Pfsense Sg-4860 User manual

SG-4860 pfSense® SECURITY GATEWAY APPLIANCE

Quick Start Guide

Table of Contents

Introduction .............................................................................................................................................................................................. 3

pfSense system ......................................................................................................................................................................................... 3

Hardware Features ........................................................................................................................................................................... ........3

Flexibility built in ....................................................................................................................................................................................... 4

Software Features:.................................................................................................................................................................................... 5

Warranty and Support Information......................................................................................................................................................... 5

I/O Ports.................................................................................................................................................................................................... 6

Initial Configuration .................................................................................................................................................................................. 6

Logging into the web interface ................................................................................................................................................................ 6

Dashboard.................................................................................................................................................................................................7

Configuring Hostname, Domain Name and DNS Servers....................................................................................................................... 8

Hostname.................................................................................................................................................................................................. 8

Domain ...................................................................................................................................................................................................... 8

DNS Servers............................................................................................................................................................................................... 8

Time Server Configuration........................................................................................................................................................................ 9

Time Server Synchronization.................................................................................................................................................................... 9

Configuring Wide Area Network (WAN) Type......................................................................................................................................... 9

MAC address ...........................................................................................................................................................................................10

Configuring MTU and MSS .....................................................................................................................................................................10

Configuring DHCP Hostname .................................................................................................................................................................11

Configuring PPPoE and PPTP Interfaces ................................................................................................................................................ 11

Configuring LAN IP Address & Subnet Mask .........................................................................................................................................12

Change Administrator Password ...........................................................................................................................................................13

Basic Firewall Configuration Complete.................................................................................................................................................. 13

Backing up and restoring........................................................................................................................................................................14

Console Access by Serial Interface.........................................................................................................................................................15

Mini USB Serial Interface........................................................................................................................................................................ 16

Serial Terminal Emulation Client............................................................................................................................................................16

Accessing the Console ............................................................................................................................................................................16

Configuring Serial Terminal Emulator.................................................................................................................................................... 16

Additional Support..................................................................................................................................................................................18

pfSense University ..................................................................................................................................................................................18

Other Support Options........................................................................................................................................................................... 19

Safety Notices ......................................................................................................................................................................................... 19

Electrical Safety Information ..................................................................................................................................................................19

Limited Warranty......................................................................................................................................Error! Bookmark not defined.

FCC Compliance ......................................................................................................................................................................................20

Industry Canada......................................................................................................................................................................................22

Australia and New Zealand..................................................................................................................................................................... 22

CE Marking ..............................................................................................................................................................................................23

RoHS/WEEE Compliance Statement...................................................................................................................................................... 23

English......................................................................................................................................................................................................23

Deutsch....................................................................................................................................................................................................23

Español ....................................................................................................................................................................................................23

Français....................................................................................................................................................................................................24

Italiano.....................................................................................................................................................................................................24

Declaration of Conformity...................................................................................................................................................................... 24

Introduction

Thank you for your purchase of the pfSense® SG-4860 Security Gateway Appliance with pfSense ® 2.2. X

The hardware platform in combination with the popular open source pfSense software provides a powerful,

reliable, cost-effective solution for your network security needs.

This Quick Start Guide will assist with the basic configuration of the PfSense SG-4860 system.

The system comes pre-assembled and ready to be configured.

pfSense system

The pfSense SG-4860 Security Gateway Appliance is a pfSense system, featuring the flexibility of pfSense

software as a firewall, LAN or WAN router, VPN router, DHCP Server, DNS Server, or other special purpose

Appliance.

This purchase goes directly to support pfSense development. By choosing a pfSense ® system you financially

support open source software and gain peace of mind that your system has been vetted and tested by the

pfSense core team at Netgate.

One common barrier to choosing and implementing open source software is the availability of prompt,

professional support from knowledgeable individuals. We eliminate that barrier for pfSense users by

providing paid support, consulting and development services to the open source community. Free support is

also available on the forums hosted at https://forum.pfsense.org

Hardware Features

pfSense SG-4860 mini-ITX NFV / Communications Board

with 4 core Intel® Atom™ C2558 CPU, 8GB memory, 4GB flash, and 6 GbE Intel Ethernet Ports

Overview

Designed to serve as your modern low-cost, low-power production platform of choice for cost-sensitive

edge and communication appliances. The SG-4860 works as the core for your intelligent CPE, VoIP PBX,

Internet Gateway, firewall, VPN router or layered security appliance. This fanless Intel Atom (Rangeley)

based advanced communication platform is designed with low power requirements for long life and solid

reliability.

