Pinning this comment with the Firewall Rules reference material. I strongly suggest reading this yourself as well! Firewall netgate docs: docs.netgate.com/pfsense/en/latest/firewall/index.html
I LOVE your teaching style! There are so many "how to" videos for pfSense that assume advanced knowledge and make it impossible to follow (and thereby LEARN). You assume nothing and even go out of your way to explain the details and give examples. BRILLIANT. You have made this so easy to understand!
Thank you Ruby I really appreciate the kind feedback. Whenever I make these types of guides I really try to remember a younger me just getting into the tech space working for an ISP and wanting someone to teach me in a similar manner. Not being condescending or speak to me as if I was there helping create the firewall/router/switch and know everything about it. As long as these guides help ease at least one person into the sometimes complex world of networking then I am extremely happy!
I bought a Netgate SG-1100 and didn't know what vlans, tcp/udp or any of it meant years ago. Now I feel confident I won't get locked out of the web interface with your thorough breakdown and helping me understand everything. Thank you sir. You have earned yourself a sub here. Cheers🎉
Great tutorial. So many of your peers assume way too much existing knowledge in their viewers. You not only point out pitfalls, you show us how to repair the damage.
I really appreciate the scope of this video! 1 step above an intro, unedited, and still within reasonable scope for someone to get started configuring their firewall properly before moving on to more nitty-gritty content!
Just found your channel while looking for pfsense knowledge. This video was a very helpful with making what I find as a complex subject easier to understand. thank you 👏👏
Great Job! Thank You very much. I will try to "port" my firewall rules from Mikrotik to pfSense. Same logic but different way. Should work the same. Just a note. After I tested pfSense I made pfSense my primary firewall for about 100 users. Hardware, nothing special with 4 gigs of RAM - memory usage 72%.
It was really straight forward tutorial, in your video i understood what i couldnt get from probably 5 or more other different sources! Keep it going! Ty! (and subbed ofc)
Thank you for this video, it was very informative 👍🏼, i work with paloalto firewall and the Pfsense interface and rules are very similar. Great job 👏🏾 👍🏼
Excellent Tutorial - Thank you. I wish the mouse would not giggle so much though. Please move the mouse slowly so we can see where it is without shaking it so often.
very nice video .. i was thinking on 27:00 , you could create a simple LAN rule for INTERNET access by adding the gateway on the advanced tab ,as a result you cut entirely the internal traffic between hosts inside lan and let users to have internet access ,then you use squid proxy or snort to block P2P .how about that
Very informative video, thank you. If I could ask a favor for your future videos, please try to control the constant quick mouse movement, it's very distracting.
Thank you for suggestion, sorry about distracting you. Sometimes I turn off the mouse pointer in my newer videos. I think at times I just move the mouse around as a pointer to showcase things but at a hyper ADHD level.
Great video thank you. I noticed your RouterOS hardening video. Would you recommend using the firewall on both the MikroTik RouterOS and also on Pfsense? Another question I have some IoT devices and games on my PS5, and I've tried opening the required ports, but I'm still experiencing issues. I'm considering opening up all ports just for those devices, although I'm hesitant to do so. Do you have any advice on what else I could try?
Glad to see you making content about pfsense. It's a fantastic open source firewall. I currently am using it as a transparent bridge on my network to do network detection on my wan interface.
@@makeitcloudy Hello, I just want to be clear. What I am referring to is not really like a switch. But kind of in a way... Though note you shouldn't use pfsense as a bridge as it is not designed for that work load and neither are the NICs that are most likely in your pfsense box. You want a switch doesn't really matter what kind it's just they are far better at well actual switching and forwarding traffic. Now, if you want to learn about what I am doing you can do that by watching this Lawerence Systems video Bridge with suricate testing.
@@blindside995 thank you, I was watching Lawrence, he was my inspirations for freenas, syncthing and pfsense, before I realized network Berg exist :) cheers!
