Every month, Netgate’s official pfSense documentation receives over 500,000 views, and helps thousands of users better secure their networks. From pfBlockerNG to IPv6 subnetting, keep reading to learn about the twelve most popular packages, configuration recipes, and networking topics of 2023.
Most Popular pfSense Package
This pfSense software package provides the ability to block advertisements and malicious content, as well as restrict access based on geographic location. pfBlockerNG extends the capabilities of pfSense to the DNS application layer, allowing pfSense to support DNS blackhole lists. By installing pfBlockerNG, you can not only block ads but also web tracking, malware and ransomware.
pfBlockerNG’s features include:
- Country_Block features
- IP_Blocklist features
- Dashboard widget
- XMLRPC Sync
- Dashboard widget with aliases applied and package hit
- Lists update frequency
- Many options to choose what to block and how to block
- Custom rules via network lists
Most Popular pfSense Software Configuration Recipes
pfSense is the kitchen sink of firewalls, so learning how to configure your firewall to perform a set of tasks specifically targeted to your network can be made easier by following these “how to” configuration recipes published in our online documentation:
Configuring Switches with VLANs
VLANs enable a switch to carry multiple discrete broadcast domains, allowing a single switch to function as if it were multiple switches. VLANs are commonly used for network segmentation in the same way that multiple switches can be used: to place hosts on a specific segment, isolated from other segments, etc.
This recipe shows you how to configure switches for use with VLANs. It offers generic guidance that will apply to most if not all 802.1Q capable switches, then covers configuration on specific switches from Cisco, HP, Netgear, and Dell.
Allowing Remote Access to the GUI
Several methods exist to remotely administer a firewall running pfSense software without opening the system up to external vulnerabilities. This recipe discusses the various methods and their uses, which may be available to you as the firewall administrator or not, based on client restrictions, corporate policies, etc. The safest way to allow remote access to the pfSense management GUI is to set up a VPN that will allow access to the firewall and the network it protects.
Virtualizing pfSense Software with VMware vSphere / ESXi
When you use a virtualized machine rather than a stand-alone appliance, you will still need a firewall to help protect your virtualized environment and any connected networks. Installing and setting up pfSense is straightforward and similar to setup on a physical machine. There are guides to virtualizing pfSense with VMware vSphere/ESXi, Hyper-V and Proxmox VE.
This particular recipe is about building a pfSense virtual machine on vSphere / ESXi. It explains how to install any major pfSense software version on VMware vSphere versions 5.x and 6.x. By following the steps provided, users will end up with a basic, working virtual machine running pfSense software.
IPsec Site-to-Site VPN Example with Pre-Shared Keys
A site-to-site IPsec tunnel interconnects two networks as if they were directly connected by a router. Systems at Site A can reach servers or other systems at Site B, and vice versa. This traffic may also be regulated via firewall rules, as with any other network interface. You can even build multiple site-to-site VPNs using IPsec tunnels with pfSense, or connect to your pfSense instances in the public cloud.
This pfSense software configuration recipe provides instructions on how to set up a site-to-site virtual private network tunnel using IPsec.
OpenVPN Remote Access Configuration Example
The OpenVPN wizard on pfSense software is a convenient way to set up a remote access VPN for mobile clients. The wizard configures all of the necessary prerequisites for an OpenVPN remote access server. At the end of the wizard, the firewall will have a fully functioning server ready to accept connections from users. The server configuration can then be altered as needed. This recipe provides a walkthrough of how to efficiently set up the OpenVPN wizard in pfSense.
Most Popular pfSense Software Network Topics
In addition to popular packages and recipes, there are several networking topics that are frequently referenced in the pfSense documentation. The most popular networking topics are:
Understanding CIDR Subnet Mask Notation
This section of the official pfSense documentation is a handy reference table to keep bookmarked. pfSense software uses CIDR (Classless Inter-Domain Routing) notation rather than the common subnet mask 255.x.x.x when configuring addresses and networks. You can refer to the CIDR Subnet Table to find the CIDR equivalent of a decimal subnet mask.
In addition to specifying subnet masks, CIDR can also be employed for IP or network summarization purposes. For example, the “number of /24 networks” column is useful. CIDR summarization can be used in several parts of the pfSense GUI, including firewall rules, NAT, virtual IPs, IPsec, and static routes.
If you’re new to IPv6 subnetting and want to get up to speed, this guide can help. IPv6 subnetting is easier than IPv4, but it’s also different. Want to divide or combine a subnet? All that is needed is to add or chop off digits and adjust the prefix length by a multiple of four. No longer is there a need to calculate subnet start/end addresses, usable addresses, the null route, or the broadcast address.
User Management and Authentication
The User Manager in pfSense software provides the ability to create and manage multiple user accounts. These accounts can be used to access the GUI, use VPN services like IPsec and OpenVPN, and use the Captive Portal. Click the link above to learn more about:
- Default username and password
- Managing local users
- Managing local groups
- Authentication servers
- Logging out of the GUI
Network Address Translation — Outbound NAT
Outbound NAT, also known as Source NAT, controls how pfSense software will translate the source address and ports of traffic leaving an interface. What this means is NAT allows the firewall to translate all of your local IP addresses (computer, phone, tablet, TV, IoT, etc.) to a public IP address. This section of the documentation provides information on how to configure outbound NAT, as well as guidance on working with outbound NAT rules.
Talk to Us
We hope this list of the top pfSense software topics was helpful to you! If you require assistance with pfSense software, our TAC team is at your service.
You can also talk to us at the Netgate Forum or tag us on Twitter to let us know what other top pfSense software features the community should know about.