# Installing and Configuring pfSense Firewall on AceCloud (via OpenStack Horizon)

## Step 1: **Download pfSense ISO Image**

1. Visit the official pfSense download page: <https://www.pfsense.org/download/>
2. Select the following options:
3. Installer: CD Image (ISO) Installer
4. Proceed with checkout (amount will be $0). Create an account if prompted.
5. Once downloaded, extract the compressed file using **7-Zip** to obtain the raw ISO image.

![](/files/ded971a2acfe33ee65097bec73d461d368f1711d)

![](/files/04b83d3f735133f7cc10fe0b6f406b33173f0ea2)

## **Step 2: Upload ISO to AceCloud Horizon**

1. Log in to your AceCloud Horizon dashboard.
2. Navigate to **Project → Compute → Images**.
3. Click **Create Image**:

* Name: pfSense ISO
* Format: ISO
* Image Source: File
* Upload the extracted .iso file.

4. Complete the creation process.

![](/files/ec45b63f74e114b73195898900db9173ffb16cd1)

## **Step 3: Launch an Instance for pfSense Installation**

1. Navigate to **Project → Compute → Instances**.
2. Click **Launch Instance**:

a. Use the pfSense ISO as the source image.

b. Select a flavor with a minimum of 2 vCPUs and 2 GB RAM.

c. Attach **two NICs**:

1\. One **public** network interface (WAN)

2\. One **private/VPC** interface (LAN)

d. Under **Volumes**, attach an additional blank volume (50 GB) for installation.

![](/files/55152916d5d3d45517004d0ce431fc5bb5029656)

![](/files/45f1cb3f7af7fda96097d76f22ed4159c2e44602)

![](/files/a85a380d20eaa0116d8a776919edb8a0e241e37b)

## **Step 4: Install pfSense on Volume via Console**

1. Open the **console** of the instance.
2. Follow the installation steps as shown in the screenshots to install pfSense **on the attached 50 GB volume**.
3. After successful installation, **shut down the instance**.

![](/files/e6721500c92df00bb9b1fe4cba34a86246194d34)

![](/files/f2f80f8994b8ec0d3a6de8b507721c9ec606d80f)

![](/files/05122c3d34b3cbfc8e18b84499b0ce8226f0dfef)

![](/files/29211712994ceb83b991bc4ed45f8330ba74095b)

![](/files/46dc0545c7a6918528c5cac9dbea06e2745a0eb0)

![](/files/a591a31b5af1a7c8863c0575a7228af79bd312c7)

![](/files/1d6a1f99dd65d7947b62ef4bb72148ad5f7f7db6)

![](/files/731f7d9165e16e814bc0b4cc4344087deb3aa968)

![](/files/59867842b30cc56942428fc74b763eeebf6e0348)

![](/files/722de29fd1167e14ba6c7bf72e8ae2840fecbb56)

![](/files/935e15646f363bd66884eeaa4def4d5ba7ddd15d)

![](/files/0874c2b005ab66748994608c2844a3f3ec5c3f25)

## **Step 5: Create a Bootable pfSense Volume**

1. Detach the 50 GB volume from the instance.
2. Optionally, create an image from this volume for future use.
3. Launch a **new instance**:

a. Source: **Boot from Volume**

b. Use the 50 GB volume or image created from it

c. Flavor: minimum 4 vCPUs, 8 GB RAM

d. Root Disk: minimum **50 GB** (resized volume)

![](/files/9dcadc5ebafeda04ab4d416dd2a1362964c08218)

![](/files/fca06cd667afed0ebed73e77c34a4cd5ad5bc678)

## **Step 6: Set up Networking for pfSense**

1. Attach a **security group** with **all-allow rules**.

![](/files/27e861d9c922d1d5acc0909959bca18f44ea4ced)

2. Assign a **WAN interface (public network)**.
3. Create a **private network** (VPC) **without a router** via Horizon.

a. Navigate to **Project → Network → Networks → Create Network**.

![](/files/8e58779c7fea14ac9b4e71301f9cf8c644db3873)

![](/files/fd68e2066f83c317305f236f8051995d4b62aea5)

![](/files/91f7b6f39b4d7d41f55fb6a02c1f4bc5d87251fa)

![](/files/91f7b6f39b4d7d41f55fb6a02c1f4bc5d87251fa)

4. Attach this private network to the pfSense VM.
5. Set the **gateway IP** manually from the console.
6. Disable **port security** for this private interface.

![Picture](/files/347c9e7496bc1e300b18df1516a1485a03b37a17)

![Picture](/files/65203ba244a7bafe1dcf13cdcc24e97d768a176e)

### **Step 7: pfSense Initial Console Configuration**

1. In the console, identify LAN and WAN interfaces using MAC addresses from Horizon.
2. Set LAN IP via **Option 2**.
3. Reset the default admin password via **Option 3**.

![](/files/72a707d1d5841beefdcf5dd232a77173b2b4cf9c)

![](/files/79aea250b8b42b1029f1dcc6693862315a808a85)

![](/files/605f8cc51452bbfad0b83ed7f951d59c3aa09593)

### **Step 8: Connect a Windows VM Behind pfSense**

1. Launch a Windows VM with only the **private interface** (same VPC as pfSense LAN).
2. Access the VM via console.
3. Open a browser and visit pfSense's LAN IP.
4. Log in using default credentials (admin/pfsense) and follow the setup wizard.

![](/files/0f314c2f844a99b2fe4f7c7c40c8ef66ed4dc76f)

![](/files/d723ff816a1717f90d5f961f09452e5e402a78aa)

![](/files/025d9cd07218a79000d6c76d35e7793d789568de)

![](/files/80a1c7ccb070a4111dd50853b803263fdbff538f)

![](/files/48539e448109831dfffabad783839220de906cf6)

### **Step 9: Configure 1:1 NAT for Internal Machine**

1. Attach a new **public interface** to pfSense (for mapping a public IP).
2. Go to **Interfaces → Assignments** and add the new interface.
3. Name and enable the interface.

![](/files/f555a8bce6db58c9e25f7044fc642b4157cc6251)

![](/files/02b1fd3d120747f2c08b2f148b05aeda4326fd25)

4. Go to **Firewall → Rules → \[New Interface]** and allow all traffic.

![](/files/ef74f5b79c468e62fe1b890edae1b00f9e8902c4)

5. Navigate to **Firewall → NAT → 1:1**:

a. Interface: newly added interface

b. External Subnet IP: new public IP

c. Internal IP: Windows machine’s private IP

d. Save and apply changes

### Step 10: Final Testing

Test connectivity to the Windows VM using the new public IP.

Ensure access to pfSense Web UI and confirm internet routing via the WAN interface.

### pfSense Deployment Completed

You have now successfully:

* Installed pfSense on a VM in AceCloud
* Configured LAN/WAN interfaces
* Deployed a Windows machine behind the firewall
* Mapped a public IP via 1:1 NAT


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.acecloud.ai/knowledge-base/tutorials/installing-and-configuring-pfsense-firewall-on-acecloud-via-openstack-horizon.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.