{"id":5494,"date":"2020-04-19T11:35:26","date_gmt":"2020-04-19T08:35:26","guid":{"rendered":"https:\/\/kifarunix.com\/?p=5494"},"modified":"2024-03-14T20:18:03","modified_gmt":"2024-03-14T17:18:03","slug":"install-pfsense-firewall-on-kvm","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-pfsense-firewall-on-kvm\/","title":{"rendered":"Install pfSense Firewall on KVM"},"content":{"rendered":"\n<p>In this guide, we are going to learn how to install pfSense firewall on KVM. pfSense&nbsp;is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN and many more features that are comprehensively described on <a href=\"https:\/\/www.netgate.com\/solutions\/pfsense\/features.html\" target=\"_blank\" rel=\"noreferrer noopener\">pfSense features page<\/a>.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#installing-pf-sense-firewall-on-kvm\">Installing pfSense Firewall on KVM<\/a><ul><li><a href=\"#download-pf-sense-installation-iso-file\">Download pfSense installation ISO file<\/a><\/li><li><a href=\"#verify-integrity-of-downloaded-pf-sense-iso-file\">Verify Integrity of downloaded pfSense ISO file<\/a><\/li><li><a href=\"#install-pf-sense-on-kvm\">Install pfSense on KVM<\/a><\/li><li><a href=\"#access-pf-sense-via-ssh\">Access pfSense via SSH<\/a><\/li><li><a href=\"#access-pf-sense-web-interface\">Access pfSense Web Interface<\/a><\/li><li><a href=\"#related-tutorials\">Related Tutorials<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"installing-pf-sense-firewall-on-kvm\">Installing pfSense Firewall on KVM<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"download-pf-sense-installation-iso-file\">Download pfSense installation ISO file<\/h3>\n\n\n\n<p>Navigate to <a href=\"https:\/\/www.pfsense.org\/download\/\" target=\"_blank\" rel=\"noreferrer noopener\">pfSense iso downloads page<\/a> and grab the latest installation iso file. Obtain the download link and pull the iso archive using wget command or any other download tool of your choice.<\/p>\n\n\n\n<p>Replace the value of VER variable below with the current version of pfSense;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>VER=2.7.0<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">wget -c https:\/\/atxfiles.netgate.com\/mirror\/downloads\/pfSense-CE-${VER}-RELEASE-amd64.iso.gz<\/pre>\n\n\n\n<p>Also download the checksum file to verify the integrity of the downloaded iso file above.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">wget https:\/\/atxfiles.netgate.com\/mirror\/downloads\/pfSense-CE-${VER}-RELEASE-amd64.iso.gz.sha256<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"verify-integrity-of-downloaded-pf-sense-iso-file\">Verify Integrity of downloaded pfSense ISO file<\/h3>\n\n\n\n<p>To ensure that the downloaded ISO file is not broken\/damaged in some way, calculate the SHA256 hash of the file and compare the resulting hash with value contained in the checksum file downloaded.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sha256sum pfSense-CE-${VER}-RELEASE-amd64.iso.gz<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">98a14db2746327ab4665610679c9ed7a78091687ee3097036ee9090ee8e33470 pfSense-CE-2.7.0-RELEASE-amd64.iso.gz<\/pre>\n\n\n\n<p>To display the contents of the hash file;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">cat pfSense-CE-2.7.0-RELEASE-amd64.iso.gz.sha256<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">SHA256 (pfSense-CE-2.7.0-RELEASE-amd64.iso.gz) = 98a14db2746327ab4665610679c9ed7a78091687ee3097036ee9090ee8e33470<\/pre>\n\n\n\n<p>Once you have verified that the integrity of the archive file is okay, proceed to extract the iso file. pfSense iso archive file is created using the gzip tool and can be extracted using the gunzip command;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">gunzip pfSense-CE-${VER}-RELEASE-amd64.iso.gz<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-pf-sense-on-kvm\">Install pfSense on KVM<\/h3>\n\n\n\n<p>You can choose to create the virtual machine using the virt-manager or simply create and start the vm install from the command line. In this demo, we chose the later.<\/p>\n\n\n\n<p>Therefore, create pfSense virtual disk, say of 10G. Replace the paths accordingly.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">qemu-img create -f qcow2 \/media\/kifarunix\/vol01\/kvm\/pfsense.qcow2 10G<\/pre>\n\n\n\n<p>Launch the installation of pfSense on KVM. Change the vm settings to suite your needs.