Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    First Things To Do After Install

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • SoarinS Offline
      Soarin
      last edited by

      Hello!

      So I'll be installing pfSense tomorrow and I was wondering, what do you guys like to do on a fresh install?
      What's recommended to do for security and overall just good habits to get myself in?

      Thanks!

      I hardly understand pfSense but it was love at first sight.

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        Setup your firewall rules how you want them..

        To be honest out of the box pfsense is ready to go.. What sort of specific question do you have?  Firewall rules would be unique to every network..

        Without some knowledge of your network and your wants for security its almost impossible to suggest something.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • SoarinS Offline
          Soarin
          last edited by

          I don't have anything specific in plan, I heard I should probably change a lot of default ports for things. Which I believe makes sense, by the way what packages do you recommend? I know of Squid and Snort being big ones.

          I hardly understand pfSense but it was love at first sight.

          1 Reply Last reply Reply Quote 0
          • DerelictD Offline
            Derelict LAYER 8 Netgate
            last edited by

            Depends on what you're doing with the tool. As for changing default ports, a better solution is to identify source IPs and just pass those. An even better solution is to close everything and use OpenVPN to manage.

            It depends.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator
              last edited by

              Why should you change default ports?  Where did you hear or read that - that is freaking NONSENSE…  Please post link to this source..

              I don't recommend any packages without some insight to what your wanting to do... Do you really want/need to run a proxy??  Why?  Do you have young kids your wanting to block from porn sites?  As to snort -- yeah would not recommend that at all to someone that has to ask what they should setup..  Snort can be a complicated monster with shit load of false positives (noise).. I really would not suggest anyone without good grasp of firewalls and networking in general.

              Are you going to have more than 1 network segment, like a isolated wireless segment?  What is going to provide wireless some card in pfsense or true AP?  Router as AP?  Does your switch support vlans?

              edit: Are you going to use pfsense openvpn to allow access into your network?  If so then I would suggest you install the openvpn client export util package.  But again if your not going to do that - then there is no need to install that package.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • SoarinS Offline
                Soarin
                last edited by

                I unfortunately can't find that post that said to change default ports, I was looking for it before even posting this. Also I have very little knowledge so Snort will be bad for me. (I'll just stay away)

                I'll be using an old router as an AP, also for Squid I was going to play with it just for caching, unless if there's a better way or to just not bother with it.

                Really should I just leave it stock and use some basic network monitoring until I gain more knowledge or just play with the basics early on?

                I hardly understand pfSense but it was love at first sight.

                1 Reply Last reply Reply Quote 0
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  Caching for why??  The net is mostly all dynamic these days.. Your browser would be caching all the images you use already, etc.  Do you have multiple machines that all go to the same sites and you have a really limited internet connection with really restrictive cap that saving a couple of KB for an image is going to help you??

                  So are you going to setup this old router as AP on same network as your other stuff or do you want to isolate it and have say a guest wifi network and normal network for your devices?  Does your old router support vlans for wifi, does it support 3rd party firmware that you could do that with?

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • SoarinS Offline
                    Soarin
                    last edited by

                    Good point on the caching, I was thinking for using it let's say I join a source game server and they use fastDL and it takes forever, my friends come over and they have to download the same junk. I thought it'd be useful for that, but that seems incredibly inefficient now that I think of it.

                    The AP doesn't have Vlan to my knowledge but it'll just be for my private network, just a basic AP.
                    I think I'll just remain stock with pfSense until I can find a reason to grab anything else.

                    I hardly understand pfSense but it was love at first sight.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.