why is installation so complicated?
-
why is installing this so complicated? why do i need to use a flash drive to download it and why does downloading it require it to purge the hard drive? in all the many years ive been alive, ive never seen software that requires you to wipe a hard drive to install it. not even other firewalls.
-
pfSense is an entirely separate operating system. It is not an application. It is not like installing Microsoft Office on Windows or some McAfee anti-virus or firewall package on Windows.
When you install Linux, you must wipe the hard disk (actually you have to create the proper partition, but that is tantamount to wiping the disk usually). pfSense is an operating system based on FreeBSD. So, installing pfSense (and FreeBSD) is the same as installing Linux. You can't install it on top of some other operating system's disk layout. It requires its own unique disk configuration (same as Linux or OpenBSD).
What other firewall have you used that does not require essentially wiping the hard disk? All the true firewalls I'm familiar with are packaged as self-contained operating systems that require their own unique disk partition to install and run.
-
@bmeeks i am using bitdefenders firewall. it does a lot more than the standard windows firewall. and its a hell of a lot easier to set up than these other firewalls ive been trying to set up the past 2 hours.
-
@john4324234 said in why is installation so complicated?:
in all the many years ive been alive, ive never seen software that requires you to wipe a hard drive
So in all your years you have never installed an OS ever it seems.. Since every OS on the planet wipes the hard drive its being installed too.
Be that windows, macOS, linux or any of its flavors, or BSD and any of its flavors like freebsd which pfsense runs on.
-
@johnpoz i mean sure ive installed windows before, but thats for an entire computer file and operation system and fire wall and antivirus and a bunch of other stuff. this is an entire dedicated OS, for a singular fire wall application... why? why couldnt it just be a normal file? why did they have to use FreeBSD when they could have just used normal Windows and MacOS files. why did it need its own entire OS on FreeBSD? bitdefender has shown you can have a prefectly fine firewall without an entire dedicated OS or linux overcomplication. i get that linux is prefered by a lot of security people as it is more secure, but not everyone wants to go to the ends of the earth for security at the cost of any and all convenience and ease of use and are just looking for some simple ways to make themselves more secure. not even adding a normal windows installation method is plain stupid if you ask me.
-
@john4324234 I think you’re misunderstanding its purpose. Firewall software running on a pc protects that PC but does little else. pfSense functions as a router and firewall for an entire network. One cannot go buy an off the shelf router and put it into a PC.
-
@john4324234 said in why is installation so complicated?:
not even adding a normal windows installation method is plain stupid if you ask me.
hahaha - to be honest, nobody did ask you ;)
-
@john4324234 said in why is installation so complicated?:
@bmeeks i am using bitdefenders firewall. it does a lot more than the standard windows firewall. and its a hell of a lot easier to set up than these other firewalls ive been trying to set up the past 2 hours.
That is a firewall application meant to protect only the single host it is installed on (the Windows PC). It can't do routing. Applications like that are not what most of us IT security professionals consider a "firewall". A true network firewall has built-in routing capabilities along with fine-grained control over traffic flows among the various interfaces. They also usually support things like VLANs and VPNs.
Big boy firewalls ALL have their own custom-patched operating system. Installing the software for these firewalls involves wiping the hard disk as part of the installation procedure. True firewalls have their own operating system in order to enhance security. The OS runs stipped down to the bare minimum to reduce the potential attack surface. Something like Windows can be absolutely full of exploitable vulnerabilities due to the sheer magnitude of other applications a user will install- not to mention the volume of bloatware Microsoft itself will install. Dedicated firewall operating systems come with nothing "extra" so that security is maximized.
For reference, here are some examples of true "big boy" firewalls:
- Checkpoint
- Palo Alto
- Cisco ASA
- Fortinet
- Juniper Networks
All of these are self-contained operating systems.
-
@john4324234 said in why is installation so complicated?:
why is installing this so complicated?
I disagree with this statement, installing pfSense is just as easy as Windows or Linux. Insert USB, boot and install. When done you have a secure and fully functional firewall. Adding rules to allow new things might be a little harder at first, but being a little more complicated translates into more control.
Building a true firewall on Windows will never be done due to the licensing cost to be able to modify the kernal, and it would be Windows embedded, not the Windows you are using.
A side note, if you are going to keep using an "on OS" firewall, do not remove the ISP router/FW. Bad things are likely to happen.
-
@john4324234 said in why is installation so complicated?:
... in all the many years ive been alive, ive never seen software that requires you to wipe a hard drive to install it.
I agree, I've never experienced application software that requires that either.
Now, in all your years, how many operating systems have you installed?
If the answer is more than zero, how many of them didn't require the OS drive to be repartitioned (wiped)?
️ -
@bmeeks @SteveITS I thought "true firewalls" for networks are physical devices that you connect your internet from your service provider into and then connect the firewall to your router so that threats never even reach the router. bitdefender takes care of the local firewall needs and the physical firewall takes care of network. so why is something clunky like this used? is there something im still missing here? the only thing i can see this being useful for is travel where it provides network protection wherever you go, even if it probably is inferior to an actual physical network firewall.
@RobbieTT this was already asked by someone else and ill give you the same answer i game them. next time actually read the posts. there are not that many here lol.
@john4324234 said in why is installation so complicated?:
i mean sure ive installed windows before, but thats for an entire computer file and operation system and fire wall and antivirus and a bunch of other stuff. this is an entire dedicated OS, for a singular fire wall application... why? why couldnt it just be a normal file? why did they have to use FreeBSD when they could have just used normal Windows and MacOS files. why did it need its own entire OS on FreeBSD? bitdefender has shown you can have a prefectly fine firewall without an entire dedicated OS or linux overcomplication. i get that linux is prefered by a lot of security people as it is more secure, but not everyone wants to go to the ends of the earth for security at the cost of any and all convenience and ease of use and are just looking for some simple ways to make themselves more secure. not even adding a normal windows installation method is plain stupid if you ask me.
@AndyRH Its not so much about difficulty as it is the fact that i would have to reinstall everything i have and not only that, but have to setup configuration settings for many hours and on top of that id have to use linux instead of windows. i wanted to do this for my personal computer. i am not so paranoid that i would use linux for my personal gaming computer out of fear of being hacked.
-
@john4324234 said in why is installation so complicated?:
@bmeeks @SteveITS I thought "true firewalls" for networks are physical devices that you connect your internet from your service provider into and then connect the firewall to your router so that threats never even reach the router. bitdefender takes care of the local firewall needs and the physical firewall takes care of network. so why is something clunky like this used? is there something im still missing here? the only thing i can see this being useful for is travel where it provides network protection wherever you go, even if it probably is inferior to an actual physical network firewall.
@RobbieTT this was already asked someone else and ill give you the same answer i game them. next time actually read the posts. there are not that many here lol.
@john4324234 said in why is installation so complicated?:
i mean sure ive installed windows before, but thats for an entire computer file and operation system and fire wall and antivirus and a bunch of other stuff. this is an entire dedicated OS, for a singular fire wall application... why? why couldnt it just be a normal file? why did they have to use FreeBSD when they could have just used normal Windows and MacOS files. why did it need its own entire OS on FreeBSD? bitdefender has shown you can have a prefectly fine firewall without an entire dedicated OS or linux overcomplication. i get that linux is prefered by a lot of security people as it is more secure, but not everyone wants to go to the ends of the earth for security at the cost of any and all convenience and ease of use and are just looking for some simple ways to make themselves more secure. not even adding a normal windows installation method is plain stupid if you ask me.
I will try once more to explain. I think you are missing some key pieces of information in your knowledge of how network security is handled.
