Time
1 hour 18 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:01
Hey, welcome back, everyone. This is Section two of PF. Since configuring firewalls owns eso were in the lab environment right now and what you're looking at is a virtual machine. It's the PF sense I saw that's been installed in the side very lab,
00:20
and it's fully booted.
00:22
And what you're looking at here briefly is just some of the options that you have when you configure in this particular via will. Things that we're gonna focus on is that when land and the opt one, which is gonna be our DMC interfaces. So those are the three that we want to configure,
00:42
and we're gonna move around and about with our Windows operating system and our Linux operating system. I'm a little toggle through
00:52
to get to those virtual machines,
00:56
right, And
00:58
we'll be able to live into these and, you know, see if we could pass traffic based off the configuration we have
01:07
within RPF sense viral.
01:10
So let's get started. The very first thing that we want to do is we want a sign
01:15
the interface with an I P address. Okay, so we're gonna do that now just step through this together.
01:23
We're gonna select option to which tells us that we can set interfaces for an I P address.
01:29
Okay,
01:30
we're gonna choose
01:34
the way in, which is gonna be option number one, as you can see under the available interfaces section.
01:46
Now, it's gonna give us a couple of questions throughout this quote unquote wizard or
01:53
this guide that we're going to
01:56
answer to. So
01:59
it wants this toe
02:00
Make a decision about
02:04
allowing d A. C p on this one in her face, right? Independent on your set up,
02:08
whether you're doing this at home or you're in a production environment, your firewall, this particular firewall can handle D h E p, which is gonna be that dynamic host configuration protocol that, you know, leases are hands out. I p addresses for
02:25
whatever host or assets are on that particular
02:30
sub net or a zone. All right, but for now, we're gonna go ahead and choose no,
02:35
where we're gonna want to focus solely on the fact that we just want to get the face is up and running. Okay,
02:44
I'm gonna put in my i p address
02:50
hit enter,
02:53
and then we're gonna give it a slash 24.
02:57
So cider notation basically tells us the amount of I P addresses we're gonna be ableto have for that particular sub network that were created. Okay,
03:07
so that's what we just did with the slash 24 we're gonna go ahead and proceed,
03:13
and
03:14
we're just gonna hit enter here. We don't need to configure an upstream gateway at this time, okay?
03:23
And we're also gonna go with
03:25
no for this particular question. This is gonna be I p b six, right? We're not concerned about I p v six at this point and again, we don't have an interest in allowing d A. C p on these interfaces from the PF sense. Right? DCP might be handled from a domain controller
03:46
or another
03:47
host in the environment, but for this particular lab, we're not interested in that.
03:58
And so we're just gonna hit enter again. We don't have an interest in I p v six
04:02
and we're not gonna interest ourselves in reverting the Web configuration protocol, which is gonna really handle the Web configuration website that we would see. And we'll get to that in a bit. So we'll hit. No,
04:24
and we just configure the when interface right
04:30
we could see it visible there on that top line. It's gotta write the address. It's got our cider notation of slash 24 we're gonna move on
04:40
and continue the effort
04:42
with the next two lengths the less of the next two segments which is gonna be our land and our d m z.
04:48
Okay, so again, we're gonna choose option number two
04:54
and then we're gonna choose
04:56
Interface number two.
04:59
I'm gonna give an I P address.
05:11
I'm gonna go to slash 24.
05:15
We're gonna go ahead, Enter. We're not concerned about the upstream gateway at this time.
05:21
We may interfere. I b b six address. We're not concerned about that either.
05:28
We're gonna go with no on the A C. P
05:31
and when I choose no. On that
05:34
revert for the A c T p Y configuration protocol.
05:46
Now, you could see that the land address
05:49
is where we're gonna be able to access the actual
05:54
web console for the PF sense. So it's very important that when you're going through
06:00
and you set this up in your lab environment, if you choose to do so that you understand that this https address is what you're gonna need actually connect to the actual console so you don't have to use command line to configure the rest of your router. Or I should say, your firewall,
06:18
even though this is behaving like a rodders. Well, keep that in mind.
06:23
Um,
06:24
