Netgate Fw-7541 User manual

FW$7541!!

Quick!Start!Guide!

Contents'

Introduction................................................................................................................................................. 3!

Plugging!everything!in ............................................................................................................................ 3!

Description!of!Port!Indicators......................................................................................................... 3!

Initial!Configuration ................................................................................................................................. 4!

Logging!into!the!web!interface ....................................................................................................... 4!

Setup!Wizard .......................................................................................................................................... 4!

Hostname ............................................................................................................................................ 4!

Domain ................................................................................................................................................. 4!

DNS!Servers........................................................................................................................................ 5!

Time!Zone!and!Server.................................................................................................................... 5!

WAN!Configuration......................................................................................................................... 6!

Configure!LAN!Interface ............................................................................................................... 7!

Setting!the!password...................................................................................................................... 7!

Introduction!to!the!web!interface ............................................................................................ 8!

Backing!up!and!restoring....................................................................................................................... 8!

What!else!can!I!do? ................................................................................................................................... 9!

Support .......................................................................................................................................................... 9!

Commercial!Support ........................................................................................................................... 9!

Free!Support!Options.......................................................................................................................... 9!

Forum..................................................................................................................................................10!

Mailing!Lists .....................................................................................................................................10!

IRC ........................................................................................................................................................10!

Configuring!Wireless..............................................................................................................................10!

Assigning!the!interface.....................................................................................................................10!

Configuring!the!interface.................................................................................................................10!

IP!Configuration .............................................................................................................................10!

Wireless!configuration ................................................................................................................11!

Configuring!Firewall!Rules ........................................................................................................11!

Using!the!serial!console ........................................................................................................................11!

Windows!using!PuTTY .....................................................................................................................12!

Windows!using!Hyperterminal ....................................................................................................12!

Additional!Documentation ..................................................................................................................13!

Introduction'

Thank!you!for!your!purchase!of!the!Netgate!FW$7541!with!pfSense!2.0.!The!FW$

7541!hardware!platform!in!combination!with!the!popular!open!source!pfSense!

software!provides!a!powerful,!reliable,!cost$effective!solution!for!your!network!

security!needs.!!

This!Quick!Start!Guide!will!help!you!get!up!and!running!with!a!basic!configuration!

on!your!FW$7541.!!

Plugging'everything'in'

The!system!comes!pre$assembled!and!ready!to!plug!in!and!get!started!with!

configuration.!The!following!image!shows!the!location!of!the!WAN!and!LAN!ports.!!

Description'of'Port'Indicators'

The!following!list!will!help!you!in!decoding!the!LED!indicators!on!the!face!of!the!FW$

7541!unit.!

HDD!LED!

If!the!light!is!on,!the!HDD!or!storage!medium!is!being!accessed.!

Status!LED!

! A!programmable!LED,!not!yet!used!by!the!OS.!

Power!LED!

! If!the!light!is!on,!it!indicates!the!system!is!powered!on.!

Network!!Interface!LEDs!

!Left!LED!

!!Green!indicates!100Mbit/s!link,!Orange!is!1000Mbit/s.!

!Right!LED!

!!LED!indicates!port!activity.!

If!you!are!replacing!an!existing!firewall!on!a!production!network,!you!will!want!to!go!

through!the!initial!configuration!with!the!device!not!plugged!into!your!production!

network.!You!can!plug!a!laptop!or!desktop!PC!into!the!LAN!port!to!perform!the!

initial!configuration.!For!new!networks,!you!can!start!by!plugging!the!LAN!into!your!

switch.!!

Note:!The!FW$7541!Ethernet!ports!are!auto!MDI/MDI$X,!meaning!you!can!

use!either!a!straight!through!or!crossover!CAT5!cable!regardless!of!the!type!

of!device!you!are!connecting!it!to.!!

To!get!started,!plug!the!LAN!port!into!the!network!or!system!where!you!will!

perform!the!initial!configuration,!and!then!plug!in!the!power!as!seen!in!the!image!

below,!which!shows!the!rear!side!of!the!unit!and!the!buttons/connectors!found!

there.!

