Transparent Firewall Settings

  • Hi All,

    This is my first post.  I'm new to pfSense and not an expert in firewalls.

    Looking over the doc Transparent Firewall/Filtering Bridge - pfSense 2.0.2 By William Tarrh, I found that some things have changed since version 2.0.2.

    There are a few settings that are different in the 2.0.2 doc, but I was able to get around them, but in the section below on pg 10, I can't find "managementaccess"
    for the Source, unless it's in name only.  When selecting Single host or alias, I can add wording to the Address field.  In that case, what is "managmentaccess" referencing?  In aliases, I created "ManagementPorts".  For Dest Port, it's possible to select **Single host or alias[/b
    ], then I can enter the word "ManagementPorts".  There are no selections in the drop-downs with either of these "Ports".

    Now add a firewall rule allowing the sources defined in your management alias to the destination LAN address, with the port used or alias created for those using multiple ports. Make sure this rule comes first in the list. Then add a rule based on that rule (the + next to the rule), changing action to block or reject (I prefer reject on internal networks), source to any, and destination the same. When finished your ruleset should look like the following.

    Also, while I have your attention, is it possible to allow all inbound and outbound traffic and alllow the firewall to act as IDS/IPS and proxy firewall only?
    We have a Cisco ASA 5510 behind the router and the pfSense would come in after the ASA 5510.  ASA 5510 does packet filtering other services.
    I'd like to pfSense to function at the App level.

    My pfSense firewall:
    Version 2.1-RELEASE (i386)
    built on Wed Sep 11 18:16:50 EDT 2013
    FreeBSD 8.3-RELEASE-p11

    You are on the latest version.



  • Ok, after reading the definition of an alias, I was able to create a group of IPs for the "ManagementAccess" alias.

    So for a newbie like me- You must create the alias(es) first under Firewall>Alias.  The port field was red, so one can start typing the alias(es).  It starts populating the alias name for you.

    See JPEG.

Log in to reply