<\/p>\n\n\n\n<p>List OS variants;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>virt-install --os-variant list<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">virt-install --virt-type kvm \\\n--name pfsense --ram 2048 --vcpus 2 \\\n--cdrom=\/media\/kifarunix\/vol02\/iso\/pfSense-CE-2.7.0-RELEASE-amd64.iso \\\n--disk \/media\/kifarunix\/vol01\/kvm\/pfsense.qcow2,bus=virtio,size=10,format=qcow2 \\\n--network default \\\n--network bridge=virbr1 \\\n--graphics vnc,listen=0.0.0.0 --noautoconsole \\\n--os-variant=freebsd13.1<\/pre>\n\n\n\n<p>Note that you need to have the bridge interface created prior to assigning it to a vm.<\/p>\n\n\n\n<p>Press ENTER to launch the installation of pfSense on KVM.<\/p>\n\n\n\n<p>After that, connect to the virt-manager console to complete the installation.<\/p>\n\n\n\n<p>To connect to virt-manager, simply run;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>virt-manager<\/code><\/pre>\n\n\n\n<p>Otherwise, you can connect to pfSense domain console by running;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>virt-viewer -c qemu:\/\/\/system pfsense<\/code><\/pre>\n\n\n\n<p>Once the pfSense installer runs, it will prompt you to accept the copyright and distribution notice. Accept the notice to proceed with installation.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"721\" height=\"402\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/04\/distribution-notice.png\" alt=\"\" class=\"wp-image-5498\" title=\"\"><\/figure>\n\n\n\n<p>Select Install to install pfSense to KVM<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"718\" height=\"401\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/04\/install.png\" alt=\"\" class=\"wp-image-5499\" title=\"\"><\/figure>\n\n\n\n<p>Click Ok to continue. Accept the default keymap settings<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"705\" height=\"375\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/04\/keymap.png\" alt=\"\" class=\"wp-image-5500\" title=\"\"><\/figure>\n\n\n\n<p>On disk partitioning, select Auto (UFS) Guided Disk Setup or any option of your choice.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"711\" height=\"392\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/04\/partitioning.png\" alt=\"\" class=\"wp-image-5501\" title=\"\"><\/figure>\n\n\n\n<p>The installation then begins and when it completes, you should see such a screen;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"703\" height=\"393\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/04\/manual-config.png\" alt=\"\" class=\"wp-image-5502\" title=\"\"><\/figure>\n\n\n\n<p>If you need to do any further manual configs, select Yes. Otherwise select No and proceed.<\/p>\n\n\n\n<p>Reboot the pfSense virtual machine.<\/p>\n\n\n\n<p>When it reboots, you are prompted configure VLANs, set the WAN and LAN interface. Enter your appropriate settings.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"708\" height=\"411\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/04\/wanlan.png\" alt=\"\" class=\"wp-image-5504\" title=\"\"><\/figure>\n\n\n\n<p>When the pfSense virtual machine boots completely, such a screen welcomes you;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"662\" height=\"377\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/04\/pfsense.png\" alt=\"Install pfSense Firewall on KVM\" class=\"wp-image-5505\" title=\"\"><\/figure>\n\n\n\n<p>If you noticed, the WAN interface is assigned dynamic IP addresses. If you need to set static IP addresses, simply select option 2, <strong>Set Interface(s) IP Addresses<\/strong>. For example, to set static IP address for WAN interface;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"656\" height=\"404\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/04\/static-wan.png\" alt=\"\" class=\"wp-image-5506\" title=\"\"><\/figure>\n\n\n\n<p>You should now have a static WAN interface IP address.<\/p>\n\n\n\n<p>Similarly, set the appropriate IP address for your LAN interface. This is the IP addresses with which you access pfSense from web.