10 Create a pfSense Firewall VM

Mathew J. Heath Van Horn, PhD

The software product pfSense is a popular open-source firewall used by small and mid-sized companies.  The software can run on hardware or a virtual machine.  It is based on Unix FreeBSD which differs from Linux.  This lab leads the learner to create a pfSense VM in VirtualBox.

Learning Objectives

  • Successfully download, install, and run pfSense in VirtualBox

Prerequisites

Deliverables

  • None – this is a preparatory lab that supports other labs in this book

Resources

Contributors and Testers

  • Jacob M. Christensen, Cybersecurity Student, ERAU-Prescott
  • Julian H. Romano, Cybersecurity Student, ERAU-Prescott
  • Evan Paddock, Cybersecurity Student, ERAU-Prescott
  • Dante Rocca, Cybersecurity Student, ERAU-Prescott

Phase I – Download pfSense

pfSense is an operating system (OS), like Windows, Linux, or MacOS.

  1. Download the installer for pfSense Community Edition

    NOTE: At the time this was written, Netgate made a surprising update that requires users to register for a new account and give up personal information just to download the Community Edition image of pfSense. For many, this compromise of privacy for the sake of corporate data harvesting is not worth this extra road block for learning. Therefore, we will provide two different methods for downloading pfSense.

    1. The “Official” Method: https://www.pfsense.org/download/

      NOTE: It is strongly advised to avoid using to real personally identifiable information (PII) for online accounts you’ll only use once. Companies get hacked all the time; the last thing you want is your name, physical address, and phone number leaked just because you wanted to mess around with firewalls! However, you are not restricted from using temporary emails, temporary phone numbers or false addresses when needed.

    2. The “Unofficial” Method (Recommended): https://www.pfsense.app/download/
      1. Select the following options from the associated drop-down menus (Figure 1)

        NOTE: This example uses CE version 2.7.2.

        1. Architecture: AMD64 (64-bit)
        2. Installer: DVD Image (ISO) Installer
      2. Click Download

        NOTE: At this point, a file named pfSense-CE-x.x.x-RELEASE-amd64.iso.gz should be downloaded by your browser. The .gz file extension stands for GNU Zip, which is an application commonly used for file compression.

  2. Navigate to the folder where you downloaded the ISO and decompress (unzip) it
    1. If you’re on Windows, use 7zip
    2. If you’re on Linux, use GNU unzip

      $ gunzip ~/Downloads/file-name.gz

  3. You should now see a file name pfSense-CE-x.x.x-RELEASE-amd64.iso in your Downloads directory

Phase II – Create a pfSense VM

Creating a pfSense VM is a pretty standard exercise.

  1. Start the Oracle VM VirtualBox Manager application

    NOTE: This example uses VirtualBox GUI Version 6.1.X in the following steps. While your version may vary in organization and layout, the fundamental process should remain the same.

    virtualbox
    Figure 2 – VirtualBox Manager
  2. At the top of the dashboard, select New
    virtualbox
    Figure 3 – Create a new VM
  3. A new sub-menu called Create Virtual Machine should appear (Figure 4)
    1. Fill in the following information:
      Option Recommended Value Description
      Name pfSense-Firewall Custom name of the Virtual Machine. Can be anything, but should probably be somewhat descriptive to differentiate from other VMs.
      Machine Folder <Leave as default path> The directory in which to store all files related to VM creation.
      Type BSD Selects the generic operating system of the VM such as Windows, Linux, or Mac OS.
      Version FreeBSD (64-bit) Specifies the specific sub-category of the selected OS and whether it will use a 32bit or 64bit processor.
      Memory size 1024 MB (1 GB) Determines how much RAM to allocate to the VM.
      Hard disk Create a virtual hard disk now Determines whether or not to allocate physical storage to act as a hard disk or to use an existing virtual hard disk file.
    2. Select Create
  4. A new sub-menu called Create Virtual Hard Disk should appear (Figure 5)
    1. Fill in the following information:
      Option Recommended Value Description
      File location <Leave as default path> The directory in which to save the virtual hard disk. This will often be the same directory as the Machine Folder path.
      File size 8 GB Determines the size of the virtual hard disk. The minimum requirements for pfSense is 8 GB.
      Hard disk file type VDI (VirtualBox Disk Image) Selects the type of virtual hard disk to create.
      Storage on physical hard disk Dynamically allocated Selects whether to allocate physical hard disk space as needed (dynamically), or all at once (fixed). Choosing fixed will may result in slightly better performance at the cost of a higher storage footprint that will potentially go unused.
    2. Select Create
  5. This will create a new virtual machine in your VM list
    virtualbox
    Figure 6 – pfSense created in VM list

Phase III – Configure VM settings for the pfSense Server

Depending on your existing VirtualBox configuration, some configurations may already be applied.

