Netify for pfSense

Requirements

Netify is designed to run in tight spaces, so the memory requirements are modest and generally not a concern for pfSense deployments. As for CPU, the underlying Netify deep packet inspection engine requires about the same amount of horsepower as an intrusion detection/prevention system - the busier the network, the more CPU cycles required.
Netify on Firewalls and Routers

Installation

pfSense 2.4.x on AMD64 (x86-64)

Up-to-date Netify packages are maintained in our pfSense repository. To install Netify, run:

curl http://download.netify.ai/netify/pfsense/2.4.x/stable/netify-install.sh | sh

pfSense 2.4.x on AArch64 (Netgate SG-1100 and SG-2100)

pkg add http://download.netify.ai/netify/pfsense/2.4.x/testing/aarch64/netifyd-3.07_1.txz
cp /usr/local/etc/netifyd.conf.sample /usr/local/etc/netifyd.conf
cp /usr/local/etc/netify.d/netify-sink.conf.sample /usr/local/etc/netify.d/netify-sink.conf
service netifyd onerestart
curl http://download.netify.ai/netify/pfsense/2.4.x/testing/aarch64/netify_watchdog.py -o /usr/local/share/netifyd/netify_watchdog.py
chmod 755 /usr/local/share/netifyd/netify_watchdog.py
curl http://download.netify.ai/netify/pfsense/2.4.x/testing/aarch64/netifyd.cron -o /etc/cron.d/netifyd
service cron restart

pfSense 2.4.x on ARM (SG-3100)

pkg add http://download.netify.ai/netify/pfsense/2.4.x/testing/armv6/netifyd-3.07_1.txz
curl http://download.netify.ai/netify/pfsense/2.4.x/testing/armv6/netify_watchdog.py -o /usr/local/share/netifyd/netify_watchdog.py
chmod 755 /usr/local/share/netifyd/netify_watchdog.py
curl http://download.netify.ai/netify/pfsense/2.4.x/testing/armv6/netifyd.cron -o /etc/cron.d/netifyd
service cron restart

pfSense 2.5.x on AMD64 (x86-64)

pfSense 2.5.x is still in development, so please use it with caution. To install Netify, run:

curl http://download.netify.ai/netify/pfsense/2.5.x/stable/netify-install.sh | sh

pfSense 2.5.x on ARM (Netgate SG-1100, SG-2100 and SG-3100 appliances)

Sorry...not currently available.

Provisioning

pfSense on AMD64 (x86-64)

Once the Netify app is installed, use the pfSense web-based administration tool and navigate to:

Status Services

Please make sure the netifyd service is running. Once complete, navigate to:

Services Netify

Click on the Provision tab, and then click on the Enable button to initialize the Netify system. After a few seconds, you will see the Provision Code along with provision status. You can then provision Netify on your pfSense system by going to this link.

pfSense Netify Provision

You can follow the links to create a Netify account if you do not already have one. The online account system will then provide a wizard to guide you through the provisioning process. Once complete, network metadata and analysis will start to be available in under a minute.

pfSense on ARM (Netgate SG-1100, SG-2100 and SG-3100 appliances)

Netify has not yet been ported to pfSense's web-based administration tool. Until that becomes available, managing the agent from the command line is the only option.

To enable your Netify Agent to send metadata to the Netify Informatics SaaS, run:

/usr/local/sbin/netifyd --enable-sink

To enable Netify to start on boot and to start the daemon, run:

service netifyd enabled
service netifyd onestart

To get your Netify provision code, run:

/usr/local/sbin/netifyd -p

To get the current status and some helpful debug information, run:

/usr/local/sbin/netifyd -s

Uninstall/Remove Netify

pfSense on AMD64 (x86-64)

Uninstall Netify and Netify FWA

To remove Netify from your installation, use the command line. Netify has a few package dependencies that are installed during installation but are not removed by default as you could inadvertently remove packages that share these requirements. If you absolutely need to remove all packages that were pulled in during the Netify install, a list of packages that Netify requires is listed below:

  • libunwind
  • google-perftools
  • python36

To uninstall Netify, run:

pkg remove pfSense-pkg-netify-fwa pfSense-pkg-netify netifyd

pfSense on ARM (Netgate SG-1100, SG-2100 and SG-3100 appliances)

To uninstall Netify, run:

pkg remove netifyd
rm /etc/cron.d/netifyd
service cron restart

What is pfSense

pfSense

pfSense is an open source, FreeBSD-based firewall and routing software solution that can be installed on commodity hardware or found pre-installed on Netgate appliances. The pfSense software provides similar functionality to common commercial firewalls. The solution has successfully replaced numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more.

pfSense features include:

  • Web-based Interface
  • Firewall
  • VPN
  • IDS/IPS
  • Captive Portal
  • Traffic Shaping/QoS
  • High Availability
  • Load Balancing
  • and more