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"716\" height=\"306\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/04\/static-ip-1.png\" alt=\"\" class=\"wp-image-5508\" title=\"\"><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"access-pf-sense-via-ssh\">Access pfSense via SSH<\/h3>\n\n\n\n<p>By default, SSH is disabled on pfSense. To enable SSH logins, select option 14, <strong>Enable Secure Shell (sshd)<\/strong>.<\/p>\n\n\n\n<p>You can then access it using the assigned LAN IP address. Use the default credentials:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>username: <strong>admin<\/strong>\npassword: <strong>pfsense<\/strong><\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ssh admin@LAN_IP<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"access-pf-sense-web-interface\">Access pfSense Web Interface<\/h3>\n\n\n\n<p>You can now access pfSense from web using the LAN IP address. pfSense uses self signed SSL certs and hence, you can access using the address, <strong><code>https:\/\/LAN_IP<\/code><\/strong>.<\/p>\n\n\n\n<p>Note that pfSense uses same credentials to access the WebGUI and also SSH services Hence, login using the same credentials above.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1232\" height=\"665\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/04\/web-interface.png\" alt=\"\" class=\"wp-image-5509\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/04\/web-interface.png?v=1587284817 1232w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/04\/web-interface-768x415.png?v=1587284817 768w\" sizes=\"(max-width: 1232px) 100vw, 1232px\" \/><\/figure>\n\n\n\n<p>Upon successful authentication, you are welcomed by pfSense setup wizard.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1168\" height=\"538\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/04\/pfsensesetup.png\" alt=\"\" class=\"wp-image-5510\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/04\/pfsensesetup.png?v=1587284833 1168w, https:\/\/kifarunix.com\/wp-content\/uploads\/2020\/04\/pfsensesetup-768x354.png?v=1587284833 768w\" sizes=\"(max-width: 1168px) 100vw, 1168px\" \/><\/figure>\n\n\n\n<p>You can reset the admin password by clicking, <strong>Change the password in the User Manager<\/strong> or you can do the reset from the backend shell by selecting option 3, <strong>Reset webConfigurator password<\/strong>.<\/p>\n\n\n\n<p>Go through the setup wizard to setup your pfSense firewall.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"related-tutorials\">Related Tutorials<\/h3>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/how-to-install-opnsense-on-virtualbox\/\" target=\"_blank\">How to Install OPNsense on VirtualBox<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-reset-or-recover-root-password-on-opnsense\/\" target=\"_blank\" rel=\"noreferrer noopener\">How To Reset Or Recover Root Password On OPNsense<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/how-to-enable-secure-shell-ssh-server-on-opnsense\/\" target=\"_blank\">How to enable Secure Shell (SSH) server on OPNsense<\/a><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/kifarunix.com\/monitor-squid-access-logs-with-graylog-server\/\" target=\"_blank\">Monitor Squid Access Logs with Graylog Server<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this guide, we are going to learn how to install pfSense firewall on KVM. pfSense&nbsp;is a free and open source firewall and router that<\/p>\n","protected":false},"author":1,"featured_media":17690,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,44,1454,34],"tags":[1459,1456,1457,1455],"class_list":["post-5494","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-firewall","category-pfsense","category-security","tag-install-pfsense-firewall","tag-install-pfsense-kvm","tag-pfsense-firewall","tag-pfsense-firewall-kvm","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/5494"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=5494"}],"version-history":[{"count":7,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/5494\/revisions"}],"predecessor-version":[{"id":21369,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/5494\/revisions\/21369"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/17690"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=5494"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=5494"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=5494"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}