so this is what you're gonna need, right? So this is very important to just keep that
06:29
and understand that that's how you're gonna access the, uh, the web counsel to do the port fording the black or the allow for a particular traffic
06:41
on the networks that we're setting up. Okay,
06:44
so we're gonna enter, and we're gonna go ahead and configure the when.
06:51
Excuse me. We're gonna configure the D m Z.
06:58
We're gonna give that an I P address.
07:05
We're gonna give this last 24.
07:11
We're gonna hit Enter.
07:14
We're going to enter again.
07:16
We're gonna choose no for D A c. P.
07:19
You were not gonna revert.
07:26
What do you have? There is three separate
07:30
network segments. Wouldn't for your wang one for your land. Another one for your d m z.
07:38
So now that we've got that complete,
07:42
we could actually go about the business of configuring
07:46
the PF sense through that Web link. Right. So we're gonna move over to that Windows eight machine
07:56
we're gonna sign into that machine.
08:05
We're gonna go and access
08:13
the actual H H D. S. I P address that provides us with that link. Remember? I
08:18
I showed you that earlier.
08:20
All right, so we're just gonna go ahead and type in that
08:26
the Atlanta address,
08:28
and that should get us there.
08:31
Now, the reason why the screen looks the way it is, it's because that certificate is not trusted. Right? So we're just gonna wanna continue to this website
08:39
and then there you have it. We've got the logging splash screen for P f Sense, and now we're gonna be able to sign it
08:46
and go about the business of actually configuring
08:50
R P s sense firewall.
08:58
Now, upon the very first time, sign into European sense firewall. Whether it's in a lab environment or you download it yourself and do this at home, you're gonna go through some prompts. And for the sake of falling along with this lab, all you have to do is hit next. They're not gonna change anything here.
09:18
We're gonna keep everything as is.
09:20
Obviously you're doing this at home, you're probably gonna want to change the password. You don't want to keep that default password. You don't have to write. So that's important to kind of read through those things as you do at home. But for now, we just want to keep going through and
09:39
clicking necks. Not gonna change anything,
09:43
go ahead and reload.
09:43
And then we're gonna choose
09:46
to go to the actual PF sense of Web configuration,
09:52
and we're in, right, So you could see that all three interfaces air up.
09:58
All of the actual I p addresses that I assigned are visible. And,
10:03
you know, now we could we can actually go ahead and move forward and making sure that
10:09
we're in a position where we're gonna allow trap it to pass through. And there's a couple of things that we want to do. All right, so we're gonna go to interfaces.
10:18
We're gonna choose the land interface to start. I was just gonna make sure that we're not blocking private networks, right? We're working in a private network space, and so it's important that you know, the 17 to the 192 or the 1920.10 with a 10.0 addresses,
10:37
um,
10:37
are are able to talk to one another based off of,
10:41
um, this private networks configuration here. And obviously those are the type of I P addresses we're gonna use for our three separate interfaces. Right? So very important that
10:54
you check that and make sure you know we're not blocking your artsy 1918 or those private networks. Okay?
11:09
What did it say there?
11:11
We're gonna apply changes. One really cool thing about PF sense is that, you know, anytime you do make a change in the environment, it doesn't automatically make that change without you applying. So you get to go back and really make sure that you know what you did is what you really wanted to do. So
11:31
just another one of those No measure twice cut once type of rules that you'll see with pf sense. And we're gonna want to repeat this for the next two segments. Okay, so we'll go to our auto one, which is gonna be I d m z. We're gonna make sure that both of these air on check,
11:50
right?
11:54
And then we'll do that again for the win.
12:03
And as you can see for the when they are checked. But we're gonna uncheck it
12:07
for the sake of this lab to make sure that we can see in about an outbound filter and at work.
12:18
So next up, we're gonna talk about network connectivity testing. Okay, so stay right there and I'll be right back.

Up Next

pfSense: Installing and Configuring the Firewall

In this pfSense Firewall training course, students will learn how a firewall functions on a network or host. The course provides details about the different types of firewalls, as well as providing a hands-on lab experience configuring separate zones.

Instructed By

Instructor Profile Image
Mario Bardowell
Instructor