Launching an Instance with a single NIC

An instance of pfSense® for Azure that is created with a single NIC can be useful as a VPN endpoint to allow access into a virtual network. These instances can be created in the Azure management portal.

In the Azure Management Portal, launch a new instance of the pfSense firewall and VPN appliance from Netgate®.

1. From the Azure portal Dashboard, click on Marketplace

   

2. Search for and select the Netgate Appliance for Azure

   

3. Set the name of the instance, username, password, resource group, and region. The username typically used to administer pfSense is admin, but admin is a reserved name that is not allowed to be set by the Azure provisioning wizard. The username entered will be created as a valid pfSense account upon bringup and will be able to log into the web GUI. Additionally, the admin user will also have it’s password set to the value that’s entered.

   

4. Choose the instance size.

   

5. Choose the disc type, and network settings (virtual network, subnet, public IP address, network security group). In order to manage the Netgate pfSense appliance, you should ensure that the security group contains rules to allow ports 22 (SSH) and 443 (HTTPS) to access the command line and Web GUI. If you plan to allow other traffic, you will need to add additional endpoints. For IPsec, you would allow UDP port 500 (IKE) and UDP port 4500 (NAT-T). For OpenVPN, you would allow UDP port 1194. Click on Network security group and make additions as needed.

   

6. Confirm your selections on the Summary page and click OK. Note the price on the purchase page and click Purchase. Once the VM launches and the Azure portal shows that it has come up, you can access the web interface. Use the password you set during the provisioning process and the admin user. You should now be able to access the appliance.