Good info. Had a question on my setup. I have another rule which is " RFC 1918 networks " being blocked. Is this a pfsense item by default? Not sure if it's something I added or not. Trying to do some port forwarding and it's not working, and I'm not sure if this rule or the other one you're showing for the WAN is what's causing my traffic to not go thru or not. Thanks.
Thanks and I appreciate this. It is superful to people using pfsense. Let's say you have 10 vlans and you want to block access from your Lan network/vlan to these vlans.How do you implement that in pfsense. For me I would normally create separate alias containing vlans/network for each vlan, then I would create block rule for each vlan.For instance I create an alias Lan_V_Blocks and populate this with the vlans/networks that I want to block access from Lan network/vlan. The problem with this approach is time consuming. Is there any better and faster solution than this. ?
I'm re-establishing my pfSense from end of last year when I never fully put it in place. When I boot it up, it is showing "pfSense 2.7.2-RELEASE amd64 20231208-2055" Is this the latest version? When I hit the update option , it says it's up-to-date, but I'm not sure if I'm attempted the update correctly. I'm going to "system" "update" "System Update". Thanks in advance!
Hello, thank you for the video it was very helpful. I have a quick question, if the load times are really long for the pfsense webconfigurator does that mean I have some sort of firewall conflict with my dns? (I am just setting it all up today)
A slow webconfigurator sounds more like a resource issue, are you running the software on a VM or Hardware? I would highly suggest posting about it on the pfSense forums with your specs to see if someone from Netgate might be able to help out.
Great video! Just a quick question: Why did you choose "single host or alias" and not "DMZ address" as destination when creating the WAN rule for the DMZ FTP server? Also, I can't seem to find a similar video for Mikrotik firewall rules, explaining the really basic stuff... Did you ever create one? The first 4-5min of this video was really informative, as I was not actually aware of how the firewalls operated. Thanks again.
Thank you for your kind words, I chose single host as I was going to allow traffic just to the IP of the server in the DMZ. The object DMZ address relates to the IP of the DMZ interface of the FW which is not what I wanted to allow. The other object DMZ net relates to the entire subnet, which is also not a good fit for the policy I wanted to implement. Hmmmm I think the most similar videos I have on the subject for MT is what I covered in my MTCNA course here: 📗MikroTik MTCNA - Firewall Principles (Forward,Input,Output) th-cam.com/video/NXvHdZbAuTI/w-d-xo.html 📗 MikroTik MTCNA - Firewall Fasttrack, Mangle Rules & Address Lists th-cam.com/video/sZzvfyfCtWU/w-d-xo.html There is also this video from my live stream, but it is quite lengty: 💻 Taking a look at RouterOS/MikroTik Firewall in EVE-NG Live Lab: Filters, NAT, Mangles etc! th-cam.com/video/zA6bkg2KrjE/w-d-xo.html
Ironically I did remember setting up firewalls more than 20 years requiring a lot of rules and the first time I setup pfsense (very recently) I was confused because it is too simple now 😅
I'm trying to set Blue Iris server in a "DMZ" and only allow access to it from specific network on LAN interface. I've tried setting rules in/out on both interfaces and I still can't get to it.
I started using Sophos at work, and I miss very much on Pfsense ability to add multiple ports/IPs to one rule, it is so tiresome when you must add all ports one by one...
Then again if anything inside wants to get out all it does is go over 443 like lets say a VPN over 443 and bam you got everything now. Unfortunately outbound port blocking is not what it was in the old days, you got to secure all clients directly and ensure only trusted clients are on the network if you really care what is going outbound.
so if i use space invaders tutorial to allow upnp for game consoles should i also place them in a dmz? i really have no need to have them on lan access i’ve been trying to figure out netgears vlan rules but it’s complicated for me to understand.
Haven't needed to access Package Manager until recently. Deleted a package and when I attempted to download the one I wanted... no available packages. Error message something about Internet not available. The firewall works great, and has been doing a flawless job. Maybe I left a remnant of initial setup in, that needs to be removed. Any ideas?
