheat_sheetccna cheat_sheet
ccna cheat_sheet
Guntaka Reddy
 
Juniper SRX Quickstart 12.1R3 by Thomas Schmidt
Juniper SRX Quickstart 12.1R3 by Thomas SchmidtJuniper SRX Quickstart 12.1R3 by Thomas Schmidt
Juniper SRX Quickstart 12.1R3 by Thomas Schmidt
Nam Nguyen
 
Ncat ccna cheat sheet
Ncat ccna cheat sheetNcat ccna cheat sheet
Ncat ccna cheat sheet
EZREIG OMAR
 
High performance content hosting
High performance content hosting High performance content hosting
High performance content hosting
Aleksey Korzun
 
Ccna voice study summary 460
Ccna voice study summary 460Ccna voice study summary 460
Ccna voice study summary 460
B Mach
 
Manejo de redes
Manejo de redesManejo de redes
Manejo de redes
DiegoTorres519
 
test
testtest
test
sufwan
 
Topology
TopologyTopology
Topology
HARRY CHAN PUTRA
 
Megis mpls
Megis mplsMegis mpls
Megis mpls
HARRY CHAN PUTRA
 
Modul 1-instalasi
Modul 1-instalasiModul 1-instalasi
Modul 1-instalasi
HARRY CHAN PUTRA
 
Firewall ip filter
Firewall ip filterFirewall ip filter
Firewall ip filter
HARRY CHAN PUTRA
 

Contenu connexe

Tendances

第6讲 操作与配置Cisco Ios
第6讲 操作与配置Cisco Ios第6讲 操作与配置Cisco Ios
第6讲 操作与配置Cisco Ios
F.l. Yu
 
CCNA at a glance
CCNA at a glanceCCNA at a glance
CCNA at a glance
Vikas Raut
 
Admin Passwords For Routers
Admin Passwords For RoutersAdmin Passwords For Routers
Admin Passwords For Routers
hee
 
IBM Flex System Fabric EN4093 and EN4093R 10Gb Scalable Switches
IBM Flex System Fabric EN4093 and EN4093R 10Gb Scalable SwitchesIBM Flex System Fabric EN4093 and EN4093R 10Gb Scalable Switches
IBM Flex System Fabric EN4093 and EN4093R 10Gb Scalable Switches
IBM India Smarter Computing
 
Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3
Mohamed Al-Natour
 
Building a Converged Infrastructure based on FCoE, Dell Blades and Force10 sw...
Building a Converged Infrastructure based on FCoE, Dell Blades and Force10 sw...Building a Converged Infrastructure based on FCoE, Dell Blades and Force10 sw...
Building a Converged Infrastructure based on FCoE, Dell Blades and Force10 sw...
juet-y
 
Ccna voice study summary 460
Ccna voice study summary 460Ccna voice study summary 460
Ccna voice study summary 460
B Mach
 

Tendances (18)

SR-IOV benchmark
SR-IOV benchmarkSR-IOV benchmark
SR-IOV benchmark
 
第6讲 操作与配置Cisco Ios
第6讲 操作与配置Cisco Ios第6讲 操作与配置Cisco Ios
第6讲 操作与配置Cisco Ios
 
How to recover the password for cisco 2900 integrated services router
How to recover the password for cisco 2900 integrated services routerHow to recover the password for cisco 2900 integrated services router
How to recover the password for cisco 2900 integrated services router
 
IBM System Networking Easy Connect Mode
IBM System Networking Easy Connect ModeIBM System Networking Easy Connect Mode
IBM System Networking Easy Connect Mode
 
CCNA at a glance
CCNA at a glanceCCNA at a glance
CCNA at a glance
 
Ciscointro
CiscointroCiscointro
Ciscointro
 
Admin Passwords For Routers
Admin Passwords For RoutersAdmin Passwords For Routers
Admin Passwords For Routers
 
IBM Flex System Fabric EN4093 and EN4093R 10Gb Scalable Switches
IBM Flex System Fabric EN4093 and EN4093R 10Gb Scalable SwitchesIBM Flex System Fabric EN4093 and EN4093R 10Gb Scalable Switches
IBM Flex System Fabric EN4093 and EN4093R 10Gb Scalable Switches
 
Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3
 
H6175 symmetrix-vmaxse-ss
H6175 symmetrix-vmaxse-ssH6175 symmetrix-vmaxse-ss
H6175 symmetrix-vmaxse-ss
 
Building a Converged Infrastructure based on FCoE, Dell Blades and Force10 sw...
Building a Converged Infrastructure based on FCoE, Dell Blades and Force10 sw...Building a Converged Infrastructure based on FCoE, Dell Blades and Force10 sw...
Building a Converged Infrastructure based on FCoE, Dell Blades and Force10 sw...
 
ccna cheat_sheet
ccna cheat_sheetccna cheat_sheet
ccna cheat_sheet
 
Juniper SRX Quickstart 12.1R3 by Thomas Schmidt
Juniper SRX Quickstart 12.1R3 by Thomas SchmidtJuniper SRX Quickstart 12.1R3 by Thomas Schmidt
Juniper SRX Quickstart 12.1R3 by Thomas Schmidt
 
Ncat ccna cheat sheet
Ncat ccna cheat sheetNcat ccna cheat sheet
Ncat ccna cheat sheet
 
High performance content hosting
High performance content hosting High performance content hosting
High performance content hosting
 
Ccna voice study summary 460
Ccna voice study summary 460Ccna voice study summary 460
Ccna voice study summary 460
 
Manejo de redes
Manejo de redesManejo de redes
Manejo de redes
 
test
testtest
test
 

En vedette

05 interface appended characteristic configuration
05 interface appended characteristic configuration05 interface appended characteristic configuration
05 interface appended characteristic configuration
HARRY CHAN PUTRA
 
11 mac address table characteristic configuration
11 mac address table characteristic configuration11 mac address table characteristic configuration
11 mac address table characteristic configuration
HARRY CHAN PUTRA
 
Berryman ip addressing_guide
Berryman ip addressing_guideBerryman ip addressing_guide
Berryman ip addressing_guide
HARRY CHAN PUTRA
 

En vedette (17)

Topology
TopologyTopology
Topology
 
Megis mpls
Megis mplsMegis mpls
Megis mpls
 
Modul 1-instalasi
Modul 1-instalasiModul 1-instalasi
Modul 1-instalasi
 
Firewall ip filter
Firewall ip filterFirewall ip filter
Firewall ip filter
 
9210 commissioning manual
9210 commissioning manual9210 commissioning manual
9210 commissioning manual
 
05 interface appended characteristic configuration
05 interface appended characteristic configuration05 interface appended characteristic configuration
05 interface appended characteristic configuration
 
66 pf sensetutorial
66 pf sensetutorial66 pf sensetutorial
66 pf sensetutorial
 
Bsd routers
Bsd routersBsd routers
Bsd routers
 
Nicholaus ufoakses
Nicholaus ufoaksesNicholaus ufoakses
Nicholaus ufoakses
 
Modul 0-pengantar
Modul 0-pengantarModul 0-pengantar
Modul 0-pengantar
 
Mplsvpn seminar
Mplsvpn seminarMplsvpn seminar
Mplsvpn seminar
 
Modul 1-instalasi
Modul 1-instalasiModul 1-instalasi
Modul 1-instalasi
 
Mikrotik%20 most%20wanted
Mikrotik%20 most%20wantedMikrotik%20 most%20wanted
Mikrotik%20 most%20wanted
 
Pfsense%20%20note
Pfsense%20%20notePfsense%20%20note
Pfsense%20%20note
 
11 mac address table characteristic configuration
11 mac address table characteristic configuration11 mac address table characteristic configuration
11 mac address table characteristic configuration
 
Modul 0-pengantar
Modul 0-pengantarModul 0-pengantar
Modul 0-pengantar
 
Berryman ip addressing_guide
Berryman ip addressing_guideBerryman ip addressing_guide
Berryman ip addressing_guide
 

Similaire à Hacom%20pf sense%20quick start%20guide

Squid proxy server
Squid proxy serverSquid proxy server
Squid proxy server
Green Jb
 
Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501
robertguerra
 
Manuale Router Sitecom Wl577
Manuale Router Sitecom Wl577Manuale Router Sitecom Wl577
Manuale Router Sitecom Wl577
guest854c41d
 
Air Live Rs 1200
Air Live Rs 1200Air Live Rs 1200
Air Live Rs 1200
guest52b3f5
 

Similaire à Hacom%20pf sense%20quick start%20guide (20)

66_pfSenseTutorial
66_pfSenseTutorial66_pfSenseTutorial
66_pfSenseTutorial
 
Important cisco-chow-commands
Important cisco-chow-commandsImportant cisco-chow-commands
Important cisco-chow-commands
 
QNAP for IoT
QNAP for IoTQNAP for IoT
QNAP for IoT
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 
PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3
 
66 pfsense tutorial
66 pfsense tutorial66 pfsense tutorial
66 pfsense tutorial
 
CCNA CheatSheet
CCNA CheatSheetCCNA CheatSheet
CCNA CheatSheet
 
Xen time machine
Xen time machineXen time machine
Xen time machine
 
Squid proxy server
Squid proxy serverSquid proxy server
Squid proxy server
 
Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501
 
Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501
 
Tp link extender setup
Tp link extender setupTp link extender setup
Tp link extender setup
 
CCNA presentation.
CCNA presentation.CCNA presentation.
CCNA presentation.
 
2015.10.05 Updated > Network Device Development - Part 1: Switch
2015.10.05 Updated > Network Device Development - Part 1: Switch2015.10.05 Updated > Network Device Development - Part 1: Switch
2015.10.05 Updated > Network Device Development - Part 1: Switch
 
Andrew Hutton Hitachi presentation
Andrew Hutton Hitachi presentationAndrew Hutton Hitachi presentation
Andrew Hutton Hitachi presentation
 
Manuale Router Sitecom Wl577
Manuale Router Sitecom Wl577Manuale Router Sitecom Wl577
Manuale Router Sitecom Wl577
 
CCNA complete.ppt
CCNA complete.pptCCNA complete.ppt
CCNA complete.ppt
 
Air Live Rs 1200
Air Live Rs 1200Air Live Rs 1200
Air Live Rs 1200
 
BSDCan2006.pdf
BSDCan2006.pdfBSDCan2006.pdf
BSDCan2006.pdf
 
Hướng dẫn cài đặt switch planet layer 3
Hướng dẫn cài đặt switch planet layer 3Hướng dẫn cài đặt switch planet layer 3
Hướng dẫn cài đặt switch planet layer 3
 

Plus de HARRY CHAN PUTRA

07 VLAN Principle and Configuration.pdf
07 VLAN Principle and Configuration.pdf07 VLAN Principle and Configuration.pdf
07 VLAN Principle and Configuration.pdf
HARRY CHAN PUTRA
 
12 link aggregation configuration
12 link aggregation configuration12 link aggregation configuration
12 link aggregation configuration
HARRY CHAN PUTRA
 
Bdcom s2508 b hardware installation manual
Bdcom s2508 b hardware installation manualBdcom s2508 b hardware installation manual
Bdcom s2508 b hardware installation manual
HARRY CHAN PUTRA
 

Plus de HARRY CHAN PUTRA (18)

07 VLAN Principle and Configuration.pdf
07 VLAN Principle and Configuration.pdf07 VLAN Principle and Configuration.pdf
07 VLAN Principle and Configuration.pdf
 
12 link aggregation configuration
12 link aggregation configuration12 link aggregation configuration
12 link aggregation configuration
 
Bdcom s2508 b hardware installation manual
Bdcom s2508 b hardware installation manualBdcom s2508 b hardware installation manual
Bdcom s2508 b hardware installation manual
 
Zxdsl 9210 guide
Zxdsl 9210 guideZxdsl 9210 guide
Zxdsl 9210 guide
 
Slimsinserver2go
Slimsinserver2goSlimsinserver2go
Slimsinserver2go
 
Olivevme110usermanualid
Olivevme110usermanualidOlivevme110usermanualid
Olivevme110usermanualid
 
Modul 10 vicon
Modul 10 viconModul 10 vicon
Modul 10 vicon
 
Modul 9 pengelolaan_infra
Modul 9 pengelolaan_infraModul 9 pengelolaan_infra
Modul 9 pengelolaan_infra
 