The quad core Intel® C2558 processor sports six 10/100/1000 Mb Intel Ethernet ports, 8 GB of DDR3L

memory, and 4 GB of onboard eMMC flash memory for program storage. You can expand this system with

additional program and data storage through the mSATA or SATA II port. Additional communications

options are possible with miniPCIe slots for WiFi or 3G/4G/LTE cellular cards.

The rear panel offers easy access to all interfaces as well as providing 5 SMA/RP-SMA sized antenna cutouts

Flexibility built in

The base price includes the pfSense SG- 4860 system board preloaded with pfSense software version 2.2.1.

Enhance your system to suit your specific needs with:

mSATA SSD

Wireless cards, pigtails and antennas

Cellular modem

Other miniPCIe and USB cards

Software Features:

pfSense is an, open source full featured firewall and router platform based on FreeBSD 10.1.

Arrives pre-loaded with pfSense software

IPv6 –support for IPv6 connectivity

Captive portal –allows for a splash page to all users upon connecting to your network, optionally

with authentication. This is commonly used with wireless hot spots, or as an additional layer of

protection for wireless networks with authentication against a local user database, or external

RADIUS server such as Microsoft Active Directory.

VPN –Three types of VPNs are supported, IPsec, OpenVPN and PPTP. You can use these options to

connect roaming users for remote access, or site to site connectivity to connect multiple locations.

Multi-WAN –multiple Internet connections with failover and load balancing are supported. In

combination with a VLAN capable switch, you can connect numerous Internet connections over a

single physical interface on the firewall.

Dynamic DNS –if your public IP is dynamic, you may want to sign up with a dynamic DNS provider

and use the Dynamic DNS client to keep your hostname updated. This is especially helpful if you

want to access services like VPN remotely.

In-place upgrades. No need to disassemble system to upgrade, patch or add packages.

pfSense provides a software packaging system which allows for the extension of functionality

beyond its extensive core feature set.

Core features include:

Stateful firewall based on FreeBSD packet filter

RADIUS support

NAT support

Load balancing

VPN: IPsec, OpenVPN, PPTP

Dynamic DNS client

DHCP Server and Relay functions

PPPoE Server

Reporting and monitoring features with real time information

Warranty and Support Information

Need current Support Statement

One year manufacturer’s hardware warranty.

Free support for all pfSense questions is available by pfsense free forum or mailing list.

Standard 30 day return policy

All Specifications subject to change without notice.

I/O Ports

Figure 1

Initial Configuration

Connect an Ethernet cable to port 5as shown in Figure 1 above. Do not use any other port for initial web

configuration. Connect the other end to the Ethernet cable to the computer you will be performing the

initial configuration from. Make certain the network interface card on the PC is configured for DHCP in

order to access the web configurator upon initial setup.

Connect the WAN interface from ISP/Modem to port 4shown in Figure 1. Static IP configurations such as

PPPoE or PPPT are configured later.

Connect the power cable to port 11 shown in Figure 1 of the unit, insert the power adapter connector to a

power source and power the unit up. The pfSense SG-4860 will boot and be ready for the initial

configuration after approximately two minutes.

Once the system is booted, the attached computer should receive a 192.1.68.1 IP address from the DHCP

server that is active on the pfSense appliance.

Logging into the web interface

Browse to https://192.168.1.1 to access the web interface. In some instances, the browser will respond with

a message indicating a problem with an untrusted certificate. This is normal as the pfSense system issues a

self-signed certificate. Figure 2 is a typical example from Google Chrome. If this message or similar

messages are encountered, it is safe to proceed.

Figure 2

1 Mini-USB Serial Port

7 Opt2 –IGB3

2 USB0 (USB 2.0)

8 Opt3 –IGB4

3 USB1 (USB 2.0)

9 OPT4 –IGB5

4 WAN - IGB0

10 SATA Activity /Power Indicator

5 LAN - IGB1

11 Power Input

6 Opt1 –IGB2

12 Reset Button

Sure.

The login appears as depicted in Figure 3

Figure 3

Enter the following default username and password

Username: admin

Password: pfsense

Select LOGIN to continue

Dashboard

Upon successful login, the following is displayed as shown in Figure 4

Figure 4

Configuring Hostname, Domain Name and DNS Servers

Figure 5

Hostname

For hostname, you may enter anything as it does not affect functionality of the firewall. Assigning a

hostname to the firewall will allow you to access the GUI console by hostname as well as IP address.

