NEWBIE: No idea how to integrate pfsense on VirtualBox VM on Windows 10
Installed pfsense on VirtualBox VM on Widows 10,and I get this menu, also i have upgraded the version,
My Question: Any advice on how to use this pfsense VM machine on my router as firewall ? remember folks I am a newbie and am learning to use pfsense configuration. Is there a way I can configure this VM to sense the router default gateway IP connected to my Windows 10 server by hardwire for intrusion?
![Snap 2016-07-31 at 13.03.36.png_thumb](/public/imported_attachments/1/Snap 2016-07-31 at 13.03.36.png_thumb)
![Snap 2016-07-31 at 13.03.36.png](/public/imported_attachments/1/Snap 2016-07-31 at 13.03.36.png)
My Question: Any advice on how to use this pfsense VM machine on my router as firewall ?
I would put the firewall behind the router and
- configure at least two NICs on the firewall VM
- configure the first NIC as WAN, the second - as LAN
- give a static IP address to the firewall's LAN NIC (LAN and WAN must be different IP networks!!)
- configure DHCP on the firewall's LAN NIC,
- connect LAN-computers to the firewall's LAN
- connect the firewall's web interface (using the static IP address you have assigned to the firewall's LAN NIC) from a LAN-computer and make the rest configuration
The simplest way to configure network on the virtualization server is to have two physical NICs - one for the firewall's WAN, one for the LAN. On the WAN interface should be installed only VirtualBox Bridge Networking driver, no other protocols, clients, services. The WAN interface must be connected to the router's LAN interface.
"Block private networks" must be disabled on the firewall.
It is far simpler to actually use Hyper-V for this.
When you setup Hyper-V, use the Hyper-V switch manager to add an external vSwitch to the physical NIC. On this vSwitch (lets call it External_Switch), make sure you DO NOT allow the Management OS to use the vSwitch.
Now add an Internal type vSwitch (Name it something meaningful e.g. Protected_LAN). On this vSwitch, check the box that allows the Management OS to use the vSwitch. This creates a Hyper-V virtual adapter on your Windows 10 machine itself.
Now, when you configure the virtual machine for pfSense, set the default added vNIC to connect to External_Switch and take note of the MAC address (assign a MAC address if you have to). This will be used for pfSense WAN when you run the initial setup.
Add another vNIC to the virtual machine and likewise, manually assign a MAC address to it. Connect this vNIC to the Internal vSwitch (Protected_LAN). This will become pfSense's LAN NIC.
After you fire up the virtual machine and install pfSense, assign the NICs accordingly as mentioned above. Now, assign the LAN interface IP address and DHCP from the 'console' menus.
Your Windows 10 machine should receive an IP on the virtual adapter after you do this. Connect to the pfSense machine using the assigned LAN IP using your web browser then head over to Interfaces -> WAN. Uncheck the 'Block private addresses' option since it will connect to a private range IP from your physical router. It is a good idea to set a static IP for WAN so that you can port forward (from the physical router) or static route to it.
If you have the option to add static routes to your physical router, add a static route to the pfSense LAN subnet with next-hop gateway as the pfSense WAN IP. Then head over to firewall NAT -> Outbound and switch to "Disable Outbound NAT rule generation. (No Outbound NAT rules)". This will prevent double-NAT on your machine.
If you setup the static route properly, you can then port forward on your physical router directly to the clients/ servers IP addresses behind pfSense 'LAN'.
I had some issues during my PFSense setup within Hyper-V because any online documentation seems to be out dated. However, I was finally able to get it working just fine now for last week or so.
This is one of the guides I used. I'd recommend you skip the apart about using legacy network adaptors. That ended up being my problem, when I was using legacy I was getting very bad downspeeds and/or sometimes unable to connect to the web UI or even ping the gateway. Staying with the default adaptors worked great for me.
I would also recommend that when you get to the section on assigning interfaces to the VM (before you start the PFSense install) that you actually statically assign the MAC addresses. This way you can not mix up which interface is WAN or LAN etc…
Hope that helps ya.