Transparent Firewall Disable Packet Filtering

  • I have a specific question and problems regarding transparent firewalling and packet filtering.  I followed an online PDF for pf 2.0 for setting up a transparent firewall.

    During off hours, I tried to install the pfSense into our network as a transparent firewall (FW) with no packet filtering or to allow all in both directions.
    The FW rules are set to allow all IPv4 and IPv6 TCP/UDP in both directions.  However, I read that all rules for the WAN side must be turned off.  This correct??
    I had it set that way at one point, but got better results with allowing traffic on the WAN interface via some rules.

    I found that one of the interfaces was constantly rebooting or "bouncing".
    Only thing that worked was HTTP traffic going out.
    HTTP traffic was sporatic, probably due to the bouncing of one of the NICs.  No traffic was coming in, HTTP/HTTPS, SMTP.
    PINGing our Cisco firewall's inside IP on the perimeter of the network dropped 25% of all packets.

    After running out of time, I put everything back the way it was on the network.  While doing some research, I found that in System> Advanced> Firewall
    /NAT it is possible to disable all packet filtering.  Is it OK to use the "disable packet filtering" function when in transparent mode?

    We mainly need the pfSense FW to run Snort, Web proxying and HTTP anti-virus.

    Attached are a few screenshots of the settings, mainly FW rules.

    Network:  Internet> Cisco ASA5510> pfSense> switch> PCs and servers.

    Any advise would be helpful!



  • I have the same question.  Let me know if you find the answer please.

  • Hi,

    I haven't been able to get a resolution yet, or even try since I posted the question.
    Was hoping to get more help from member here, but out of the two questions I have asked, only you have responded.

    Does anyone use this forum?  Maybe there is a better forum for this software somewhere else?


  • This is the best forum to use for pfsense.  Sometimes I get quick responses sometimes not.  But the best one for pfsense.  You can purchase paid support.  I think it's somewhere around $100 an hour.  Don't quote me on that.