Modul 8 vo_ip
Modul 8 vo_ipModul 8 vo_ip
Modul 8 vo_ip
 
Modul 7 infrastruktur
Modul 7 infrastrukturModul 7 infrastruktur
Modul 7 infrastruktur
 
Wireless
WirelessWireless
Wireless
 
W2k router
W2k routerW2k router
W2k router
 
Vpn gw2gw
Vpn gw2gwVpn gw2gw
Vpn gw2gw
 
Vo ip rt-rw-net
Vo ip rt-rw-netVo ip rt-rw-net
Vo ip rt-rw-net
 
Virtual host examples_-_apache_http_server
Virtual host examples_-_apache_http_serverVirtual host examples_-_apache_http_server
Virtual host examples_-_apache_http_server
 
Using aphace-as-proxy-server
Using aphace-as-proxy-serverUsing aphace-as-proxy-server
Using aphace-as-proxy-server
 
Using linux as_a_router
Using linux as_a_routerUsing linux as_a_router
Using linux as_a_router
 
Tutorial step by_step_setting_mikrotik
Tutorial step by_step_setting_mikrotikTutorial step by_step_setting_mikrotik
Tutorial step by_step_setting_mikrotik
 

Dernier

Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 

Dernier (20)

HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 

Hacom%20pf sense%20quick start%20guide

  • 1. Hacom's pfSense Quick-Start Guide Bao Ha Copyright © 2008 Hacom Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. 12 November 2008 Table of Contents Hacom's pfSense Quick-Start Guide..........................................................................................................1 Introduction...........................................................................................................................................2 Setup and Configuration........................................................................................................................4 Web Administration............................................................................................................................10 Backup and Restore of configuration..................................................................................................18 Firmware Update.................................................................................................................................19 Maximum Firewall States...................................................................................................................25 1
  • 2. Introduction PfSense is a complete, embedded firewall software package that provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software). It is based on FreeBSD. The software is available at the URL, http://www.pfsense.com/. Hacom implements pfSense on our hardware to take advantages of their features, as well as , to provide complete packaged supports for commercial customers: small, medium and enterprises, who desire a one-stop shop. Documentation Since pfSense is similar to M0n0wall, the documentation of the M0n0wall systems can be perused at the following URL, • The M0n0 Users Manual (http://m0n0.ch/wall/docbook/) • M0n0wall Quick Start Guide (http://m0n0.ch/wall/quickstart/) • pfSense FAQ (http://faq.pfsense.com/) • pfSense tutorial (http://www.pfsense.com/index.php?id=36) Hacom's pfSense Hacom offers three groups of commercially packaged pfSense systems with choices of support services: Phoenix , Mercury and Mars . The following comparison table can be used to select appropriate equipments depending on a network environment. Performance* Phoenix Mercury Mars Suggested Users 5-25 10-50 10-250 Throughput 90Mbps 200Mbps 400Mbps Concurrent Connections 80,000 200,000 200,000-400,000 3DES IPSec Throughput 8-10Mbps 20Mbps 25-40Mbps AES IPSec Throughput 10-40Mbps 80Mbps 40-60Mbps • Performance depends on network environment and configuration of the firewall. 2
  • 3. Hardware Phoenix Mercury Mars Specification Systemboard ES466B CV700A CV700A CV763A CI852A 333Mhz AMD 500Mhz 1Ghz 1.6Ghz CPU 1Ghz VIA C7 Geode GX VIA C7 Celeron-M Celeron-M Memory 256MB 512MB 512MB 1GB Storage 1 GB CF (Compact Flash) or 1GB DOM (Disk-On-Module)** 3x10M/10 4x10M/10 Ethernet 3x10M/100M 4x10M/100M/1G 0M/1G 0M/1G ** Disk-on-Module is more durable than compact flash due to its built-in wear leveling function. This quick-start guide is also applicable to other Hacom's pfSense pre-loaded systems. Requirements to Access to pfSense's Console. You will need a keyboard and a monitor to access the console of Hacom's pfSense. Serial console is available on certain models. Input/Output Phoenix Mercury Mars Systemboard ES466B CV700A CV700A CV763A CI852A Monitor VGA Keyboard USB USB or PS/2 Optional (Required Serial Optional hardware Console (Required a serial-console enabled BIOS update) modification at factory!) 3
