Would you like to learn how to do monitor PFsense using Zabbix via SNMP? In this tutorial, we are going to show you how to configure SNMP on Pfsense and how to monitor a PFsense firewall using the Zabbix server.

• Zabbix server 4.4.0
• Pfsense 2.4.4-p3

Zabbix Playlist:

On this page, we offer quick access to a list of videos related to Zabbix installation.

Don't forget to subscribe to our youtube channel named FKIT.

PFSense NET-SNMP Configuration

First, we need to install the SNMP service on the PFsense server.

Open a browser software, enter the IP address of your Pfsense firewall and access web interface.

In our example, the following URL was entered in the Browser:

• https://192.168.15.16

The Pfsense web interface should be presented.

Pfsense login

On the prompt screen, enter the Pfsense Default Password login information.

• Username: admin
• Password: pfsense

After a successful login, you will be sent to the Pfsense Dashboard.

Pfsense dashboard

Access the Pfsense Services menu and select the SNMP option.

pnsense snmp

Make sure the following option is disabled: Enable the SNMP Daemon and its controls

We need to make sure the default SNMP service is disabled.

pfsense disable snmp

Next, we need to install the Pfsense NET-SNMP package.

Access the Pfsense System menu and select the Package manager option.

pfsense package manager menu

On the package manager screen, access the Available packages tab.

On the Available packages tab, search for snmp and install the Net-snmp package.

pfsense net-snmp installation

Wait the net-snmp installation to finish.

Access the Pfsense Services menu and select the SNMP(NET-SNMP) option.

pfsense net-snmp menu

On the General tab, enable the SNMPD service.

Click on the Save button on the botton part of the screen.

pfsense enable net-snmp

Access the Host information tab, you need to set a SNMP contact and a SNMP location.

Click on the Save button on the botton part of the screen.

pfsense snmp host information

Access the Communities tab and click on the Add button.

pfsense add net-snmp community

On the SNMP communities screen, perform the following configuration:

• Community name -  Enter a SNMP community name
• Read/Write Access - Read-only
• Address family - IPV4

Click on the Save button on the botton part of the screen.

In our example, we set a snmp community named GokuBlack.

pfsense netsnmp community

You have successfully enabled the Pfsense NET-SNMP service.

You have successfully configured the Pfsense NET-SNMP service.

PFSense SNMP Firewall Configuration

By default, the PFsense firewall does not allow external SNMP connections to the WAN interface.

In our example we are going to create a firewall rule to allow the SNMP communication.

Access the Pfsense Firewall menu and select the Rules option.

pfsense firewall rule menu

Click on the Add button to add a rule to the Top of the list.

pfsense add firewall rule

On the Firewall rule creation screen, perform the following configuration:

• Action - Pass
• Interface - WAN
• Address family - IPV4
• Protocol - UDP

pfsense firewall snmp rule

On the Source configuration screen, you need to define the IP address that should be allowed to perform SNMP communication with the Pfsense firewall.

In our example, any computer is able to perform SNMP communication with the firewall.

pfsense snmp firewall source

On the Firewall destination screen, perform the following configuration:

• Destination - Wan address
• Destination port range- From SNMP 161 to SNMP 161

pfsense snmp firewall destination

On the Firewall Extra options screen, you may enter a description to the firewall rule.

pfsense snmp firewall extra

Click on the Save button, you will be sent back to the Firewall configuration screen.

Now, you need to reload the firewall rules to apply the SNMP configuration.

Click on the Apply changes button to reload the firewall configuration.

Pfsense apply firewall rule

You have finished the PFsense firewall configuration to allow SNMP communication using the WAN interface.

Tutorial - Zabbix Monitoring PFSense via SNMP

Now, we need to access the Zabbix server dashboard and add the Linux computer as a Host.

Open your browser and enter the IP address of your web server plus /zabbix.

In our example, the following URL was entered in the Browser:

• http://192.168.15.10/zabbix

On the login screen, use the default username and default password.

• Default Username: Admin
• Default Password: zabbix

zabbix login

After a successful login, you will be sent to the Zabbix Dashboard.

Zabbix 4.4 dashboard

On the dashboard screen, access the Configuration menu and select the Host option.

zabbix add host

On the top right of the screen, click on the Create host button.

Zabbix Create Host

On the Host configuration screen, you will have to enter the following information:

• Host Name - Enter a Hostname to identify the PFSense server.
• Visible Hostname - Repeat the hostname.
• New group - Enter a name to identify a group of similar devices.
• Agent Interface - Click on the Remove button.
• SNMP Interface - Click on the Add button and enter the IP address of the PFsense server.

Here is the original image, before our configuration.

zabbix add host

Here is the new image with our configuration.

zabbix pfsense snmp host

Next, we need to configure the SNMP community that Zabbix will use to connect on the PFsense firewall.

Access the Macros tab on the top of the screen.

Create a macro named: {$SNMP_COMMUNITY}

The {$SNMP_COMMUNITY} macro value should be the PFSense SNMP community.

Zabbix SNMP Macro Linux

In our example, the {$SNMP_COMMUNITY} value is GokuBlack

Next, we need to associate the host with a specific network monitor template.

By default, Zabbix comes with a large variety of monitoring templates.

Access the Templates tab on the top of the screen.

Locate and select the template named: Template Net Network Generic Device SNMPv2

zabbix snmp device template

After a few minutes, you will be able to see the initial result on the Zabbix Dashboard.

The final result will take at least one hour.

By default, Zabbix will wait 1 hour to discover the number of interfaces available on the Pfsense server.

By default, Zabbix will wait 1 hour before collect information from the network interfaces.

Congratulations! You have configured the Zabbix server to monitor a Pfsense firewall using SNMP.