Sophos Pfsense

Posted on  by admin
  • I used the Sophos UTM9 product for a few years but outgrew the 50 IP address limitation so moved to pfSense. I really liked UTM and was never really happy with pfSense as I always felt UTM had a much better interface and the FW rules were more logically configured.
  • @stephenw10 said in How to install pfsense on Sophos UTM 220?: No idea really. If it doesn't even complete POST that looks like some low level incompatibility. Indeed, I will look to find an usb-cdrom. I have worked past similar things by installing in something else and moving the HD across.
Sg105

Sophos pfSense and Sophos are commonly compared to each other, but we go beyond simple specs and see how they stack up in the real world of IT pros. PfSense (4.8 stars out of 5) earns higher ratings by IT pros in the Spiceworks Community compared to Sophos (4.2 stars out of 5).

Pfsense

This article is about building and running a pfSense® virtual machineunder Microsoft Hyper-V. The guide applies to any Hyper-V version,desktop or server (this includes the standalone Hyper-V Server). Theguide explains how to install any major pfSense software version underHyper-V. Article covers the Hyper-V networking setup and pfSense softwarevirtual machine setup process. The guide does not cover how to installHyper-V or Windows Server. A basic, working, pfSense virtual machine willexist by the end of this article.

Note

If pfSense software will be used as a perimeter firewall for anorganization and the “attack surface” should be minimized, many will sayit is preferable to run it non-virtualized on stand-alone hardware. Thatis a decision for the user and/or organization to make, however. Nowback to the topic.

We’re going to start at the point where we have a Windows Server 2016with the Hyper-V role installed. If other VMs are already running onHyper-V, then it is not likely necessary to follow the networking stepstoo closely. However, we recommend skimming through it to see what issuggested before building the pfSense virtual machine part.

Assumptions¶

  • Hyper-V host is up and Hyper-V role has been installed.

  • The reader has an basic understanding of networking and Hyper-Vvirtualization

Basic Hyper-V Networking¶

To virtualize pfSense software, first create two VirtualSwitches via Hyper-V Manager. In the Hyper-V Manager open VirtualSwitch Manager from the Actions menu. Select Internal type ofvirtual switch and click Create Virtual Switch

Name the newly added switch LAN and select private network. Click apply.

Now create WAN switch the same way as LAN. Make sure Allow managementoperating system to share this network adapter is not selected if the host hasa dedicated NIC for WAN. For the purpose of this guide the management wasallowed, however production use requires a separate NIC for WAN. Click OK.

Creating the virtual machine¶

After creating WAN and LAN switches, we move to virtual machinecreation. Start the new virtual machine wizard add a name.

Sophos utm pfsense install

After clicking next select the appropriate virtual machine Generation:Generation 2.

On the Assign Memory step add enough of RAM this deployment. This guide uses1GB. 2GB is better if this VM will run multiple packages.

Next step is to Configure Networking, select WAN fromConnection drop-down menu. We will add LAN later.

On the next step select Create a virtual hard disk and assign 10-20GB to thefirewall. Larger disk size is required when running Squid caching.

Select Install an operating system from a bootable CD/DVD-ROM andbrowse to the pfSense installer ISO.

Review the virtual machine information and finish the wizard!

Open Settings of the newly created pfSense virtual machine and addanother network adapter. Select LAN virtual switch for theadapter.

Review the VM settings and make sure to have WAN and LAN switches selected undernetwork adapters

Installing pfSense Software¶

After successfully creating and configuring the pfSense virtual machine,it’s time to start it.

Wait for the virtual machine to boot up and press I to invokeinstaller.

Once installer boots up select the Quick/Easy Install and followthe installer steps.

Sophos Pfsense

When prompted, select the standard kernel and continue theinstallation.

Pfsense Sophos Xg

After installation is complete, select reboot and eject the ISO.

First boot and interfaces assignment¶

The pfSense virtual machine should boot up quickly and prompt for interfaceassignments. Select N to not set up VLAN’s now.

Pfsense

In the following steps assign WAN and LAN interfaces to the appropriate networkadapters. The MAC address can be verified against the virtual machine settings.

After assigning interfaces, pfSense software will finish the boot-up.Verify both interfaces have the correct IP addresses.

Congratulations! The virtual machine is now running pfSense software onMicrosoft Hyper-V.

Pfsense Vs Sophos Xg

Guide under construction, may have minor errors