Virtualizing pfSense Software with Hyper-V

This article is about running pfSense® software in a virtual machine under Microsoft Hyper-V. The guide applies to any Hyper-V version, desktop or server (this includes the standalone Hyper-V Server). The guide explains how to install any major pfSense software version under Hyper-V. Article covers the Hyper-V networking setup and pfSense software virtual machine setup process. The guide does not cover how to install Hyper-V or Windows Server. A basic, working, pfSense software virtual machine will exist by the end of this article.

Note

If pfSense software will be used as a perimeter firewall for an organization and the attack surface should be minimized, the best practice is typically to run the firewall non-virtualized on stand-alone hardware. That is a decision for the user and/or organization to make, however.

This guide starts at a point with a Windows and the Hyper-V role installed. If other VMs are already running on Hyper-V, then it is not likely necessary to follow the networking steps too closely. However, skim through it to see what is suggested before building the pfSense software virtual machine part.

Assumptions

  • Hyper-V host is up and Hyper-V role/feature has been installed

  • The reader has an basic understanding of networking and Hyper-V virtualization

Basic Hyper-V Networking

To virtualize pfSense software, first create two Virtual Switches via Hyper-V Manager.

  • Open the Hyper-V Manager

  • Click Virtual Switch Manager from the Actions menu

  • Select Private for the type of virtual switch

  • Click Create Virtual Switch

    ../_images/hv-01-create-switch.png

  • Set the Name for the newly added switch to LAN

  • Set an appropriate description in the Notes field

  • Ensure the Connection type is set to Private network

  • Click Apply

../_images/hv-02-create-switch-lan.png

Now create a switch for the WAN/Upstream networks:

  • Click New virtual network switch

  • Select External for the type of virtual switch

  • Click Create Virtual Switch

  • Set the Name for the newly added switch to WAN

  • Set an appropriate description in the Notes field

  • Select the appropriate interface for the External network

    This is the interface on the Windows host which connects to the upstream/WAN switch/CPE or similar uplink.

  • Uncheck Allow management operating system to share this network adapter if the hypervisor host has a dedicated interface for WAN.

    For the purpose of this guide the management was allowed, however production use requires a separate NIC for WAN.

    ../_images/hv-03-create-switch-wan.png

  • Click OK to complete the switch setup

Creating the virtual machine

After creating WAN and LAN switches, move to virtual machine creation.

  • Click New > Virtual Machine from the Actions list

    This starts the new virtual machine wizard.

    ../_images/hv-04-wizard-new.png

  • Click Next and proceed to the Specify Name and Location step

  • Enter a Name for the virtual machine, such as pfSense

    ../_images/hv-05-wizard-name.png

  • Click Next and proceed to the Specify Generation step

  • Select the appropriate virtual machine generation: Generation 2

    ../_images/hv-06-wizard-gen.png

  • Click Next and proceed to the Assign Memory step

  • Add enough RAM to meet the requirements of this environment

    This guide uses 1GB (1024 MB). 2GB is better if this VM will run multiple packages.

    ../_images/hv-07-wizard-ram.png

  • Click Next and proceed to the Configure Networking step

  • Select WAN from Connection drop-down menu

    The LAN will be added later after completing the wizard.

    ../_images/hv-08-wizard-nic.png

  • Click Next and proceed to the Connect Virtual Hard Disk step

  • Select Create a virtual hard disk

  • Assign 10 to 20 GB for the VM disk

    Disk-intensive tasks such as packages for IDS/IPS or proxies may require larger disk sizes.

    ../_images/hv-09-wizard-disk.png

  • Click Next and proceed to the Installation Options step

  • Select Install an operating system from a bootable image file

  • Browse to the pfSense software installer ISO image

    ../_images/hv-10-wizard-iso.png

  • Click Next to display the summary at the end of the wizard

  • Review the virtual machine information

    ../_images/hv-11-wizard-summary.png

  • Click Finish if all of the information is correct

This completes the wizard but there are several items which must be set on the VM for it to successfully install and boot pfSense software.

  • Select the VM in the Virtual Machines list in the Hyper-V Manager

  • Click Settings on the Actions panel for this VM

  • Select Add Hardware under Hardware in the left side panel

  • Select Network Adapter

    ../_images/hv-12-add-hw.png

  • Set the Virtual Switch to the LAN switch created earlier

    ../_images/hv-13-add-lan.png

  • Click Apply

  • Select Security under Hardware in the left side panel

  • Uncheck Enable Secure Boot

    Warning

    Secure boot must be disabled for the VM to boot pfSense software.

    ../_images/hv-14-disable-secure-boot.png

  • Click Apply

  • Select Firmware under Hardware in the left side panel

  • Select the Hard Drive entry in the Boot Order list

  • Click Move Up until the Hard Drive entry is at the top of the list

    ../_images/hv-15-boot-order.png

  • Click Apply

  • Review the other VM settings and make the WAN and LAN switches are selected under the respective network adapters

  • Click OK

Installing pfSense Software

After successfully creating and configuring the pfSense software virtual machine, it’s time to start it.

  • Select the VM in the Virtual Machines list in the Hyper-V Manager

  • Click Start from the VM menu in the Actions panel

  • Click Connect… from the VM menu to open a console for the VM

  • Wait for the virtual machine to boot and launch the installer

    ../_images/hv-16-install-eula.png

  • Read and accept the EULA to display the installation menu

    ../_images/hv-17-install-menu.png

  • Proceed through the installation as usual.

    See also

    See Installation Walkthrough for a detailed walkthrough of the installation process.

  • Finish the installation, select reboot, and eject the ISO from the Media menu of the VM console

The VM will restart and begin its first boot.

First boot and interfaces assignment

The pfSense software virtual machine should boot up quickly and prompt for interface assignments.

  • Enter n and press the Enter key to skip the VLAN setup

  • Enter hn0 and press the Enter key when prompted for the name of the WAN interface

  • Enter hn1 and press the Enter key when prompted for the name of the LAN interface

  • Enter y and press the Enter key to proceed

    ../_images/hv-18-assign.png

Tip

The MAC addresses printed on the console can be verified against the virtual machine settings to confirm which interface is which.

After assigning interfaces, pfSense software will finish the boot-up. Verify both interfaces have the correct IP addresses.

../_images/hv-19-bootup-complete.png

Congratulations! The virtual machine is now running pfSense software on Microsoft Hyper-V.

From here, proceed through the configuration process for pfSense software as usual. See Configuration for details.