why is installation so complicated?
-
@john4324234 said in why is installation so complicated?:
why is installing this so complicated?
I disagree with this statement, installing pfSense is just as easy as Windows or Linux. Insert USB, boot and install. When done you have a secure and fully functional firewall. Adding rules to allow new things might be a little harder at first, but being a little more complicated translates into more control.
Building a true firewall on Windows will never be done due to the licensing cost to be able to modify the kernal, and it would be Windows embedded, not the Windows you are using.
A side note, if you are going to keep using an "on OS" firewall, do not remove the ISP router/FW. Bad things are likely to happen.
-
@john4324234 said in why is installation so complicated?:
... in all the many years ive been alive, ive never seen software that requires you to wipe a hard drive to install it.
I agree, I've never experienced application software that requires that either.
Now, in all your years, how many operating systems have you installed?
If the answer is more than zero, how many of them didn't require the OS drive to be repartitioned (wiped)?
️
-
@bmeeks @SteveITS I thought "true firewalls" for networks are physical devices that you connect your internet from your service provider into and then connect the firewall to your router so that threats never even reach the router. bitdefender takes care of the local firewall needs and the physical firewall takes care of network. so why is something clunky like this used? is there something im still missing here? the only thing i can see this being useful for is travel where it provides network protection wherever you go, even if it probably is inferior to an actual physical network firewall.
@RobbieTT this was already asked by someone else and ill give you the same answer i game them. next time actually read the posts. there are not that many here lol.
@john4324234 said in why is installation so complicated?:
i mean sure ive installed windows before, but thats for an entire computer file and operation system and fire wall and antivirus and a bunch of other stuff. this is an entire dedicated OS, for a singular fire wall application... why? why couldnt it just be a normal file? why did they have to use FreeBSD when they could have just used normal Windows and MacOS files. why did it need its own entire OS on FreeBSD? bitdefender has shown you can have a prefectly fine firewall without an entire dedicated OS or linux overcomplication. i get that linux is prefered by a lot of security people as it is more secure, but not everyone wants to go to the ends of the earth for security at the cost of any and all convenience and ease of use and are just looking for some simple ways to make themselves more secure. not even adding a normal windows installation method is plain stupid if you ask me.
@AndyRH Its not so much about difficulty as it is the fact that i would have to reinstall everything i have and not only that, but have to setup configuration settings for many hours and on top of that id have to use linux instead of windows. i wanted to do this for my personal computer. i am not so paranoid that i would use linux for my personal gaming computer out of fear of being hacked.
-
@john4324234 said in why is installation so complicated?:
@bmeeks @SteveITS I thought "true firewalls" for networks are physical devices that you connect your internet from your service provider into and then connect the firewall to your router so that threats never even reach the router. bitdefender takes care of the local firewall needs and the physical firewall takes care of network. so why is something clunky like this used? is there something im still missing here? the only thing i can see this being useful for is travel where it provides network protection wherever you go, even if it probably is inferior to an actual physical network firewall.
@RobbieTT this was already asked someone else and ill give you the same answer i game them. next time actually read the posts. there are not that many here lol.
@john4324234 said in why is installation so complicated?:
i mean sure ive installed windows before, but thats for an entire computer file and operation system and fire wall and antivirus and a bunch of other stuff. this is an entire dedicated OS, for a singular fire wall application... why? why couldnt it just be a normal file? why did they have to use FreeBSD when they could have just used normal Windows and MacOS files. why did it need its own entire OS on FreeBSD? bitdefender has shown you can have a prefectly fine firewall without an entire dedicated OS or linux overcomplication. i get that linux is prefered by a lot of security people as it is more secure, but not everyone wants to go to the ends of the earth for security at the cost of any and all convenience and ease of use and are just looking for some simple ways to make themselves more secure. not even adding a normal windows installation method is plain stupid if you ask me.
I will try once more to explain. I think you are missing some key pieces of information in your knowledge of how network security is handled.
