General Setup Part 5 – Advanced Configuration

To finish off the general setup, we’ll be making a few minor changes in the system settings pages.

Step 1: Change the Web Login Port

Navigate to the following location

System > Advanced > Admin Access

Fig.01 Advanced Admin Access Menu

Fig.01 Advanced Admin Access Menu

In this section, make sure HTTPS is selected. We need to change the TCP port to login to the web page. This is a best practice measure for added security. The default HTTPS port is 443. We should change it to something else but easy enough for you to remember. Something like 344 (which is not a typically used port for anything); or 4433 or something similar. Please take note of what you are changing it to as this will be needed to login into the admin page from now on. For this article, we’ll use port 344

Fig02. Change the Web GUI Port

Fig02. Change the Web GUI Port

All the other defaults can be left alone for this page.

Click ‘Save’ at the bottom of the page

Step 2: Disable IPv6

The next section we will be configuring is IPv6. Navigate to the following location

System > Advanced > Networking

Fig03. Advanced Networking Menu

Fig03. Advanced Networking Menu

On this page at the top you will see a section for IPv6 options. The default is to allow  IPv6 traffic. Throughout this site, we’ll be using IPv4 for tutorials, so we’re going to disable IPv6 to avoid confusion.

Allow IPv6 = Unchecked

Fig04. Disable IPv6

Fig04. Disable IPv6

All other options on this page can be left at the defaults settings.

Click ‘Save’ at the bottom of the page

Step 3: Set AESNI Hardware Settings

If your security appliance has an AES-NI CPU or you are building a firewall with an AES-NI capable CPU; we need to enable the feature to take advantage of the cryptographic hardware acceleration capabilities. Having a CPU with this capability will accelerate any VPN’s created (VPN’s will be detailed in a future article).

Navigate to the following location

System > Advanced > Miscellaneous > Cryptographic & Thermal Hardware (half way down the page)

Fig05. Cryptographic & Thermal Hardware Menu

Fig05. Cryptographic & Thermal Hardware Menu

Change the drop down menu to the following

Cryptographic Hardware = AES-NI CPU-based Acceleration

AES-NI Cryptographic Hardware Setting

Fig06. AES-NI Cryptographic Hardware Setting

All other settings on this page can be left at the defaults.

Click ‘Save’ at the bottom of the page

This concludes the basic setup for pfSense®. The next article will touch on configuring the Dashboard to show desired services and settings.