My pfSense Story...
-
A firewall, like pfsense and any other firewall, aren't "plug and play". you must understand what you are doing and you must undestand a little of networking at least. Take in mind that Netgate don't sell on Amazon and you probably have bought some chinese stuff pretending to support pfSense.
the easiest way would be to change the ip and the dhcp server configured inside pfSense (from 192.168.x.x to 10.x.x.x) instead of reconfigure all your network. it is more likely that power cycling killed the adapter.
you can't accidentally discover , you have to plan and configure accordingly -
@kiokoman said in My pfSense Story...:
you can't accidentally discover
I would call this learning ....
-
it's learning if you want to learn and if you like it. if you say Sorry but the pfSense was more trouble than it was worth it appear like you are not interested and you are just giving up.
we all gave him some advice.. so if he want to learn more, the forum is here to help. -
I'll give you $12 for the box.
-
@boii5 said in My pfSense Story...:
It came with no instructions and I couldn't get it to work.
And that would be pfsense issue how exactly?
As to what you paid for some box of amazon? Again what does that have to do with pfsense exactly?
As to what you did wrong, sounds like you jumped into the deep end of the pool because someone told you too (your coworker) without even knowing that you can't breathe water ;) let alone actually swim.
But for now I'll just hope some Russian or Iranian doesn't want to ransom my season two of A.P. Bio
I think you are misinformed on what a firewall can do to be honest.. While yes pfsense could be used firewall between network segments on your network. As to someone trying to get into your network from the wan/internet side - to be honest pfsense not going to provide you any more protection there than some soho wifi router you got at the local computer store for 49 bucks.. Or your isp rents to you, or just lets you use. If your not providing services to the public in the first place.. Even the cheapest of cheapest soho routers block unsolicited traffic inbound to your network..
Now if your going to forward traffic into your network from the internet, then sure pfsense is going to give you more ways to do that "securely" than your typical soho router.. You could limit what source IPs can talk to your forwards via place source IP restrictions on your forwards. You could get fancy with it via using pfblocker to work out IPs from country X and only allowing from that country, or blocking known bad actors IPs, or blocking specific countries from talking to your forwards via is built in geo ip based IP lists, etc. etc.
If you are running services to the public you could also run IPS to block bad traffic you have forwarded to your services via known signatures, etc.
But what it can not do is stop you from running some bad code on your machine that searches your network stuff to encrypt via your network shares. Especially if all your local services are on the same network.. And even if you firewall traffic between your machine and your fileserver - if you have file sharing allowed between your machine and your file server on some other local network segment.. Pfsense not going to know that its some ransomware encrypting shit on your fileserver, vs you actually doing it.. So even running a IPS on traffic between your segments not going to help you.. So yeah IPS/IDS might help you detect such software phoning home or whatever - its prob going to be too late since you have already run the code, etc. etc.
Before jumping into the deep end, you should of prob taken some swimming lessons ;) If all your it worker told you was check out pfsense.. Then that is what you should of done - done some research.. Ask here for example on what is required to do xyz.
There are plenty of people here more than willing to help the new user get up to speed..
Lay out your current networking setup. What equipment, what services your running.. Drawing is always worth 10k words..Then ask what you can do to make it better, more secure.. Its never going to be just plug shit in..
-
@boii5 said in My pfSense Story...:
HOWEVER, if anyone reading this can figure out where I went wrong I am open to comments/suggestions.
Without knowing ANY details of your configuration (since you have provided none at all), I would guess that you're doing something wrong. Sorry we can't be more specific. Provide detail of your current config and what you have done and maybe we can help you if you're interested in getting it working.
-
If I had to guess, out of the box issues he would of had is put pfsense behind his current wifi router, is stuff on that network would have not been able to talk to stuff behind pfsense, and sure would of been on different network other than the default pfsense lan network.
But yeah without details of how you tried to connect and configure everything there is no way to know what was actually wrong.
Without any info to what your wanting pfsense to actually do, then no its not possible to help you do that.
-
@johnpoz said in My pfSense Story...:
Without any info to what your wanting pfsense to actually do, then no its not possible to help you do that.
Maybe you should upgrade your crystal ball.
-
The saddest part reading this is his co-called co-worker who pushed him into the deep end and walked away.
-
@NollipfSense said in My pfSense Story...:
The saddest part reading this is his co-called co-worker who pushed him into the deep end and walked away.
Maybe he should be asking that co-worker for help.
-
@JKnott said in My pfSense Story...:
@NollipfSense said in My pfSense Story...:
The saddest part reading this is his co-called co-worker who pushed him into the deep end and walked away.
Maybe he should be asking that co-worker for help.
If I were he, I would take the co-worker for lunch in exchange for a visit to set up the pfSense box. Maybe his IT co-worker mentioned pfSense just to brush him off.
-
Yeah its quite possible he asked the local IT support at his office.. And he brushed him off by dropping a name... Guess he is lucky he didn't drop say palo alto or the like as the name - or maybe this guy would be down 20k+ vs the 300 and in the same boat ;)
Not sure where these users get the idea that security is easy, and or push a button.
There is no device you drop into or in front of your network be it 300 or 10k in cost that makes your network secure - NONE... No matter what firewall you buy, no matter what software you run.. All just tools, how you use the tools requires atleast understanding the basic concepts of what the tool does and how to use it..
And you need to know which tool you need as well, or your going to be pounding on that screw with your 300$ hammer screaming this hammer freaking sucks!!