In certain environments, it is useful to have a router and firewall between two private vlans. When the WAN interface of PfSense is not able to access the internet (e.g. DNS Resolution, Update Checks, etc.) it can become sluggish to boot and configure. This guide attempts to capture configuration knobs that can improve the usability in these environments, and was written with PfSense CE 2.7.2 configuration as a baseline.
- Finish Documentation
-
tcpdump -nn -i XXX
pfsense at steady state air-gapped {for em0 (WAN), em1 (LAN), lo0 (loopback)} Loopback will show you all of the items that would have being queried viaroot.hints
or other pfsense internals. Start withudp port 53
capture filter to look for DNS traffic. - tcpdump pfsense at boot with WAN interface to look for extra ntp, dns, http, tls packets
Installation from the PfSense CE ISO file can easily be done in these environments. Download the ISO from mirror (to avoid creatin