How Can We Help?
Allowing Remote Access to pfSense
Allowing remote access to pfSense can come in handy if you do not have a VPN setup to your network or when the Netgate support wants to help you debug your pfSense server.
Take note that it is recommended to set up a VPN to your network instead of enabling remote access. This is much safer since it uses more security than only a simple password.
Enable HTTPS
Enable HTTPS to encrypt access to the pfSense server. Start by logging in to your pfSense server. Navigate to System – Advanced, and select HTTPS as a protocol. It is recommended to change the TCP port to something else than port 80 (for HTTP) or port 443 (for HTTPS).
Add firewall rule
To enable access to the pfSense server you have to add a firewall rule. Do this by going to Firewall – Rules – WAN, and adding a new rule. Configure it as follows:
- Action: Pass
- Interface: WAN
- Protocol: TCP
- Source: any (or restrict by selecting Network, and adding the IP/subnet)
- Destination: This firewall (self)
- Destination Port Range: Your selected HTTPS port
Do not forget to apply the changes after saving the rule.
Optional: Add support user
In case you want to give Netgate access to your firewall, it is recommended to add a custom user. This way you do not have to give them your password. Do this by going to System – User Manager, and add a new user to the administrators’ group.
If you want to give them temporary access to your pfSense server, make sure you either disable the user after the support has been given or set an expiration date.
