I realize pfSense does not have a central management option but I know there are many firms out there running it on their clients’ networks (such as lawrence systems), so how do you all safely, remotely admin your client networks?
Open up we management port and restrict access to only your business IP address, use SSH
Or have access to systems behind the firewall such as clients servers (we use ScreenConnect) to manage it.
@LTS_Tom What about proactive monitoring? In particular when you have VPN tunnels that you must monitor in order to ensure everything is going smooth?
You can have pfsense email out notifications for issue and or use Zabbix to monitor uptime.
For all our CPE we install a OpenVPN Client config in the pfSense connecting to one central hosted OpenVPN server. On that one we also have a graylog server running and pushing all important pfsense events over the vpn to that syslog server.
Remote Management is then just the webinterface on the VPN. Each pfsense have it’s fixed internal VPN IPv4, if we work on those we also dial into that management VPN.
If you need to connect to Switches CLI we do that with the pfSense VPN IPv4 as Jump Host.
clean, no open ports, no unsecure connections no problems for clients with dynamic IPs.
Thanks for the useful info!
Very nice. Those are smart workarounds. Thank you.
That’s pretty slick. So really there are a number of intelligent ways to remote admin pfSense.