pfSense in Azure

pyoungberg

Wanted to show what a working setup looks like for the pfSense appliance in Azure. I just didn't find what I needed on here when my setup wasn't working; luckily, OrdinaryOrange over on ServerFault posted their config and it worked great for me. Here it is:

Setup assumes that this is a brand new Resource Group with two subnets (pfsense & LAN) and that you've placed one or more VMs inside the LAN.

• Spin up the pfSense appliance using the marketplace template and place it in the pfsense subnet
• Edit the VM to add a second NIC and place it in your LAN subnet
• Edit WAN NIC and ensure both public and private IP is set to Static
• Edit LAN NIC and ensure private IP is set to Static
• Go into both fw's NICs and enable IP forwarding (important!)
• Connect to the public IP and run through the webconfig to setup the appliance
• Run through any hardening you'd normally do at this point (change management port, allow access only from trusted IPs, etc)
• Remove the NSG that was assigned to your WAN NIC, it's not needed anymore
• Set Outbound NAT to Manual, delete all auto-generated rules, and create the following three:
  ** Source: WAN net (ex: 10.0.1.0 /24) ; NAT Address: WAN address ; leave the rest set to defaults
  ** Source LAN net (ex: 10.0.2.0 /24) ; NAT Address: WAN address ; leave the rest set to defaults
  ** Source localhost (ex: 127.0.0/8) ; NAT Address: WAN address ; leave the rest set to defaults
• Setup any port forwarding rules you need to allow access / traffic to your VM(s) in the LAN
• Open Azure's Route Tables and create one for the LAN subnet - set it to 0.0.0.0/0 and point it to the fw's LAN NIC
• Create any needed WAN or LAN firewall rules
• Test
• You should be all set

This works with a single NIC on the fw too, just set your 0.0.0.0/0 route to point to the local WAN IP instead

twistedstorm

How about multiple public ips?