Thanks to Lawrence Systems I have several vlans and an alias "grouping" the private ones including the lan on which pfsense is on. I have a guest vlan, I'm trying to create a Captive Portal So I have this rule thanks Lawrence, which blocks my private interfaces. How do allow the local dns to pas (on lan). I tried allowing dns tcp/udp from gust to lan no joy.
Most people tend to drop ICMP to the wan IP, though you could tweak rules to allow monitoring from a specific source to that you could see if the link ever goes down but no one else would even know the IP was live
What is your opinion w.r.t. Mikrotik firewall vs PFSense if you disregard the reporting side of PFSense? Would you choose PFSense over a solution with extensive scripting for instance on a CCR that also assists with IDS, blacklisting, tunneling, VPN's etc?
Hi Anthon, I think the statement "With extensive scripting" already summarizes why a SOHO or Medium sized business should rather opt for something like a pfSense firewall as opposed to having the MikroTik doing the firewalling. Scripting in itself can be pretty complex and even if you are just importing scripts from some vendor you are probably going to be paying them for those services, which they do on their own platforms which is most likely just another firewall. If you are going to do your own scripting that also means you are going to have to learn the scripting language or find someone that understands it. It's definitely not the hardest scripting language in the world, but it's still a niche skillset. Very useful, but in the sense of business if I suddenly lost a person that performed all the scripting and that skillset gets lost then I think the business could face some serious trouble. Especially after some software upgrade on ROS that creates some or other bug on a script that you are using. So for ease of use I think pfSense is a much better firewall, although I still think MikroTik is a superior router :D!
@@TheNetworkBerg Thanks for the quick reply - we have several staff quite comfortable with Mikrotik scripting and have about two decades worth of Mikrotik experience so we know them really well. The question for me here is whether we should look at PFSense as a replacement (or addition) for a skillset we already have given that we have no issue with Mikrotik where it stands at present. We supply a service to business in this regard. Your knowledge of Mikrotik and now PFSense makes your opinion matter hense the reason I asked and might save some time playing with something and then realize its not needed. So I guess the real question to ask is then why would you choose PFSense over Mikrotik if skills are not an issue.
@@anthonwalters3706 Valid, but still a tough question to be honnest. I could say and summarize it this way, that if you can afford the effort of scripting by your own, and you are in such comfortable situation that the tests can be performed outside of production, then why not performing all the logic within your scripts, especially when you are sure about the people standing behind the whole logic. The thing is that the code itself, does not scale well if it is not designed properly. Keeping the IaC (Infrastructure as Code) in mind, the real question is about combining the scripts with the processes or other API's which can talk with your functionality. I still can not compare all the plugins available in pfsense, and whether those has the integration with the particular usecase you have in your head for the business case of your's, that's why this question can be probably answered by you only. Unless I'm completelly wrong. Cheers
Not a strange question at all Dennis, there's a few configurations you can run using both a RB3011 and a Netgate firewall. I would prefer putting the RB on the WAN edge and having it be responsible for connections and such where you could leverage the firewall features of the Netgate behind the MikroTik to monitor and restrict access to your internal networks a bit more effectively.
@@TheNetworkBerg That is the answer I was looking for. I have 20 VLANS setup on my 3011 with the last 10 devoted to 10 computers forr all the grandkids and neighberhood kids to utlize them for gaming. I need to get more granular control on the kids use of the internet. Another goal is VLAN internet connection blocking. sould this be acomplished on the Netgate or the 3011? I have a symentrical 1Gb x 1Gb internet connection. All the other Vlans are used for Plex, Unraid, Windows Server 2022, and Wireless networks.
This video was aimed at how to configure firewall policies, I suggest looking at your logs and creating policies to specifically drop the torrent traffic you are seeing on either their protocols and/or destinations
Good info, but man, CHILL with the spastic zig zagging of the mouse cursor over everthing. Highly distracting and annoying. Calm steady movements win every time.
