Installation on pfSense

Requirements

pfSense is an open-source, easy-to-use and feature-rich firewall and routing platform that is based on FreeBSD. It is designed to provide a robust and secure network infrastructure by offering a range of networking and security features. pfSense is often used as a firewall, router, and VPN (Virtual Private Network) gateway, making it suitable for both home and business environments.

At the time of writing, Netify is a command line installation. There have been no integrations with pfSense's web-based administration tool. Installing Netify on pfSense provides administrators with a 'single pane of glass' when used with Netify Informatics.

As a dedicated gateway distribution, it is no surprise that 2 or more network interfaces are required:

  • LAN Interface: client devices connecting to the internal network. This is the ideal interfaces for Netify to be configured to listen on as it provides flow analysis at client device resolution (ex. Apple iPhone 14 did X).
  • WAN Interface: used to connect upstream to the ISP. Admins may choose to monitor on this interface, however, it's not always that interesting as most of the data is duplicated with "North/South" bound traffic from the LAN.

You will also need to know which version of pfSense you are running in order to access the correct binaries. If you're not sure, use the cat /etc/version command:

cat /etc/version
2.7.2-RELEASE
In version 5, the Netify Agent and plugin architecture was extended. It would be very unusual to only install the agent without one or more plugins. However, we keep these steps separate for clarity.

Adding the Netify Repository vs Command Line

Adding the Netify repository to your pfSense server has three main advantages:

  • Automatically resolves and install dependencies
  • Increases security through the use of signed packages
  • Allows for auto or simplified updates in the future

If you are a Netify Integrator/OEM or you have licensed proprietary plugins, do not add the public repositories below. Packages for your purposes are provided under a verified binary SLA to ensure compatibility.

pfSense Plus 23.x

Adding Netify Repository

mkdir -p /usr/local/etc/pkg/fingerprints/Netify/trusted
curl https://download.netify.ai/5/freebsd/fingerprint -o /usr/local/etc/pkg/fingerprints/Netify/trusted/fingerprint
cat << EOF >  /usr/local/etc/pkg/repos/Netify.conf
Netify: {
  fingerprints: "/usr/local/etc/pkg/fingerprints/Netify",
  url: "https://download.netify.ai/5/freebsd/14.0",
  signature_type: "fingerprints",
  mirror_type: "http",
  priority: 11,
  enabled: yes
}
EOF

pkg update

After executing this command, you should see:

Updating Netify repository catalogue...
Netify repository is up to date.
..
.
All repositories are up to date.

You can now install the agent with this command:

pkg install netifyd

Command Line Installation

pkg add http://download.netify.ai/5/freebsd/14/amd64/netifyd-5.0.44-1.pkg
The above command is an example only and version specific. Use a browser to navigate to the repository to find and copy the package you wish to install.

pfSense CE 2.7.x

pfSense Base System

Make sure that your pfSense 2.7.x is on at least 2.7.2 base system prior to installing Netify. To check and make updates, login to pfSense's web interface and navigate to System -> Update. If your system status is not showing 'Up to date', perform an upgrade.

Adding Netify Repository

mkdir -p /usr/local/etc/pkg/fingerprints/Netify/trusted
curl https://download.netify.ai/5/freebsd/fingerprint -o /usr/local/etc/pkg/fingerprints/Netify/trusted/fingerprint
cat << EOF >  /usr/local/etc/pkg/repos/Netify.conf
Netify: {
  fingerprints: "/usr/local/etc/pkg/fingerprints/Netify",
  url: "https://download.netify.ai/5/freebsd/14.0",
  signature_type: "fingerprints",
  mirror_type: "http",
  priority: 11,
  enabled: yes
}
EOF

pkg update

After executing this command, you should see:

Updating Netify repository catalogue...
Netify repository is up to date.
..
.
All repositories are up to date.

You can now install the agent with this command:

pkg install netifyd

Command Line Installation

pkg add http://download.netify.ai/5/freebsd/14.0/amd64/netifyd-5.0.44.pkg
The above command is an example only and version specific. Use a browser to navigate to the repository to find and copy the package you wish to install.

Post Installation

After installing the agent, verify the installation and some path information using the -s (status) argument.

netifyd -s
Netify Agent/5.0.44-1-HEAD-nnnn-aaaaaaaa (debian; linux-gnu; x86_64; conntrack; netlink; dns-cache; tpv3; tcmalloc; regex)
✗ agent is not running: PID 0
• persistent state path: /etc/netifyd
• volatile state path: /var/run/netifyd
! agent run-time status could not be determined.
The Netify agent is not configured to start post install. It will not be running by default and should expect to see the 'not running' and 'run-time status could not be determined' messages.

Netify Informatics

Network Intelligence Netify Informatics is an optional, cloud-based, SaaS service. It uses analytics and Machine Learning to transform telemetry originating from the Netify DPI Agent into high-level network intelligence and visibility. The solution provides insights into what's happening on the network in areas that include:

  • Device Identification and Management
  • Cybersecurity Risk
  • Forensics
  • Regulatory Compliance

To learn more about Netify Informatics, click here.

In addition to the Netify agent being installed, two plugins are required:

If you installed the agent by configuring a Netify software repository, simply run:
pkg update
pkg install netify-proc-core netify-sink-http
If you installed the agent manually, you will also need to install the plugin packages manually.

Once the plugins have been installed, run the following two commands:

netifyd --enable-informatics
netifyd -p
The first command will enable and auto configure the two plugins that were installed as well as restarting the Netify agent. The second command will display your Netify Agent UUID (in the form xx-xx-xx-xx) that will be needed when you provision the agent to your Netify Informatics account.

Failure to run the netifyd command with the --enable-informatics option will result in a Provision code not found error during the provisioning wizard.

Next Steps

Technical Support

Haven't found the answers you're looking for?

Contact Us