Would you like to learn how to do monitor PFsense using Zabbix? In this tutorial, we are going to show you how to install and configure the Zabbix agent software on a computer running PFsense and how to monitor a PFsense firewall using the Zabbix server.
• Zabbix server 4.2.6
• Pfsense 2.4.4-p3
Equipment list
Here you can find the list of equipment used to create this tutorial.
This link will also show the software list used to create this tutorial.
Zabbix Playlist:
On this page, we offer quick access to a list of videos related to Zabbix installation.
Don’t forget to subscribe to our youtube channel named FKIT.
Zabbix Related Tutorial:
On this page, we offer quick access to a list of tutorials related to Zabbix installation.
PFSense – Zabbix Agent Installation
First, we need to install the Zabbix agent on the PFsense server.
Open a browser software, enter the IP address of your Pfsense firewall and access web interface.
In our example, the following URL was entered in the Browser:
• https://192.168.15.11
The Pfsense web interface should be presented.
On the prompt screen, enter the Pfsense Default Password login information.
• Username: admin
• Password: pfsense
After a successful login, you will be sent to the Pfsense Dashboard.
Access the Pfsense System menu and select the Package manager option.
On the package manager screen, access the Available packages tab.
On the Available packages tab, search for zabbix-agent and install the Zabbix agent package.
There are multiple agent versions available, make sure you select the same version of your Zabbix server.
In our example, we have a Zabbix server version 4.2.6.
In our example, we installed the Zabbix agent package named: zabbix-agent42
Wait the Zabbix agent installation to finish.
Access the Pfsense Services menu and select the Zabbix Agent option.
On the General tab, enable the Zabbix agent service and perform the following configuration:
• Server – The IP address of the Zabbix server
• ServerActive – The IP address of the Zabbix server
• Hostname – The hostname of the PFsense firewall
• Listen IP – Use 0.0.0.0 to listen on All IP addresses
• Listen Port – Zabbix agent default port 10050
On the TLS-RELATED Parameters area, you need to perform the following configuration:
• TLS Connect – PSK
• TLS Accept – PSK
• TLS PSK IDENTITY – key-pfsense-01
• TLS PSK – fb6616cd582a2fa0aa161cab3423a9ca640c931b21c8c2e3b7132d6db75aadff (Create your own key)
If you need help to create a PSK key, you may use websites like: https://www.browserling.com/tools/random-hex
After finishing the configuration, click on the Save button on the bottom part of the screen.
In our example, we used the following configuration:
• The Zabbix server has the IP address: 192.168.15.10.
• The PFSense firewall has the IP address: 192.168.15.11.
• The Pfsense firewall hostname is: PFSENSE-FIREWALL
• The PSK Identification key was named: key-pfsense-01
• The communication will be encrypted using the following key: fb6616cd582a2fa0aa161cab3423a9ca640c931b21c8c2e3b7132d6db75aadff
You have successfully installed the PFsense Zabbix agent.
PFSense – Firewall Configuration
By default, the PFsense firewall does not allow external Zabbix connections to the WAN interface.
In our example we are going to create a firewall rule to allow the Zabbix communication.
Access the Pfsense Firewall menu and select the Rules option.
Click on the Add button to add a rule to the Top of the list.
On the Firewall rule creation screen, perform the following configuration:
• Action – Pass
• Interface – WAN
• Address family – IPV4
• Protocol – TCP
On the Source configuration screen, you need to define the Zabbix server IP address.
This IP address should be allowed to communicate with the Zabbix agent installed on the Pfsense firewall.
In our example, only the computer using the IP address 192.168.15.10 will be able to communicate with the PFsense Zabbix agent.
On the Firewall destination screen, perform the following configuration:
• Destination – Wan address
• Destination port range- From (Other) 10050 to (Other) 10050
On the Firewall Extra options screen, you may enter a description to the firewall rule.
Click on the Save button, you will be sent back to the Firewall configuration screen.
Now, you need to reload the firewall rules to apply the Zabbix communication firewall rule.
Click on the Apply changes button to reload the firewall configuration.
You have finished the PFsense firewall configuration to allow the Zabbix server communication using the WAN interface.
PFSense – Testing the Zabbix agent configuration
To test the Pfsense Zabbix agent configuration, access the command-line of your Zabbix server.
First, we need to create a file containing the PSK key to encrypt the communication.
Create a temporary PSK key file on the Zabbix server.
Insert the PSK Key previously defined inside this file.
Use the following command to test the communication between the Zabbix server and the Zabbix agent.
If everything worked, the Zabbix agent should report the agent version installed on the Pfsense server.
Keep in mind that you need to change the Zabbix agent IP address, the PSK identification name and the PSK key value to reflect your environment.
You have successfully performed a communication test between the Zabbix server and the Zabbix agent installed on the Pfsense firewall.
Congratulations! you have installed the Zabbix agent on a computer running Pfsense.
You can now use the Zabbix server dashboard to add this computer to the network monitoring service.
Tutorial Zabbix – Monitoring PFSense
Now, we need to access the Zabbix server dashboard and add the Pfsense server as a Host.
Open your browser and enter the IP address of your web server plus /zabbix.
In our example, the following URL was entered in the Browser:
• http://192.168.15.10/zabbix
On the login screen, use the default username and default password.
• Default Username: Admin
• Default Password: zabbix
After a successful login, you will be sent to the Zabbix Dashboard.
On the dashboard screen, access the Configuration menu and select the Host option.
On the top right of the screen, click on the Create host button.
On the Host configuration screen, you will have to enter the following information:
• Host Name – Enter a Hostname to identify the PFSense server.
• Visible Hostname – Repeat the hostname.
• New group – Enter a name to identify a group of similar devices.
• Agent Interface – Enter the IP address of the PFsesne server.
Here is the original image, before our configuration.
Here is the new image with our configuration.
Next, we need to associate the host with a specific network monitor template.
By default, Zabbix comes with a large variety of monitoring templates.
Access the Templates tab on the top of the screen.
Click on the Select button and locate the template named: Template OS FreeBSD
Click on the Add option (1).
Next, we need to encrypt the communication between the Zabbix server and the PFsense firewall.
Access the Encryption tab on the top of the screen and perform the following configuration:
• Connectios to host – PSK
• Connections from host – PSK
• PSK identity – key-pfsense-01
• PSK – fb6616cd582a2fa0aa161cab3423a9ca640c931b21c8c2e3b7132d6db75aadff
Click on the Add button to finish the configuration.
After a few minutes, you will be able to see the initial result on the Zabbix Dashboard.
The final result will take at least one hour.
By default, Zabbix will wait 1 hour to discover the number of interfaces available on the Pfsense server.
By default, Zabbix will wait 1 hour before collect information from the network interfaces.
In order to test your configuration, access the Monitoring menu and click on the Graphs option.
On the top right of the screen, select the group named ALL.
Select your PFSense computer host name.
Select the graph named: CPU UTILIZATION
You should be able to see the graphic of CPU utilization.
Congratulations! You have configured the Zabbix server to monitor a Pfsense computer.