Pinning this comment with the Firewall Rules reference material. I strongly suggest reading this yourself as well!
Firewall netgate docs:
docs.netgate.com/pfsense/en/latest/firewall/index.html
I LOVE your teaching style! There are so many "how to" videos for pfSense that assume advanced knowledge and make it impossible to follow (and thereby LEARN). You assume nothing and even go out of your way to explain the details and give examples. BRILLIANT. You have made this so easy to understand!
Thank you Ruby I really appreciate the kind feedback. Whenever I make these types of guides I really try to remember a younger me just getting into the tech space working for an ISP and wanting someone to teach me in a similar manner. Not being condescending or speak to me as if I was there helping create the firewall/router/switch and know everything about it. As long as these guides help ease at least one person into the sometimes complex world of networking then I am extremely happy!
I agree they don't take in to account some of us are novices at this type of thing.
I bought a Netgate SG-1100 and didn't know what vlans, tcp/udp or any of it meant years ago. Now I feel confident I won't get locked out of the web interface with your thorough breakdown and helping me understand everything. Thank you sir. You have earned yourself a sub here. Cheers🎉
Great tutorial. So many of your peers assume way too much existing knowledge in their viewers. You not only point out pitfalls, you show us how to repair the damage.
I really appreciate the scope of this video! 1 step above an intro, unedited, and still within reasonable scope for someone to get started configuring their firewall properly before moving on to more nitty-gritty content!
Excellent video, thank you for this well explained tutorial.
Super helpful and a very clean and easy-to-follow teaching style. Thank you so much!
Thank you for the nice comment I really appreciate it very much!
Enormously helpful. This is all new to me, and because of your teaching style, it all makes sense.
Just found your channel while looking for pfsense knowledge. This video was a very helpful with making what I find as a complex subject easier to understand. thank you 👏👏
Well done for my first introduction to PFsense. Thank you.
Great video!! You've made it very clear for me as a newbie to understand. I needed this lol
Great Job! Thank You very much. I will try to "port" my firewall rules from Mikrotik to pfSense. Same logic but different way. Should work the same. Just a note. After I tested pfSense I made pfSense my primary firewall for about 100 users. Hardware, nothing special with 4 gigs of RAM - memory usage 72%.
After watching 20 other videos this one BEST explained what I needed to know!!! Thank you!!
Your video has been SOO helpful, awesome walk-through, thank you!
Glad it was helpful!
It was really straight forward tutorial, in your video i understood what i couldnt get from probably 5 or more other different sources! Keep it going! Ty! (and subbed ofc)
Very very helpful!! Thank you very much, this saves a lot of time for me.
Was looking for a quick rundown on pfsense firewall capabilities and you covered all the bases. Thanks for the info. Subbed.
Thank you for subscribing I really appreciate it
Excellent work!! Please bring more videos on pfsense including with openvpn
Thank you for this video, it was very informative 👍🏼, i work with paloalto firewall and the Pfsense interface and rules are very similar. Great job 👏🏾 👍🏼
This was really good. Much appreciated.
Glad you enjoyed it!
Excellent Tutorial - Thank you. I wish the mouse would not giggle so much though. Please move the mouse slowly so we can see where it is without shaking it so often.
Great tutorial, thanks for sharing the knowledge. Huge subscribe :)
Well done and easy to follow. Thanks for a great intro.
Just brilliant, thank you for this tutorial!
You're very welcome!
Thank you so much for making this lovely video!!
Excellent way of explanation.
This was really good! Thanks for sharing your knowledge with us.
Thanks so much.
Great information!
Greate video. That's helpful to me.
Very good. I Like your teaching metod.
Great video, thank you.
this was really awesome
thanks man
Glad you liked it!
very nice video .. i was thinking on 27:00 , you could create a simple LAN rule for INTERNET access by adding the gateway on the advanced tab ,as a result you cut entirely the internal traffic between hosts inside lan and let users to have internet access ,then you use squid proxy or snort to block P2P .how about that
Great work, thank you for this tutorial. Very informative.