There are simple "plug it in once and done" router appliances for home networks. Those are very simple user friendly devices for someone who just wants Internet and say WiFi in their home. I'm talking about devices from Netgear, D-Link, and others including simple modem/router combinations provided by many ISPs. With many of these kinds of devices you do indeed need a host firewall application living on each device behind that home router.
pfSense is a business/corporate grade firewall product. It is suitable for use at a network perimeter and can be used for big corporate networks or a simple home network. But it is much, much more capable than a simple "router" you might purchase from Amazon or Walmart. pfSense is meant to compete with those "big boy" firewalls I listed from Checkpoint, Fortinet and others. pfSense can do everthing that Netgear or D-Link router can do and then much more. In fact, when you properly deploy pfSense, you don't need what you call a "router" at all. pfSense does everything including routing, DHCP, DNS, and firewalling. Thus you no longer need individual firewall applications on your hosts behind pfSense. This extra layer of functionality is why pfSense is a complete operating system and not simply some application you install like a Symantec or McAfee product.
The reason pfSense is provided on a CD or DVD or USB stick for installation is so a user can install it on his own hardware instead of being forced to buy a dedicated hardware appliance from the firewall vendor. pfSense is an open-source product just like Linux. It can be installed on whitebox hardware. With many of the other firewalls I listed you can't install them on your own hardware.
It sounds as if pfSense is a product that does much more than you feel you need, thus it might not be a good fit for your network security goals.
-
@bmeeks said in why is installation so complicated?:
It sounds as if pfSense is a product that does much more than you feel you need, thus it might not be a good fit for your network security goals.
yea, im just trying to secure my laptop for the time being and when i move out from my parents my home network as well. i dont think i need anything crazy. i intend to get a netgear router and use netgear armor as well as bitdefender box and a physical network firewall along with bitdefender on my computer combined with a vpn. thats my ideal network security setup.
-
@bmeeks said in why is installation so complicated?:
The reason pfSense is provided on a CD or DVD or USB stick for installation is so a user can install it on his own hardware instead of being forced to buy a dedicated hardware appliance from the firewall vendor. pfSense is an open-source product just like Linux. It can be installed on a whitebox hardware. With many of the other firewalls I listed you can't install them on your own hardware.
i see, so you dont have to install it on your computer but you can actually just buy a cheap whitebox, connect it to your networks ethernet, and install this to do the job?
-
@john4324234 said in why is installation so complicated?:
yea, im just trying to secure my laptop for the time being and when i move out from my parents my home network as well.
If you simply want to secure a single device, such as a laptop, then pfSense is definitely the wrong tool. Using some firewall application designed to run inside the operating system of the laptop is the best choice. Otherwise you would always need to carry around two boxes: your laptop and some hardware appliance running pfSense.
But once you have your own home network to secure, pfSense is a good tool for that. Purchase a cheap piece of whitebox Intel-based hardware that meets the requirements for installing pfSense, put pfSense on it, configure it, and protect everything on the LAN behind pfSense. You could also purchase a Netgate firewall appliance that will come with pfSense already installed on it.
-
@john4324234 said in why is installation so complicated?:
@bmeeks said in why is installation so complicated?:
The reason pfSense is provided on a CD or DVD or USB stick for installation is so a user can install it on his own hardware instead of being forced to buy a dedicated hardware appliance from the firewall vendor. pfSense is an open-source product just like Linux. It can be installed on a whitebox hardware. With many of the other firewalls I listed you can't install them on your own hardware.
i see, so you dont have to install it on your computer but you can actually just buy a cheap whitebox, connect it to your networks ethernet, and install this to do the job?
Yes. pfSense is meant to install on a separate firewall box that lives between your local network and the Internet. All traffic must pass through pfSense.
-
@bmeeks said in why is installation so complicated?:
Yes. pfSense is meant to install on a separate firewall box that lives between your local network and the Internet. All traffic must pass through pfSense.
that makes so much more sense. thanks. i thought i was supposed to install it directly to my laptop. im still just a cyber security student who just started diving down the rabbit hole of cyber security a few months ago and trying to just figure out how the hell any of this works.
