Important

Netgate is offering COVID-19 aid for pfSense software users, learn more.

Launching an Instance with a single NIC

An instance of pfSense® for Azure that is created with a single NIC can be used as a VPN endpoint to allow access into an Azure Virtual Network (VNet). The single NIC pfSense virtual machine (VM) only creates a WAN interface, but still provides a public and private IP within Azure.

In the Azure Management Portal, launch a new instance of the pfSense firewall and VPN appliance from Netgate®.

  1. From the Azure portal Dashboard, click on Marketplace

    ../_images/azure-appliance-1.jpg
  2. Search for and select the Netgate Appliance for Azure

    ../_images/azure-appliance-2.jpg
  3. Set the name of the instance as well as username, password, resource group, and region.

    The username entered will be created as a valid pfSense account upon boot and will be able to log into the webGUI. Additionally, the admin user will also have it’s password set to the value that’s entered.

    Warning

    The username typically used to administer pfSense is admin, but admin is a reserved name that is not allowed to be set by the Azure provisioning wizard. Also for cloud security, it is considered best practice to limit access for the root user, so root is locked by default.

    ../_images/azure-appliance-3.jpg
  4. Choose the instance size.

    ../_images/azure-appliance-4.jpg
  5. Choose the disc type, and network settings (virtual network, subnet, public IP address, network security group).

    To manage the Netgate pfSense appliance, you should ensure that the security group contains rules to allow ports 22 (SSH) and 443 (HTTPS) to access the command line and Web GUI. If you plan to allow other traffic, add additional endpoints.

    For IPsec, allow UDP port 500 (IKE) and UDP port 4500 (NAT-T).

    For OpenVPN, allow UDP port 1194.

    Click on Network security group and make additions as needed.

    ../_images/azure-appliance-5.jpg
  6. Confirm your selections on the Summary page and click OK.

  7. Note the price on the purchase page and click Purchase.

  8. Once the VM launches and the Azure portal shows that it has come up, you can access the web interface. Use the password you set during the provisioning process and the admin user. You should now be able to access the appliance.