Advice needed about buying system from pfsense store

JonH

Thinking about purchase of SG-2440 (4 port appliance).
I have a bunch of questions I hope to get answered.

The SG-2440 comes with 8GB flash memory.  How much of that is used up by the standard installation?  I'm wondering if I need to buy extra storage.  Down the road I'll probably want to add snort & squid guard.

I read that the standard install sets this up on 192.168.1.1
Is there any reason I can't change that to say, 192.168.1.100?  I ask this because my current gateway/firewall machine is not using x.1 and it would save a lot of configuring if I did not have to change all the devices on my lan.  I'd rather be able to drop it in with the same IP my current gateway is using.

I gather from poking around the forum and wiki that the way to use SG-2440 is via the web gui from a lan workstation.  I have not found any comprehensive info on the gui menu so I don't know what choices are available.  Is there ability to go to terminal?  Will I have access to root?

My current system has a computer operating with obsolete software that provides 25 seat NAT license/gateway/firewall functions.  It also provides ipsec however, since it was written 15 yrs ago I suspect that the problems I have with setting up tunneling on Apple mobile devices has to do with newer protocols, etc.  This is the motivation for a new purchase.  From posts on this forum I gather than getting this to work is a problem for some folks.  I have my fingers crossed.

Thanks for any suggestions about my concerns.
jon

stan-qaz

I have the SSD in mine and I'd recommend that to you too. As far as usage goes mine is pretty much stock aside from having added pfBlocker from the packages page.

[2.3.2-RELEASE][root@pfSense.home]/root: df -h
Filesystem                     Size    Used   Avail Capacity  Mounted on
/dev/ufsid/571783696cadccec    108G    1.1G     98G     1%    /
devfs                          1.0K    1.0K      0B   100%    /dev
/dev/md0                       3.4M    124K    3.0M     4%    /var/run
devfs                          1.0K    1.0K      0B   100%    /var/dhcpd/dev

Changing from 192.168.1.1 to 192.168.1.100 is likely to cause you a lot of frustration, I don't know how much as I've never tried someting like that.

Now changing to another more usual address like 192.168.100.1 should be no problem or any of the other "assigned to you" address or an RFC1918 addresses. Here I use 172.16.0.1 as my pfSense address and for the LAN port while I put 172.16.1.1 and 172.16.2.1 for the other two ports.

The web gui is pretty extensive, I believe it is covered in the on-line documentation: https://portal.pfsense.org/docs/manuals/sg-2440/quick-start-guide.html and https://doc.pfsense.org/index.php/Main_Page or the pfSense book.

You can go to a terminal from within the gui but I find it less hassle to just ssh in using a terminal program. I also have the serial port hooked up to a nearby PC and that comes in handy.

You will have root access, think of pfSense as an appliance built on BSD.

JonH

stan-qaz:

So the 2440 comes with 4GB memory and df shows you are using just over 1/2 of that.  I guess it makes sense to add SDD for future-proofing.

Regarding gateway addr, my lan has a half dozen static ip devices mixed with more recent acquisitions using dhcp.  It wasn't until the last few years with mobile stuff that I started using dhcp with ip-pools reserving the addresses.  So rather than reconfig all those static devices I'd rather just 'drop in' the sg-2440 and change it from the standard x.xx.1 IP to the IP I currently use.  Two cat 6 cables and I'm done.  I don't know if the gui has a nic configuration screen, should be doable from terminal tho.  I suppose ifconfig would do it.  I had read somewhere that it should be left as x.1 so that is why I asked if it could be changed.

I did read a recommendation to use a 172 net range but again, I'd be changing quite a few devices to implement that.

I read the quick start guide prior to joining this forum.  If there is a complete menu layout for the gui, I missed it.  I did see a partial menu sample.

Can you explain the serial port hookup to nearby PC (or point me to a link)?  That would be from the 2440 console port to a pc comX port?  Would this essentially be using the pc as a slave terminal w/ video?

Thanks for info on root.  I have a NVR running busybox and it is locked up so I was wondering if the sg-2440 was similarly locked up.

Thanks

stan-qaz

Serial port: https://doc.pfsense.org/index.php/Connecting_to_the_Serial_Console

Me I just plugged the serial cable that came with the router into a USB port of my computer and ran Putty on /dev/ttyUSB0 at 115200. Not sure what you mean by "slave terminal with video" what you get is a basic serial console, think VT-100 type terminal.

SSH access: https://doc.pfsense.org/index.php/HOWTO_enable_SSH_access

I wasn't recommending using the 172 range as such, rather I was questioning using the .100 as the firewall's address. No clue how that will work out but someone else may have an idea.

JonH

Thanks for those links.

I wasn't recommending using the 172 range as such, rather I was questioning using the .100 as the firewall's address. No clue how that will work out but someone else may have an idea.

OK, I was concerned about the IP because I read a comment somewhere that it should not be changed.  I now realize if it can be changed from the 192 private range to 172 private range then it should be able to be changed to any IP in private range.  I was uncertain because I'm unfamiliar with the product.

In theory my existing IP should work fine if I can define it in BSD, just a matter of assigning an IP to the interface, em1 if I understand correctly.  I will give it a try, if it doesn't work I can reconfig my lan devices.

One of my wireless AP's is statically assigned x.1, that is very easy to change but would then still need to reconfig all my other static devices.

Thanks again

liontaur

@JonH:

I read that the standard install sets this up on 192.168.1.1
Is there any reason I can't change that to say, 192.168.1.100?  I ask this because my current gateway/firewall machine is not using x.1 and it would save a lot of configuring if I did not have to change all the devices on my lan.  I'd rather be able to drop it in with the same IP my current gateway is using.

I've got a pfSense setup to use 192.168.0.5 as its LAN IP. I've also setup other pfSense boxes to use non-default IPs (like 172.16.0.1 and 192.168.0.1). My experience has included needing to do a reboot of the pfSense box to get the setting to work fine. You can do the change from either terminal (option 2 - Set interface(s) IP addresses) or the web GUI (Interfaces - LAN).

Don't use the ifconfig command to do it as it won't survive a reboot and I doubt that the bazillion other things that require knowing the LAN IP (like firewall rules) would recognize the change if done through ifconfig.

jahonix

@JonH:

…I had read somewhere that it should be left as x.1 so ...

That's just false info. You can set your interface to any address you like.
As mentioned before, do it via the console menu or the webGUI so your changes will be written to your config.xml file and survive a reboot.

JonH

Thanks all for the informative info.
I've ordered the 2440 w/extra storage and reading hundreds of posts and how-to's.

stan-qaz

Your copy of the pfSense book will be a big help too, much information in one well organized spot.