Pfsense AD Authentication | Juan Jose Perez Figuereo | Skillshare

Playback Speed

  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x

Pfsense AD Authentication

teacher avatar Juan Jose Perez Figuereo

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Lessons in This Class

4 Lessons (24m)
    • 1. Downloading and install pfsense 2

    • 2. Installing pfsense

    • 3. Initial Configuration

    • 4. Creating Rules for Wan Access

  • --
  • Beginner level
  • Intermediate level
  • Advanced level
  • All levels
  • Beg/Int level
  • Int/Adv level

Community Generated

The level is determined by a majority opinion of students who have reviewed this class. The teacher's recommendation is shown until at least 5 student responses are collected.





About This Class

This course is designed to teach you how to install and configure pfsense and authentication with Active Directory with Windows Server 2016, using Squid, and squidguard.

We will also see pfblocker installation and DNSL configuration with Shalla List.

Meet Your Teacher

Class Ratings

Expectations Met?
  • Exceeded!
  • Yes
  • Somewhat
  • Not really
Reviews Archive

In October 2018, we updated our review system to improve the way we collect feedback. Below are the reviews written before that update.

Why Join Skillshare?

Take award-winning Skillshare Original Classes

Each class has short lessons, hands-on projects

Your membership supports Skillshare teachers

Learn From Anywhere

Take classes on the go with the Skillshare app. Stream or download to watch on the plane, the subway, or wherever you learn best.