Initial'Configuration'

After!powering!on!your!FW$7541,!it!will!boot!up!and!be!ready!for!the!initial!

configuration!after!approximately!two!minutes.!The!initial!boot!takes!longer!if!your!

WAN!interface!is!not!plugged!into!something!where!it!can!receive!a!DHCP!address,!

as!it!must!wait!for!that!to!time!out.!Once!the!system!is!booted,!you!should!receive!a!

192.168.1.X!IP!address!on!the!system(s)!plugged!into!the!LAN!port!from!the!DHCP!

server.!!

Logging'into'the'web'interface'

Browse!to!https://192.168.1.1!to!access!the!web!interface.!You!will!be!prompted!for!

username!and!password,!the!default!username!is!admin!and!password!is!pfsense.!

Setup'Wizard'

After!logging!in,!the!setup!wizard!will!run.!This!will!walk!you!through!a!few!steps!to!

get!up!and!running!with!a!basic!configuration.!At!the!first!screen,!click!Next.!The!

subsequent!screen!allows!you!to!configure!the!hostname,!domain!and!DNS!servers!

to!be!used.!!

Hostname'

For!hostname,!choose!a!name!for!the!host.!This!does!not!affect!functionality.!!

Domain'

If!you!have!an!existing!DNS!domain!in!use!inside!your!network!(such!as!a!Microsoft!

Active!Directory!domain),!use!that!domain!here.!This!is!the!domain!suffix!assigned!

to!DHCP!clients,!which!you!will!want!to!match!your!internal!network.!For!networks!

without!any!internal!DNS!domains,!you!can!fill!in!anything!you!want!here.!!

DNS'Servers'

The!DNS!server!fields!can!be!left!blank!if!you!have!a!WAN!connection!using!DHCP,!

PPTP!or!PPPoE!types!of!Internet!connections!and!the!ISP!automatically!assigns!DNS!

servers.!When!using!a!static!IP!on!WAN,!you!must!enter!DNS!server!IPs!here!for!

name!resolution!to!function.!You!can!specify!DNS!servers!here!even!if!your!ISP!

assigns!different!ones.!Either!enter!the!IPs!provided!by!your!ISP,!or!you!may!want!to!

consider!using!a!service!like!OpenDNS!(www.opendns.com)!whose!free!service!will!

allow!you!to!add!content!filtering!and!phishing!protection!amongst!other!benefits!to!

your!pfSense!install.!Using!Google’s!public!DNS!servers!(8.8.8.8,!8.8.4.4)!is!another!

popular!choice.!

Click!Next!after!filling!in!the!fields!as!appropriate.!!

Time'Zone'and'Server'

The!next!screen!allows!you!to!configure!the!time!(NTP)!server!to!be!used!to!

synchronize!your!firewall’s!time,!and!also!specify!its!time!zone.!The!default!NTP!

server!points!you!ntp.org’s!NTP!server!pool.!If!you!have!an!internal!time!server,!you!

should!specify!it!here!instead.!You!also!want!to!select!a!city!in!your!time!zone!so!

your!log!timestamps!are!in!local!time!(unless!you!have!a!policy!to!timestamp!all!logs!

in!GMT).!!

Click!Next.!!

WAN'Configuration'

This!page!is!where!your!Internet!connection!is!configured.!You!will!need!

information!from!your!ISP!to!configure!this!screen!appropriately.!A!few!notes!to!

assist!you:!!

MAC&address!–!if!replacing!an!existing!firewall,!you!may!want!to!enter!the!old!

firewall’s!WAN!MAC!address!here,!if!you!can!easily!tell!what!that!is.!This!commonly!

avoids!issues!involved!in!switching!out!firewalls,!such!as!ARP!caches,!ISPs!locking!to!

single!MAC!addresses,!etc.!!

If!you!can’t!enter!the!MAC!of!your!current!firewall!here,!it!probably!isn’t!a!big!deal!–!

power!cycle!your!router!or!modem!and!your!new!MAC!will!usually!be!able!to!get!

online.!For!some!ISPs,!you!have!to!call!when!switching!devices,!or!go!through!an!

activation!process!of!some!sort.!!

