pfSense on Azure - Part 1 - Create pfSense Virtual Machine

Read time: 5 minutes
Execution time: 5 minutes

Series overview

• pfSense on Azure - Part 1 - Create pfSense Virtual Machine
• pfSense on Azure - Part 2 - Install pfSense
• pfSense on Azure - Part 3 - Deploy pfSense in Azure
• pfSense on Azure - Part 4 - Deploy pfSense in Azure with ARM templates

Introduction

In another series, I will build an Azure Virtual Datacenter. Central in the Virtual Datacenter design are the firewalls that will inspect and filter all traffic that passes through the central hub.

We will use pfSense firewalls in this series. pfSense provides very reasonable priced, enterprise grade NVA’s. Check the Azure Marketplace for all information about pfSense and pricing. A community edition is also available, which can be downloaded for free. This version is community supported on https://forum.netgate.com. For our study of networking in a Virtual Datacenter environment in Azure, the community edition will do fine.

Production environment

In a production environment it is highly recommended to make use of the Netgate pfSense Firewall/VPN/Router from the Azure Marketplace, or subscribe for Netgate pfSense support. More info about a support subscription can be found here: https://www.netgate.com/support/.

To prepare the image, we will use Hyper-V. After the image is prepared, it will be uploaded to Azure. But before the image can be created, we first need to download the latest version of pfSense Community Edition. It can be found here: https://www.pfsense.org/download/. We need an 64 bit ISO image and it is recommended to take the mirror that is located the nearest to your location.

Virtual Network preparation

Our pfSense deployment needs 2 NIC’s that need to be accessible during preparation. So we need access to both ports. In Hyper-V, we need to configure a Virtual Switch with access from outside Hyper-V. This may be one single Virtual Switch, connected to one network. In a routing scenario, we certainly don’t want to connect an internal and an external port on the same network, but during setup, this is a practical solution.

Virtual Hard Disk creation

Hyper-V creates virtual hard disks in VHDX format, which is not supported in Azure. We need to make sure, the virtual hard disk is created, exactly the way we want it. The requirements are:

• Virtual hard disk format: VHD
• Virtual hard disk type: Fixed size
• Virtual hard disk size: You can choose the size, but 8GB should be sufficient

Virtual Machine creation

With the virtual switch in place and the virtual hard disk created, we are ready to create the virtual machine for pfSense. Also for virtual machines, Azure has some requirements. So we need to address these requirements as well when creating the virtual machine. Here an overview:

• Virtual machine generation: generation 1
• Amount of memory: 1GB should be sufficient
• Dynamic memory: disabled
• Network connection: connected to the virtual switch we prepared
• Virtual hard disk: the exisiting disk we prepared

When we configured the virtual machine, the summary is shown.

Additional Virtual Machine settings

Some other settings need to be configured as well before pfSense can be installed. We need to add a network adapter with external access. The ISO of pfSense needs to be mounted on the DVD drive. The last setting, but very important, is the creation of checkpoints. This setting needs to be disabled as we need a VHD with everything in it. With checkpoints enabled, we have a VHD and a delta file with all changes in it. It is quite obvious that this is nothing we can work with.

Add network adapter:

Configure virtual switch:

Mount ISO to DVD drive:

Disable checkpoints:

Conclusion

We created the virtual machine, compatible with Azure. It is a generation 1 machine with a fixed size disk in VHD format. Checkpoints are disabled and we have 2 network cards.

In the next post, we will install pfSense on the virtual machine.