Great video !
Thanks!
Thanks so much. Looking for a video explaining how to reach PfSense and other servers from WAN, Please.
Awesome video! Thank you :)
Thank you for watching ^^!
I was also hoping that you cover NAT a bit as part of DMZ config. Overall rich content. Keep it this way :)
Very informative video, thank you. If I could ask a favor for your future videos, please try to control the constant quick mouse movement, it's very distracting.
Thank you for suggestion, sorry about distracting you. Sometimes I turn off the mouse pointer in my newer videos. I think at times I just move the mouse around as a pointer to showcase things but at a hyper ADHD level.
you can group all your interfaces together so all your rules will appear under one tab, a lot more easier to look at
Great video thank you. I noticed your RouterOS hardening video. Would you recommend using the firewall on both the MikroTik RouterOS and also on Pfsense?
Another question I have some IoT devices and games on my PS5, and I've tried opening the required ports, but I'm still experiencing issues. I'm considering opening up all ports just for those devices, although I'm hesitant to do so. Do you have any advice on what else I could try?
thank you! it worked as a charm
Subscribed!
Thank you very much
Glad to see you making content about pfsense. It's a fantastic open source firewall. I currently am using it as a transparent bridge on my network to do network detection on my wan interface.
Can you drop some light, about the setup that it act as a bridge instead of L3, or advise with an article which is worth spending time on?
@@makeitcloudy Hello, I just want to be clear. What I am referring to is not really like a switch. But kind of in a way... Though note you shouldn't use pfsense as a bridge as it is not designed for that work load and neither are the NICs that are most likely in your pfsense box. You want a switch doesn't really matter what kind it's just they are far better at well actual switching and forwarding traffic.
Now, if you want to learn about what I am doing you can do that by watching this Lawerence Systems video Bridge with suricate testing.
@@blindside995 thank you, I was watching Lawrence, he was my inspirations for freenas, syncthing and pfsense, before I realized network Berg exist :) cheers!
Good info. Had a question on my setup. I have another rule which is " RFC 1918 networks " being blocked. Is this a pfsense item by default? Not sure if it's something I added or not. Trying to do some port forwarding and it's not working, and I'm not sure if this rule or the other one you're showing for the WAN is what's causing my traffic to not go thru or not. Thanks.
Danke!
Worked , thanks a lot!
Thanks and I appreciate this. It is superful to people using pfsense. Let's say you have 10 vlans and you want to block access from your Lan network/vlan to these vlans.How do you implement that in pfsense. For me I would normally create separate alias containing vlans/network for each vlan, then I would create block rule for each vlan.For instance I create an alias Lan_V_Blocks and populate this with the vlans/networks that I want to block access from Lan network/vlan. The problem with this approach is time consuming. Is there any better and faster solution than this. ?
I'm re-establishing my pfSense from end of last year when I never fully put it in place. When I boot it up, it is showing "pfSense 2.7.2-RELEASE amd64 20231208-2055" Is this the latest version? When I hit the update option , it says it's up-to-date, but I'm not sure if I'm attempted the update correctly. I'm going to "system" "update" "System Update". Thanks in advance!
This is a wonderful video
Hello, thank you for the video it was very helpful. I have a quick question, if the load times are really long for the pfsense webconfigurator does that mean I have some sort of firewall conflict with my dns? (I am just setting it all up today)
A slow webconfigurator sounds more like a resource issue, are you running the software on a VM or Hardware? I would highly suggest posting about it on the pfSense forums with your specs to see if someone from Netgate might be able to help out.
Great video!
Just a quick question: Why did you choose "single host or alias" and not "DMZ address" as destination when creating the WAN rule for the DMZ FTP server?
Also, I can't seem to find a similar video for Mikrotik firewall rules, explaining the really basic stuff... Did you ever create one? The first 4-5min of this video was really informative, as I was not actually aware of how the firewalls operated. Thanks again.
