Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

PfSense is an open source firewall/router computer software distribution based on FreeBSD.

This document provides information about the PfSense connector, which facilitates automated interactions, with a PfSense server using FortiSOAR™ playbooks. Add the PfSense connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding and deleting firewall rules from PfSense and retrieving rule information from PfSense.

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

Compatibility with PfSense Versions: 2.2 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

  • You must have the URL and root credentials of the PfSense server to which you will connect and perform the automated operations.
  • You must open the SSH gate for the PfSense server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, click the PfSense connector to configure the following parameters:

 

Parameter Description
Server URL URL of the PfSense endpoint server to which you will connect and perform the automated operations
Username root username to access the PfSense endpoint. (PfSense default: root).
Note: root credentials are necessary for SSH operations in order to configure firewall rules. Admin credentials are not sufficient.
Password root password to access the PfSense endpoint. (PfSense default: pfsense)
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Add Rule Adds a firewall rule to PfSense in order to listen to incoming and outgoing connections through your PfSense server. add_rule
Containment
Delete Rule Deletes a firewall rule from PfSense to remove any listeners to outer connections. delete_rule
Remediation
Get All Rules Retrieves details for all rules and properties from within the PfSense platform. get_rules
Investigation

 

operation: Add Rule

Input parameters

 

Parameter Description
Rule ID ID of the rule you want to add.
Note: This ID will be needed if you choose to delete the rule in the future.
Action Type of action the rule that you want to add will perform.
You can choose from the following options: Pass, Block, or Reject.
Interface Interface on which the rule that you want to add is based. For example, wan.
Address Family IP Protocol that is configured for the rule that you want to add.
You can choose from the following options: IPv4, IPv6, or IPv4+IPv6.
Protocol Communication protocols that the rule you are adding will listen on.
You can choose from the following options: Any, TCP, UDP, TCP/UDP, ICMP, ESP, AH, GRE, IPV6, IGPM, PIM, OSPF, SCTP, CARP, or PFSYNC.
Source IP Source IP of the connection. Leave it blank to listen to all sources.
Destination IP Destination IP of the connection. Leave it blank to listen to all destinations.
Description (Optional) Description for the rule you want to add.

 

Output

The JSON output contains the properties of the rule that was added to PfSense. The JSON output returns an error message if the rule cannot be added to PfSense.

Following image displays a sample output:
 

Sample output of the Add Rule operation

 

operation: Delete Rule

Input parameters

 

Parameter Description
Rule ID ID of the rule that you want to delete from PfSense.
This must be the same Rule ID that was assigned when the rule was created.

 

Output

The JSON output returns a Success message if the rule is successfully deleted from PfSenseo or an Error message containing the reason for failure.

Following image displays a sample output:
 

Sample output of the Delete Rule operation
 

operation: Get All Rules

Input parameters

None.

Output

The JSON output retrieves details for all rules and properties from within the PfSense platform.

Following image displays a sample output:
 

Sample output of the Get All Rules operation

 

Included playbooks

The Sample - PfSense - 1.0.0 playbook collection comes bundled with the PfSense connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the PfSense connector.

  • Add Rule
  • Delete Rule
  • Get All Rules

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

PfSense is an open source firewall/router computer software distribution based on FreeBSD.

This document provides information about the PfSense connector, which facilitates automated interactions, with a PfSense server using FortiSOAR™ playbooks. Add the PfSense connector as a step in FortiSOAR™ playbooks and perform automated operations, such as adding and deleting firewall rules from PfSense and retrieving rule information from PfSense.

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

Compatibility with PfSense Versions: 2.2 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, click the PfSense connector to configure the following parameters:

 

Parameter Description
Server URL URL of the PfSense endpoint server to which you will connect and perform the automated operations
Username root username to access the PfSense endpoint. (PfSense default: root).
Note: root credentials are necessary for SSH operations in order to configure firewall rules. Admin credentials are not sufficient.
Password root password to access the PfSense endpoint. (PfSense default: pfsense)
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Add Rule Adds a firewall rule to PfSense in order to listen to incoming and outgoing connections through your PfSense server. add_rule
Containment
Delete Rule Deletes a firewall rule from PfSense to remove any listeners to outer connections. delete_rule
Remediation
Get All Rules Retrieves details for all rules and properties from within the PfSense platform. get_rules
Investigation

 

operation: Add Rule

Input parameters

 

Parameter Description
Rule ID ID of the rule you want to add.
Note: This ID will be needed if you choose to delete the rule in the future.
Action Type of action the rule that you want to add will perform.
You can choose from the following options: Pass, Block, or Reject.
Interface Interface on which the rule that you want to add is based. For example, wan.
Address Family IP Protocol that is configured for the rule that you want to add.
You can choose from the following options: IPv4, IPv6, or IPv4+IPv6.
Protocol Communication protocols that the rule you are adding will listen on.
You can choose from the following options: Any, TCP, UDP, TCP/UDP, ICMP, ESP, AH, GRE, IPV6, IGPM, PIM, OSPF, SCTP, CARP, or PFSYNC.
Source IP Source IP of the connection. Leave it blank to listen to all sources.
Destination IP Destination IP of the connection. Leave it blank to listen to all destinations.
Description (Optional) Description for the rule you want to add.

 

Output

The JSON output contains the properties of the rule that was added to PfSense. The JSON output returns an error message if the rule cannot be added to PfSense.

Following image displays a sample output:
 

Sample output of the Add Rule operation

 

operation: Delete Rule

Input parameters

 

Parameter Description
Rule ID ID of the rule that you want to delete from PfSense.
This must be the same Rule ID that was assigned when the rule was created.

 

Output

The JSON output returns a Success message if the rule is successfully deleted from PfSenseo or an Error message containing the reason for failure.

Following image displays a sample output:
 

Sample output of the Delete Rule operation
 

operation: Get All Rules

Input parameters

None.

Output

The JSON output retrieves details for all rules and properties from within the PfSense platform.

Following image displays a sample output:
 

Sample output of the Get All Rules operation

 

Included playbooks

The Sample - PfSense - 1.0.0 playbook collection comes bundled with the PfSense connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the PfSense connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.