3.3 Installing pfSense

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
6 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
>> Welcome back to the summary course
00:00
in building your InfoSec lab.
00:00
I'm your host and Instructor, Kevin Hernandez.
00:00
On our previous lesson,
00:00
we have introduction into ESXi.
00:00
We familiarized ourselves with the dashboard,
00:00
learned how to read system resources, etc.
00:00
We also apply our ESXi license that we got
00:00
from being wire themselves as a free license.
00:00
On today's lesson, we will
00:00
start installing our first next-gen firewall.
00:00
In this scenario, it will be PFSense. Let's get started.
00:00
Now, before we install our PFSense,
00:00
there were different various options when downloading it,
00:00
such as USB stick and ISO.
00:00
Now, if you haven't downloaded yet
00:00
the PFSense image, please go ahead.
00:00
Once downloaded, you'll notice that it has
00:00
a.iso.gz format on it.
00:00
In this scenario, let's extract the data
00:00
prior to starting our installation.
00:00
Using 7-Zip for this,
00:00
wait for to extraction to finish.
00:00
Once completed, you will find
00:00
the actual ISO in this path over here.
00:00
Keep that in consideration and remember the path.
00:00
So we need to find an anaclisis
00:00
once we start the installation.
00:00
Now, before we start installation of the firewall,
00:00
let's make sure we have some networking or
00:00
VLANS which is for these switches here configured.
00:00
Let's go to the networking tab.
00:00
Go to virtual switches.
00:00
You can see we have none,
00:00
an error or the standard. Let's create a new one.
00:00
Let's call it, PFsense switch.
00:00
We can say it's LAN.
00:00
Let's click add here. Let's go in here.
00:00
Now, we'll come back into creating our part groups
00:00
once we actually start routing traffic to it.
00:00
For the meantime, let's just continue
00:00
with installation and creating our virtual machine.
00:00
Let's go back to virtual machines, create register VM.
00:00
Now you basically have three options;
00:00
create a new virtual machine,
00:00
deploy a virtual machine from
00:00
an OBA file and register an existing virtual machine.
00:00
Now, this second option is
00:00
more towards when we're migrating
00:00
our Kali box or
00:00
Metasploitable more of those pen testing type of machines.
00:00
In this case, since we are going to be using an ISO file,
00:00
we'll go here to create
00:00
a new virtual machine and click "Next".
00:00
We're presented with some default information,
00:00
such as the name, shall put PFSense in it.
00:00
We have compatibility,
00:00
ESXi version, the guest OS family.
00:00
In this case, we'll pick other,
00:00
and the guest OS version,
00:00
which is free BSD 64-bit right here.
00:00
Let's click "Next".
00:00
Here, you will be basically picking the storage device
00:00
you'll be utilizing for your PFSense installation.
00:00
Since I only have one hard drive in this configuration,
00:00
you only have one option.
00:00
In your scenario it might be
00:00
different and you might have different options,
00:00
but let's just click "Next" and continue.
00:00
Now, here's where we start
00:00
customizing our settings, right?
00:00
Now, if you remember closely,
00:00
let's look up our document,
00:00
PFSense has both a minimum and recommended
00:00
usage for both RAM, CPU, and storage.
00:00
In this case, even though it doesn't say so,
00:00
this will be one core at least for it.
00:00
One gigahertz of CPU,
00:00
one gigabyte of RAM, and eight gigs of
00:00
storage. Let's go back here.
00:00
Remember it's already at one gig CPU one core,
00:00
and you see they don't have gigahertz options.
00:00
Hard disk, it's A gig.
00:00
Basically, loaded the default
00:00
for us if you pay close attention.
00:00
Now here's where it gets a little bit tricky.
00:00
Basically, we want to make sure we select our ISO
00:00
in here in order to install PFSense. Let's select it.
00:00
You're presented with this where we basically
00:00
click "Upload" to select our image.
00:00
Right here, we can see where our information set.
00:00
We're going to pick the ISO right there.
00:00
It will be uploading it in a second.
00:00
You can see a little progress bar here on the right side.
00:00
Now, the upload is completed.