Static&IP&configurations&–!the!subnet!mask!is!configured!in!CIDR!format,!which!is!

usually!provided!by!the!ISP!in!addition!to!the!255.x.x.x!subnet!mask.!The!following!

table!shows!the!most!common!subnet!masks!and!their!CIDR!equivalent.!!

Block&private&networks&and&bogons!–!these!two!options!will!block!private,!

unassigned,!and!reserved!IP!subnets!for!traffic!initiated!on!your!WAN!connection!

(i.e.!coming!in!from!the!Internet).!These!IP!ranges!should!never!be!seen!on!the!

Internet,!and!these!should!both!be!enabled!on!systems!that!are!directly!connected!to!

the!Internet.!If!your!WAN!resides!on!a!private!network,!you!may!not!want!to!use!

these!options.!!

Subnet&Mask&

CIDR&

255.255.255.252!

30!

255.255.255.248!

29!

255.255.255.240!

28!

255.255.255.224!

27!

255.255.255.192!

26!

255.255.255.128!

25!

255.255.255.0!

24!

255.255.254.0!

23!

Configure'LAN'Interface'

Here!you!configure!the!IP!and!subnet!mask!to!be!used!on!your!LAN.!If!you!don’t!ever!

plan!to!connect!your!network!to!any!other!network!via!VPN,!the!192.168.1.x!default!

is!fine.!!

If!you!want!to!be!able!to!connect!into!your!network!using!VPN!from!remote!

locations,!you!should!choose!a!private!IP!address!range!much!more!obscure!than!the!

very!common!192.168.1.0/24.!Space!within!the!172.16.0.0/12!RFC1918!private!

address!block!seems!to!be!the!least!frequently!used,!so!choose!something!between!

172.16.x.x!and!172.31.x.x!for!least!likelihood!of!having!VPN!connectivity!difficulties.!

If!your!LAN!is!192.168.1.x!and!you!are!at!a!wireless!hotspot!using!192.168.1.x!(very!

common),!you!won’t!be!able!to!communicate!across!the!VPN!–!192.168.1.x!is!the!

local!network,!not!your!network!over!VPN.!

Setting'the'password'

Enter!the!admin!password!for!your!firewall!here,!and!again!to!confirm.!You!should!

choose!a!strong!password,!with!a!combination!of!letters,!numbers!and!symbols.!

Should!you!forget!your!password,!you!can!reset!it!using!a!serial!console!on!your!FW$

7541.!!

After!entering!your!password!and!confirming!it,!click!Next.!!

Then!click!Reload!to!apply!your!changes.!!

Introduction'to'the'web'interface'

You!are!now!at!the!front!page!of!the!pfSense!web!interface.!This!screen!provides!an!

overview!of!your!system!resource!utilization.!The!menu!across!the!top!of!the!screen!

groups!the!various!configuration,!status!and!diagnostics!screens.!There!are!also!

additional!themes!available!to!change!the!layout!of!the!web!interface,!under!System!

$>!General!Setup!if!you!prefer!a!different!look!and!feel.!!

Note:!The!default!theme!does!not!function!on!an!iPhone,!iPad,!or!iPod!Touch,!

but!when!browsing!from!one!of!these!devices!it!will!automatically!switch!to!a!

different,!plainer!theme!that!is!functional.!Yes,!you!can!configure!your!FW$

7541!from!your!iOS!devices.!!The!default!theme!does!function!properly!in!the!

Android!browser,!but!is!difficult!to!navigate!due!to!the!screen!size,!so!it!also!

will!switch!to!the!plainer!theme.!

The!default!firewall!rules!can!be!viewed!under!Firewall!$>!Rules.!If!you!need!to!

forward!ports,!you!will!configure!them!under!Firewall!$>!NAT.!More!information!on!

port!forwarding!can!be!found!here:!!

http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F!

You!can!view!your!real!time!traffic!throughput!under!Status!$>!Traffic!Graph.!For!

many!longer!term!statistics,!browse!to!Status!$>!RRD!Graphs.!Logs!can!be!viewed!

under!Diagnostics!$>!System!logs.!!!

Backing'up'and'restoring'

At!this!point!your!basic!two!interface!LAN!and!WAN!configuration!is!complete.!

