pfSense® Optional Port Configuration

Print
You are here:
Created On
Last Updated On
byLuke Green

Overview

This article covers how to enable the Vaults optional ports in pfSense®. We have included configuration files in the table at the bottom of the page. These configuration files have the ports assigned and functioning with default firewall rules and DHCP enabled.

Note: These configuration files have the default admin password retained. The additional ports assigned use default firewall rules, same as what pfSense® configures for the LAN port.

Configuring Optional Ports

This article covers how to configure the Optional Ports in pfSense® CE. The Optional Ports are labeled “OPTx” on the Vault. The configuration has the same type of default settings as the LAN port.  Those settings include:

  • An IP Address of 192.168.x.1
    • OPT1 192.168.2.1
    • OPT2 192.168.3.1
    • OPT3 192.168.4.1 (FW6 only)
    • OPT4 192.168.5.1 (FW6 only)
  • Enabling the OPT port to be a DHCP Server
  • Firewall rules to allow “Any” traffic originating on this port to pass without being blocked

 

Configuring Optional Ports – IP Address

  • Browse to the pfSense® CE Dashboard, default 192.168.1.1 on the LAN port
  • Navigate to the Interfaces tab and select Assignments from the drop down menu

Interface->Assignments

 

  • Verify the Interface Assignments page is displayed and add the next available interface

Interfaces->Interface Assignments

 

  • Verify OPT1 is added and Select Save

Interface->Interface Assignments OPT1

 

  • Select OPT1

Interfaces->Interface Assignments->OPT1 Select

 

Verify the OPT1 General Configuration page is displayed and configure as follows:

  • General Configuration->Enable – Check the box
  • General Configuration->IPv4 Configuration Type – Select Static IPv4
  • Static IPv4 Configuration>IPv4 Address – Set 192.168.2.1 /24
  • Select the Save Button

Interfaces->OPT1 Configure

 

  • Verify the OPT1 Configuration has been changed and Apply Changes

Interfaces->OPT1 ApplyChanges

 

  • Verify changes have been applied successfully

Interfaces->OPT1 Success

 

Configuring Optional Ports – DHCP Server

  • Navigate to the Services tab and select DHCP Server from the drop down menu

Services->DHCP Server

 

  • Verify the Services->DHCP Server page is displayed and Select OPT1

Services->DHCP Server Select OPT1

 

Verify Services->DHCP Server->OPT1 page is displayed and configure as follows:

  • General Configuration->Enable – Check the box
  • General Configuration->Range – 192.168.2.100 to 192.168.2.199

Services->DHCP Server Configure OPT1

 

  • Select the Save button and verify the changes have been applied successfully

Services->DHCP Server OPT1 Success

 

Configuring Optional Ports – Firewall Rules

  • Navigate to the Firewall tab and select Rules from the drop down menu

Select Firewall->Rules

 

  • Verify the Firewall Rules page is displayed and Select OPT1

Firewall->Rules Select OPT1

 

  • Verify Firewall OPT1 page is displayed and select the Add Button

Firewall->Rules OPT1 Add Rule

 

Verify Firewall->Rules->Edit for OPT1 page is displayed and configure as follows:

  • Edit Firewall Rule->Action- Pass
  • Edit Firewall Rule->Interface- OPT1
  • Edit Firewall Rule->Address Family – IPv4
  • Edit Firewall Rule->Protocol – Any
  • Save the changes

Firewall>Rules Configure OPT1

 

  • Verify the configuration and Apply the changes

Firewall->Rules->OPT1 Apply Changes

 

  • Verify success message

Firewall->Rules->OPT1 Success

 

OPT1 has now been configured with static IP address 192.168.2.1, it is a DHCP server, and any traffic coming into this port is allowed to pass.

 

Configuring Optional Ports – Verify Configuration

OPT1 has been configured so it needs to be tested to verify the configuration changes are correct. Follow the instructions below to test the changes:

  • Connect a PC to OPT1
  • Verify the PC gets an IP address in the range of 192.168.2.100-199
  • From the PC, browse to a site outside of the local network
  • Verify an external web page is displayed correctly on the PC

At this point OPT1 is up and running. To configure OPT2 repeat the same steps as OPT1, but use IP address 192.168.3.1. For an FW6 with OPT3 and OPT4, repeat the same steps using IP addresses 192.168.4.1 and 192.168.5.1.

 

Configuration Files

The steps above were described to manually configure the Vault as indicated. It is important to understand the steps required, however, it is very convenient to load a configuration file rather than manually configure each item.

We have included configuration files in the table at the bottom of the page. These configuration files have

  • Thermal Monitoring Enabled
  • Cryptographic Hardware Support Enabled
  • Power Management Enabled
  • OPT Ports Enabled with Static IP Address, DHCP Server, and Basic Firewall Rule

 

Note: These configuration files have the default admin password retained. The additional ports assigned use default firewall rules, same as what pfSense® configures for the LAN port.

How to Restore a Config File

  • Verify pfSense® has been installed correctly
  • Verify the correct configuration file has been downloaded from the table below and pfSense® will be able to access it
  • Log into the WebGUI. This is 192.168.1.1 by default.
  • The default pfSense® login user is ‘admin’ and password is ‘pfsense’
  • Click Diagnostics on the top of the GUI
  • From the drop-down menu click Backup & Restore

pfSense backup & restore
pfSense® Setup Wizard page

  • Click Choose File
  • Select the appropriate config, click open
  • Click Restore Configuration

pfSense backup & restore settings
pfSense® Backup & Restore page

  • Verify the Vault reboots
  • Log back into the WebGUI with the default credentials
  • Verify OPT1 and OPT2 (OPT3 /OPT4 additionally on the FW6x) now appear on the Interfaces widget

pfSense dashboard
pfSense® WebGUI

  • It is now recommended to change the default ‘admin’ password
  • Verify the newly assigned ports are functioning and DHCP is handing out IP addresses

If you experience any issues, please feel free to reach out: support@protectli.com. You can find additional information in our Knowledge Base, or reference pfsense.org directly.

Configuration Files

ModelpfSense® VersionNotesDownloadRelease
FW12.4.5Enabled:
Thermal Monitoring
PowerD
OPT1, OPT2
DHCP
Default Firewall Rules		config-pfSense.Basic-FW1-200506.xmlMay 6, 2020
FW22.4.5Enabled:
Thermal Monitoring
PowerD		config-pfSense.Basic-FW2-200506.xmlMay 6, 2020
FW4A2.4.5Enabled:
Thermal Monitoring
PowerD
AES-NI
OPT1, OPT2
DHCP
Default Firewall Rules		config-pfSense.Basic-FW4A-200506.xmlMay 6, 2020
FW2B2.4.5Enabled:
Thermal Monitoring
PowerD
AES-NI		config-pfSense.Basic-FW2B-200506.xmlMay 6, 2020
FW4B2.4.5Enabled:
Thermal Monitoring
PowerD
AES-NI
OPT1, OPT2
DHCP
Default Firewall Rules		config-pfSense.Basic-FW4B-200506.xmlMay 6, 2020
FW6(A,B,C)2.4.5Enabled:
Thermal Monitoring
PowerD
AES-NI
OPT1, OPT2, OPT3, OPT4
DHCP
Default Firewall Rules		config-pfSense.Basic-FW6-200506.xmlMay 6, 2020
Table of Contents