Thanks for the pfSense YouTube Videos!

#1

Hello, Tom. Prior to watching some of your pfSense videos, I had a total UniFi system at home (USG Pro 4, USW-24, USW-8, UAP-AC-M-Pro, and two UAP-AC-Ms, with the controller running in a Debian VM on a Synology NAS), as well as three other UniFi systems I installed at other locations. I also have a Dell PowerEdge T30 set up with Proxmox running VMs for AlienVault OSSIM, multiple Splunk instances (for both learning and actually implementing on my network), Ntopng, and Parrot OS (to name a few).

While the “single pane of glass” UniFi view is nice, there wasn’t enough information for my needs (cybersecurity analysis). I finally decided to purchase a mini PC (Qotom box with an Inteli5-4200U, 8GB RAM, and 16GB mSATA SSD) and give pfSense a try while using some of your YouTube videos for guidance. The setup was extremely easy, and for my UniFi devices, it was just a matter of deleting the existing VLANs, adding them back as VLAN-only networks (some of the switch ports reverted to “All” VLANs, so I had to set them back to the correct switch profiles), and adding a firewall rule for each VLAN to actually allow traffic to pass through them.

Configuring the firewall is much easier in pfSense than with UniFi (no need to create json files for special rules). The separator feature for rules is also nice.

In addition to the basic pfSense installation, I’m also running freeradius (for WPA2 Enterprise on my UAPs), Ntopng (no need now to run it in a Debian VM on my Proxmox box), Squid/Lightsquid, and Suricata. I noticed that Ntopng was quickly filling up my 16GB mSATA SSD, so I replaced the drive with a 500GB Samsung 860 Evo.

Moving to the new SSD was very easy: save an “All” backup file in pfSense, shut down, install the Samsung drive (which fits nicely on the bottom plate of the Qotom box and connects to the provided SATA data/power cable), boot into the BIOS and disable the mSATA drive, reboot, install pfSense to the new drive, update to the latest version of pfSense (so the versions matched), then restore the backup file. Unfortunately, I had to re-install Suricata, but I didn’t have many entries in my suppress lists, so re-configuring it didn’t take long.

One thing I couldn’t get to work, despite trying several guides from various sources, was L2TP/IPsec. I ended up installing the VPN app for my Synology NAS and using that for VPN; it was even easier to set up than with the UniFi interface.

I’ll reply to some of your YouTube videos in their respective comments sections. Thanks again for the guides!

  • Gene Montgomery
2 Likes
#2

Nice setup, you might be interested in giving https://securityonion.net/ a try as it can give you a lot of insight. I have not done any videos on it yet but it can very insightful once you feed it a lot of inputs and can help with deep security analysis.

1 Like