Security Zones

rickandaj · Nov 22, 2023, 10:02 PM

@stephenw10 Thanks for the clarification!!

rickandaj · Nov 22, 2023, 10:06 PM

@johnpoz Thank you for the visual! This will certainly help with my set up. I have 20 vlans that I'm setting up on the pfSense box replacing a Juniper. This will certainly help with my transition. Again thanks.

johnpoz · Nov 23, 2023, 5:02 PM

@rickandaj said in Security Zones:

I have 20 vlans

So to help in setting those up.. You can setup one that has your basic rules you want... Then just copy them to your new interface, and it will convert the source and destination address to the new interface..

Here I fired up a new vlan, and copied my test rules to the newvlan.

🔒 Log in to view

You would then just need to tweak or add/delete what you want on the new rules.

rickandaj · Nov 23, 2023, 5:02 PM

@johnpoz Thank you so much! I will get to test this out shortly.

rickandaj · Nov 23, 2023, 6:37 PM

@johnpoz Just a quick question on the interfaces along with the security zones? If I need a separate thread let me know? I've noticed that when I create the vlans and assign them to a parent interface, I don't get the DHCP server option for the vlans, I can create the rules with no issue - I am using the Kea DHCP? Is there some checkbox I missed that I need to be using? Incidentally, all of this is being done on the CE version - 2.7.1. I don't get my 6100 appliance until tomorrow. Doing all of the pre-configuration work now when I can make all of the foopahs that I can, without impacting.... BTW Happy Thanksgiving!!

SteveITS · Nov 23, 2023, 6:43 PM

@rickandaj did you assign them to interfaces?
https://docs.netgate.com/pfsense/en/latest/vlan/configuration.html#web-interface-vlan-configuration

johnpoz · Nov 23, 2023, 7:11 PM

@rickandaj also don't forget you have to actually enable the interface and setup its IP and mask once you assign the vlan. Common mistake users often make is the mask defaults to a /32 so no dhcp would be available. Until you setup a mask that allows for Ips to be assigned via dhcp.

rickandaj · Nov 23, 2023, 7:23 PM

@SteveITS Yes I certainly did. See below:
🔒 Log in to view 🔒 Log in to view

Maybe my error will jump off of the page for you? Thanks.

johnpoz · Nov 23, 2023, 7:29 PM

@rickandaj well you didn't include what you set the IP and mask to for that interface - I would bet you just left it on the /32 which is why no dhcp wouldn't pop up as an option

🔒 Log in to view

rickandaj · Nov 23, 2023, 8:20 PM

@johnpoz oops... You were correct! In previous setups I did some static routes to mimic my outgoing Juniper.... With that fixed, I can move on to the next phase. Crash and burn, I mean, testing LOL. You've been a great help as I journey to the pfSense world. Cheers.