For the purposes of this guide, we will use pfsense for the Hostname as shown in Figure 5

The default hostname, pfsense may be left unchanged.

Once saved in the configuration, console access can be reached by entering http://pfsense as well as

http://192.168.1.1

Domain

If you have an existing DNS domain in use within your network (such as a Microsoft Active Directory

domain), use that domain here. This is the domain suffix assigned to DHCP clients, which you will want to

match your internal network.

For networks without any internal DNS domains, you can enter anything you want.

We have chosen demodomain for the purposes of this Quick Start Guide.

DNS Servers

The DNS server fields may be left blank if you have a WAN connection using DHCP, PPTP or PPPoE types of

Internet connections and the ISP assigns DNS server IP addresses. When using a static IP on WAN, you must

enter DNS server IP addresses here for name resolution to function. You can specify DNS servers here even if

your ISP assigns different ones. Either enter the IP addresses provided by your ISP, or consider using a

service like OpenDNS (www.opendns.com) whose service which allows for options such as custom filtering

and phishing protection. Using Google’s public DNS servers (8.8.8.8, 8.8.4.4) is another popular choice. We

have chosen Google DNS servers for the purpose of this Quick Start Guide. Click “Next” after filling in the

fields as appropriate.

Time Server Configuration

Figure 6

Time Server Synchronization

Setting time server synchronization is quite simple. We recommend using the default pfSense time server as

displayed in Figure 6.

Setting Time Zone

Select the appropriate time zone for your location. For purposes of this manual, the Timezone setting will be

set to US/Central as displayed in Figure 7.

Configuring Wide Area Network (WAN) Type

The WAN interface type is the next to be configured. The IP address assigned to this section becomes the

Public IP address that your network uses to communicate with the Internet.

Figure 7

Figure 7 depicts the 4 possible WAN interface types. Static, DHCP, PPPoE and PPTP. You must select one

from the drop-down list to proceed.

You will need further information from your ISP to proceed when selecting Static, PPPoE and PPTP such as

DHCP is the most common type of interface for home cable modems. One dynamic IP address is issued

from the ISP’s DHCP server and will become the public IP address of your network. This address will change

periodically at the discretion of the ISP. Choose DHCP as shown in Figure 8 and proceed to the next section,

MAC Address, MTU and MSS:

Figure 8

MAC address

Figure 9

If replacing an existing firewall, you may want to enter the old firewall’s WAN MAC address here, if you can

easily determine it. This avoids common issues involved in switching out firewalls, such as ARP caches, ISPs

locking to single MAC addresses, etc.

If you are not able to enter the MAC address of your current firewall here, the impact is most likely,

insignificant. Power cycle your router and modem and your new MAC address will usually be able to get

online. For some ISPs, you have to call when switching devices, or go through an activation process.

Configuring MTU and MSS

Figure 10

MTU or Maximum Transmission Unit determines the largest protocol data unit that can be passed onwards.

A 1500-byte packet is the largest packet size allowed by Ethernet at the network layer. Leaving this field

blank allows the system to default to 1500-byte packets. PPPoE packets are slightly smaller at 1492-bytes.

We recommend leaving this blank for a basic configuration. MSS and MTU must be set to the same packet

size if you configure them.

Table of contents

Popular Gateway manuals by other brands

Telecom FM

Telecom FM onestream gfx Programming guide

UfiSpace

UfiSpace LoRa GPE810U Quick setup guide

Merak

Merak MMk-736F Quick setup guide

Robustel

Robustel R3010 user guide

turck

turck BL20-PG-EN-V3 user manual

IBM

IBM Security Web Gateway Appliance quick start guide

SSS Siedle

SSS Siedle Smart Gateway Commissioning instructions

ADTRAN

ADTRAN 424RG Installation

Chorus

Chorus Hyperfibre XGS-250WX-A user guide

Dragino

Dragino G308 user manual

Data Domain

Data Domain DD690g Installation and setup guide

Raritan

Raritan Laptop Release notes

Haivision

Haivision Torpedo quick start guide

ATCOM

ATCOM AG-268 user manual

LST

LST M500RFE-AS Specification sheet

Vega

Vega VEGA BS-3 user manual

Kinnex

Kinnex Media Gateway quick start guide

2N Telekomunikace

2N Telekomunikace 2N StarGate user manual

pfSense SG-4860 User manual

Popular Gateway manuals by other brands