Netify for pfSense

Requirements

Netify is designed to run in tight spaces, so the memory requirements are modest and generally not a concern for pfSense deployments. As for CPU, the underlying Netify deep packet inspection engine requires about the same amount of horsepower as an intrusion detection/prevention system - the busier the network, the more CPU cycles required.
Netify on Firewalls and Routers

Installation

pfSense 2.4.x on AMD64 (x86-64)

Up-to-date Netify packages are maintained in our pfSense repository. To install Netify, run:

curl http://download.netify.ai/netify/pfsense/2.4.x/stable/netify-install.sh | sh

pfSense 2.4.x on AArch64 (Netgate SG-1100 and SG-2100)

pkg add http://download.netify.ai/netify/pfsense/2.4.x/testing/aarch64/netifyd-3.07_1.txz
cp /usr/local/etc/netifyd.conf.sample /usr/local/etc/netifyd.conf
cp /usr/local/etc/netify.d/netify-sink.conf.sample /usr/local/etc/netify.d/netify-sink.conf
service netifyd onerestart
curl http://download.netify.ai/netify/pfsense/2.4.x/testing/aarch64/netify_watchdog.py -o /usr/local/share/netifyd/netify_watchdog.py
chmod 755 /usr/local/share/netifyd/netify_watchdog.py
curl http://download.netify.ai/netify/pfsense/2.4.x/testing/aarch64/netifyd.cron -o /etc/cron.d/netifyd
service cron restart

pfSense 2.4.x on ARM (SG-3100)

pkg add http://download.netify.ai/netify/pfsense/2.4.x/testing/armv6/netifyd-3.07_1.txz
curl http://download.netify.ai/netify/pfsense/2.4.x/testing/armv6/netify_watchdog.py -o /usr/local/share/netifyd/netify_watchdog.py
chmod 755 /usr/local/share/netifyd/netify_watchdog.py
curl http://download.netify.ai/netify/pfsense/2.4.x/testing/armv6/netifyd.cron -o /etc/cron.d/netifyd
service cron restart

pfSense 2.5.x on AMD64 (x86-64)

pfSense 2.5.x is a development release, so please use it with caution. To install Netify, run:

curl http://download.netify.ai/netify/pfsense/2.5.x/stable/netify-install.sh | sh

pfSense 2.5.x on ARM (Netgate SG-1100, SG-2100 and SG-3100 appliances)

Sorry, we do not support other pfSense 2.5.x variants.

pfSense 2.6.x on AMD64 (x86-64)

To install Netify, run:

pkg add https://download.netify.ai/netify/pfsense/2.6.x/stable/netifyd-3.09_1.pkg

Configuration

Netify will automatically detect the network interfaces and roles defined in pfSense.

Start

With the installation and setup completed, you can now start and enable Netify:

netifyd --enable-sink
service netifyd enabled
service netifyd onestart  # if not running

Provisioning

With the Netify service installed, configured and running, it is time to provision your unique install. You will first need to fetch the provision code from your Netify Agent install using the following command:

# netifyd -p
Agent UUID: AA-BB-CC-DD

Once you have the provisioning code, you will need to create a Netify account (if you don't have one already) and run through the simple provisioning wizard. Once complete, metadata and analysis will start to be available in under a minute.

Provision Agent

Uninstall/Remove Netify

pfSense on AMD64 (x86-64)

Uninstall Netify and Netify FWA

To remove Netify from your installation, use the command line. For pfSense 2.4.x and 2.5.x, Netify has a few package dependencies that are installed during installation but are not removed by default as you could inadvertently remove packages that share these requirements. If you absolutely need to remove all packages that were pulled in during the Netify install, a list of packages that Netify requires is listed below:

  • libunwind
  • google-perftools
  • python36

To uninstall Netify on 2.4.x and 2.5.x, run:

pkg remove pfSense-pkg-netify-fwa pfSense-pkg-netify netifyd

To uninstall Netify on 2.6.x, run:

pkg remove netifyd

pfSense on ARM (Netgate SG-1100, SG-2100 and SG-3100 appliances)

To uninstall Netify, run:

pkg remove netifyd
rm /etc/cron.d/netifyd
service cron restart

What is pfSense

pfSense

pfSense is an open source, FreeBSD-based firewall and routing software solution that can be installed on commodity hardware or found pre-installed on Netgate appliances. The pfSense software provides similar functionality to common commercial firewalls. The solution has successfully replaced numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more.

pfSense features include:

  • Web-based Interface
  • Firewall
  • VPN
  • IDS/IPS
  • Captive Portal
  • Traffic Shaping/QoS
  • High Availability
  • Load Balancing
  • and more