Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense Admin Portal Protocol

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Peter_APIIT @stephenw10
      last edited by Peter_APIIT

      @stephenw10 My problem is I set it to HTTPS already but it still fall to http protocol on browser. It display not secure on browser.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        What exactly is it showing? The cert error when you try to connect?

        P 1 Reply Last reply Reply Quote 0
        • P
          Peter_APIIT @stephenw10
          last edited by Peter_APIIT

          @stephenw10 said in Pfsense Admin Portal Protocol:

          What exactly is it showing? The cert error when you try to connect?

          This is the screenshot of the pfsense certificates?

          PFsense_AdminPortal_Easy-Resize.com.jpg

          Another questions is how to allow only certain ip address(192.168.1.100) can access the pfsense admin portal (MAC Address)?

          Please help. Thanks.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Does it show that in all browsers? It's probably showing that because of the self-signed certificate it uses.

            You can restrict access to the webgui using firewall rules.

            pf is a layer 3 filter, there is currently no ability to filter by MAC address.

            Steve

            P 1 Reply Last reply Reply Quote 0
            • P
              Peter_APIIT @stephenw10
              last edited by Peter_APIIT

              @stephenw10 said in Pfsense Admin Portal Protocol:

              Does it show that in all browsers? It's probably showing that because of the self-signed certificate it uses.

              You can restrict access to the webgui using firewall rules.

              pf is a layer 3 filter, there is currently no ability to filter by MAC address.

              Steve
              I tried with different browsers and all shows the same results.

              Please share what are the firewall rules use to filter the web configurator by IP.

              Please help me on this. I really need to sort this out.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                How are you trying to manage it? A list of allowed IPs? A list of blocked IPs? On all interfaces or do you have a specific management interface?

                P 1 Reply Last reply Reply Quote 0
                • P
                  Peter_APIIT @stephenw10
                  last edited by

                  @stephenw10 said in Pfsense Admin Portal Protocol:

                  How are you trying to manage it? A list of allowed IPs? A list of blocked IPs? On all interfaces or do you have a specific management interface?

                  I try to manage by one IP address only and others are block by default.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    On all interfaces?

                    P 1 Reply Last reply Reply Quote 0
                    • P
                      Peter_APIIT @stephenw10
                      last edited by

                      @stephenw10 said in Pfsense Admin Portal Protocol:

                      On all interfaces?

                      Yes, On all interfaces Lan or Opt1, I only allow one IP address to access the web configurator.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Ok, so you could do something like this:

                        Disable the anti-lockout rule on LAN.

                        Add a floating rule:
                        Pass, IN, all interfaces, TCP, source: <the_IP_to_allow>, destination: This firewall, port 443.

                        Add a floating rule below that:
                        Block, IN, all interfaces, TCP, source: any, destination: This firewall, port 443.

                        Make sure you have console access so you can roll back that change if you get locked out!

                        Steve

                        P 1 Reply Last reply Reply Quote 0
                        • P
                          Peter_APIIT @stephenw10
                          last edited by

                          @stephenw10 said in Pfsense Admin Portal Protocol:

                          Ok, so you could do something like this:

                          Disable the anti-lockout rule on LAN.

                          Add a floating rule:
                          Pass, IN, all interfaces, TCP, source: <the_IP_to_allow>, destination: This firewall, port 443.

                          Add a floating rule below that:
                          Block, IN, all interfaces, TCP, source: any, destination: This firewall, port 443.

                          Make sure you have console access so you can roll back that change if you get locked out!

                          Steve

                          Dear Steve, Thanks a lot for your explanation.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.