Before!proceeding!with!additional!configuration,!you!will!want!to!get!a!backup!of!

your!configuration.!To!do!so,!browse!to!Diagnostics!$>!Backup/Restore!in!the!web!

interface.!Click!the!Download!Configuration!button,!and!a!copy!of!your!configuration!

will!be!downloaded.!You!can!restore!this!configuration!at!the!same!screen,!by!

choosing!your!backup!file!under!“Restore!configuration”.!!

If!you!purchased!support!with!your!FW$7541,!you!also!have!access!to!the!

AutoConfigBackup!service.!This!will!encrypt!your!configuration!and!upload!it!to!our!

servers!every!time!you!make!a!configuration!change.!Just!don’t!lose!your!encryption!

key!–!it’s!impossible!for!anyone!to!read!the!backup!without!the!key,!and!the!backup!

cannot!be!restored!without!the!key.!You!can!find!more!information!here:!!

http://doc.pfsense.org/index.php/AutoConfigBackup!

What'else'can'I'do?''

The!pfSense!software!provides!a!wide!array!of!functionality!beyond!the!simple!

configuration!documented!here.!See!the!Additional!Documentation!section!to!find!

information!on!this!functionality!and!more.!A!few!of!the!most!commonly!used!

possibilities!follow.!!

•Captive!portal!–!allows!you!to!present!a!splash!page!to!all!users!upon!

connecting!to!your!network,!optionally!with!authentication.!This!is!

commonly!used!with!wireless!hot!spots,!or!as!an!additional!layer!of!

protection!for!wireless!networks!with!authentication!against!a!local!user!

database,!or!external!RADIUS!server!such!as!Microsoft!Active!Directory.!!

•VPN!–!three!types!of!VPNs!are!supported,!IPsec,!OpenVPN!and!PPTP.!You!can!

use!these!options!to!connect!roaming!users!for!remote!access,!or!site!to!site!

connectivity!to!connect!multiple!locations.!!

•Multi$WAN!–!multiple!Internet!connections!with!failover!and!load!balancing!

are!supported.!In!combination!with!a!VLAN!capable!switch,!you!can!connect!

numerous!Internet!connections!over!a!single!physical!interface!on!the!

firewall.!!

•Dynamic!DNS!–!if!your!public!IP!is!dynamic,!you!may!want!to!sign!up!with!a!

dynamic!DNS!provider!(many!options!are!free)!and!use!the!Dynamic!DNS!

client!to!keep!your!hostname!updated.!This!is!especially!helpful!if!you!want!

to!access!services!like!VPN!remotely.!!

•Wireless!–!with!a!wireless!kit!available!from!Netgate,!your!FW$7541!can!act!

as!a!wireless!access!point,!or!be!used!in!Ad$hoc!networks.!It!can!also!connect!

to!a!wireless!access!point!as!a!client!–!use!your!neighbor’s!wireless!as!a!

second!WAN!(with!permission,!of!course),!amongst!many!other!possible!

deployments.!!

Support'

There!are!numerous!support!options!available!for!the!pfSense!software.!!

Commercial'Support'

If!you!purchased!commercial!support!along!with!your!system,!you!received!

information!separately!on!accessing!support.!If!you!did!not!purchase!support!with!

the!system!but!would!like!to!do!so,!please!email![email protected]!or!call!

BSD!Perimeter!at!1$502$442$7080.!!

Free'Support'Options'

There!is!a!large!community!of!pfSense!users!who!volunteer!their!time!to!help!others.!

You!may!find!all!the!help!you!need!through!the!community,!though!generally!not!as!

promptly!as!with!commercial!support,!and!with!no!assurance!of!response!or!a!

resolution.!!

Forum'

There!is!a!very!active!forum!at!http://forum.pfsense.org.!

Mailing'Lists''

Mailing!lists!are!also!available,!with!information!at!

http://www.pfsense.org/mailinglists.!

IRC'

The!official!IRC!channel!is!##pfsense!on!FreeNode.!!!

Configuring'Wireless'

This!section!describes!how!to!configure!wireless!if!you!purchased!a!wireless!kit.!It!

only!covers!configuration!as!an!access!point,!though!you!can!also!use!the!wireless!

interface!for!Ad$hoc!networks!(IBSS)!and!for!connecting!to!other!access!points!

