Wednesday 30 May 2012

Firewall Deployment

For the Firewall appliance, I've opted for a product named pfSense, its a free, open source FreeBSD based firewall, with one key feature I was looking for - the ability to do routing and NAT.

The installation ISO is only around 125MB, so I downloaded, unpacked it, and used vSpheres Datastore Browser to create an OS images folder on the SAS storage, and then upload the ISO to it.

Next I started the new virtual machine wizard.  I've chosen to name this RSMSGFW1. Feel free to guess why, although it's not really important :).


I've then chose a couple of vCPU's and 1GB of memory.  For the network config I upped the number of NIC's to two and selected both BackNet and FrontNet.

I gave it a 5GB OS drive and completed the wizard.  Then went into properties and configured the CD-Rom drive to map to the ISO I had previously uploaded and set the CD-ROM drive to be connected at boot up.  I then started powered on the VM an opened the console.  During bootup it prompted me to enter the adaptor names for the WAN (FrontNet) and LAN (BackNet).  If you don't know the adaptor names you can disable one at a time and it lets you know the adaptor name of the one that drops.  After completing this step boot up completed and I was at the firewall console.  This is actually a console for the firewall as if it had been booted from CD (in this case the ISO) so there is no way to actually make changes permanent, but there is an option to install the firewall to disk.

Once that was completed, I assigned one of my public IP's to the WAN interface and 10.0.0.1 to the LAN interface. 


I wanted to test connectivity from the internal network so deployed a temporary Windows VM there. (I won't go into too much detail about the process for that at this stage).  I found I couldn't access the Internet, but I could access the firewall web configuration page.
Reviewing the configuration on the firewalls web config page I could see there was no default gateway listed for the WAN interface.  After adding this in, the test VM on the 10.0.0.x network could access the Internet perfectly.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)