Image alternative text

How to install pfSense onto a CheckPoint Firewall Appliance

Background Information

pfSense is an Open Source firewall platform that can also be used for site to site connectivity as well as mobile client connectivity.

Having used pfSense in the past and knowing how robust and secure the platform is, I wanted to see if I could port or install pfSense onto a CheckPoint firewall appliance. I figured that the CheckPoint appliances should have more than enough power to run pfSense.

I was able to test the installation of pfSense using a few older CheckPoint appliances that were decommissioned due to upgrades.

The result was a SUCCESS!


Step by Step Instructions with Screenshots

First you will need to download the INTEL version of PFSENSE from their website (located at https://www.pfsense.org/download/mirror.php?section=downloads ) and select i386 (32-bit) Live CD with installer (on USB Memstick) Serial console

Image alternative text


Next create a bootable USB memory device with pfsense. Suggest using rufus (located at https://rufus.akeo.ie/ ) to create the USB with the pfsense image

Image alternative text

Once the USB has been created, install it into a powered off CHECKPOINT then power on the unit. The CHECKPOINT device should boot from the USB device by default.


To connect to the CHECKPOINT device, use an RJ45-SERIAL console cable and run putty (located at http://www.putty.org/) and select serial port (in my case was COM1: ) at 115200 baud rate. If you see garbage characters appearing on your putty screen, ensure the baud rate is set correctly.

Image alternative text

Select “1. Boot Multi User [Enter]”


Image alternative text

Select “99) Install pfsense to a hard drive, etc.”


Image alternative text

NOTE: You MAY have the opportunity to install by selecting “I to Launch the Installer” before pfsense boots if you see the screen in time (see image above)


Image alternative text

Select “”


Image alternative text

Select “”


Image alternative text

Select “OK”


Image alternative text

Select “”


Image alternative text

REBOOT


Image alternative text

Screenshot of system rebooting . . .


Image alternative text

Checkpoint is now running pfsense


Image alternative text

Select “1) Assign Interfaces” and you can setup VLANS now if required. If you select NO and proceed then the system will AUTO query active link status for network connections to the appliance itself and will let you configure form there.

Pfsense automatically sets up LAN interface as 192.168.1.1/24. You need to configure WAN15

Image alternative text

Once pfsense has been installed, you will want to connect to https://192.168.1.1 via web interface (remote computer) to configure the system

You will be prompted that site is not secure. Accept the risk and continue on.16

Accept the risk and continue on.


Image alternative text

Username : admin

Password: pfsense


To configure the pfsense, run “SETUP WIZARD” from the “SYSTEM” menu selection

Image alternative text


Image alternative text

Screenshot of the actual CheckPoint Firewall device that was upgraded.


About the Author

Paul is an Information Technology Professional specializing in Strategic IT Transformation within the eHealth and Public Sector. As part of continuous learning, Paul is focused on Privacy, Security, and Risk and is currently pursuing his CISSP (Certified Information Systems Security Professional) and CCSP (Certified Cloud Security Professional) certifications.

Contact the Author Paul Scobie for more information or visit his web site at www.paulscobie.com