1. Downloading and install pfsense 2: in this video we will download and still keep sense for this will go straight to our browser of choice in our browser. Let's write the word Pierre Sense and presenter, and we'll get to PF's to the pay of sense official site. Once there has goto the download section, and so let the architecture in. My case is a MD 64 bits in the type of installation for this course will select the Isil image. After selecting it, we can click on download on the download button. This download could take minutes, depending on your Internet bandwidth. I have already downloaded the ISO image for the PF since installation, so I'm gonna go ahead and cancel this download and minimize the browser so you can all see that on my desktop. Already got the eyes so image for PF sense installation. Now let's go ahead and create a new a new virtual machine on visual box selects click on it and go to new here. We'll just give the virtual machine a name for the sake of this demo has used the initials F W for firewall. We can change the place where the V M ISS stored by clicking here that's changed the type A select ah Lennox and under, let's select the 64 bit and click Next here we can select how much Ram we wanna allocate. For the sake of this demo, I'll select UH, 13 96 megabytes around which is roughly three gigs of RAM. Depending on the amount of RAM that you have on your computer, it's, Ah, best practice not to use more than 50% of your total amount of RAM available. That's create on next and create a new virtual disk by default. The selected option is to create a new virtual disk default VD i dis format used by virtual box and X click on Next and s keep. It is a dynamically allocated disk, meaning that the amount of space used for our disk will be set up parts needed. So if my P accents box takes two gigabytes of space, that's all that the visual this is going to take mystical Next. Here you can choose the size of the disc. Let's leave it at a gigabytes, and it's click on Create. Once our B M is created will adjust some of the settings that's right click on it. That's select settings and in setting Let's Go toe network under the first adapter, which is the one enabled by default. Let's Jinya to breach mode, since this adaptor will be our bridge to the Internet, that is to say that this is our one interface. It's ah, this interface. It's linked to my wireless adopter by default. Since my computers connected through life, I let's ah, taken adopter by clicking on enabled and let's set it up as an internal internal mold. Let's keep the default name, since this adaptor will be for filtering and settings on our local submit, that is Ah, for our endpoints are using Let's go straight to storage and under storage. That's leak on this disc, this disco, which represents the optical drive. But since we've already got a previously downloaded PF sends isil image that selected icon on the right part and click and select the disc and we can browse for her, we've saved RPF sense image for the sake of this demo is on my desktop. As you can see, it's not showing up, so we'll select to CEO files insiders this part in also like PF sense. As you can see, you can see it's throwing an ever. This is because the installation file we've downloaded from PS sense it's not on not in I a so format. My rather is a compressed file. It's just click on it, Okay, for now, let's go to our eyes So image and right click and select extract extract here. Once we do this, we'll see. Ah, new file. The file is the actual PF sense image. Head over to cultural box and select our disk on Bravo's Once Again. And as you can see, the Isil image shows up without a hitch. Now we can click and select open and okay, having done this, we've already downloaded and prepare the virtual machine for PF Sense box. On the next video, we'll go right on to the installation of p of Sense and assigned the interfaces to our firewall. So you in the next video 2. Installing pfsense: greetings once again in the previous video, We don't know it and created our virtual machine. This time we'll start the installation process for this will simply power out our previously created VM by clicking on the start button, and we just have to wait a little As we fire up our PF sense installation. We see it as the menu is displayed, and if we click on the VM window will get a warning from Virtual Box, letting us know that the Miles Pointer is gonna be captured. There's just select yes and wait a bit. That's the necessary files were loaded to start out the PF sense installation. This process could take some time, depending on how much RAM was allocated and the performance of your computer. Since we're loading the installation from a disk image is you usually faster than from a physical installation disk? Here we get the welcome screen and he shows us the license for our PF sense, which is solely and non commercial, like a license. Let's click on a set and we get on to the option to install also start our Recovery council or recover from on an XML file. But Because this is a new installation. Let's just select the option to install by hitting Enter on your keyboard. Here we get some options for the keyboard, among other options. Just keep the default default one and press enter. That's also select to use that this face in guiding mode. Therefore, we're not going to set up the partition type manually. Let's just leave everything as it is. Let's hit Enter. We can see the verification process and now it's extracting the files needed to start the installation onto our virtual disk. Let's just wait a bit. Good is showing right away that the installation has already finished, and right after that we get out of the installer. The ideal thing is to open up a new council to check some of the settings. It's just hit. No, and select to reboot are PF Sense box to start the initial set up menu of R P F Sense, which starts right up showing the council configuration menu. Therefore, the four settings are gonna be don't directly from the PF sends council and then right after that, once we have the operating stall, no local area part of topology, we start setting the the environment through the graphical user interface. Let's wait as the files of are already installed. This start loading up. Now it's just starting pf sense for the first time. As we can see, it's loading and we can see that he has taken us back to the part of the distribution. It's just canceled is because we have not amounted the PS Sense installation disk. Let's hit close in power off the VM and release that the the disc for that we have to do is right. Click on our VM click settings, goto the storage tab and ones there. We go to this side and remove the disk image. Let's click OK and once removed. Click on Start away for a moment as the VM starts up. Once again, it's processing, and we can see the manual over again of our PF PF sense box. Now we're straight, uh, from our virtual disk. We can close the two warnings. We get up here and let's wait for a moment while the controllers and settings are loaded up good. Once the necessary files are loaded up we see is that were assigned the I P addresses automatically on both interfaces. The interface is we've set up. It's the one in the end of that apology was assigned the I P 1 92.16 dot 1.1 32 and the 2nd 1 which is the internal Other space for a land has won 92 about 1 68 that one that one. If we want to have access toward PF sense, then we have to place the computer on the local end of the of the set up. Be a sense, since we don't have any computer within that network, let's just try toe access through the one. In order to achieve this that started over head over to appear sense. Uh, show for that will select number eight and press Enter an issue the following command pf control pf CTL Minuses d This will disabled the firewall momentarily, which will allow us to have access through the one network. Let's open up a browser here, and that's input external I p of our PX Sense box, which is 1 90 to 1 72.16 That one that 1 32 and press enter. We directed automatically Tour PF sends welcome screen the default usar impasse free. I mean, pf sense and press enter here were welcomed into the set up wizard from the graphical user interface. That's all for this video. See you in the next video. 