Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense and WSUS. Please help.

    Scheduled Pinned Locked Moved Firewalling
    9 Posts 3 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      laden
      last edited by

      Hi
      I am having some problems getting WSUS to work after I installed a PfSense as firewall/router on and old computer. This is all in my home network for learning purposes.
      so both WAN and LAN side is in my internal network. The problem is that I had a fully functional WSUS server before I startet using the pfsense router. All clients and the server is connected to a switch on the lan side. I havent done anything with VLAN, so all are in the same subnett aswell.
      After pfsense the WSUS server no longer finds the clients. But I can ping the WSUS server from all the clients. I hade all the clients connect to WSUS using GPO before I changed to pfSense. The WSUS server is my Domain controller 2, while I am running DHCP and DNS from my Domain Controller 1.

      I am currently a Network administrator student, so i am still very much a noob. But I am working hard to build a foundation of knowledge as I really like this stuff :) so I would really really appreciate any help to resolve this issue. I dont really know how to identify what the problem actually is :/ I asume this has something to do with firewall?

      Please help

      1 Reply Last reply Reply Quote 0
      • jahonixJ
        jahonix
        last edited by

        One of my teachers once said: Drawings are the language of technicians.
        Show us your setup. The way you describe it leaves room for interpretation.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          Pfsense has nothing do with client talking to clients on the same network/vlan - pfsense would only be used to get off a network..

          Sounds like your using your AD setup for your dns and dhcp…  Did you change your network address space when you installed pfsense, did you go from 192.168.1.0/24 to 192.168.2.0/24 or something??

          "WSUS server no longer finds the clients"

          What is it using for dns?  Can it ping the clients by IP?

          Again - pfsense has NOTING to do with lan trafffic.. Your wsus talking to clients and finding them either via broadcast or dns or wins even has NOTING to do with pfsense in the way you have described your network.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • L
            laden
            last edited by

            Hi,  Thanks for replies!

            My setup is:

            LanSwitch(192.168.20.2/24) –> PfSense(192.168.20.1/24) --> WanSwitch(192.168.20.3/24) --> ISP Router

            DC1 192.168.20.10/24 (DHCP, DNS)
            DC2 192.168.20.11/24 (WDS, WSUS)

            All clients and Domain controllers are Virtual machines that is physically connected to the lan switch.

            I did switch ip network when I changed to pfSense, but have since then removed the DHCP role and DNS and set it upp again. my WDS Role works fine btw.

            I have not done anything in the PfSense router when it comes to DNS, But I have made sure DHCP is turned off.

            I am going to try and set up DHCP again and see if it might be something with the DNS settings in the pfSense router that is messing things upp for me. Will update on how it goes :) really appreciate the replies! :)

            Sorry if my english is bad!

            1 Reply Last reply Reply Quote 0
            • L
              laden
              last edited by

              One difference I can think of is that before I setup pfSense, I used a Asus router instead without the lan switch. just used the 4 ports in the router.
              The switches are of the cheap manageble ZyXel 8-port kind. in the switches, the only thing I have changed is the IP. Is there something else I should have done in the switch for broadcast to work with WSUS?

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                "LanSwitch(192.168.20.2/24) –> PfSense(192.168.20.1/24) --> WanSwitch(192.168.20.3/24)"

                That is completely and utterly BROKEN!!!  Did you setup pfsense as a transparent bridge firewall??

                Where are you clients and where is your servers?  You don't use the same network on different sides of a router..

                What is your isp device?  When you say wan switch do you mean the 4 ports that is on this device?  What is this lan switch?

                Do this!  See how the networks are DIFFERENT..  Do you want/need devices connected on both sides of pfsense when you say lan and wan??  Do you want/need to firewall between devices?  ALL your devices should be on the LAN side..  And if possible you should put your isp device into bridge/modem mode so pfsense gets a public IP on its wan interface.

                "All clients and Domain controllers are Virtual machines that is physically connected to the lan switch."
                IF all your clients are vms on a host.. You don't even need a physical network switch for them to talk to each other..

                pfsense-setup.png
                pfsense-setup.png_thumb

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • L
                  laden
                  last edited by

                  dont have the same network on both sides. ISP router is 10.0.0.138 while wan side of pfsense is 10.0.0.50. ip of the switch is 192.168.20.xx is becaus it seemed like the only way it would be manageble from within the network.
                  Like a said before, this has no other purpose then for learning…

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    "dont have the same network on both sides."

                    What does this look like??
                    ""LanSwitch(192.168.20.2/24) –> PfSense(192.168.20.1/24) --> WanSwitch(192.168.20.3/24)""

                    Why would you not say 10.0.0.x/? is your wan network??

                    And lets go over it yet again... if all your devices are on 192.168.20.0/24 or what ever network then pfsense has NOTHING to do with them talking to each other..  Your wsus not finding your clients has NOTHING to do with pfsense if they are all on that same network..

                    Unless you have pfsense setup a a bridge and you have devices on different sides of the bridge pfsense has nothing to do with them talking to each other.  If they are all on the same vm host connected to the same vm network, or connected to a physical switch pfsense has nothing to do with their conversations.

                    Now if you were trying use pfsense dns be it the forwarder or unbound to resolve your host names - then there would be something to discuss with pfsense.  whatever you problem is it has nothing to do with pfsense.

                    More than happy to help you fix it..  So your wus is what IP?  And your client you can not resolve is what IP?  And how are they connected?  They connected to the same vswitch in esxi?  Hyper-V? what??  You say devices can ping wsus but wus can not ping them by name, ip??  Do you see a mac in your arp table?

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • jahonixJ
                      jahonix
                      last edited by

                      @johnpoz:

                      "dont have the same network on both sides."

                      What does this look like??
                      ""LanSwitch(192.168.20.2/24) –> PfSense(192.168.20.1/24) --> WanSwitch(192.168.20.3/24)""

                      Why would you not say 10.0.0.x/? is your wan network??

                      There's a reason why I'm saying: Give us a drawing!
                      What you did was re-phrase it. Not re-draw.
                      If you want our help you should get us in a position to help you.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.