Thank you for your kind words, I chose single host as I was going to allow traffic just to the IP of the server in the DMZ. The object DMZ address relates to the IP of the DMZ interface of the FW which is not what I wanted to allow. The other object DMZ net relates to the entire subnet, which is also not a good fit for the policy I wanted to implement.
Hmmmm I think the most similar videos I have on the subject for MT is what I covered in my MTCNA course here:
📗MikroTik MTCNA - Firewall Principles (Forward,Input,Output)
th-cam.com/video/NXvHdZbAuTI/w-d-xo.html
📗 MikroTik MTCNA - Firewall Fasttrack, Mangle Rules & Address Lists
th-cam.com/video/sZzvfyfCtWU/w-d-xo.html
There is also this video from my live stream, but it is quite lengty:
💻 Taking a look at RouterOS/MikroTik Firewall in EVE-NG Live Lab: Filters, NAT, Mangles etc!
th-cam.com/video/zA6bkg2KrjE/w-d-xo.html
Ironically I did remember setting up firewalls more than 20 years requiring a lot of rules and the first time I setup pfsense (very recently) I was confused because it is too simple now 😅
It would be nice to combine RouterOS with pFsense.. ROS to function as routing, and pfSense as both firewall and VPN client.
I'm trying to set Blue Iris server in a "DMZ" and only allow access to it from specific network on LAN interface. I've tried setting rules in/out on both interfaces and I still can't get to it.
very helpful! thanks
Nice work there TNB. PfSense is a very robust firewall.
I started using Sophos at work, and I miss very much on Pfsense ability to add multiple ports/IPs to one rule, it is so tiresome when you must add all ports one by one...
My pf sense always blocks Outlook emails .
But work well after a reboot .
For about hour.
What might be the problem
Then again if anything inside wants to get out all it does is go over 443 like lets say a VPN over 443 and bam you got everything now. Unfortunately outbound port blocking is not what it was in the old days, you got to secure all clients directly and ensure only trusted clients are on the network if you really care what is going outbound.
Once pfsense installed, we should whitelist the service which we want … right ?
Why not OPNsense (fork PFsense)?
Maybe some comparison of both solutions?
Sure, I could take a look at OPNsense as well and do some comparisons ^^
so if i use space invaders tutorial to allow upnp for game consoles should i also place them in a dmz? i really have no need to have them on lan access i’ve been trying to figure out netgears vlan rules but it’s complicated for me to understand.
great stuff thanks.
Haven't needed to access Package Manager until recently. Deleted a package and when I attempted to download the one I wanted... no available packages. Error message something about Internet not available. The firewall works great, and has been doing a flawless job. Maybe I left a remnant of initial setup in, that needs to be removed. Any ideas?
Package reinstall process was ABORTED due to lack of internet connectivity @ 2024-04-03 21:48:08
Thanks for that.
Thanks to Lawrence Systems I have several vlans and an alias "grouping" the private ones including the lan on which pfsense is on. I have a guest vlan, I'm trying to create a Captive Portal
So I have this rule thanks Lawrence, which blocks my private interfaces. How do allow the local dns to pas (on lan).
I tried allowing dns tcp/udp from gust to lan no joy.
Does it make security sense to keep wan icmp blocked, or is reasonable to pass it. Steve Gibson’s shields up fails if your public ip responds to ping.
Most people tend to drop ICMP to the wan IP, though you could tweak rules to allow monitoring from a specific source to that you could see if the link ever goes down but no one else would even know the IP was live
Thanks
i am able toping but notable to take the remote from the wan from the LAN IP can you help me out
Great
What is your opinion w.r.t. Mikrotik firewall vs PFSense if you disregard the reporting side of PFSense? Would you choose PFSense over a solution with extensive scripting for instance on a CCR that also assists with IDS, blacklisting, tunneling, VPN's etc?
