Latest update…
Believe I have figured it out, but running some last checks to optimize/cleanup.
The problem is that the Routing Tables in AWS need to be corrected, which was not part of the documentation.
Briefly, as it stands with v2.3.2, there are Three Problems (but all fixable) when Installing the pfSense AMI on AWS:
1. A LAN Interface cannot be added until the Bug Fix of Disabling DHCP6 via SSH is performed. (See First Post)
2. The LAN INET Firewall Rule is broken, and needs to be fixed by either editing it, for Protocol "any" or deleted and a new LAN Default Rule is created.
3. The Route Table for the Private LAN needs, just a little... just a little explanation of how to get clients to work with pfSense. The following steps should be part of the Install Documentation:
Fixing the Routing Tables
In AWS: Go to Services -> VPC -> Route Tables
Select the Route which is for the Private LAN. This will be the one, which has 0 Subnets and Yes for Main
Click on the Routes Tab
Click on the Edit Button
Click on the Add Another Route button
For the Destination, enter 0.0.0.0/0
For the Target, click in the field and see if the pfSense instance populates.
--- If so, click on it. If not, find the Instance ID of the Instance (EC2 Console -> Instances) and copy it.
--- Paste the Instance ID into the Target. It should then populate. If not, may need to wait some time for AWS infrastructure to propagate with the newly created instance.
Click on Save
If there is an Error, in regards of multiple interfaces, then copy the Network Interface ID of the
LAN (EC2 Console -> Network Interfaces), which begins with "eni". Insert the
LAN's Network Interface ID into the Target Field. It should then populate. Click on Save
Click on the Subnet Associations Tab
Click on the Edit Button
Check the box for the Private LAN subnet
Click on Save
AWS Security Groups, may be another item, in which different Security Groups need access to one another.
That is to have the Inbound Rules set to All Traffic with the Source of the communicating Security Group. I have not verified this as of yet. But as of now, I can have a Windows Client pull Updates and browse to Google… but not Bing... which is weird.... not that it really matters..... but is odd......
Will publish the steps I took in a separate thread, once I clean things up.