5.4.5 Configure a Perimeter Firewall

 EXPLANATION

1. Sign in to the pfSense management console.
   1. In the Username field, enter admin.
   2. In the Password field, enter P@ssw0rd (zero).
   3. Select SIGN IN or press Enter.
2. Create and configure a firewall rule to pass HTTP traffic from the WAN to the Web server in the DMZ.
   1. From the pfSense menu bar, select Firewall > Rules.
   2. Under the Firewall breadcrumb, select DMZ.
   3. Select Add (either one).
   4. Make sure Action is set to Pass.
   5. Under Source, use the drop-down to select WAN net.
   6. Under Destination, use the Destination drop-down to select Single host or alias.
   7. In the Destination Address field, enter 172.16.1.5.
   8. Using the Destination Port Range drop-down, select HTTP (80).
   9. Under Extra Options, in the Description field, enter HTTP from WAN to DMZ.
   10. Select Save.
   11. Select Apply Changes.
3. Create and configure a firewall rule to pass HTTPS traffic from the WAN to the Web server in the DMZ.
   1. For the rule just created, select the Copy icon (two files).
   2. Under Destination, change the Destination Port Range to HTTPS (443).
   3. Under Extra Options, change the Description field to HTTPS from WAN to DMZ.
   4. Select Save.
   5. Select Apply Changes.
4. Create and configure a firewall rule to pass all traffic from the LAN network to the DMZ network.
   1. Select Add (either one).
   2. Make sure Action is set to Pass.
   3. For Protocol, use the drop-down to select Any.
   4. Under Source, use the drop-down to select LAN net.
   5. Under Destination, use the drop-down to select DMZ net.
   6. Under Extra Options, change the Description field to LAN to DMZ Any.
   7. Select Save
   8. selcet apply changes