How to install pfSense onto a CheckPoint Firewall Appliance
pfSense is an Open Source firewall platform that can also be used for site to site connectivity as well as mobile client connectivity.
Having used pfSense in the past and knowing how robust and secure the platform is, I wanted to see if I could port or install pfSense onto a CheckPoint firewall appliance. I figured that the CheckPoint appliances should have more than enough power to run pfSense.
I was able to test the installation of pfSense using a few older CheckPoint appliances that were decommissioned due to upgrades.
The result was a SUCCESS!
Step by Step Instructions with Screenshots
First you will need to download the INTEL version of PFSENSE from their website (located at https://www.pfsense.org/download/mirror.php?section=downloads ) and select i386 (32-bit) Live CD with installer (on USB Memstick) Serial console
Next create a bootable USB memory device with pfsense. Suggest using rufus (located at https://rufus.akeo.ie/ ) to create the USB with the pfsense image
Once the USB has been created, install it into a powered off CHECKPOINT then power on the unit. The CHECKPOINT device should boot from the USB device by default.
To connect to the CHECKPOINT device, use an RJ45-SERIAL console cable and run putty (located at http://www.putty.org/) and select serial port (in my case was COM1: ) at 115200 baud rate. If you see garbage characters appearing on your putty screen, ensure the baud rate is set correctly.
Select “1. Boot Multi User [Enter]”
Select “99) Install pfsense to a hard drive, etc.”
NOTE: You MAY have the opportunity to install by selecting “I to Launch the Installer” before pfsense boots if you see the screen in time (see image above)
Screenshot of system rebooting . . .
Checkpoint is now running pfsense
Select “1) Assign Interfaces” and you can setup VLANS now if required. If you select NO and proceed then the system will AUTO query active link status for network connections to the appliance itself and will let you configure form there.
Pfsense automatically sets up LAN interface as 192.168.1.1/24. You need to configure WAN15
Once pfsense has been installed, you will want to connect to https://192.168.1.1 via web interface (remote computer) to configure the system
You will be prompted that site is not secure. Accept the risk and continue on.16
Accept the risk and continue on.
Username : admin
To configure the pfsense, run “SETUP WIZARD” from the “SYSTEM” menu selection
Screenshot of the actual CheckPoint Firewall device that was upgraded.
About the Author
Paul is an Information Technology Professional specializing in Strategic IT Transformation within the eHealth and Public Sector. As part of continuous learning, Paul is focused on Privacy, Security, and Risk and is currently pursuing his CISSP (Certified Information Systems Security Professional) and CCSP (Certified Cloud Security Professional) certifications.