No description
Find a file
2024-01-24 11:47:01 +01:00
.gitignore Initial commit 2023-08-29 14:30:11 +02:00
00-provider.tf init 2023-08-29 14:34:54 +02:00
01-config.tf init 2023-08-29 14:34:54 +02:00
02-pfsense-image.tf updated pfsense version 2024-01-24 11:47:01 +01:00
03-pfsense-network.tf init 2023-08-29 14:34:54 +02:00
04-pfsense-appliance.tf updated pfsense version 2024-01-24 11:47:01 +01:00
deployment.d2 init 2023-08-29 14:34:54 +02:00
deployment.svg init 2023-08-29 14:34:54 +02:00
example.env init 2023-08-29 14:34:54 +02:00
LICENSE Initial commit 2023-08-29 14:30:11 +02:00
README.md init 2023-08-29 14:34:54 +02:00

STACKIT pfSense Deployment

Terraform script to deploy an pfSense firewall into STACKIT Cloud.

Deployment overview:

The Terraform deployment consists of:

  • WAN Network
  • WAN Router with external RouterIP
  • LAN Network
  • LAN Router with static default gateway router to the pfSense firewall
  • pfSense firewall VM + disk volume
  • FloatingIP for firewall VM
  • deactivating port security on firewall ports

Setup

Requirements:

  • Terraform installed
  • Access to a STACKIT project
  • UAT (OpenStack) credentials

Installation

  1. Clone Repo
  2. Setup enviroment (.env) variables
  3. Run Terraform terraform apply

Configure Access to the WebUI

In order to access the pfSense WebUI you need to configure the Appliance via the webVNC console first.

Interface Mapping

The pfSense is asking for WAN and LAN interfaces. WAN must be mapped to vtnet0 LAN to vtnet1

Enable WebUI Access

In the menu overview enter the Shell and type in the following two commands.

  1. To disable the http referer check
    pfSsh.php playback disablereferercheck
    
  2. Allow access from WAN to the WebUI
    pfSsh.php playback enableallowallwan
    

    Keep in mind this rule creates an any to any (allow all) rule to the WAN interface. Please restrict the access again asap.

Now you can enter the WebUI via the FloatingIP on port 443 the default login is admin:pfsense