pfSense is one of the most popular firewalls for enterprise through home use cases. The Community Edition can be installed in a VM or a physical computer.
pfSense is a firewall/router computer software distribution based on FreeBSD. The open source pfSense Community Edition (CE) and pfSense Plus is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network. It can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage.
I am going to walk you through on how to install pfSense as a VM with two NICs and a workstation OS on an isolated network.
- In Proxmox, one bridge aka switch is created by default: vmbr0. This switch is bound to a physical ethernet port. Since we want to establish a new network with no connection to the outside world, we will need to click on the PVE host and select System -> Network. Click on Create and “Linux Bridge”. Name it something like vmbr1 abd supply the IPv4 CIDR setting like 10.10.10.0/24. Click on OK then “Apply Configuration”.
- Create a VM for pfSense using vmbr0. 32 GB or disk space and 2-4 GB of memory is plenty. Once the VM is created (do not start it) and you have saved it, select the VM and click on Hardware. Add a Network device and select vmbr1 which is the isolated bridge/switch. Press Add.
- Add a TPM state device to the pfSense VM.
- Now you can run the VM which will start the first step in the pfSense installation. It will ask you to reboot and afterwards will start step two. Do not use VLANs unless you really need it. For the WAN port use vtnet0. For the LAN port (inside connection) select vtnet1.
- Select “Set IP addresses. Set WAN to DHCP or a fixed IP address like 192.168.1.###. Set LAN to static to something like 10.10.10.1. Enable DHCP for the LAN port.
- Now install a graphical workstation VM like Windows or Linux using vmbr1. Have it use DHCP.
- Once the workstation OS is installed, open a browser to 10.10.10.1. The pfSense login page should show. The default username is admin and the password is pfSense.
Configuring pfSense is a subject for another posting.
NOTE: If your WAN interface uses a private (non-routing) address, you will need to uncheck the following settings at the bottom of the Interface / WAN page.