There are simple "plug it in once and done" router appliances for home networks. Those are very simple user friendly devices for someone who just wants Internet and say WiFi in their home. I'm talking about devices from Netgear, D-Link, and others including simple modem/router combinations provided by many ISPs. With many of these kinds of devices you do indeed need a host firewall application living on each device behind that home router.
pfSense is a business/corporate grade firewall product. It is suitable for use at a network perimeter and can be used for big corporate networks or a simple home network. But it is much, much more capable than a simple "router" you might purchase from Amazon or Walmart. pfSense is meant to compete with those "big boy" firewalls I listed from Checkpoint, Fortinet and others. pfSense can do everthing that Netgear or D-Link router can do and then much more. In fact, when you properly deploy pfSense, you don't need what you call a "router" at all. pfSense does everything including routing, DHCP, DNS, and firewalling. Thus you no longer need individual firewall applications on your hosts behind pfSense. This extra layer of functionality is why pfSense is a complete operating system and not simply some application you install like a Symantec or McAfee product.
The reason pfSense is provided on a CD or DVD or USB stick for installation is so a user can install it on his own hardware instead of being forced to buy a dedicated hardware appliance from the firewall vendor. pfSense is an open-source product just like Linux. It can be installed on whitebox hardware. With many of the other firewalls I listed you can't install them on your own hardware.
It sounds as if pfSense is a product that does much more than you feel you need, thus it might not be a good fit for your network security goals.
-
@bmeeks said in why is installation so complicated?:
It sounds as if pfSense is a product that does much more than you feel you need, thus it might not be a good fit for your network security goals.
yea, im just trying to secure my laptop for the time being and when i move out from my parents my home network as well. i dont think i need anything crazy. i intend to get a netgear router and use netgear armor as well as bitdefender box and a physical network firewall along with bitdefender on my computer combined with a vpn. thats my ideal network security setup.
-
@bmeeks said in why is installation so complicated?:
The reason pfSense is provided on a CD or DVD or USB stick for installation is so a user can install it on his own hardware instead of being forced to buy a dedicated hardware appliance from the firewall vendor. pfSense is an open-source product just like Linux. It can be installed on a whitebox hardware. With many of the other firewalls I listed you can't install them on your own hardware.
i see, so you dont have to install it on your computer but you can actually just buy a cheap whitebox, connect it to your networks ethernet, and install this to do the job?
-
@john4324234 said in why is installation so complicated?:
yea, im just trying to secure my laptop for the time being and when i move out from my parents my home network as well.
If you simply want to secure a single device, such as a laptop, then pfSense is definitely the wrong tool. Using some firewall application designed to run inside the operating system of the laptop is the best choice. Otherwise you would always need to carry around two boxes: your laptop and some hardware appliance running pfSense.
But once you have your own home network to secure, pfSense is a good tool for that. Purchase a cheap piece of whitebox Intel-based hardware that meets the requirements for installing pfSense, put pfSense on it, configure it, and protect everything on the LAN behind pfSense. You could also purchase a Netgate firewall appliance that will come with pfSense already installed on it.
-
@john4324234 said in why is installation so complicated?:
@bmeeks said in why is installation so complicated?:
The reason pfSense is provided on a CD or DVD or USB stick for installation is so a user can install it on his own hardware instead of being forced to buy a dedicated hardware appliance from the firewall vendor. pfSense is an open-source product just like Linux. It can be installed on a whitebox hardware. With many of the other firewalls I listed you can't install them on your own hardware.
i see, so you dont have to install it on your computer but you can actually just buy a cheap whitebox, connect it to your networks ethernet, and install this to do the job?
Yes. pfSense is meant to install on a separate firewall box that lives between your local network and the Internet. All traffic must pass through pfSense.
-
@bmeeks said in why is installation so complicated?:
Yes. pfSense is meant to install on a separate firewall box that lives between your local network and the Internet. All traffic must pass through pfSense.
that makes so much more sense. thanks. i thought i was supposed to install it directly to my laptop. im still just a cyber security student who just started diving down the rabbit hole of cyber security a few months ago and trying to just figure out how the hell any of this works.
-
@john4324234 said in why is installation so complicated?:
i thought i was supposed to install it directly to my laptop
No, it's not an application that you install under some other operating system. It is a full-fledged self-contained firewall product that comes as an independent operating system. It's meant to be installed on a separate box with at least two network ports: WAN and LAN. It would be connected directly to your ISP modem and then would firewall traffic between WAN and LAN based on rules you configure. In addition, it has daemons (services) to provide DHCP and DNS services for your LAN.
-
@john4324234 said in why is installation so complicated?:
...in all the many years ive been alive.
@RobbieTT this was already asked by someone else and ill give you the same answer i game them. next time actually read the posts. there are not that many here lol.