  • 4. Setup and Configuration The simplest pfSense configuration is a 2-zone firewall: WAN and LAN. WAN is the Internet, the outside world. LAN is the local internal network protected by the firewall. Following is a diagram of the 2-zone pfSense firewall. When the system is booted up, a Grub screen is shown. There is a five (5) seconds delay for user to access Grub directly. 4
  • 5. At the first boot up, pfSense was not configured. User will see a setup screen asking for network interface configuration. PfSense requires that at least two (2) network interfaces are available to set up a firewall. Hacom systems typically have at least three (3) network interfaces. Depending on the systems, they are typically based on the Realtek chipset and will be detected by pfSense as: rl0: first Realtek 10M/100M Ethernet adapter rl1: second Realtek 10M/100M Ethernet adapter rl2: third Realtek 10M/100M Ethernet adapter For the Intel Gigabit Ethernet systems, pfSense will detect the following network interfaces, instead: em0: first Intel Gigabit 10M/100M/1G Ethernet adapter em1: second Intel Gigabit 10M/100M/1G Ethernet adapter em2: third Intel Gigabit 10M/100M/1G Ethernet adapter In some of our systems, an Atheros-based wireless network interface will also be detected as: ath0: first 802.11/b/g Wifi network interface 5
  • 6. In our simple 2-zone firewall configuration, (1) We don't need VLAN setup. (2) We want rl0 (the first Realtek Ethernet interface) to be our LAN: the local internal network. (3) We want rl1 (the second Realtek Ethernet interface) to be our WAN: the access to the outside Internet. (4) Since we are not ready to set up the DMZ, we will leave the OPT interfaces blank (un- configured) for the time being. Once the network interfaces are set up, pfSense is ready and the console menu is shown as in the following. In the console menu, there are several additional configuration choices. Following are the most important for the initial setup of the firewall to be ready: 1. Assign Interfaces. It is basically the initial network setup that we have just followed. 2. Set LAN IP address. It will be our next step so we can access the web-based configuration tools on a local internet network. By default, the LAN IP is set to be 192.168.1.1, which is very common among other firewalls gateways. It is advised to make this change prior to connecting the firewall to an internal network, to avoid network problems. 6
  • 7. 3. Reset WebConfigurator password. This is to reset the “admin” password to “pfsense”. The password can be changed from the web. 4. Reset to factory defaults. This will wipe out all of the configuration data. Our next step is to change the LAN IP address from the default 192.168.1.1 to an appropriate one in a local network. If there is no need to change the IP address, just skip this step! For our network, we have a company gateway at 192.168.1.1. We want to change the LAN IP to an unused IP in our local network. It was decided to put this pfSense firewall to the end of the class c range of the 192.168.1.0 network. Following is our LAN IP: 1. IP address: 192.168.1.254 2. Subnet masks: 255.255.255.0 (or 24 bits) This is related to our choice of using 192.168.1.0 network as a class C with a maximum of 255 hosts withing the subnet. For some other installations, which need a larger subnet, like 500 hosts within an accessible subnet to all, a class B subnet with s subnet mask of 255.255.0.0 (or 16 bits) may be more appropriate. For example, a 10.0.0.0/16 will accommodate for a range from 10.0.0.1 to 10.0.255.254, or a maximum of 65535 hosts. 7
  • 8. Now, we are ready to go the web configuration! 8
  • 9. Web Administration At the first access to the web-based administration tool, we will be lead to a wizard. The wizard can always be choosen from System → Setup wizard. Or we can always use the following URL: http://192.168.1.254/wizard.php?xml=setup_wizard.xml Just change the ip address to the correct one for your installation! The first step is to update some general information: 9
  • 10. 1. Hostname: pfsense or any other hostname you want the firewall to be called. 2. Domain: Default is local. Use your domain name here. We set it up to be baoha.net. 3. DNS servers: It is best to use the DNS servers from your Internet providers. Our Internet provider is dslextreme.com, and the DNS servers they provide are 66.51.205.100 and 66.51.206.100. 10