Hi Anthon, I think the statement "With extensive scripting" already summarizes why a SOHO or Medium sized business should rather opt for something like a pfSense firewall as opposed to having the MikroTik doing the firewalling. Scripting in itself can be pretty complex and even if you are just importing scripts from some vendor you are probably going to be paying them for those services, which they do on their own platforms which is most likely just another firewall.
If you are going to do your own scripting that also means you are going to have to learn the scripting language or find someone that understands it. It's definitely not the hardest scripting language in the world, but it's still a niche skillset. Very useful, but in the sense of business if I suddenly lost a person that performed all the scripting and that skillset gets lost then I think the business could face some serious trouble. Especially after some software upgrade on ROS that creates some or other bug on a script that you are using.
So for ease of use I think pfSense is a much better firewall, although I still think MikroTik is a superior router :D!
@@TheNetworkBerg Thanks for the quick reply - we have several staff quite comfortable with Mikrotik scripting and have about two decades worth of Mikrotik experience so we know them really well. The question for me here is whether we should look at PFSense as a replacement (or addition) for a skillset we already have given that we have no issue with Mikrotik where it stands at present. We supply a service to business in this regard. Your knowledge of Mikrotik and now PFSense makes your opinion matter hense the reason I asked and might save some time playing with something and then realize its not needed. So I guess the real question to ask is then why would you choose PFSense over Mikrotik if skills are not an issue.
@@anthonwalters3706 Valid, but still a tough question to be honnest. I could say and summarize it this way, that if you can afford the effort of scripting by your own, and you are in such comfortable situation that the tests can be performed outside of production, then why not performing all the logic within your scripts, especially when you are sure about the people standing behind the whole logic. The thing is that the code itself, does not scale well if it is not designed properly. Keeping the IaC (Infrastructure as Code) in mind, the real question is about combining the scripts with the processes or other API's which can talk with your functionality. I still can not compare all the plugins available in pfsense, and whether those has the integration with the particular usecase you have in your head for the business case of your's, that's why this question can be probably answered by you only. Unless I'm completelly wrong. Cheers
Strange question, can a Netgate Firewall be used with a Mikrotik RB3011?
Not a strange question at all Dennis, there's a few configurations you can run using both a RB3011 and a Netgate firewall. I would prefer putting the RB on the WAN edge and having it be responsible for connections and such where you could leverage the firewall features of the Netgate behind the MikroTik to monitor and restrict access to your internal networks a bit more effectively.
@@TheNetworkBerg That is the answer I was looking for. I have 20 VLANS setup on my 3011 with the last 10 devoted to 10 computers forr all the grandkids and neighberhood kids to utlize them for gaming. I need to get more granular control on the kids use of the internet. Another goal is VLAN internet connection blocking.
sould this be acomplished on the Netgate or the 3011? I have a symentrical 1Gb x 1Gb internet connection. All the other Vlans are used for Plex, Unraid, Windows Server 2022, and Wireless networks.
Curious, as none of the rules you implemented any blocking actions, reason?
Implicit Deny Rule
for some reason https and http does not work for me. im starting all from 0 with another vm to see where is the problem
Is it possibe to work with objects so I dont have to enter IP adresses every time in the rules?
It's called Aliases in pfSense
thanks, teach firewall rules.
dude youre fuckin Awesome!!
Have you ever tried IPFIRE?
Great video but you move too much the arrow on the screen.
Sorry if the mouse pointer was distracting for you, and thank you for your feedback :)
i copy your config but still can torrent access
This video was aimed at how to configure firewall policies, I suggest looking at your logs and creating policies to specifically drop the torrent traffic you are seeing on either their protocols and/or destinations
Does start talking about Firewall rule tell after 6 minutes! FYI...
Lots of context to cover :)
Could you please quit waving the cursor around like a nervous fidgety teenager?
Good info, but man, CHILL with the spastic zig zagging of the mouse cursor over everthing. Highly distracting and annoying. Calm steady movements win every time.
I almost had a seizure following this guy’s cursor.
this was great, thank you