Scribd
Upload
1K views14 pages

Lab 14 - Wazuh Pfsense Firewall Integration

Uploaded by

victorbrites2006
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views14 pages

Lab 14 - Wazuh Pfsense Firewall Integration

Uploaded by

victorbrites2006
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Wazuh – pfSense

FIREWALL INTEGRATION
Lab Created By: MUHAMMAD MOIZ UD DIN RAFAY
Follow Me: linkedin.com/in/moizuddinrafay

Wazuh – pfSense – Firewall Integration


Lab Created by: MUHAMMAD MOIZ UD DIN RAFAY
Integration of Wazuh with pfSense Firewall

Introduction
Integrating Wazuh with pfSense Firewall enables a comprehensive security monitoring and
management system. Wazuh, an open-source security monitoring platform, can collect,
analyze, and correlate security events from pfSense, an open-source firewall/router
computer software distribution. This integration helps to enhance the security posture by
providing visibility into the network traffic and potential security threats.

Prerequisites
 Wazuh Manager installed and configured.
 pfSense firewall installed and configured.
 Network connectivity between pfSense and Wazuh Manager.
 SSH access to both pfSense and Wazuh Manager.

Wazuh – pfSense – Firewall Integration


Lab Created by: MUHAMMAD MOIZ UD DIN RAFAY
Here is my Wazuh server running along with pfSense machine on virtualbox.

Wazuh Dashboard

Wazuh – pfSense – Firewall Integration


Lab Created by: MUHAMMAD MOIZ UD DIN RAFAY
pfSense Dashboard

Step 01: Access pfSense via SSH


Command: sudo ssh [email protected]

Wazuh – pfSense – Firewall Integration


Lab Created by: MUHAMMAD MOIZ UD DIN RAFAY
After accessing SSH we have to select option 8 “Shell”

For installing Wazuh-agent on pfSense firewall we have to allow


packages from FreeBSD. Go to directory “/usr/local/pkg/repos/” in
this directory “FreeBSD.conf and pfSense.conf” file we have to made
changes in these files.

Wazuh – pfSense – Firewall Integration


Lab Created by: MUHAMMAD MOIZ UD DIN RAFAY
Now first open “pfSense.conf” file in nano editor and enable FreeBSD
options “no” to “yes” and save changes.
Note: by default nano editor is not available in pfSense you can
install nano editor first.

Wazuh – pfSense – Firewall Integration


Lab Created by: MUHAMMAD MOIZ UD DIN RAFAY
After edit “pfSense.conf” file we have to made changes in
“FreeBSD.conf” file and set parameter “no” to “yes” and save
changes.

After changes we have to update repository.


Command: pkg update -f

Wazuh – pfSense – Firewall Integration


Lab Created by: MUHAMMAD MOIZ UD DIN RAFAY
When update is complete, search for Wazuh-agent package.
Command: pkg search Wazuh-agent

The available Wazuh-agent package is “Wazuh-agent-4.7.5”


Now install this.
Command: pkg install Wazuh-agent-4.7.5

When installation is complete go to “/var/ossec/etc” director to


configure Wazuh server IP address in agent “ossec.conf” file.

Wazuh – pfSense – Firewall Integration


Lab Created by: MUHAMMAD MOIZ UD DIN RAFAY
Here is “ossec.conf” file of Wazuh-agent in pfSense.

Set Wazuh-server IP address and protocol “tcp” and save changes.

Now Wazuh-agent is configured. In the next step we have to revert


repository configuration.

Wazuh – pfSense – Firewall Integration


Lab Created by: MUHAMMAD MOIZ UD DIN RAFAY
Step 02: Go again to “/usr/local/etc/pkg/repos” directory and revert
configuration by following figures.

Open “pfSense.conf” file in nano editor and set FreeBSD parameter


“yes” to “no”.

Set same parameter in “FreeBSD.conf” file and save changes.

Wazuh – pfSense – Firewall Integration


Lab Created by: MUHAMMAD MOIZ UD DIN RAFAY
Now we have to enable Wazuh agent and configure start on boot.
Command: sysrc wazuh_agent_enable=”YES”
Command: sysrc wazuh_agent_start=”YES”
Command: ln –s /usr/local/etc/rc.d/wazuh-agent
/usr/local/etc/rd.d/wazuh-agent.sh

Now start Wazuh-agent service


Command: service wazuh-agent start

Check the status of running Wazuh services.


Command: service wazuh-agent status

Wazuh – pfSense – Firewall Integration


Lab Created by: MUHAMMAD MOIZ UD DIN RAFAY
Update repository with “pkg update –f” command.

Now go to Wazuh dashboard, here is 2 Active agents. Click on active


agents.

Wazuh – pfSense – Firewall Integration


Lab Created by: MUHAMMAD MOIZ UD DIN RAFAY
pfSense.homearpa agent is connected with IP address
192.168.100.23 and active.

SUMMARY:
Integrating Wazuh with pfSense firewall allows for enhanced security monitoring by
providing visibility into firewall events and potential threats. This integration helps in
proactive threat detection and efficient incident response, ensuring a robust security
posture for your network infrastructure.

Wazuh – pfSense – Firewall Integration


Lab Created by: MUHAMMAD MOIZ UD DIN RAFAY
Regards
MUHAMMAD MOIZ UD DIN RAFAY
Ethical Hacker | Cyber Security Analyst

Need Training on Wazuh..?

Contact: +92-3004962168
Email: [email protected]
LinkedIn: www.linkedin.com/in/moizuddinrafay

Wazuh – pfSense – Firewall Integration


Lab Created by: MUHAMMAD MOIZ UD DIN RAFAY

You might also like