New to pfsense looking for some guidance



  • Hello ,
    New to pfsense and hoping to get some guidance in setting up the system .
    Starting with- Need to have the most secure system possible so nothing from outside network can get inside.
    I have only some weekend time to spend on it but plans are to setup a few VLANs , have setup one VLAN for wireless router that connects via cisco sg350.
    I started to setup some firewall rules from someone's post of pfsense 2.4.3 , I have 2.4.4p3 installed , ran into a error " LOCAL_SUBNETS and Allowed_OUT_Ports_LAN aliases in this rule" , error message indicated it was not possible , so I aborted, I then discovered that the firewall had auto created some LAN rules from my first login as I did not create any except for WAN to block all, should I just delete the LAN auto created rules and start new with creating new rules ?

    All is working fine , just not familiar with all the features and options , Is there a list of priorities in configuration that needs to be followed in a particular order ?
    Plan is to add a pbx(separate PC) and install about 6 VOIP phones , then install Snort and Suricata on pfsense and learn all about them , I believe the pfsense pc should handle it all as it has 16 GB of DDR4 , that can upgrade to at least 32 GB , maybe 64 GB, - 3Ghz intel cpu with AES-NI capability , SSD etc .
    PBX, Snort , Suricata , pfblocker will be installed over the course of the next few weeks- though I want to start out slow and make sure priorities are done right before jumping into those things . I have seen some postings online of other peoples setup but since not familiar with some features and configs I need to make sure I have a solid foundation to start with and to be confident that I know and understand Why various configurations are done in a certain way.
    I would greatly appreciate any tips/reasons in which things I should do first and second , etc. etc .
    thank you



  • @GTX_GTZ said in New to pfsense looking for some guidance:

    Need to have the most secure system possible so nothing from outside network can get inside.

    That's the default.

    I then discovered that the firewall had auto created some LAN rules

    On a default install, the LAN will have an Allow All rule for IP4 and IP6, as well as a lockout rule to prevent you from locking yourself out of the GUI or ssh. That's all. Some added packages may also add rules, such as pfBlocker.

    Is there a list of priorities in configuration that needs to be followed in a particular order ?

    Not generally. It depends on what your goals are. Once you have basic connectivity on your LAN then everything else is gravy.

    Plan is to add a pbx(separate PC) and install about 6 VOIP phones

    Depending on the phones and how they work, you might run into issues with them. Some people have problems initially, most don't. We use Polycoms at the office that runs to an external voip provider and I didn't have to do anything special at all for them to work.

    then install Snort and Suricata on pfsense and learn all about them

    These packages are not for beginners so I would recommend you learn all about them in a virtual machine first. They can be more trouble than they are worth on a small home LAN if you're not careful.

    Netgate has a wide selection of instructional videos on YouTube that you can browse here:

    https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A

    Also check out the excellent pfSense videos from Lawrence Systems.


  • LAYER 8 Global Moderator

    @GTX_GTZ said in New to pfsense looking for some guidance:

    nothing from outside network can get inside.

    That is default out of the box.

    Is there a list of priorities in configuration that needs to be followed in a particular order ?

    Turn it on follow the bouncing ball..

    Snort AND Suricata makes no sense - pick one of the IPS.. And to be honest if your not hosting services to the public its not going to do you much use of anything.. IPS is for intrusion protection... Do you think your internal machines are infected and you want to "catch" them trying to infect other machines external?

    PBX? Not sure what package you think that is??

    I would greatly appreciate any tips/reasons in which things I should do first and second , etc. etc .

    My advise would be to only install something you have actual use for, if plan on using it as a learning tool.. Have some plan of attack and understand how it works and what it can do before just installing it and clicking shit trying to figure it out.



  • @KOM Thank you for the links , looks like there will be some good info there , hopefully



  • @johnpoz Thank you for your input , as stated in previous post is to learn more than just what boxes to check , but to learn details of what the features are for , why they are there -what they're designed purpose is so I can decided if it is something I can find use for . Part of the goal here is to learn in depth of router/firewall configurations on devices that are used in real world business applications so I don't have to go to a school to learn about it , who better to ask than the company that makes the devices and develops the software ?
    you advise to "follow the bouncing ball" ? ....seriously ?

    PBX = Asterisk = the method of setting up a VOIP phone system on another pc box and including it in the mix of pfsense box and cisco switch
    Thanks for the suggestion of IPS , that is something I want to use ,
    Is this forum setup for just home users that have no need than the basics ? was hoping for some level of descriptive insight on what some of the features are for , then I would know if I have a use for it , and even if I don't have a use for it on this network i may have a use for it at another location, but would rather not just start clicking around and cause a problem and spend a lot of time just trying to find out if a problem is a result of clicking on things randomly or if it is a result of something else entirely, having some understanding what the features are for before experimental clicking seems to be a better method of approach .



  • If you’re new to pfsense and want to learn all that, you should read the book.

    https://docs.netgate.com/pfsense/en/latest/book/

    Jeff


  • LAYER 8 Global Moderator

    I know what a PBX is - there is no package in pfsense for that...

    How about you get pfsense up and running... Before you jump on running an IPS on it which more than likely have zero use for, or real desire to actually setup once you see the complexity of running one..



  • How about you read the original post again and this time understand it
    I have pfsense up a running and it running just fine
    I provided the hardware that I have it running on , I stated clearly that I have set up a VLAN on the pfsense box which has a wireless access point connected to which is working fine connected to a cisco sg350 managed switch

    I simply stated that I plan to connect a PBX to the switch for a VOIP system that feeds back through the pfsense box to the internet


Log in to reply