◼️
General Knowledge
  • Introduction
  • Building a Home Lab
  • Certification Roadmap
  • Basics
    • Basic Networking
    • Basic Gigamon Configuration
  • Firewalls
    • PFSense
    • Cisco ASA
  • Hardware Setup and Device Networking
    • Cisco Device
    • MaxVision Servers
    • Gigamon
  • Reporting
    • Network Activity Report (NAR)
    • Network Change Request (NCR)
    • Redmine
  • DCO Tools
    • Splunk
      • Threat Hunting with Splunk
    • Security Onion 2.4
      • Threat Hunting with Security Onion
    • OsQuery
  • Methodology
    • Gather Information
    • Gather Documents
    • Prepare Equipment and Team Procedures
    • Conduct Network Reconnaissance
    • MITTRE ATT&CK Framework
    • Considerations when Recommending Remedial Action
    • Document Everything
    • Defensive Cyber Operations Checklist
  • Requirements
    • Power Requirements
    • Port Density Requirements
    • Opened Port Requirements
  • Building a Virtual Testing Environment
    • Identify Requirements
    • Gather Equipment and tools
    • Initial Draft
    • Building the Environment
    • Example
Powered by GitBook
On this page
  • Introduction
  • Assignments
  • NAT
  • Gateways / Static Routes
  1. Firewalls

PFSense

This page covers some initial configuration and use cases for a PFSense.

PreviousBasic Gigamon ConfigurationNextCisco ASA

Last updated 2 years ago

Introduction

PFSense is an open-source firewall/router based on the FreeBSD Os. This puts it in a similar category to OpenSense and the two are very similar. PFSense is virtual which removes some gear overhead when pushing out and it also allows scalability since it can have a high number of interfaces and networks attached to it. Below is the link to the documentation for more specific information, but this document will go over the basic things we use it for.

Assignments

When assigning interfaces on PFSense, sometimes it can shift around NIC's so it's important to, when you are assigning interfaces, confirm what the MAC address is on your hypervisor. On ESXi, this can be seen by selecting the VM and opening the drop-down for the port group. There you will see the MAC of the NIC.

On PFSense Web, go into the Interfaces tab and select each Interface and give it the proper IPv4/IPv6 configuration

If you are communicating between two private IP spaces make sure you uncheck the boxes for reserved networks at the bottom of the GUI in the interface configuration

NAT

Once your interfaces are properly configured you can set up NAT rules for each of your tools. Typically you want to only NAT through the IPs and Ports actively in use by our tools such as Beats, or Splunk. Also allowing through any traffic directed outwards to things such as a remote rocket chat server, or file share.

For the below demonstration on NAT rules the customer network is 192.168.228.0/24 and DCO's internal IP scheme is 20.0.0.0/24. This will be simulating setting a NAT for a Splunk indexer headed to 20.0.0.10:9997

  1. On PFSense Web open Firewall -> NAT -> Port Forward

  2. Add a new rule

  3. For the interface, select the interface from which traffic is coming. In this instance, traffic is coming from the customer network which is typically the WAN interface

  4. Set the Address family and protocol to fit your environment. For us, IPv4/TCP

  5. Select a source if traffic is coming from a specific IP

  6. For destination select the WAN address. This IP is for where the traffic ON THE OUTSIDE of the NAT is going to, typically the address you have your PFSense connected to the customer switch

  7. Destination port range select 9997 for Splunk Indexer

  8. Redirect target IP select "Single Host" and put your internal IP. In this case 20.0.0.10 for our Splunk server

  9. Redirect target Port select "other" and use the same IP as the outside 9997

  10. Finally, add a description to it and select save. Apply the changes and your NAT is complete

Gateways / Static Routes

In some instances, you have multiple networks on the other side of one interface and you need to tell PFSense where to direct that traffic. This is where setting Gateways and Static routes will help. See the below image for an example

  1. On PFSense Web open System -> Routing -> Gateways

  2. Add a new Gateway

  3. Interface is where the other networks lay. In this case LAN

  4. Name your gateway

  5. The Gateway IP Address will be the default gateway of that interface. In this case. 20.0.0.1

  6. Add a description and select Save

  7. Go to the "Static routes" tab

  8. The destination network is the other network that lies on the other side of the interface you selected for the gateway. In this case 30.0.0.0/24

  9. Apply the gateway you created. This tells PFSense to send any traffic bound for the Destination network to that gateway

  10. Save and apply settings.

pfSense Documentation | pfSense Documentation
PFSense documentation
Logo
PFSense NAT Demonstration
Static routes with multiple networks on the other side of an interface