3. Initial Configuration: hello and welcome back to this new video. In the previous videos, we created a virtual machine and install PF sense, but we're not done setting it up yet. Remember that we get to pee of sense through the I p 1 72 the 16.1 dot 1 32 which is the one in their face that is currently assigned Torpy of Sense. For this, we had to run the command p f c t l minus D to disable the firewall momentarily. Since we don't have any holes running in the internal network part of PS since let's law back. Back in talking to p of sense, remember that the default user is admin and the default pass route. It's PF sense, then just press enter and he takes us to the welcome screen here. We click on next, and it gives us a short overview of the global support that PF sends has. We'll click on next, and here it's asking for a name or host name will leave the default off PF sense it Also ask us for the domain which will cheer. It's asking for the primary and secondary Deanna's we can use the DNS servers provided by I SP or one from some other company. In my case, I will use Google's free DNS eight that eight that eight. That eight in eight. That eight. That four. That four respect will click next. This area here is for time server. This is in case Ah, we have, ah, time server that we want to set up in a particular way in RPF sense. But we can leave the one that comes with with that as the default one. And make sure we are in the time zone indicated here. This prevents that if we do some blocking based on time, that there's no difference between the time that PF sense has and the one care only used by other servers. Ah, then we'll click all next and hear Alaska's for information about the one interface. If you remember when we install PF sense, it was automatically assigned the I p address. 1 72 That 16 That one That 1 32 This I p address was assigned through the HDP the the HDP that is running on my router here. We're going to change this for static I p. It's always a good practice to always have firewalls or any other servers that were running with a static I. P. This is to prevent that in case that we have to restart for any planned downtime or if we have to do update that it won't lose the I P address. And then what could happen is that it's assigned to another holds. And this could cause a lot of problems in our network will place the I. P address here in this case will use the same one that was a sign, automatically, which she is 1 72 That 1 16 That 1 32 will change the subject mask for a 24 bit something it mast. And we're gonna going to place the default gateway as 1 72 of the 16.1 dot to 74 to 54 which is the one that my router has. Let's move on to the bottom Here we have other settings, such as P p o e p, p T. P. And here, where it says our request for common. We're going toe one. Check this. If you remember, when we created the virtual machine, we added a second network hard. That's the one that we're going to use for the default land interface of pf sense with the I P address 1 92 That 1 68 That one. That one with a something. A mask of 24. 24 bit. We will leaving us it ISS and will click on next. And here it will request for the administrator password. It is always advisable to change this password and use one over choosing to mitigate attacks. Clicker next. And he tells us that is going to reload the configuration of PF Sense one. This is done. Pf sense were applied The changes we have made internally since we're connected Topi of sense through the i p 1 72 that 16 that one that 1 32 which belongs to the one interface by ah, and by default pf sense blocks connections to the one interface. Um and that is the reason why we had to run the command. PFC TL minus D to the several. The firewall. Ah, it is very likely that once we click it ah that the connection is going to drop. Therefore, we have to go back to the Council and run the commander game. We're going to the p of sense. Ah, council here and run the commander gain to disable the firewall. If we return to Ah, it'll take us back to the window we see here and it gives us a welcome screen telling us that is actually a warning, telling us that we can't distribute. We suffer commercially, we're going to click on accept and here with were presented with PF Sense main window Here we have the host name, which is in this case is the Usher Shader with a local domain. We have the user that is currently logged in at the moment which is admin the the I. P address of our server and the authentication type which in this case is local. We're not using active directory yet or anything else, but rather the local one off PF sense we have the system that is currently ah, virtual machine. We have the bias of the system. We have the carrot version of PF sense that is installed and here we have a little green message to assess that it is the latest version. If we want to update or very fight the updates, we can click on the refresh button. Here we have the type of CPU that the machine machine currently has. We have that The colonel is Petey. I enabled. We also have the up time here, which is how long the server has been running. We have the carrot in time and in the current date and the Vienna servers, the server. In this case, it's PF sense, as indicated by the loop back address off 1 2127 00 That one. Also, it has my default gateway Ah, and the to the anus that I add it manually in the configuration. At first here we have the last time that configuration changes were made. This IP EU uses the memory usage and the DIS uses which are some values that are really important to take into consideration that to make sure that pf sense that's not ran out of memory or disc or c Mississippi you, since this could cause ah, lot of problems in our network on this site, we have a small community message which it that we can close right here at the bottom. We have the we have both interfaces and ah, the I P addresses In the next video, we're gonna be working on creating a rule in our far war. Far wall Toby able to one without having to run the command. P f c T l minus d all the time. That's all for now. 4. Creating Rules for Wan Access: grid once again in this video will create ah ruling our firewall to have access to PF cents from the one interface without any problem or this will go inside. Our pay of sense in the far wall section in here will select rules within rules we have floating one land within one, which is the one that we have selected will click on add. Once we click on add, we have the actions that will be executed in this rule. It can be past block or reject, which is what we want at the moment. Here we select the interface that would be the one by default. The others family, which is either i p v four or I P v six or both. Let's leave it as I PV for the type of protocol that will use in this case would be TCP, which is toe traffic that we want to allow. And here it's going to requests that I want to allow and here it's going to request the source here. We can leave it as any if we want to access the one from any host with any I p address and any network or we can't specify directly what we want to have access. We'll click on any and will select here single host areas or network off your choice. Let's select network well placed here i p address of the network where I'm currently sitting on 1 72 That 16 That 10 and the subject mosque of your network. The one that we're using is, ah, 24 bit one. Let's scroll to select 1 72 that 16. That one does zero in the sub net. Mosque 24. Here let's confirm my computers i p address by opening a common prompt by typing CMD and right I pick on fig. As you can see. Cantlie, I've bean a sign the i p address 1 72 that 16 That one that 1 37 but indicating that he will allow the network 1 72.16 That one the zero slash 24 I'm saying that it will allow connections from the whole network block that is from one 2 to 54 which would be the amount of host that are within that network. Once this is done, then we'll specify here the destination here. It shows whether it's any or any specific host, we'll leave it as any. The extra options we won't touch. We'll click on safe once we click on Safe will apply the changes once the changes have been applied, we have already created the rule to allow the requests from my host through the one interface directly to RPF sense. Without any problems. We will verify this in RPF sense on the council. We will enable the firewall again. Ah, this time, instead of using minus D for disable will use minus e for enable and press enter and he'll tell us that are far Wallace now enabled. Let's check and see if we still have access to PF sense. Well, we refresh the page and wait a moment to see if the request from my computer RPF sense goes through without any problems. It's loading, and as you can see, we don't have any issues having access to our far wall and are far wall is enabled. Therefore, the rule that we have created to allow connections from any basi toe rpf sense that is all the holes that are within my network could have access to PF sense without any type of trouble with you here in the studies that it's ah, he has traffic already. He has marked Ah, a few pockets coming from my host to PF sense This is all for this video? No.