After installing pfSense, there are some options of which it is important to know that you have them available both before you actually start using pfSense and for everyday use of pfSense. In this article, we'll go through the most important ones.
VPN
By using a VPN server, you can, for example, restrict access to your pfSense firewall's Web GUI to the IPs of your VPN network. Setting up a VPN server is a more extensive topic and we cover it in this tutorial.
WebGUI IP Restriction
When you install pfSense and choose to configure both a WAN and LAN interface, the web interface can only be accessed via a browser from the local network. If you have adjusted this and make the pfSense web interface publicly available, then restrict access to your own IP addresses by creating a firewall rule where you only allow your own IP addresses access to port 443.
Monitoring
You can monitor all aspects of your pfSense firewall, but in most cases there are two that are the most important:
-
Traphic graph: Found under status > traphic graph. This tool is especially useful to quickly see how much incoming and outgoing traffic is processed through your pfSense firewall and from which IP address that traffic comes. This way you can see at a glance whether you may be affected by a DDoS attack.
-
System logs: Probably the most important monitoring tool can be found under 'Status' > 'System logs'. Here you will find logs from all important aspects of your server, such as system, dhcp and firewall logs. In the screenshot below you can see an example of the overview of the firewall logs. As you can see, a variety of IP addresses and ports are constantly trying to attack the firewall. This is (unfortunately) normal for all online systems. These are not targeted attacks, but automatic bots that scour the internet for vulnerable protocols.
The log files are sorted from oldest to newest by default. This is not always desirable and you can adjust it by checking the 'Forward/Reverse Display' option under 'Status' > 'System logs' > 'Settings' and clicking 'Save' at the bottom of the page.
An equally useful option on the same Settings page is the option to enable remote logging. By default, pfSense keeps a limited set of log files. This limitation does not apply to remote logging and thus gives you the opportunity to keep a log file over a much longer period of time. You are free to adjust the options as you wish. The most important thing is that the server to which you write the logs can actually be reached via the specified IP address and port number.
Updating your firewall
Updates are not automatically applied, but can be found (if present) under the dashboard (which you see when you log in to the webGUI or via 'Status' > 'Dashboard'), see the example below. Click the download icon:
Click 'Confirm' to give permission to update your pfSense firewall. It is advisable to do this outside office hours so that in case of problems you can fall back on a backup of your server without too much impact on your users.