why is installation so complicated?

A Former User

@bmeeks said in why is installation so complicated?:

The reason pfSense is provided on a CD or DVD or USB stick for installation is so a user can install it on his own hardware instead of being forced to buy a dedicated hardware appliance from the firewall vendor. pfSense is an open-source product just like Linux. It can be installed on a whitebox hardware. With many of the other firewalls I listed you can't install them on your own hardware.

i see, so you dont have to install it on your computer but you can actually just buy a cheap whitebox, connect it to your networks ethernet, and install this to do the job?

bmeeks

@john4324234 said in why is installation so complicated?:

yea, im just trying to secure my laptop for the time being and when i move out from my parents my home network as well.

If you simply want to secure a single device, such as a laptop, then pfSense is definitely the wrong tool. Using some firewall application designed to run inside the operating system of the laptop is the best choice. Otherwise you would always need to carry around two boxes: your laptop and some hardware appliance running pfSense.

But once you have your own home network to secure, pfSense is a good tool for that. Purchase a cheap piece of whitebox Intel-based hardware that meets the requirements for installing pfSense, put pfSense on it, configure it, and protect everything on the LAN behind pfSense. You could also purchase a Netgate firewall appliance that will come with pfSense already installed on it.

bmeeks

@john4324234 said in why is installation so complicated?:

@bmeeks said in why is installation so complicated?:

The reason pfSense is provided on a CD or DVD or USB stick for installation is so a user can install it on his own hardware instead of being forced to buy a dedicated hardware appliance from the firewall vendor. pfSense is an open-source product just like Linux. It can be installed on a whitebox hardware. With many of the other firewalls I listed you can't install them on your own hardware.

i see, so you dont have to install it on your computer but you can actually just buy a cheap whitebox, connect it to your networks ethernet, and install this to do the job?

Yes. pfSense is meant to install on a separate firewall box that lives between your local network and the Internet. All traffic must pass through pfSense.

A Former User

@bmeeks said in why is installation so complicated?:

Yes. pfSense is meant to install on a separate firewall box that lives between your local network and the Internet. All traffic must pass through pfSense.

that makes so much more sense. thanks. i thought i was supposed to install it directly to my laptop. im still just a cyber security student who just started diving down the rabbit hole of cyber security a few months ago and trying to just figure out how the hell any of this works.

bmeeks

@john4324234 said in why is installation so complicated?:

i thought i was supposed to install it directly to my laptop

No, it's not an application that you install under some other operating system. It is a full-fledged self-contained firewall product that comes as an independent operating system. It's meant to be installed on a separate box with at least two network ports: WAN and LAN. It would be connected directly to your ISP modem and then would firewall traffic between WAN and LAN based on rules you configure. In addition, it has daemons (services) to provide DHCP and DNS services for your LAN.

RobbieTT

@john4324234 said in why is installation so complicated?:

...in all the many years ive been alive.

@RobbieTT this was already asked by someone else and ill give you the same answer i game them. next time actually read the posts. there are not that many here lol.

... why is something clunky like this used? the only thing i can see this being useful for is travel where it provides network protection wherever you go, even if it probably is inferior to an actual physical network firewall.

... not everyone wants to go to the ends of the earth for security at the cost of any and all convenience and ease of use and are just looking for some simple ways to make themselves more secure. not even adding a normal windows installation method is plain stupid if you ask me.

Its not so much about difficulty as it is the fact that i would have to reinstall everything i have and not only that, but have to setup configuration settings for many hours... i am not so paranoid that...

im still just a cyber security student who just started diving down the rabbit hole of cyber security a few months ago and trying to just figure out how the hell any of this works.

It is true, I don't manage to read all the contributions to the forum but I did answer your grandiose post.

It is also true that you didn't read anything at all about hosted firewalls, including pfSense, before posting on the Netgate forum with a complaint about how clunky it is, how complicated it is, where it sits in a typical network structure and even questioning why it exists.

Given your chosen career path, you may wish to dial-it-back a bit with 'all the many years' of your life, as wisdom does not come automatically with age. Nor should you presume those that are younger (or older) are not knowledgable in their own field.

I am guessing here but from your posts it is not unreasonable to conclude that you are somewhat younger than my remaining grandparent, younger than my parents, younger than myself, younger than my daughter but probably older than my dog. Some wisdom can be found at every level; try not to get ahead of your skis.

️

A Former User

@RobbieTT said in why is installation so complicated?:

It is also true that you didn't read anything at all about hosted firewalls, including pfSense, before posting on the Netgate forum with a complaint about how clunky it is, how complicated it is, where it sits in a typical network structure and even questioning why it exists.

Actually i am taking cyber security courses and i know the basics about it. i just didnt know that pfsense in particular was meant to be installed on a whitebox rather than your computer itself. i knew what types of firewalls there are and how they work, but not how they are installed. i also compaired pfsense to other firewalls online to figure which one would be best and they made it sound like pfsense could be installed to your computer and monitor both your computer and network at the same time. they never mentioned anything about installing the OS to a whitebox or a router. i just wanted to know why it required linux and why a drive had to be reformatted for it and why there wasnt a simpler way. you assume too much.

Given your chosen career path, you may wish to dial-it-back a bit with 'all the many years' of your life, as wisdom does not come automatically with age.

i said that simply to emphasise my confusion. i didnt actually mean anything by saying that. you are assuming too much yet again

Nor should you presume those that are younger (or older) are not knowledgable in their own field.

i was just saying it didnt make sense to me why there isnt a windows option as like litterally everything ive ever installed has been available to windows. i just didnt know that firewalls came with their own os nor that this edits the kernal making a windows version impratical due to licensing costs, and i had no idea the program wasnt for computers at all and was actually for whiteboxes which i didnt even know existed. every site i had been on made pfsense look like a local application for your computer and i didnt want to change my operating system for firewall software on my personal computer. im sorry if it seemed like i was dissing pfsense and the people who made it because that was not at all the intent.

Some wisdom can be found at every level; try not to get ahead of your skis.

you are pretty judgemental and assume a lot. also, your extremely condesending.

A Former User

anyways, ive learned a lot coming here and figured out what i needed to know. its unfortunate that the only whiteboxes capable of properly running pfsense "cheaply" are at least a bit over $200 and would limit network speeds to well under 1 gbps. i would have to spend an astronomical amount of money to get it to at least 5 gbps where this would actually be worth it for a home network and dedicated firewalls are even more expensive. as such, ive decided firewalls period just are not worth it for home networks. ill just stick to netgear armor. thanks anyways to those who helped me. espessially @bmeeks who is the only one here who actually tried to be helpful.

ill now be deleting my account as i have no further use for it here and i want to reduce tracking data where ever i can.

edit: or not. i dont remember my password and apparently my password manager doesnt either. all well. maybe i can use forgot password to change it and then delete it.

stephenw10

It's possible to run pfSense in a VM on a host device and route all traffic thought it. There are drawbacks to that sort of setup but it's a good way to learn.

Steve

ChapInTokyo

Just happened on this thread, because I too am a total newbie to PfSense and am currently going through the learning process while setting it up with the help of the docs, and nguvu's very helpful "pfSense baseline guide with VPN, Guest and VLAN support"...

I have to say that everyone here is so extraordinarily helpful. Have a nice day everyone!

A chappie