  • 11. The second step is to set up the time server information. 1. Time server dns name is defaulted to 0.pfsense.pool.ntp.org. Don't change it unless there is valid reason. 2. Time zone may be changed to local time zone. In our case, it is the US Pacific Time Zone. 11
  • 12. The third step is to configure the Wide Area Network (WAN) information. There are several configuration choices: (1) static IP, (2) DHCP IP, (3) PPPoE, (4) PptP, and (5) Big Pond. For our configuration, we choose static IP 1. Static IP address: 208.127.150.33 (Use your own IP!!!) 2. Default gateway: 208.127.150.1 (Use your own gateway!!!) When scrolling to the bottom, there is also a choice of “Block RFC1918 Private Networks.” We left it set to prevent spoofing. 12
  • 13. The fourth step is to set the Local Area Network (LAN). It is just a confirm of what we have changed at the console menu. 13
  • 14. The last step is to change the “admin” password. We changed it from the default “pfsense” to *****. 14
  • 15. Now, the firewall is ready to reload its new configuration data. 15
  • 16. The following screen shows the pfSense's system status upon reloaded. 16
  • 17. Backup and Restore of configuration The configuration data should be back up to a local storage of the system administration for recovery purposes. To access the backup and restore tools, got to Diagnostic → Backup/Restore. The page is self-explanatory. We would recommend to back up every time a configuration change was made. Also, periodic backup should also be performed. It is also recommend to test the restore function after the initial backup, as well as every time the firmware is updated. 17
  • 18. Firmware Update There are several ways to update the firmware. 1. For Hacom systems prior to pfSense version 1.2.1, it is recommended a. to back up the configuration b. to flash the new firmware c. to restore the configuration. 2. Starting from version 1.2.1, firmware can be updated reliably on-line. Important notes: Hacom pfSense systems are based on the full firmware, including headless systems. ● When updating the firmware, use the full-update version. ● The compact flash (CF) based systems require the platform information to be changed from “embedded” to “pfSense” before the updating process. It should be changed back to “embedded” after the update. The CF-based system can be used as “pfSense” platform if the mount command shows the following: ... pfSense:~# mount /dev/ad2s4a on / (ufs, local, noatime) devfs on /dev (devfs, local) /dev/md0 on /var/run (ufs, local) /dev/ad2s4d on /cf (ufs, local, noatime) devfs on /var/dhcpd/dev (devfs, local) pfSense:~# ... The “noatime” option on the root / and /cf allows the CF to last several years under normal use. It is recommended to use industrial-grade CF or Disk-on-Module (DOM) with their built-in static wear leveling function. ● The DOM based platforms are “pfSense” and ready to use just like a solid state drive. 18
  • 19. Following is the procedure to update the firmware. First, the platform is changed to “pfSense”. This step can be skipped for DOM-based systems or systems which are already “pfSense”. The following procedure is done as a shell using the console. It can also be performed using the web- based administration: go to Diagnostic → Command. 19
  • 20. The second step is to enable the Firmware upload. Go to System → Firmware. 20
  • 21. The third step is to upload the firmware. 1. The new firmware should have been downloaded into a local storage. 2. Browse to the local folder to upload the new firmware. 3. If asked about the kernel, select the Uniprocessor or Multiprocessor kernel, as appropriate. Do not select embedded kernel since that will disable the display, keyboard and mouse. 4. Click on upgrade firmware and wait. 21
  • 22. If the firmware is uploaded successful, it will take a while for the updating process. It takes more than 10 minutes for an OpenBrick-E cv700a3r50 to complete the firmware update. 22
  • 23. Following is the screen showing a successful update. 23
  • 24. Maximum Firewall States It is recommended to change the maximum firewall state from the default 10,000 to at least 100,000 for systems with 256MB RAM memory, or 200,000 for systems with more than 512MB RAM, or 400,000 for systems with more than 1GB RAM. Each state uses about 1k of RAM memory. Sometimes, the maximum number of firewall states is also referred as maximum number of concurrent connections. Go to System → Advanced, and scroll all the way to the bottom to see the option. 24