Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Security Zones

    General pfSense Questions
    4
    19
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rickandaj @stephenw10
      last edited by

      @stephenw10 Thanks for the clarification!!

      1 Reply Last reply Reply Quote 0
      • R
        rickandaj @johnpoz
        last edited by

        @johnpoz Thank you for the visual! This will certainly help with my set up. I have 20 vlans that I'm setting up on the pfSense box replacing a Juniper. This will certainly help with my transition. Again thanks.

        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @rickandaj
          last edited by

          @rickandaj said in Security Zones:

          I have 20 vlans

          So to help in setting those up.. You can setup one that has your basic rules you want... Then just copy them to your new interface, and it will convert the source and destination address to the new interface..

          Here I fired up a new vlan, and copied my test rules to the newvlan.

          copy.jpg

          You would then just need to tweak or add/delete what you want on the new rules.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          R 2 Replies Last reply Reply Quote 1
          • R
            rickandaj @johnpoz
            last edited by

            @johnpoz Thank you so much! I will get to test this out shortly.

            1 Reply Last reply Reply Quote 0
            • R
              rickandaj @johnpoz
              last edited by

              @johnpoz Just a quick question on the interfaces along with the security zones? If I need a separate thread let me know? I've noticed that when I create the vlans and assign them to a parent interface, I don't get the DHCP server option for the vlans, I can create the rules with no issue - I am using the Kea DHCP? Is there some checkbox I missed that I need to be using? Incidentally, all of this is being done on the CE version - 2.7.1. I don't get my 6100 appliance until tomorrow. Doing all of the pre-configuration work now when I can make all of the foopahs that I can, without impacting.... BTW Happy Thanksgiving!!

              S johnpozJ 2 Replies Last reply Reply Quote 0
              • S
                SteveITS Rebel Alliance @rickandaj
                last edited by

                @rickandaj did you assign them to interfaces?
                https://docs.netgate.com/pfsense/en/latest/vlan/configuration.html#web-interface-vlan-configuration

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote 👍 helpful posts!

                R 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @rickandaj
                  last edited by johnpoz

                  @rickandaj also don't forget you have to actually enable the interface and setup its IP and mask once you assign the vlan. Common mistake users often make is the mask defaults to a /32 so no dhcp would be available. Until you setup a mask that allows for Ips to be assigned via dhcp.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  1 Reply Last reply Reply Quote 1
                  • R
                    rickandaj @SteveITS
                    last edited by

                    @SteveITS Yes I certainly did. See below:
                    Vlan_DHCP.jpg Vlan_DHCP2.jpg

                    Maybe my error will jump off of the page for you? Thanks.

                    johnpozJ 1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator @rickandaj
                      last edited by johnpoz

                      @rickandaj well you didn't include what you set the IP and mask to for that interface - I would bet you just left it on the /32 which is why no dhcp wouldn't pop up as an option

                      vlan.jpg

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                      R 1 Reply Last reply Reply Quote 1
                      • R
                        rickandaj @johnpoz
                        last edited by

                        @johnpoz oops... You were correct! In previous setups I did some static routes to mimic my outgoing Juniper.... With that fixed, I can move on to the next phase. Crash and burn, I mean, testing LOL. You've been a great help as I journey to the pfSense world. Cheers.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.