Wiki

User Tools

Site Tools

Trace: delete_old_kernel_images
pfsense:install_pfsense:pfsense_configuration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pfsense:install_pfsense:pfsense_configuration [2021/01/05 13:36] – [Miscellaneous Configuration] peterpfsense:install_pfsense:pfsense_configuration [2023/04/22 08:31] (current) peter
Line 7: Line 7:
 In **DNS Server Settings**: In **DNS Server Settings**:
  
-  * DNS servers:  **Any DNS Servers you want to use**.  The Servers here are **not** going to be used, as long as Unbound is not working in Forwarding Mode, so just leave it as default, since we are using the **Resolver** Option for Unbound.   +  * DNS servers:  **Any DNS Servers you want to use**.  The Servers here are **not** going to be used, as long as Unbound is not working in Forwarding Mode, so just leave it as default, since we will be using the **Resolver** Option for Unbound.   
-    * Use Gateway:  **none**.  Only needed on Multi-WAN networks.  As Unbound will be doing the Resolving, these  configuration they are not used anyway.+    * Use Gateway:  **none**.  Only needed on Multi-WAN networks.  As Unbound will be doing the Resolving, these  configuration are not used anyway.
   * DNS Server Override:  **Not Checked**.  To prevent any DNS configuration setup on the system being overridden by the ISP or other applications.   * DNS Server Override:  **Not Checked**.  To prevent any DNS configuration setup on the system being overridden by the ISP or other applications.
-  * Disable DNS Forwarder:  **Not Checked**.  To have pfSense use it'local cache for lookups+  * Disable DNS Forwarder:  **Not Checked**.  To have pfSense use its local cache for lookups.
-  * Click **Save**.+
  
 <WRAP info> <WRAP info>
Line 21: Line 20:
  
 {{:pfsense:install_pfsense:pfsense_-_system_-_general_setup_-_dns_server_settings.png?800|}} {{:pfsense:install_pfsense:pfsense_-_system_-_general_setup_-_dns_server_settings.png?800|}}
 +
 +  * Click **Save**.
  
 ---- ----
Line 31: Line 32:
  
   * Dashboard Columns:  **3**.   * Dashboard Columns:  **3**.
-  * Click **Save**. 
  
 <WRAP info> <WRAP info>
Line 38: Line 38:
  
 {{:pfsense:install_pfsense:pfsense_-_system_-_general_setup_-_webconfigurator.png?800|}} {{:pfsense:install_pfsense:pfsense_-_system_-_general_setup_-_webconfigurator.png?800|}}
 +
 +  * Click **Save**.
  
 ---- ----
Line 51: Line 53:
   * Allow Agent Forwarding:  **Not Checked**.   * Allow Agent Forwarding:  **Not Checked**.
   * SSH Port:  **22**.   * SSH Port:  **22**.
-  * Click **Save**. 
  
 {{:pfsense:install_pfsense:pfsense_-_system_-_advanced_-_admin_access_-_secure_shell.png?800|}} {{:pfsense:install_pfsense:pfsense_-_system_-_advanced_-_admin_access_-_secure_shell.png?800|}}
 +
 +  * Click **Save**.
  
 <WRAP info> <WRAP info>
Line 63: Line 66:
  
 </WRAP> </WRAP>
 +
 +
  
 ---- ----
Line 81: Line 86:
  
   * Update Frequency:  **Monthly**.   * Update Frequency:  **Monthly**.
-  * Click **Save**. 
  
 <WRAP info> <WRAP info>
Line 93: Line 97:
  
 </WRAP> </WRAP>
 +
 +{{:pfsense:install_pfsense:pfsense_-_system_-_advanced_-_firewall_nat_-_bogon_networks.png?800|}}
 +
 +
 +  * Click **Save**.
 +
 +
  
 ---- ----
Line 117: Line 128:
   * Suppress ARP handling:  **Not Checked**.   * Suppress ARP handling:  **Not Checked**.
   * Reset All States:  **Not Checked**.   * Reset All States:  **Not Checked**.
- 
-  * Click **Save**. 
  
 {{:pfsense:install_pfsense:pfsense_-_system_-_advanced_-_networking_-_network_interfaces.png?800|}} {{:pfsense:install_pfsense:pfsense_-_system_-_advanced_-_networking_-_network_interfaces.png?800|}}
 +
 +  * Click **Save**.
  
 ---- ----
Line 135: Line 146:
   * Unknown Power:  **Hiadaptive**.   * Unknown Power:  **Hiadaptive**.
  
-{{:pfsense:install_pfsense:pfsense_-_diagnostics_-_dns_lookup.png?800|}}+{{:pfsense:install_pfsense:pfsense_-_my_configuration_-_system_-_advanced_-_miscellaneous_-_power_savings.png?600|}}
  
 In **Cryptographic & Thermal Hardware**: In **Cryptographic & Thermal Hardware**:
Line 151: Line 162:
  
   * State Killing on Gateway Failure:  **Not Checked**.   * State Killing on Gateway Failure:  **Not Checked**.
-  * Skip rules when gateway is down:  **Checked**.+  * Skip rules when gateway is down:  **Not Checked**.   
 + 
 +<WRAP alert> 
 +**ALERT:**  Take special note of the **Skip rules when gateway is down** option. 
 + 
 +One might think that with the check mark unchecked, means that it skips rules when the gateway is down.  But no, it means just the opposite! 
 + 
 +  * By default, when a rule has a specific gateway set, and this gateway is down, a rule is created and traffic is sent to default gateway. 
 +  * This option overrides that behavior and the rule is not created when gateway is down. 
 + 
 +The end result is that if the rules are routing your private traffic over a VPN, but then the VPN goes down for some reason, the system silently routes your traffic to the default network. 
 + 
 +  * Not even the firewall logs provide an alert. 
 +  * They even show the defined gateway rules still executing properly! 
 + 
 +If there is a need to still allow a computer to access the internet anytime (even when VPN is down) then a rule will be needed in **Firewall -> Rules -> LAN** to allow the internal IP address there. 
 + 
 +  * If this access if only needed when the VPN is down, then put it in the LAN firewall rules list after the normal policy-routing rule for VPN traffic. 
 +  * That way it only comes into play when the VPN is down. 
 + 
 +</WRAP> 
  
 <WRAP info> <WRAP info>
pfsense/install_pfsense/pfsense_configuration.1609853789.txt.gz · Last modified: 2021/01/05 13:36 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki