pFSense DMZ setup guide is here to make this task easy. Read on to find out more. 

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Services.

Let’s take a look at how our Support Team helped our customers with setting up pFSense.

pFSense DMZ Setup Guide

DMZ also known as Demilitarized zone can be described as a type of network that enables us to deploy public internet-facing servers. Although it is similar to the LAN network, there are a few dissimilarities as well. Today, our Support Team is going to take us through the process of setting up a DMZ network in the pFSense firewall.

• Configure the DMZ interface
• Configure the Pfsense DMZ IP address
• Block traffic from DMZ to the LAN
• Allow the LAN users to access DMZ
• Allow Internet access from DMZ
• Allow inbound access
• Allow HTTPS port from outside to web server

How to configure the DMZ interface

To begin with, head to Assignments under Interfaces in pFSense to see a list of available interfaces. We will see only 2 interfaces in case only 2 are configured. In some cases, we may also not see any available ports.

In that scenario, we have to rely on VLAN and choose an available port and click Add and Save.

After it is added, the new interface will appear as OPT1.

How to configure the pFSense DMZ IP address

Now, we have to enable the OPT1 interface from the previous step. In order to do that, click the OPT1 interface and select the checkbox next to Enable interface.

Then enter the descriptions as DMZ and iPv4 configuration type as Static Ipv4. We have to select the subnet as per our network size and enter the Ipv4 address before clicking Save.

How to block traffic from DMZ to the LAN

Next, we have to prevent the DMZ network from entering the LAN side of the network. In order to do this, navigate to Firewall > Rules > DMZ and click Add to add new rules.

• Action: Block
• Interface: DMZ
• Address Family: IPv4
• Protocol: Any
• Source: DMZ Net
• Destination: LAN net

How to allow the LAN users to access DMZ

The default LAN rule allows us to access the pFSense DMZ from the LAN. All we have to do is enable it.

How to allow Internet access from DMZ

We have to create an alias for the servers and ports by navigating to Firewall > Alias > Ports.

• Name: Internet_Ports
• Description: Enter a description

Then, click Add and add the Alias for internet-enabled pFSense DMZ hosts by heading to Firewall > Alias > IP.

• Name: DMZ_internet_enabled_hosts
• Under hosts, click Add and then Save

Then we have to create firewall rules in order to allow internet access.

How to allow inbound access

We are going to allow inbound access with pfsense DMZ port forwarding. It involves configuring the DMZ port forwarding by heading to Firewall > NAT > Port Forward > Add.

How to allow HTTPS port from outside to web server

At this point we will allow traffic from the internet on the HTTPS port by heading to Firewall > Rules > WAN > Then click Add rules

• Action: Pass
• Interface: WAN
• Address Family: IPv4
• Protocol: TCP
• Source: Any

[Need assistance with a different issue? We are available 24/7.]

Conclusion

To conclude, our skilled Support Engineers at Bobcares took us through setting up pFSense DMZ and ensuring inbound access and internet access are available.