  1. Select (highlight) the pfSense-Firewall VM and then click Settings
    virtualbox
    Figure 7 – Modify VM settings
  2. A new sub-menu called pfSense-Firewall – Settings should appear
    virtualbox
    Figure 8 – Settings menu
  3. Modify the System settings to make booting off the virtual hard disk highest priority (Figure 9)
    1. On the left-side menu, select System
    2. Under Boot Order, highlight Hard Disk and click on the UP arrow until it’s at the top of the list
      virtualbox
      Figure 10 – Boot order menu
  4. Modify the Storage settings to add the pfSense ISO installer (Figure 11)
    1. On the left-side menu, select Storage
    2. Under Storage Devices, select Controller: IDE
      1. Select the small icon labeled Add optical drive virtualbox
    3. A new sub-menu called pfSense-Firewall – Optical Disk Selector should appear (Figure 12)
      1. Select Add Disk Image

        virtualbox
        Figure 13 – Add new installation image
      2. Navigate to the location where you unzipped the pfSense ISO installer and click Open
      3. Ensure that the .iso file is highlighted and click Choose (Figure 14)
    4. You should now see the pfSense installer in the list of Storage Devices
      virtualbox
      Figure 15 – Storage device list
  5. Modify the Network settings to give the VM internet connectivity (Figure 16)
    1. On the left-side menu, select Network
    2. Click the Adapter 1 tab
    3. Ensure that Enable Network Adapter is selected
    4. Attached to: NAT
  6. Click on OK to save the new configuration settings

Phase IV – Installing the pfSense VM to the Virtual Hard Disk

Launch the pfSense VM like any other virtual machine.

  1. Start the pfSense-Firewall virtual machine
    virtualbox
    Figure 17 – Start the virtual machine
  2. Select the DVD Image files to begin the installation sequence then press Start
    pfsense
    Figure 18 – Choose boot medium
  3. Follow the installation guide to install pfSense to the VDI

    NOTE: Place your mouse inside the VM and left-click to make the VM active. To navigate out of the VM, press the Right-Ctrl key on the keyboard.

    1. Press Enter to accept the Copyright and distribution notice (Figure 19)
    2. Use the arrow keys to highlight Install and then tab to select OK and press Enter (Figure 20)
    3. Use the arrow keys to highlight Auto (ZFS) and then tab to select OK and press Enter (Figure 21)
    4. Use the arrow keys to highlight >>> Install and then tab to select Select and press Enter (Figure 22)
    5. Use the arrow keys to highlight stripe and then tab to select OK and press Enter (Figure 23)
    6. Use the spacebar to select ada0 and then tab to select OK and press Enter (Figure 24)

      NOTE: You’ll know it’s selected when you see an asterisk (*) next to the disk name.

    7. Use the tab key to select YES  to overwrite all data and press Enter (Figure 25)
  4. When installation is finished, use the tab key to select Reboot and press Enter
    pfsense
    Figure 26 – Reboot after installation
  5. Wait a minute for the machine to reboot
    Sleeping 0
    Figure Zzzzzz
  6. Once the machine has booted from disk, you will be prompted for some post-installation configuration settings

    NOTE: You may have to press Enter for the menu to appear.

    pfsense
    Figure 27 – Interface configuration settings
    1. When prompted for the WAN interface name type em0 (Figure 28)
    2. When prompted for the LAN interface name, type nothing (press Enter) (Figure 29)
    3. Type y when asked to proceed (Figure 30)
  7. You should now see the main menu for pfSense!
    pfsense
    Figure 31 – pfSense console menu
  8. Now pfSense is installed, we can remove the DVD installer image from the VM’s virtual disk drive
    1. Type 6 and press Enter in the pfSense console menu to gracefully shutdown the device
    2. Type y and press Enter to proceed
    3. Navigate back to the VirtualBox dashboard
    4. Highlight the VM, click Settings, then Storage
    5. Under Storage Devices, select the ISO file (Figure 32)
    6. Near the bottom of the window, click Remove selected storage attachment virtualbox

      NOTE: Sometimes two copies of the ISO file appear. Remove them both.

    7. Click OK to save your settings
  9. Your pfSense firewall VM is now successfully built if it boots again to the main console menu!
End of Lab
List of Figures for Print Copy
website download
Figure 1 – Download pfSense installer
Figure 4 – Create a new virtual machine
virtualbox
Figure 5 – Create a new virtual hard disk
virtualbox
Figure 9 – Configured boot order settings
virtualbox
Figure 11 – Configured storage device settings
virtualbox
Figure 12 – Optical disk selector
virtualbox
Figure 14 – Add installer to storage devices
virtualbox
Figure 16 – Configured network settings
pfsense
Figure 19 – Copyright and distribution notice
pfsense
Figure 20 – Begin pfSense installation process
pfsense
Figure 21 – Disk partitioning
pfsense
Figure 22 – Proceed with installation
pfsense
Figure 23 – Redundancy configuration
pfsense
Figure 24 – Select disk to install pfSense
pfsense
Figure 25 – Overwrite disk
pfsense
Figure 28 – Configure WAN interface
pfsense
Figure 29 – Configure LAN interface
pfsense
Figure 30 – Confirm settings
virtualbox
Figure 32 – Select device to remove

License

Icon for the Creative Commons Attribution 4.0 International License

Mastering Enterprise Networks Copyright © 2024 by Mathew J. Heath Van Horn is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book