Basic Setup and Configuring pfsense Firewall Rules For Home

Hi Laurence you are a reference abroad for me, your knowledge is precious, and exactly that the fact that you explain things easily and right to the point.

Tom, Your NAS has 4 NIC's, ? What type of Synology NAS are you using ? I presume your phone can access the camera's with the DS cam app right ?

Hi does the Ubiquiti UniFi Dream Machine support Wireguard out of the box, or do I have to look at the Netgate SG-2100 ?

So, complete noob here and trying to learn, but im assuming you aren't able to remotely view your cameras since it's segmented off?

first of all, thanks for this great content.
i managed to make my pfsense setup to work properly but now i'm facing a very annoying issue.
when my system reboots for example due to a power outage, pfsense cant get the WAN address automatically. i gets WAN as blank.
any idea what could be happening?

and where did you get the firewall_Service_port port from ?

Can psSense do ssl inspection / decryption like the Palo or fortinet? Thx

the first part of the setup when first getting to the configuration wizard for the basic connection with the modem/router. You didn't cover that part.

This is one of the best tutorials I have ever seen. Thanks a lot.
I have two questions:
1. How Synology will do update? Maybe I missed that part, sorry if that is a case,
2. How your phones will sync/backup photos to Synology? Phones are on NSFW LAN and devices assigned to that interface cannot see CAMLAN. If I have this use case, what is best approach?

How to add another wan

Can you post the config settings for the CamLan info? I for some reason am really stuck on getting this to work. I have a single host I don’t want to reach the internet but I still need it to grab NTP and communicate with the other devices on the same network. I just can’t figure it out. Thanks!

Is plex running from your synology? How do you separate plex and the synology interface from on the different networks?

Under-rated and under subscribed channel. Fixed that for myself! Liked and subscribed, looking forward to binge watching your stuff. Cheers mate.

Unfortunately the business information being advertised in the videos for hire is not reliable information and does not exist.

pfsense is not recommended Misc upgrades have caused huge issues including having to re-flash your device. Make sure you have backups! I do not recommend them.. sadly

is this setup as vlan in pfsense to get the separate ip address and a group?

I'm a fan of pfsense, hands down best in the Industry
U can use it in ISPs, IXPs, and simple home networks, but for a home network, that sophos home edition is also a nice piece

VLAN1337 Lit

I've been a security operations manager for years, and it physically hurt me to see you use one subnet for IOT, Phones, AND a DMZ. Plex is publicly exposed, it goes in a DMZ, there really should not be exceptions to that rule unless you're forced at gunpoint.

Malware is made for Android devices far more often than any other OS. Your phone has a huge amount of important information, 2 factor authenticators, 2 factor textessages, probably saved passwords, photos, anything sensitive you've said in texts, microphones and cameras that can be accessed if the device is fully compromised, etc. Having your phone on the same network that you're using to expose shit to the public internet is insanity.

ok; what about cameras like wyze cams and firmware updates

Thank you for so many helpful tutorials. I'm confused about the first rule on the NSFW_LAN. Why is the source '*' for this rule, but the other blocks have source NSFW_LAN? Wouldn't all connections to this interface and going to 'This Firewall' originate on this interface? Wouldn't then source '*' and source 'NSFW_LAN' be the same set of connection attempts? Thank you.

If we block internet access for camlan...how do we remotely view the cameras when away from the location? Can we view cameras remotely?

Hi Tom. What kind of switches do u use ? Each segment on its own switch ? Or u have a big switch and use vlans ?

I love this guy's channel!! Subbed!!

Late to the party, but how do you handle wireless audio devices like HEOS or Sonos, possibly an AVB? These devices don't need a lot of bandwidth, but they do need stable connection with not a lot of network noise. These do not seem to be suitable for the nsfw network.

Why don't we need to allow any IPv6 traffic if they have indeed run out of IPv4 addresses?

Great video. Do you have a newer video that includes making Pfsence more secure for a small business?

I have 2 real networks :) One in the front of the house based on the router of the ISP. It is used by a Smart-TV and phones including those of visitors. The second is in the back of the house based on an old TP-Link Router connected by Ethernet to the ISP Router. The TP-Link Router only supports 100 Mbps, so I added a cheap 5 port 1 Gbps switch. It connects my desktop; backup-server; laptop and over WiFi our phones and Smart-TV. That TP-Link Router is closed for all inbound traffic; user-id and password are changed and it only allows admin access with the MAC addresses of my desktop and laptop. 100% secure, except for entry through asocial media, browser or Email :( :(

How about if I want to block pfsense admin access from the wifi access points similar to the NSFW example?

Hello from the UK - Great video as always! question for your NSFW, would you recommend using a DNS redirect rule to avoid client machines attempting to connect to their own DNS and redirect to the router DNS? or too much bother for the potetnial benifits? Thanks

So how does one easily monitor an external camera when away from the home.. without having to VPN each time ..🤔

This Video helped me a lot. Thank you

Would you consider a video detailing the connections and network configurations with your Synology NAS to your private and NSFW networks?

One question. What would be the rules in CAMLAN if I want to let my NVR to send email notifications?

How do you separate the admin interface from the services on the synology and NAS?

Tom do you run pfblockerng at home?

GET THE F'N OLD COWORKER CRIMINALS OFF MY PC, THEY ARE GOING TO BE CHARGED BOTH CIVIL AND CRIMINAL CHARGES; WONDER IF HTE COMPANY IS GUILTY ALLOWING THIS

Thank you for this. Was struggling with configuring pfsense because my only firewall experience was with corporate firewall software. Seeing your rule configuration just made it click!

Do you have any video that you speak about the pfSense features? How does pfSense compares with DD-WRT for Home use?

I have 6100 i need help setting it up with 10gig wan/lan and 10 gig cisco switch

Speaking as a network engineer, too many block rules, weird choice of subnet ip ranges, not a fan. Positive is that there is network separation at all, which is not a given even in corporate contexts.
But then, there's surprisingly little guidance on this topic out there.

Can you open up some of those rules so we can see the details?

This might be a silly question, but how would you assign each devices to each VLAN?

You do a lot of graphic/charts work... what app do you use if you would not mind.

OPNsense better <3.
Ahah nice video BTW.

Can you do a video on how to connect an external WIFI AP to PF sense router and have some wifi conected devices go to separate networks? Something is wrong with mine. I give devices a static ip on one subnet but they sometimes get a connection on the wrong one.

By isolating the cameras on a separate vlan, can you receive notifications of intrusion events on your phone which is on the NSFW vlan or see the video on your phone from the NSFW vlan? I like the idea of isolating the cameras and the NVR port on the synology, but what about camera notifications and seeing the video when you are not at home?

I have recently set up Vlans on my network. I have the cameras on their own vlan and was concerned that they would not be able to talk to the cloud key on another vlan so I made a rule that allows traffic from the camera network over to the specific host (cloud key) on the other vlan. Is this necessary?

You see to have used pfsense quite a bit, how would you say it compares to the flexibility and feature sets of Mikrotik's RouterOS?