In this guide, we are going to learn how to install pfSense firewall on KVM. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN and many more features that are comprehensively described on pfSense features page.
Install pfSense Firewall on KVM
Download pfSense installation ISO file
Navigate to pfSense iso downloads page and grab the latest installation iso file. Obtain the download link and pull the iso archive using wget command or any other download tool of your choice.
wget -c https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-2.4.5-RELEASE-amd64.iso.gz
Also download the checksum file to verify the integrity of the downloaded iso file above.
wget -c https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-2.4.5-RELEASE-amd64.iso.gz.sha256
Verify Integrity of downloaded pfSense ISO file
To ensure that the downloaded ISO file is not broken/damaged in some way, calculate the SHA256 hash of the file and compare the resulting hash with value contained in the checksum file downloaded.
To display the contents of the hash file;
SHA256 (pfSense-CE-2.4.5-RELEASE-amd64.iso.gz) = fda93684669ad0b2b9e314a53d5c7272076484a6b714d60d5e06f14e1c7ce049
Once you have verified that the integrity of the archive file is okay, proceed to extract the iso file. pfSense iso archive file is created using the gzip tool and can be extracted using the gunzip command;
Install pfSense on KVM
You can choose to create the virtual machine using the virt-manager or simply create and start the vm install from the command line. In this demo, we chose the later.
Therefore, create pfSense virtual disk, say of 10G. Replace the paths accordingly.
qemu-img create -f qcow2 /home/koromicha/kvm/images/pfsense.qcow2 10G
Launch the installation of pfSense on KVM. Change the vm settings to suite your needs.
virt-install --virt-type kvm --name pfsense --ram 2048 --vcpus 2 \ --cdrom=/home/koromicha/Downloads/iso/freebsd/pfSense-CE-2.4.5-RELEASE-amd64.iso \ --disk /home/koromicha/kvm/images/pfsense.qcow2,bus=virtio,size=10,format=qcow2 \ --network default \ --network bridge=virbr1 \ --graphics vnc,listen=0.0.0.0 --noautoconsole \ --os-type=linux --os-variant=freebsd10.0
Note that you need to have the bridge interface created prior to assigning it to a vm.
Press ENTER to launch the installation of pfSense on KVM. After that, connect to the virt-manager console to complete the installation.
To connect to virt-manager, simpl run;
Otherwise, you can connect to pfSense domain console by running;
virt-viewer -c qemu:///system pfsense
Once the pfSense installer runs, it will prompt you to accept the copyright and distribution notice. Accept the notice to proceed with installation.
Select Install to install pfSense to KVM
Click Ok to continue. Accept the default keymap settings
On disk partitioning, select Auto (UFS) Guided Disk Setup or any option of your choice.
The installation then begins and when it completes, you should see such a screen;
If you need to do any further manual configs, select Yes. Otherwise select No and proceed.
Reboot the pfSense virtual machine.
When it reboots, you are prompted configure VLANs, set the WAN and LAN interface. Enter your appropriate settings.
When the pfSense virtual machine boots completely, such a screen welcomes you;
If you noticed, the WAN interface is assigned dynamic IP addresses. If you need to set static IP addresses, simply select option 2, Set Interface(s) IP Addresses. For example, to set static IP address for WAN interface;
You should now have a static WAN interface IP address.
Similarly, set the appropriate IP address for your LAN interface. This is the IP addresses with which you access pfSense from web.
Access pfSense via SSH
By default, SSH is disabled on pfSense. To enable SSH logins, select option 14, Enable Secure Shell (sshd).
You can then access it using the assigned LAN IP address. Use the default credentials:
username: admin password: pfsense
ssh [email protected]_IP
Access pfSense Web Interface
You can now access pfSense from web using the LAN IP address. pfSense uses self signed SSL certs and hence, you can access using the address,
Note that pfSense uses same credentials to access the WebGUI and also SSH services Hence, login using the same credentials above.
Upon successful authentication, you are welcomed by pfSense setup wizard.
You can reset the admin password by clicking, Change the password in the User Manager or you can do the reset from the backend shell by selecting option 3, Reset webConfigurator password.
Go through the setup wizard to setup your pfSense firewall.
That marks the end of our guide on how to install pfSense firewall on KVM.