Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Remote admin via HTTPS

    Scheduled Pinned Locked Moved webGUI
    24 Posts 5 Posters 1.5k Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ Offline
      johnpoz LAYER 8 Global Moderator @Bob Simmons
      last edited by

      @bob-simmons said in Remote admin via HTTPS:

      https://docs.netgate.com/pfsense/en/latest/recipes/remote-firewall-administration.html#example-firewall-rule-setup

      See here for allowing on the wan

      https://docs.netgate.com/pfsense/en/latest/recipes/remote-firewall-administration.html#i-don-t-care-about-security-how-do-i-open-access-to-the-gui

      Clearly showing wan address in the rule on the wan.. This firewall is set on the lan side interfaces.. That would allow you to hit any IP on pfsense.

      wan.jpg

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

      B 1 Reply Last reply Reply Quote 0
      • B Offline
        Bob Simmons @johnpoz
        last edited by

        @johnpoz Well ... I finally got past this issue. Went on-site again yesterday and drilled into the AT&T router and found that they had not setup IP Passthrough (bridge mode) properly. I got that fixed and then I could access the pFsense router remotely. Moving forward this morning installing packages and doing other config tasks. By the way, "this firewall" as the destination address in the policy works fine. I suspect that either "wan address" or "this firewall" would work. Thanks for your help guys!

        S 1 Reply Last reply Reply Quote 0
        • S Offline
          SteveITS Rebel Alliance @Bob Simmons
          last edited by

          @bob-simmons "this firewall" is an alias that includes all IPs. So for instance if one set up rules like:

          block from LAN to pfSense-LAN-IP

          ...LAN devices could connect to the pfSense WAN IP.

          I didn't reread all the above but you'll want to limit access to your own IP as the Source.

          Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
          Upvote 👍 helpful posts!

          B 1 Reply Last reply Reply Quote 0
          • B Offline
            Bob Simmons @SteveITS
            last edited by

            @steveits Thanks. Yes, I did set up an alias for the 2 IPs that I want to have remote admin access and only those source addresses are allowed in the policy.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.