(BSS).!

Assigning'the'interface'

First!you!need!to!assign!the!wireless!interface!(ath0).!Browse!to!Interfaces!$>!

(assign).!Click!the! !to!add!a!new!optional!(OPT)!interface,!OPT1.!In!the!drop!down!

box,!select!ath0.!!

Then!click!Save.!!

Configuring'the'interface'

Next!you!will!browse!to!Interfaces!$>!OPT1!to!configure!your!wireless!settings.!Each!

of!the!following!sections!covers!portions!of!this!configuration!screen.!First!you!will!

want!to!check!“Enable!Optional!1!interface”,!and!you!can!change!the!name!from!

OPT1!to!anything!you!like,!if!desired!(ex:!“Wireless”).!!

IP'Configuration'

You!will!either!need!to!use!a!dedicated!private!IP!subnet!for!the!wireless,!or!bridge!

it!with!another!interface,!such!as!your!LAN.!Bridging!connects!two!interfaces!into!

the!same!network!or!IP!subnet.!Bridging!your!wireless!to!LAN!will!result!in!the!two!

residing!on!the!same!network.!This!is!the!most!common!deployment!for!home!use.!

Devices!such!as!gaming!consoles,!network!games,!Apple!AirTunes,!iTunes!Remote,!

and!many!others!common!in!home!networks!require!wireless!and!wired!devices!to!

be!on!the!same!network!to!function.!In!office!networks,!scenarios!requiring!this!are!

much!less!common.!!

If!you!do!not!bridge,!you!must!select!an!IP!subnet!to!use!for!the!wireless!network.!

Using!something!close!to!LAN!is!preferable,!and!it!must!be!different!from!LAN.!If!

LAN!is!172.26.62.1/24!as!shown!previously,!a!good!choice!for!wireless!would!be!

172.26.63.1/24.!You!will!also!likely!want!to!configure!the!DHCP!server!for!this!

interface!under!Services!$>!DHCP!server!after!completing!the!wireless!interface!

configuration.!!

Wireless'configuration'

In!depth!discussion!of!all!the!wireless!configuration!options!is!outside!the!scope!of!a!

quick!start!guide,!but!this!section!provides!instructions!on!configuring!a!secure!

access!point!typical!of!home!networks!or!small!offices.!!

For!Mode,!select!Access!Point.!Enter!a!SSID!to!identify!your!network.!!

Configuring&WPA&

Under!WPA!further!down!the!page,!check!“Enable!WPA”!and!fill!in!a!pre$shared!key!

to!be!used!for!the!network.!If!this!key!is!easily!guessable,!your!network!is!not!secure.!

Make!the!key!as!long!as!reasonably!possible!(12!characters!should!be!considered!a!

minimum)!containing!a!mix!of!uppercase!and!lowercase!letters,!numbers!and!

symbols.!!

Under!WPA!Mode,!select!WPA2!and!for!WPA!Pairwise,!select!AES.!!

The!remaining!values!can!all!be!left!at!their!defaults.!Click!Save!to!bring!up!your!

wireless!interface.!!

Configuring'Firewall'Rules'

You!must!add!firewall!rules!to!permit!desired!traffic!before!any!traffic!will!be!

allowed!out!from!your!wireless!interface.!To!do!so,!browse!to!Firewall!$>!Rules,!and!

click!the!OPT1!tab!(or!if!you!named!your!interface!differently,!select!the!name!

given).!Click!the! !to!add!a!new!rule.!You!may!want!to!start!with!any!protocol,!any!

source,!and!any!destination!–!effectively!allowing!everything!initiated!on!the!

wireless!interface.!Then!once!you!verify!functionality,!restrict!your!firewall!rules!as!

desired.!

After!adding!a!firewall!rule!to!allow!traffic,!your!wireless!network!is!complete.!!