-
@john4324234 said in why is installation so complicated?:
i thought i was supposed to install it directly to my laptop
No, it's not an application that you install under some other operating system. It is a full-fledged self-contained firewall product that comes as an independent operating system. It's meant to be installed on a separate box with at least two network ports: WAN and LAN. It would be connected directly to your ISP modem and then would firewall traffic between WAN and LAN based on rules you configure. In addition, it has daemons (services) to provide DHCP and DNS services for your LAN.
-
@john4324234 said in why is installation so complicated?:
...in all the many years ive been alive.
@RobbieTT this was already asked by someone else and ill give you the same answer i game them. next time actually read the posts. there are not that many here lol.
... why is something clunky like this used? the only thing i can see this being useful for is travel where it provides network protection wherever you go, even if it probably is inferior to an actual physical network firewall.
... not everyone wants to go to the ends of the earth for security at the cost of any and all convenience and ease of use and are just looking for some simple ways to make themselves more secure. not even adding a normal windows installation method is plain stupid if you ask me.
Its not so much about difficulty as it is the fact that i would have to reinstall everything i have and not only that, but have to setup configuration settings for many hours... i am not so paranoid that...
im still just a cyber security student who just started diving down the rabbit hole of cyber security a few months ago and trying to just figure out how the hell any of this works.
It is true, I don't manage to read all the contributions to the forum but I did answer your grandiose post.
It is also true that you didn't read anything at all about hosted firewalls, including pfSense, before posting on the Netgate forum with a complaint about how clunky it is, how complicated it is, where it sits in a typical network structure and even questioning why it exists.
Given your chosen career path, you may wish to dial-it-back a bit with 'all the many years' of your life, as wisdom does not come automatically with age. Nor should you presume those that are younger (or older) are not knowledgable in their own field.
I am guessing here but from your posts it is not unreasonable to conclude that you are somewhat younger than my remaining grandparent, younger than my parents, younger than myself, younger than my daughter but probably older than my dog. Some wisdom can be found at every level; try not to get ahead of your skis.
️ -
@RobbieTT said in why is installation so complicated?:
It is also true that you didn't read anything at all about hosted firewalls, including pfSense, before posting on the Netgate forum with a complaint about how clunky it is, how complicated it is, where it sits in a typical network structure and even questioning why it exists.
Actually i am taking cyber security courses and i know the basics about it. i just didnt know that pfsense in particular was meant to be installed on a whitebox rather than your computer itself. i knew what types of firewalls there are and how they work, but not how they are installed. i also compaired pfsense to other firewalls online to figure which one would be best and they made it sound like pfsense could be installed to your computer and monitor both your computer and network at the same time. they never mentioned anything about installing the OS to a whitebox or a router. i just wanted to know why it required linux and why a drive had to be reformatted for it and why there wasnt a simpler way. you assume too much.
Given your chosen career path, you may wish to dial-it-back a bit with 'all the many years' of your life, as wisdom does not come automatically with age.
i said that simply to emphasise my confusion. i didnt actually mean anything by saying that. you are assuming too much yet again
Nor should you presume those that are younger (or older) are not knowledgable in their own field.
i was just saying it didnt make sense to me why there isnt a windows option as like litterally everything ive ever installed has been available to windows. i just didnt know that firewalls came with their own os nor that this edits the kernal making a windows version impratical due to licensing costs, and i had no idea the program wasnt for computers at all and was actually for whiteboxes which i didnt even know existed. every site i had been on made pfsense look like a local application for your computer and i didnt want to change my operating system for firewall software on my personal computer. im sorry if it seemed like i was dissing pfsense and the people who made it because that was not at all the intent.
Some wisdom can be found at every level; try not to get ahead of your skis.
you are pretty judgemental and assume a lot. also, your extremely condesending.