... why is something clunky like this used? the only thing i can see this being useful for is travel where it provides network protection wherever you go, even if it probably is inferior to an actual physical network firewall.
... not everyone wants to go to the ends of the earth for security at the cost of any and all convenience and ease of use and are just looking for some simple ways to make themselves more secure. not even adding a normal windows installation method is plain stupid if you ask me.
Its not so much about difficulty as it is the fact that i would have to reinstall everything i have and not only that, but have to setup configuration settings for many hours... i am not so paranoid that...
im still just a cyber security student who just started diving down the rabbit hole of cyber security a few months ago and trying to just figure out how the hell any of this works.
It is true, I don't manage to read all the contributions to the forum but I did answer your grandiose post.
It is also true that you didn't read anything at all about hosted firewalls, including pfSense, before posting on the Netgate forum with a complaint about how clunky it is, how complicated it is, where it sits in a typical network structure and even questioning why it exists.
Given your chosen career path, you may wish to dial-it-back a bit with 'all the many years' of your life, as wisdom does not come automatically with age. Nor should you presume those that are younger (or older) are not knowledgable in their own field.
I am guessing here but from your posts it is not unreasonable to conclude that you are somewhat younger than my remaining grandparent, younger than my parents, younger than myself, younger than my daughter but probably older than my dog. Some wisdom can be found at every level; try not to get ahead of your skis.
️
-
@RobbieTT said in why is installation so complicated?:
It is also true that you didn't read anything at all about hosted firewalls, including pfSense, before posting on the Netgate forum with a complaint about how clunky it is, how complicated it is, where it sits in a typical network structure and even questioning why it exists.
Actually i am taking cyber security courses and i know the basics about it. i just didnt know that pfsense in particular was meant to be installed on a whitebox rather than your computer itself. i knew what types of firewalls there are and how they work, but not how they are installed. i also compaired pfsense to other firewalls online to figure which one would be best and they made it sound like pfsense could be installed to your computer and monitor both your computer and network at the same time. they never mentioned anything about installing the OS to a whitebox or a router. i just wanted to know why it required linux and why a drive had to be reformatted for it and why there wasnt a simpler way. you assume too much.
Given your chosen career path, you may wish to dial-it-back a bit with 'all the many years' of your life, as wisdom does not come automatically with age.
i said that simply to emphasise my confusion. i didnt actually mean anything by saying that. you are assuming too much yet again
Nor should you presume those that are younger (or older) are not knowledgable in their own field.
i was just saying it didnt make sense to me why there isnt a windows option as like litterally everything ive ever installed has been available to windows. i just didnt know that firewalls came with their own os nor that this edits the kernal making a windows version impratical due to licensing costs, and i had no idea the program wasnt for computers at all and was actually for whiteboxes which i didnt even know existed. every site i had been on made pfsense look like a local application for your computer and i didnt want to change my operating system for firewall software on my personal computer. im sorry if it seemed like i was dissing pfsense and the people who made it because that was not at all the intent.
Some wisdom can be found at every level; try not to get ahead of your skis.
you are pretty judgemental and assume a lot. also, your extremely condesending.
-
anyways, ive learned a lot coming here and figured out what i needed to know. its unfortunate that the only whiteboxes capable of properly running pfsense "cheaply" are at least a bit over $200 and would limit network speeds to well under 1 gbps. i would have to spend an astronomical amount of money to get it to at least 5 gbps where this would actually be worth it for a home network and dedicated firewalls are even more expensive. as such, ive decided firewalls period just are not worth it for home networks. ill just stick to netgear armor. thanks anyways to those who helped me. espessially @bmeeks who is the only one here who actually tried to be helpful.
ill now be deleting my account as i have no further use for it here and i want to reduce tracking data where ever i can.
edit: or not. i dont remember my password and apparently my password manager doesnt either. all well. maybe i can use forgot password to change it and then delete it.
-
It's possible to run pfSense in a VM on a host device and route all traffic thought it. There are drawbacks to that sort of setup but it's a good way to learn.
Steve
-
Just happened on this thread, because I too am a total newbie to PfSense and am currently going through the learning process while setting it up with the help of the docs, and nguvu's very helpful "pfSense baseline guide with VPN, Guest and VLAN support"...
I have to say that everyone here is so extraordinarily helpful. Have a nice day everyone!
A chappie