Documentation
pfSense Documentation - Configuration and Administration Guides
pfSense Configuration Recipes - Common Scenarios

pfSense Configuration Recipes - Common Scenarios

pfSense configuration recipes are ready-to-use step-by-step instructions for implementing common scenarios. Each recipe includes a brief task description and the sequence of actions required to achieve the desired result. All recipes are based on practical experience and verified on current pfSense releases.

This section covers the most frequently requested scenarios: from transparent firewall setup and DNS over TLS to DMZ deployment and geographic traffic blocking.

In This Section

  • Common Configuration Recipes - transparent firewall, DNS over TLS/HTTPS, GeoIP blocking, port knocking, forced DNS redirect, multiple public IPs, DMZ, secure remote administration, traffic monitoring, and VPN with split DNS

  • VPN Recipes - IPsec site-to-site with Cisco ASA, AWS and Azure VPN Gateway, OpenVPN with Active Directory authentication, WireGuard for mobile devices with QR codes, Multi-WAN with OpenVPN failover, VPN with Split DNS for multiple domains

  • Network Recipes - multi-tenant VLAN isolation, transparent Squid proxy with SSL inspection, DNS sinkhole with pfBlockerNG DNSBL, traffic mirroring for IDS, PPPoE server, public IP routing, IPv6 tunnel broker, dual-stack IPv4+IPv6, LAGG bonding

  • Security Recipes - pfSense hardening, two-factor authentication with Google Authenticator, IDS/IPS with Suricata in inline mode, automatic IP blocking with pfBlockerNG, logging to SIEM (Wazuh/ELK/Graylog), PCI DSS compliance checklist, CIS benchmark hardening, Tor and anonymizer blocking

  • Service Recipes - HAProxy as reverse proxy with Let’s Encrypt, HAProxy load balancing, Squid caching proxy, SNMP monitoring with Zabbix/LibreNMS, NetFlow/sFlow export, captive portal with vouchers, DHCP failover, Wake-on-LAN

Last updated on