00:00
You can see our PFSense ISO over
00:00
here available for us to select.
00:00
Just click on it and click "Select".
00:00
Now, let's make sure the image is here,
00:00
get us our ISO file.
00:00
One CPU core, one gigaram,
00:00
it gives you storage and
00:00
everything else on default. Let's click "Next".
00:00
Here you have a summary of everything
00:00
before it starts configuring it.
00:00
Let's click "Finish" and see what happens.
00:00
Once completed, you will be
00:00
presented with the following screen,
00:00
which basically states copyrights
00:00
and this region notice about PFSense.
00:00
Set those terms. Now,
00:00
you're presented with three options and installation,
00:00
recovery, and recover from backup.
00:00
I want to put it that way. Let's go with installation.
00:00
Now, you're presented with
00:00
the default standard for US keyboard,
00:00
and if you want to continue with it
00:00
or switch to keyboard standard,
00:00
in our case, I will continue with
00:00
the default keyboard for the US keyboard map.
00:00
Now, in this scenario, it requests us
00:00
more information how you want to do this setup.
00:00
This case we'll continue with
00:00
the default auto option and hit "Okay" to continue,
00:00
and installation will start.
00:00
Now, as this is SSDs pretty fast installation
00:00
compared to your traditional drive.
00:00
However, be cautious.
00:00
Be aware that you've
00:00
got to wait for the full process to be completed.
00:00
There it is. Pretty fast as you saw.
00:00
Basically a new machine,
00:00
it's install finish before exiting
00:00
the solar system and
00:00
any final modification to
00:00
this case, we're going to say no.
00:00
Now we have to reboot the system. Let's reboot it.
00:00
Here you have the services,
00:00
turn it off basically for the system to restart.
00:00
Pretty fast reboot, in my opinion.
00:00
Here we have again,
00:00
the system, little by default.
00:00
As previously, it's loading
00:00
its services starting up its processes, etc.
00:00
Let's give it a minute.
00:00
Now. Basically it's asking if we
00:00
want to set up to VLANS,
00:00
you know VLANS need to be setup first.
00:00
If VLANS will not be used for
00:00
only optimal interfaces, if it's typical,
00:00
say no here,
00:00
and use the web configuration to
00:00
configure VLANS later if required, right?
00:00
Let's go back to our sheet,
00:00
and add a reminder.
00:00
Configure VLANS, it says in the web configurator.
00:00
>> The reason we don't want to configure those yet,
00:00
is because I can not want to have
00:00
the whole infrastructure installed
00:00
prior to start enabling disconnections.
00:00
I don't want to accidentally
00:00
>> break the Internet access at
00:00
>> home or anything like that. Let's hit "No".
00:00
Here we are. Let's say auto detection.
00:00
Press "Enter" to continue.
00:00
It says, basically no link is detected.
00:00
Basically this is based on
00:00
the configuration on the networking we saw earlier.
00:00
Let's take a look into that and fix it.
00:00
For our first one,
00:00
we got to add VMX0 to basically skip it,
00:00
and then we're going to do for
00:00
the LAN leave it blank and hit "Enter",
00:00
to basically symbolized you've finish.
00:00
Do you want to proceed?
00:00
Yes. The reason we're doing this,
00:00
is because our interface is virtual,
00:00
not-physical, therefore,
00:00
many installed tides that are out there
00:00
are going to be completely
00:00
different to what you're seeing today.
00:00
Here's configuring that one interface.
00:00
We can always come back and reconfigure
00:00
this if it's needed, so don't be scared.
00:00
Make sure you keep a screenshot of this,
00:00
and we're taking a snippet,
00:00
adding it to our Excel,
00:00
just to keep the data in there.
00:00
Let's hit "Save",
00:00
and let's go back to the dashboard.
00:00
Once you input that IP,
00:00
you would be presented with this,
00:00
and here's pfSense itself.
00:00
Congratulations, you have now installed pfSense.
00:00
Now, obviously you have to
00:00
check for the default credentials,
00:00
which in this case are; admin and pfSense.
00:00
Let's type them in,
00:00
and voila welcome to pfSense.
00:00
Here you have presented the warning to
00:00
change your password in the user manager.
00:00
It says, "Welcome to the wizard."
00:00
Here we'll start with the installation
00:00
it self, or continue.
00:00
In this case, since I'm
00:00
incognito mode, it gives me a warning.
00:00
Let's actually do this outside of incognito mode,
00:00
and here we are.
00:00
Again, CPU usage, memory usage,
00:00
you can see, it's not
00:00
using the full gig that we provided it.
00:00
It's only 12 percent of eight gigs we gave
00:00
them for our storage. So it looks pretty simple.
00:00
Let's start with password changing,
00:00
and if you recall correctly, system user manager.
00:00
Right here you can see the admin account.
00:00
Let's check it, select it here,
00:00
and lets changed the password real quick.
00:00
Type it twice, and then hit "Save".
00:00
In this case it's asking me to update it, I'll do it.
00:00
Now, one thing I'd like personally,
00:00
is not using the admin account itself.
00:00
So let's create another user account real quick.
00:00
In this case, let's call it khernandez.
00:00
Type in my password, no expiration,
00:00
I'm going to give it the same access as the other one.
00:00
Group membership, lets add them to admins,
00:00
and lets hit "Save" for a user, and there we go.
00:00
[LAUGHTER] As you can see,
00:00
you cannot delete the admin,
00:00
as you can delete the user we just created.
00:00
Here we have groups.
00:00
As you can see, there's admin group and all users.
00:00
You can add different groups as well,
00:00
and we'll go over those options as we
00:00
continue with the pfSense course.
00:00
Now you remember [inaudible] you
00:00
do have the firewall options here.
00:00
You do have over here your VPN settings,
00:00
IPsec, L2TP, open VPN,
00:00
and you do have other options as well right here.
00:00
I do recall correctly,
00:00
I set that the pfSense will be able to
00:00
achieve functions such as a proxy.
00:00
Now you don't see that option right here.
00:00
But if you go into the system package manager,
00:00
available packages.
00:00
It looks literally for squid.
00:00
You can find light squid here,
00:00
which you can install and configure.
00:00
We'll go over all these packages during
00:00
our configuration of the pfSense itself.
00:00
What did we learn today? We installed pfSense.
00:00
We basically look at its default features.
00:00
I was also able to show you the web proxy such as squid,
00:00
we saw squid lie, squid car,
00:00
and different features or functions that we were
00:00
mentioning right here in this tool,
00:00
that were able to be accomplished within
00:00
that next gen firewall right here.
00:00
Even though you can install squid in
00:00
CentOS or whatever feature you want to use,
00:00
as mentioned here, you can have it within pfSense itself.
00:00
Now, what will we do in our next lesson?
00:00
We're going to install IPFire.
00:00
Now, you might think, "Oh,
00:00
why install two firewalls,
00:00
will there be conflict?" There might be.
00:00
Now, the reason is, we want to install our features,
00:00
all the different applications
00:00
in there just so you can get
00:00
a feeling of what
00:00
you could then accomplish from your lab.
00:00
After we install all the applications,
00:00
all the different configuration installations,
00:00
then we'll pick those that
00:00
we will want to utilize for this course.
00:00
You as a person don't have to pick
00:00
the same ones we pick for the course.
00:00
However, you are more than
00:00
welcome to install whichever application you prefer.
00:00
Now, if you, for example,
00:00
use IPFire at work or
00:00
Untangle or you have prior experiences,
00:00
that might be your default
00:00
>> or primary next-gen firewall.
00:00
>> One thing to remember from
00:00
our video is that we did not configure
00:00
a virtual switchers and any of
00:00
those interfaces in this configuration installation.
00:00
We're basically just installing
00:00
the basic default in order to have the interface up.
00:00
In following videos,
00:00
>> we'll be installing and configuring everything
00:00
>> together from the virtual switch to
00:00
the pfSense to the switch that we have physically,
00:00
that we installed in our prior videos.
00:00
I hope to see you soon in our next video.
00:00
Have a great day.
Up Next