Monitoring pfSense Zabbix Agent

Learn how to configure pfSense with Zabbix Agent using templates, SNMP, and PSK encryption for precise monitoring and management. Our pfSense Support Team is always here to help you.

Monitoring pfSense Zabbix Agent

When you manage firewalls and network gateways, visibility matters. Using the pfSense Zabbix agent template is one of the most reliable ways to monitor performance, uptime, and critical services. Instead of building monitoring from scratch, you can take advantage of predefined triggers, items, and graphs. This saves hours of manual work and ensures consistency. Below is the complete setup from enabling SNMP to configuring encryption.

Configuring pfSense

To begin, first, log in to pfSense and enable SNMP. Navigate to:

Services >> SNMP and apply the following:

SNMP Daemon

• First enable: checked

Daemon Settings

• Polling port: 161
• System Location: leave empty or add a friendly location name
• System contact: leave empty or add the sysadmin phone/email
• Read community string: public

SNMP Traps Enable

• Enable: leave unchecked

SNMP Modules

Next select all of them, including:

• MibII
• Netgraph
• PF
• Host resources
• UCD
• Regex

Interface Binding

• Internet Protocol: IPv4
• Bind interfaces: All (or the one reachable by your Zabbix server, such as LAN)

After that, click Save to apply the configuration. However, if your Zabbix server cannot reach pfSense directly, you will need to add a firewall rule as described in pfSense documentation or during a pfSense migration.

Installing the Zabbix Agent on pfSense

Next, go to:

System >> Package Manager >> Available Packages

Then scroll down and install zabbix-agent62.

Note: There is a known bug in zabbix-agent62 where the Services menu may not show a Zabbix Agent 6.2 entry. If that happens, uninstall it and install zabbix-agent6 instead.

Now head to:

Services >> Zabbix Agent 6 and configure:

Zabbix Agent Settings

• Enable: checked
• Server: Zabbix IP or FQDN
• Server Active: Zabbix IP or FQDN
• Then check the hostname: must match the output of hostname
• Listen IP: 0.0.0.0 (or default)
• Listen port: 10050 (or default)
• At this point, refresh Active Checks: 120 (or default)
• Timeout: 3
• Buffer send: 5
• Buffer size: 100
• Then start agents: 3

TLS-RELATED Parameters

• TLS Connect: psk
• TLS Accept: psk
• TLS CA: none
• TLS CA system: leave unchecked
• TLS Identity: pfSensePSK (or any name up to 127 chars)
• TLS PSK:

f2ed8d2c19ab0f8af75f0285277f04f437aa6e34aafe50a9d5dc05e36364892e

Afterward, click Save to complete the agent setup.

Configuring Zabbix Server

Next on the Zabbix Web UI:

• First, go to Configuration >> Hosts >> Create Host.

Host Tab:

• Host name: same as pfSense hostname
• Then the templates: add pfSense by SNMP
• After that, optionally, add FreeBSD by Zabbix Agent
• Host Groups: Linux Servers

Interfaces:

• Add SNMP interface
• Type: SNMP
• IP Address: pfSense IP or leave empty
• DNS Name: server FQDN or leave empty
• Connect to: IP or DNS
• Port: 10050
• If FreeBSD template is added, create another Agent interface with the same settings.

Encryption:

• Connection to host: PSK
• Next connection from host: PSK
• PSK Identity: pfSensePSK
• PSK:

f2ed8d2c19ab0f8af75f0285277f04f437aa6e34aafe50a9d5dc05e36364892e

After that click Update to save.

Verifying Monitoring Data

Go to Monitoring >> Latest data, filter by your pfSense host, and you’ll see items such as pfSense: DHCP Server status.

[If needed, Our team is available 24/7 for additional assistance.]

Conclusion

Setting up pfSense Zabbix agent ensures you gain real-time visibility and reliable monitoring. Moreover, by combining SNMP, PSK encryption, and templates, you create a scalable monitoring environment. This approach keeps you informed about the health of your firewall without extra manual setup. Once in place, you’ll be able to trust Zabbix to alert you on what truly matters.