Updated September 24, 2024

pfSense firewall is a multifunctional software router-firewall based on the FreeBSD OS.

Key features: routing, including dynamic one, firewall protection, NAT, DHCP server, load balancing, VPN (including OpenVPN and L2TP), dDNS, PPPoE, IDS, and proxying.

Benefits

  • Modular architecture.
  • Own package manager.
  • Built-in monitoring, logging, and reporting.
  • A firewall, intrusion detection and prevention systems (IDS/IPS), antivirus.
  • Integration with Security Onion, Wazuh etc.
Deployment instructions

Alert

Attention! If you create a virtual machine with more than 8 interfaces, SSH may not be available on the first interface! This behavior is observed for all virtual machines with more than 8 interfaces. However, if you still need to create a virtual machine with more than 8 interfaces, SSH will likely be accessible via the IP address of the 9th interface.

  1. Get an SSH key pair to connect to a virtual machine (VM).

  2. Create a VM from a public image. Under Image/boot disk selection, go to the Cloud Marketplace tab and select pfSense firewall. Under Access:

    • Enter freebsd in the Username field.

      Warning

      You cannot use the admin username and usernames other than freebsd.

    • Paste the contents of the public SSH key file in the SSH key field.

    Save the VM public IP address.

  3. Connect to the VM over SSH. To do this, use the freebsd username and the private SSH key you created earlier.

  4. Upgrade privileges to root:

    sudo bash
    
  5. Open the root_password file:

    ee /conf/root_password
    
  6. Copy the password. You will need it to access the web interface.

  7. In the browser, go to https://<VM_public_IP_address>/.

  8. To connect to the service, use the following parameters:

    • Username: Admin.
    • Password: <Password_from_root_password_file>.

    Change the password if needed.

Instead of the standard freebsd username, you can specify a custom one when creating a VM:

  1. Create a configuration file for the cloud-init utility, such as config.yaml.

  2. Copy and add the following metadata to the file:

    #cloud-config
    datasource:
      Ec2:
        strict_id: false
    system_info:
      distro: freebsd
      default_user:
        name: <username>
        ssh_authorized_keys:
          - <public_part_of_SSH_key>
        groups: [wheel]
        sudo: ["ALL=(ALL) NOPASSWD:ALL"]
        shell: /usr/local/bin/bash
      network:
          renderers: ['freebsd']
    bootcmd:
      - rmuser -y freebsd
    

    Where:

    • name: Username.
    • ssh_authorized_keys: Contents of the public SSH key file.

    In FreeBSD, bash is stored in /usr/local/bin/.

  3. Create a VM using the CLI and provide the user metada:

    yc compute instance create \
      --name <VM_name> \
      --zone <availability_zone> \
      --network-interface subnet-name=<subnet_name>,nat-ip-version=ipv4 \
      --create-boot-disk name=disk1,size=20,image-id=fd8t7dhq1pt5gidofilh \
      --metadata-from-file <config.yaml_file_path>
    

    Where:

    • name: VM name.
    • zone: Availability zone.
    • subnet-name: Subnet name.
    • image-id: FreeBSD image ID.
    • metadata-from-file: Path to the metadata file with user settings.

You can also use cloud-init to manage user SSH keys, create multiple users, and install software packages.

Sample cloud-init configuration file for managing user SSH keys:

#cloud-config
datasource:
  Ec2:
    strict_id: false
users:
  - gecos: freebsd
    name: freebsd
    ssh_authorized_keys:
      - <public_part_of_SSH_key>
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: [wheel, sudo]

Where ssh_authorized_keys stands for the contents of the public SSH key file.

Sample cloud-init configuration file for creating multiple users and installing software packages:

#cloud-config
datasource:
  Ec2:
    strict_id: false
users:
  - gecos: <user_details>
    name: <username>
    ssh_authorized_keys:
      - <public_part_of_SSH_key>
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: [wheel, sudo]
  - gecos: <user_details>
    name: <username>
    ssh_authorized_keys:
      - <public_part_of_SSH_key>
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: [wheel, sudo]
packages:
  - curl
  - py39-pip
package_update: true
package_upgrade: false

Where:

  • gecos: Information about the user.
  • name: Username.
  • ssh_authorized_keys: Contents of the public SSH key file for each user.
  • packages: List of software packages to be installed.

Tariffs

Hourly (pay as you go)

RUB 20/hour
Pay as you go
Pay as you go
RUB 20/hour

pfSense 1 year per instance

RUB 18/hour
RUB 160,000 / 365 days
Prepaid
RUB 160,000 / 365 days
Prepaid
RUB 18/hour

pfSense 2 year per instance

RUB 18/hour
Best price
RUB 310,000 / 730 days
Prepaid
Best price
RUB 310,000 / 730 days
Prepaid
RUB 18/hour

pfSense 3 year per instance

RUB 19/hour
RUB 500,000 / 1095 days
Prepaid
RUB 500,000 / 1095 days
Prepaid
RUB 19/hour
Try it for free or with a discount

from RUB 0.39 /
per minute

The usage cost for the product and required resources within the default configuration 
Billing type
Hourly (Pay as you go)
Type
Virtual Machine
Category
Network infrastructure
Security
Publisher
OpenNix Cloud security
Use cases
  • Creating VPN connections between physical and cloud resources.
  • Protecting sites and applications.
  • Translating addresses.
  • Filtering traffic.
  • Routing on the internet.
  • Intrusion detection (IDS/IPS).
  • Traffic monitoring.
  • Dynamic routing.
Technical support

OpenNix
OpenNix provides technical support to pfSense firewall users in Yandex Cloud. You can contact their technical support by email at support@opennix.ru. Support engineers are available on business days from 9 am to 6 pm GMT+3.

Yandex Cloud
Yandex Cloud does not provide technical support for this product. If you have any issues, please refer to the respective developer’s information resources.

Product IDs
image_id:
fd8kbol6hulrf9se0arj
family_id:
opennix-pfsense
Product composition
SoftwareVersion
FreeBSD14.0
pfSense2.7.2
wazuh-agent4.7.3
Terms
By using this product you agree to the Yandex Cloud Marketplace Terms of Service and the terms and conditions of the following software: End user license agreement

Tariffs

Hourly (pay as you go)

RUB 20/hour
Pay as you go
Pay as you go
RUB 20/hour

pfSense 1 year per instance

RUB 18/hour
RUB 160,000 / 365 days
Prepaid
RUB 160,000 / 365 days
Prepaid
RUB 18/hour

pfSense 2 year per instance

RUB 18/hour
Best price
RUB 310,000 / 730 days
Prepaid
Best price
RUB 310,000 / 730 days
Prepaid
RUB 18/hour

pfSense 3 year per instance

RUB 19/hour
RUB 500,000 / 1095 days
Prepaid
RUB 500,000 / 1095 days
Prepaid
RUB 19/hour
Try it for free or with a discount

from RUB 0.39 /
per minute

The usage cost for the product and required resources within the default configuration 
Billing type
Hourly (Pay as you go)
Type
Virtual Machine
Category
Network infrastructure
Security
Publisher
OpenNix Cloud security