Using'the'serial'console'

With!the!pre$assigned!interfaces!on!the!FW$7541,!you!do!not!need!to!use!the!serial!

console!to!setup!the!device.!You!may!want!to!access!the!console!menu!at!times,!for!

instance!if!you!need!to!reset!your!admin!password.!The!serial!port!on!the!FW$7541!

is!an!RJ45!port,!so!you!will!need!an!RJ45!to!DB9!converter!in!order!to!connect.!It!

requires!a!rollover!cable!similar!to!those!used!for!connecting!to!Cisco!devices,!most!

of!which!include!an!adapter!for!DB9!if!they!are!not!already!fixed!with!a!DB9!

connector!on!one!end.!These!rollover!cables!are!already!null!modem!cables,!so!they!

are!usable!on!their!own.!It!may!also!be!possible!to!use!a!traditional!null!modem!

cable!and!a!separate!RJ45!to!serial!adapter.!You!may!also!want!to!consider!

purchasing!a!VGA!cable!for!connecting!a!monitor,!which!can!be!found!on!the!Netgate!

web!site!here:!http://store.netgate.com/$P350C83.aspx!!

Plug!one!end!of!the!console!cable!into!the!serial!port!on!the!FW$7541!(Or!the!

converter),!and!the!other!into!a!serial!port!on!a!computer!with!a!terminal!emulator.!

USB!to!serial!adapters!should!work!well!for!systems!that!don’t!have!a!serial!port.!!

The!FW$7541!ships!with!the!speed!set!to!115200,!but!if!the!firmware!image!is!

manually!reloaded!or!other!changes!are!made!that!result!in!the!serial!console!not!

working!properly!at!115200,!try!using!a!speed!of!9600!instead.!

Windows'using'PuTTY'

PuTTY!is!a!free!option!for!Windows!that!includes!serial!console!support.!!

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html!

For!Connection!type,!select!Serial.!In!Serial!line,!enter!the!COM!port!(e.g.!COM1!or!

COM3).!Lastly,!for!Speed,!enter!115200.!!

Windows'using'Hyperterminal'

Hyperterminal!is!another!free!option!for!Windows.!!

http://www.hilgraeve.com/hyperterminal.html!

Configure!it!as!shown!in!the!following!screenshot.!!

Additional'Documentation'

This!guide!illustrates!the!basics!for!getting!up!and!running!with!your!FW$7541.!

There!is!much!more!that!can!be!accomplished!with!the!pfSense!software.!The!best!

source!of!information!is!the!book!pfSense:(The(Definitive(Guide!available!from!

Amazon,!Barnes!&!Noble,!and!other!booksellers.!If!you!purchased!support,!contact!

BSD!Perimeter!and!they!will!provide!the!latest!work!in!progress!copy!electronically.!!

The!book!was!written!for!pfSense!1.2.3,!but!the!fundamentals!and!much!of!the!GUI!

instructions!still!apply.!There!will!be!an!updated!book!in!the!near!future,!available!

from!the!same!retailers.!

There!is!also!a!growing!amount!of!information!freely!available!on!the!pfSense!

documentation!site!at!http://doc.pfsense.org.!!!

Table of contents

Other Netgate Switch manuals

Netgate

Netgate Nighthawk S8000 User manual

Popular Switch manuals by other brands

Aube Technologies

Aube Technologies TI035 Installation and user guide

Dahua Technology

Dahua Technology DH-PFS4210-8GT-150 user manual

MuxLab

MuxLab LongReach 16 500120 Application guide

QNAP

QNAP QSW-308 Quick installation guide

Surecom

Surecom EP-716X user manual

Racal Instruments

Racal Instruments 1256 manual

Ruckus Wireless

Ruckus Wireless ICX 7250 Hardware installation guide

Freedom9

Freedom9 2420 Specifications

TP-Link

TP-Link T2500-28TC user guide

Raritan

Raritan Switch user manual

AMX

AMX PLB-AS8 Specifications

NETGEAR

NETGEAR GS308PP installation guide

Linksys

Linksys Etherfast EF1704 user guide

Motorline professional

Motorline professional MCONNECT DUAL SWITCH User's and installer's manual

NETGEAR

NETGEAR GS316 installation guide

Alcatel-Lucent

Alcatel-Lucent OmniAccess 6000 Specification sheet

Eltek Valere

Eltek Valere STS207 user manual

HBM

HBM SOMAT XR EX23-R quick start guide

Netgate FW-7541 User manual

Popular Switch manuals by other brands