pfSense Mini PC Firewall for your Home Lab
pfSense is one of the most popular open-source firewall solutions you can download. It has a ton of enterprise features, even with the Community Editon (CE) pfSense installation. Many are pivoting to mini PCs for their home lab server hosts and running virtualization solutions since current models are powerful and use less power. However, we can use a pfSense mini PC as a firewall appliance. I want to share with you guys my efforts in installing pfSense on a recent mini PC I have been testing in the home lab.
Table of contents
Why run a pfSense Mini PC?
There are several reasons to run your pfSense open-source firewall solution on a mini PC and use it as your environment’s router software. Again, pfSense provides advanced security features, and mini PCs are powerful and also don’t draw much electricity, which is key in many parts of the world.
pfSense Mini PCs provide several benefits, including the following:
- Small and Energy Efficient: Since your firewall and router appliance is likely to be on 24x7x365, even if your virtual hosts are not, you want your pfSense box to be energy efficient. Mini PCs are also generally much quieter than other server-class hardware
- Features and capabilities: With pfSense, you can configure VPNs, firewalls, and other network services in one device.
- Cost: Mini PCs have many features at a fraction of the cost of conventional server-class hardware solutions.
- 2.5G networking – Many ISPs now want to be able to link up at 2.5G handoffs. Most of the current mini PCs are coming to market with 2.5G network adapters.
Installing pfSense on your Mini PC
Just so you know, the mini PC I used for my pfSense installation on mini PC, I am using the Minisforum NAB6 Lite Mini PC that has (2) 2.5G network adapters.
You can check out my written review of the Minisforum NAB6 Lite mini PC here: Minisforum NAB6 Mini PC as a Home Lab Server. Also, my video review is here:
- Selecting the Right Hardware: Ensure your Mini PC has sufficient CPU power, RAM, and network ports for your needs.
- Installing pfSense: Download the pfSense image file from the official site and write it to a USB drive for installation.
- Configuration and Deployment: Use the pfSense setup wizard to configure basic settings, then customize your network security features.
Let’s look at the installation wizard for installing pfSense on a mini PC. This is the same as any other type of hardware, including a pfSense virtual machine. Below, we have booted from the pfSense ISO.
Choose to install pfSense.
Setting up the network to continue the installation.
Choose your WAN interface. On the NAB6 Lite, I have (2) 2.5G interfaces. So, selecting the interface I want to be assigned as the WAN interface.
Set the configuration mode for addressing the WAN interface. For most, DHCP will be the configuration you will want to set for WAN, since most ISPs dynamically assign WAN addresses to customers.
Select your LAN interface.
Confirm your interface assignment.
It will check to see if you have a pfSense Plus subscription. I don’t on this box, so we will select the option to Install CE which is what we want to do any way.
Continue with the installation.
Select the ZFS configuration you want to use. If you have 2 disks, you will want to select mirror here, or if you like to live dangerously, you can select stripe. Of course the more disks you have, the more options open up in terms of RAID.
Choose the disks you want to use.
Confirm you want to destroy the contents of the selected disks.
Next, select the version of pfSense to install.
The installation process begins.
The installation shows to be completed.
Choose to reboot the installation.
The pfSense installation boots.
Web configurator setup
After it boots, you will need to connect to the web interface of the LAN IP. Just browse to https://<your LAN IP interface> and log in with the default credentials:
- admin as the user
- pfsense as the password
Step through the wizard to do things like:
- Verify your WAN & LAN IP
- Set DNS server values
- Set a new admin password
After the webconfigurator wizard, you will be asked to reboot your pfSense installation.
After rebooting and viewing the dashboard. You can see the hardware reflected in pfSense running on the mini PC (Minisforum NAB6 Lite)
Advanced features and configuration in pfSense
Like any other pfSense installation, you can set up many advanced network and security features:
- Traffic Shaping: This allows you to prioritize network traffic to make sure critical business applicationshave the bandwidth they need.
- Network Monitoring: Keep an eye on network activity and detect potential security threats in real-time.
- Multi-WAN: If you have more than (2) network interfaces, you can setup multiple connections to allow failing over between your WAN connections if one goes down
- VPN – You can set up many types of VPN connections, including Wireguard
Mini PCs running pfSense will allow most to take advantage of many of the advanced features that come along with pfSense and the small footprint of mini PCs without having to buy into a true network appliance or server-grade hardware.
Maintaining your pfSense installation
Regular maintenance and troubleshooting are crucial for keeping your pfSense Mini PC running smoothly:
- Software Updates: You will want to regularly update your pfSense installation to protect against the latest security vulnerabilities.
- Hardware Checks: Regularly check your Mini PC for hardware issues that may affect performance
- Backup Configurations: Keep a current copy of your pfSense configuration handy as this may be needed for restoring your installation or reverting back to a previous configuration.
Troubleshooting
There are several things to note if things are not working properly. These include the following:
- Connectivity issues – If you are having connectivity issues, it is likely there is a firewall rule preventing communication in between your interfaces or to the WAN. Check the pfSense traffic logs to see if anything is being filtered
- You can’t reach the management interface – Make sure you are accessing the management interface on the LAN connection. Check to see if you have connectivity to the LAN address of your pfSense mini PC. This should be pingable out of the box.
- Make sure you have VLANs tagged appropriately – Make sure the VLANs you are using in pfSense are tagged appropriately and correctly as this is often the culprit with connectivity or other issues
Wrapping up, installing a pfSense Mini PC
Installing pfSense on a Mini PC is a great way to take advantage of a modern solution for running pfSense at home or in the home lab. Mini PC hardware has come a long way and you can get quite a powerful PC in a small form factor with 2.5 gig networking as well, which lines up with hand offs from many modern ISPs that are now offering multi-gig Internet services.
I think mini PCs are the way of the future with home labs and keeping these budget friendly, low heat, and low noise as possible. Running your firewall on mini PC hardware is another great use case for these little mini PCs and making the switch from loud/hot server machines.
