Best Practice pfSense Initial Setup w/Netgate 4100

preview_player
Показать описание
The Netgate 4100 running pfSense is an excellent router/firewall for business. We like using this device for our clients because of the port options as well as the fact that it's the first model of Netgate pfSense router that can do high availability (HA).

In this video we briefly discuss the Netgate 4100 and then dig into a best practice pfSense setup that is typical for businesses featuring a standard secure LAN, a guest network VLAN, and some firewall rules. Our resident pfSense expert, David Barger leads the way through this process - if you need networking assistance, make sure to contact Crosstalk Solutions!

Timecodes:

00:00 Intro
01:40 Netgate 4100 Overview
04:24 Initial Setup Wizard
10:34 Updating pfSense
15:23 Install and Update Packages
18:44 Netgate Cloud Backup setup
22:44 Add Guest Network VLAN/Subnet/DHCP
27:33 Set up Simple Firewall Rules
33:53 VoIP Considerations
------------------------

Follow me on Twitter: @crosstalksol

Connect with Chris:
Twitter: @CrosstalkSol
  1. Crosstalk Solutions
  2. pfsense
  3. crosstalk
  4. crosstalk solutions
  5. pfsense setup
  6. pfsense installation and configuration
Рекомендации по теме
Best Practice pfSense 0:37:33

Best Practice pfSense Initial Setup w/Netgate 4100

PfSense Setup and 0:19:24

PfSense Setup and Initial Configuration | Plus Quick Overview

Basic Setup and 0:17:27

Basic Setup and Configuring pfsense Firewall Rules For Home

How To Install 0:11:55

How To Install pfSense + Beginners Configuration Guide

pfSense Firewall (totally) 0:38:04

pfSense Firewall (totally) Rules! Basic rule setup...🤫

My pfSense Setup 0:31:49

My pfSense Setup - VLANs, VPN, Firewall, DHCP

pfSense Firewall - 3:35:47

pfSense Firewall - pfSense Administration Full Course

your home router 0:45:31

your home router SUCKS!! (use pfSense instead)

14 Essential Linux 0:53:21

14 Essential Linux Commands Every Troubleshooter Should Know

2020 Getting started 1:30:58

2020 Getting started with pfsense 2.4 Tutorial: Network Setup, VLANs, Features & Packages

Initial install and 0:09:09

Initial install and Setup of pfSense

pfsense setup 2023 0:02:17

pfsense setup 2023

8 Prepare and 0:27:52

8 Prepare and Install pfSense Initial Config

pfSense Firewall Rules 0:21:53

pfSense Firewall Rules That Make Sense (And How to Use Them)

Setting up VLANs 0:13:32

Setting up VLANs in pfSense

Easy VLAN Configuration 0:11:58

Easy VLAN Configuration in PFSense with DHCP, Firewall, and Switch Examples

Home Lab Network 0:18:29

Home Lab Network Security! - vlans, firewall, micro-segmentation

Building a Secured 0:07:34

Building a Secured HomeLab 3 - PFSense Initial Configuration

My first pfSense 0:23:51

My first pfSense setup, awesome opensource firewall!🔥

15 Setup pfSense 0:25:11

15 Setup pfSense Configure NAT Basics

Getting Started With 0:27:49

Getting Started With pfsense Firewall Rules and Troubleshooting States With pfTop.

Best Firewall for 0:10:36

Best Firewall for home security - Palo Alto PA 440 lab unit

pfSense - Basic 0:08:36

pfSense - Basic LAN Firewall Rules

How To Install 0:47:28

How To Install And Configure pfSense Firewall Pt1

Комментарии
Автор

This video is brilliant for new people like me that just discovered pfsense. Thank you very much

mfrmorais
Автор

Looks like Chris caught this in post: Note the message on the right side.
More information:
!RFC1918 is very different than RFC1918. That rule-set due to the "invert match" button being checked at timestamp 31:30 would only allow access to the Local Network. Guest Users would hit this rule the it would block all "not RFC1918" (i.e. "Internet") traffic. All RFC1918 traffic would be allowed by the "Allow All" rule next in the rule-set. Checking the invert match button was a mistake. I kept expecting Dave or Chris to see the error, thinking it was going to be a well executed "teachable moment." Either 1. change the rule to allow and remove the "Allow All" rule below it OR 2. uncheck the invert match button. Glad the mistake was caught in post though! Great video!

toodarkpark
Автор

I bought a Netgate SG-4860 several years ago and it has _never_ gone down. It's an absolute beast of an appliance for a (relatively) large home network like mine, with over 75 IPs spanning 4 LANs. Sure, it wasn't a very cheap solution, but not having to buy new hardware every 2 years is worth it, imo.

Sidenote: Nice Compaq "draggable" at 5:00. I had one of those 30y ago 😀

patrik
Автор

A small hint: it's good practice to reject packages instead of blocking them. Because if you block them, the session is kept open until the blocking timeout, whereas reject sends a reject package back immediately and closes the session.
Also, it is not necessary to set the DNS servers in the DHCP server as it takes the default servers set in the system page if they are to be used for the network too.

Cold-
Автор

Good video as a starter...JUST one of the MANY MANY reasons to never use Unifi as your router/firewall. This is a FABULOUS firewall router for the money. Hands down should be the go to choice for home, small & med size corporate environments not requiring overpriced Cisco, Palo Alto FWs. I've deployed lots and lots of this model and the older version of this model and also have it running in my home network. Only had 1 go down in 7 years, all others running 24-7 for years without a single issue. Netgate also offers less expensive versions with the SAME features...obviously capabilities are inline with the package.
I also add a firewall port alias that contains 22 & 443 to the admin. Then add a rule to block access to that alias, to ensure the guest network can not reach the firewall admin interface via SSH or 443.

TheRicosauve
Автор

Nice basic setup video. I'm certain I'll share this with folks on the forums quite often.

tornadotj
Автор

Beautiful use of that Compaq very first Mobile computer!

ghanus
Автор

There's no need to create a separate alias for RFC1918 most of the times. You can block those ranges directly from the Interface settings. There's a box called "Block private networks and loopback addresses" for that on the bottom of the page. I think David didn't mention it in the video.

ovecka
Автор

When i saw LastPass popup, the memories came back. Man, it changed how i think.

SijuCMathew
Автор

Awesome - please give us more wizard stuff from David!!

lord-baltimore
Автор

Great video! It will help lots of our customers.
We love Netgate pfSense devices so much that we became Netgate partner in the UK

itandgeneral
Автор

I'd love to see a video on how to pick the right Netgate appliance. Basically working through desired internet speed, snort and VPN impacts, ect.

AdamMuhle
Автор

Great video! Im going to watch this a few times when my netgate gets there.

scoty_does
Автор

this is a great video thanks a lot guys

babudon
Автор

Awesome video, especially for someone like me that wants to get started on pfsense. Thanks so much.

luckiweeman
Автор

Oops, you accidently checked Invert Match on your RFC 1918 rule. So the rule's logic is to block any traffic to NON RFC1918 alias addresses. You can see the exclamation point in front of your Alias in the rule list.

mw
Автор

On the guest interface I would just create the bottom rule as «Allow all exept rfc as destination», and above that rule «Allow udp connection dns to guest network address». The rule you created also exposes the web interface for pfsense to your guests.

ombratth
Автор

The network ports are all independent and are *NOT* switch ports. There is no switch backplane on the 4100 or 6100.

virtualguitars
Автор

Thanks for the vid, still playing with the thought of switching out my USG for PfSense… hmmm what to do…

madswilliam
Автор

Me skimming through the video be like “Yes!” “Yes!” “Yes!”

wins_lord