Cisco –> pfSense verbage translation



  • My Cisco PIX box died this week and I replaced it with a pfSense installation. I have a rule in my PIX that I cannot translate to pfSense. Below are the two lines in my PIX config I need to add to pfSense.

    access-list 101 permit tcp 208.81.237.128 255.255.255.192 host 165.138.7.50 eq 144

    pdm location 208.81.237.128 255.255.255.192 outside

    TIA



  • for the ACL it depends on where it was applied. Those are basically identical, you need the same rule on the interface where that was applied on the PIX. Only diff being if it's traffic in from the Internet, NAT applies first in PF, after rules in PIX, so the dest IP is the private IP in PF.

    The "pdm location" equivalent is just adding a firewall rule on WAN.



  • pdm location 208.81.237.128 255.255.255.192 outside

    This line allows pix device manger (horrorable java gui imo) to be access from the outside. If you still want this, you would need to open web mgt to your pfsense box from the outside for this particular subnet.



  • Being a noob to pfSense and by far not a guru in firewalls, I pretty much need it spelled out for me at least once. Then I get it for any additional entries I may need to do.



  • it depends. Do you have a NAT entry applying to traffic on the ACL line posted?


Log in to reply