How To Setup A Transparent Bridge & Firewall With pfsense and Suricata

Hello from Brazil, Lawrence! I'm addicted in yours videos. Especially the ones about PfSense and Unify! Please, continue with this amazing "job".

Hi Lawrence, thank you for the video tutorial. It has helped me to setup Suricata running on a separate pfSense device to monitor two LTE connections through bridging interfaces on a albeit primitive system. These two LTE connections then feed into a pfSense firewall with gateway failover and monitoring.

Thanks for this guide!!! very useful.! One of the use cases that I am thinking to use this mode is to introduce it as Layer 2 IPS solution to complement and existing edge router / firewall that doesn't have these capabilities and the client doesn't want to replace this layer but we want enhanced security. It will be in an scenario like this: ISP Edge Router / Firewall PFSense Transparent Bridge L3 Core Switch(es) Access Switches and Wireless Access Points

I've been trying to successfully do this for a few months. Thank you so much Lawrence for the tutorial

Last time I set up a bridge in pfsense I had a lot of trouble routing packets between the member interfaces (as opposed to from another subnet to a member interface). I have found out that you need to add a rule on each member interface which basically allows routing from anywhere to everywhere for all protocols. Only then it worked.

Thank you Jedi Master Guru Sensei, this is exactly what I was looking for!

In setting pfsense up this way I see you mention you can setup rules and packet sniffing. Would you also be able to do traffic shaping like limiting bandwidth to certain devices? or at the very least see what is in real-time using bandwidth.

Can I use this idea to bridge the wan to opt1 for example so that I can use a second pfsense router and there for there won’t be double natting issues on the second router while leaving a lan on the first which would act normal. I ask this for point to point use. Thanx Tom. Your videos have been so useful and real help in the past.

I think a similar comparison to using pfsense as a software switch/bridge would be emulating a video game console via software vs using FPGA hardware. Always best to cut the extra software emulation layer if possible and rely only on the hardware

I'd really appreciate it if you did a proper guide on how to set up an IPSEc tunnel between Pfsense and Draytek Vigor router. There seems to be so little documentation out there.

I have tried it and for the WAN and LAN ports I made it a bridge but the results are not maximal, does it really have to be done on the OPT port so that it can work optimally ??

what do you recommend for a firewall only solution for a regular home ? i was thinking about a blue plus firewalla ?

Hi Lawrence- Really like your pFsense videos (I switched over a few years ago after watching your videos).
Question: How do you configure VLANS over a bridge? I have VLANS for various segments and have 2 managed switches connecting to the pfsense appliance but I get VLANS only on 1 port of pfsense.

Thanks for an awesome video!
Is it possible to use PfSense in bridge mode as a transparent ad blocker?
I'd like to build a device that provides Pi-hole-like functionality but without it having to be the DNS server for the network. It would need a minimum of three ports: 2 for the bridge (internal and external) + 1 for management.
In a "router on a stick" topology, it could be plugged in, on layer 2, between the router and the switch and sniff (and selectively drop) DNS queries based on the common advertiser blacklists used in Pi-hole and PfBlockerNG.
Seems like PFsense is - again - the best tool for that job?

Great tutorial. However, My Pfsense is the most frontal point of my network with the PUBlic IP assigned to it. It handles my DHCP and routing etc. I have Suricata running on the firewall, writing locally to a JSON file and use filebeat to export those IDS logs to an elastic stack. Besides seeing the states (Which would see anyway) Whats the real advantage of this against my setup?

I assume this is what I would do if I have a UDM Pro managing my network and put this between the WAN Modem and the UDM Pro to have better firewall IDS features?

I'd like to bridge a 10Gbe SFP+ Port and a 1Gb Base-T together as my LAN, so that all the devices share the same address space. Each port will connect to a 10Gbe and 1Gb switch respectively. Will I experience any sort of performance hits?
Am I better off just daisy chaining the 1Gbit switch off of the 10Gb switch?
The NIC's are Intel chipsets, and properly configured, and the pfsense hardware is a Dell optiplex with a quad core i5-3470 with 8gb ram and AES-NI on-chip.

The moment I create the bridge my Pfsense goes crazy and CPU shoots up to 100% I have not configured anything else yet. Nothing is plugged in to any of the bridged interfaces only to WAN. Any tips why this could be? Cheers

Why do you use Suricata vs Snort Plugin, is one better or easier to setup?

Do I need to setup a vlan on the transparent pfsense for every vlan that will be passing through it?

Thanks for the video. Could this bridge be made with LAN and OpenVPN interfaces to, for example, give DHCP reply by a LAN DHCP Server to OpenVPN Client Request??

Could you route packets, to create a mitm as transparent as possible? So say, you want to send port 80 or 443 to a burpsuite box on a different address listening on 0.0.0.0:8080. The idea, is dropping a Raspberry Pi, and modifying requests and responses for a red team scenario

Can I do a transparent bridge with sg-2100?

How can we check previous days browsing data? Ntop only shows the current flows

Could you use pfblockerNG with pfsense in transparent mode?

I saw that tesla truck when you were switching windows. I think it looks pretty dumb. What you're opinion on it?

Awesome videos but please try to stay on one topic and don't just start explaining other topics in a setup. a newbie gets confused while following you.

Edit: Nevermind, found your video ua-cam.com/video/VULKulpXBYU/v-deo.html. VERY helpful, thank you very much for making it!
Can a bridge be used to increase connection speed? For example, could I combine three 1 Gb wired connections between my pfSense server and main switch into a named virtual bridge and use this as my LAN connection at 3 Gb? If you’ve already covered this elsewhere I wasn’t able to find it, apologies again.
Edit: To others, the answer is yes, sort of. One transaction won’t see an increase since it wont be split between connections But simultaneously transactions would. See also ua-cam.com/video/JxuYj5jw8y8/v-deo.html, and ua-cam.com/video/RgXiQlUguec/v-deo.html.

I watched this video ua-cam.com/video/-_8x7_9DKxs/v-deo.html from Battle Nonsense and as you are interested in your son's gaming experience wondered if you knew how to get this working properly on the pfsense