Would you like to learn how to do monitor PFsense using Zabbix via SNMP? In this tutorial, we are going to show you how to configure SNMP on Pfsense and how to monitor a PFsense firewall using the Zabbix server.
• Zabbix server 4.4.0
• Pfsense 2.4.4-p3
Equipment list
Here you can find the list of equipment used to create this tutorial.
This link will also show the software list used to create this tutorial.
Zabbix Playlist:
On this page, we offer quick access to a list of videos related to Zabbix installation.
Don't forget to subscribe to our youtube channel named FKIT.
Zabbix Related Tutorial:
On this page, we offer quick access to a list of tutorials related to Zabbix installation.
PFSense - NET-SNMP Configuration
First, we need to install the SNMP service on the PFsense server.
Open a browser software, enter the IP address of your Pfsense firewall and access web interface.
In our example, the following URL was entered in the Browser:
• https://192.168.15.16
The Pfsense web interface should be presented.
On the prompt screen, enter the Pfsense Default Password login information.
• Username: admin
• Password: pfsense
After a successful login, you will be sent to the Pfsense Dashboard.
Access the Pfsense Services menu and select the SNMP option.
Make sure the following option is disabled: Enable the SNMP Daemon and its controls
We need to make sure the default SNMP service is disabled.
Next, we need to install the Pfsense NET-SNMP package.
Access the Pfsense System menu and select the Package manager option.
On the package manager screen, access the Available packages tab.
On the Available packages tab, search for snmp and install the Net-snmp package.
Wait the net-snmp installation to finish.
Access the Pfsense Services menu and select the SNMP(NET-SNMP) option.
On the General tab, enable the SNMPD service.
Click on the Save button on the botton part of the screen.
Access the Host information tab, you need to set a SNMP contact and a SNMP location.
Click on the Save button on the botton part of the screen.
Access the Communities tab and click on the Add button.
On the SNMP communities screen, perform the following configuration:
• Community name - Enter a SNMP community name
• Read/Write Access - Read-only
• Address family - IPV4
Click on the Save button on the botton part of the screen.
In our example, we set a snmp community named GokuBlack.
You have successfully enabled the Pfsense NET-SNMP service.
You have successfully configured the Pfsense NET-SNMP service.
PFSense SNMP - Firewall Configuration
By default, the PFsense firewall does not allow external SNMP connections to the WAN interface.
In our example we are going to create a firewall rule to allow the SNMP communication.
Access the Pfsense Firewall menu and select the Rules option.
Click on the Add button to add a rule to the Top of the list.
On the Firewall rule creation screen, perform the following configuration:
• Action - Pass
• Interface - WAN
• Address family - IPV4
• Protocol - UDP
On the Source configuration screen, you need to define the IP address that should be allowed to perform SNMP communication with the Pfsense firewall.
In our example, any computer is able to perform SNMP communication with the firewall.
On the Firewall destination screen, perform the following configuration:
• Destination - Wan address
• Destination port range- From SNMP 161 to SNMP 161
On the Firewall Extra options screen, you may enter a description to the firewall rule.
Click on the Save button, you will be sent back to the Firewall configuration screen.
Now, you need to reload the firewall rules to apply the SNMP configuration.
Click on the Apply changes button to reload the firewall configuration.
You have finished the PFsense firewall configuration to allow SNMP communication using the WAN interface.
Tutorial Zabbix - Monitoring PFSense via SNMP
Now, we need to access the Zabbix server dashboard and add the Linux computer as a Host.
Open your browser and enter the IP address of your web server plus /zabbix.
In our example, the following URL was entered in the Browser:
• http://192.168.15.10/zabbix
On the login screen, use the default username and default password.
• Default Username: Admin
• Default Password: zabbix
After a successful login, you will be sent to the Zabbix Dashboard.
On the dashboard screen, access the Configuration menu and select the Host option.
On the top right of the screen, click on the Create host button.
On the Host configuration screen, you will have to enter the following information:
• Host Name - Enter a Hostname to identify the PFSense server.
• Visible Hostname - Repeat the hostname.
• New group - Enter a name to identify a group of similar devices.
• Agent Interface - Click on the Remove button.
• SNMP Interface - Click on the Add button and enter the IP address of the PFsense server.
Here is the original image, before our configuration.
Here is the new image with our configuration.
Next, we need to configure the SNMP community that Zabbix will use to connect on the PFsense firewall.
Access the Macros tab on the top of the screen.
Create a macro named: {$SNMP_COMMUNITY}
The {$SNMP_COMMUNITY} macro value should be the PFSense SNMP community.
In our example, the {$SNMP_COMMUNITY} value is GokuBlack
Next, we need to associate the host with a specific network monitor template.
By default, Zabbix comes with a large variety of monitoring templates.
Access the Templates tab on the top of the screen.
Locate and select the template named: Template Net Network Generic Device SNMPv2
After a few minutes, you will be able to see the initial result on the Zabbix Dashboard.
The final result will take at least one hour.
By default, Zabbix will wait 1 hour to discover the number of interfaces available on the Pfsense server.
By default, Zabbix will wait 1 hour before collect information from the network interfaces.
Congratulations! You have configured the Zabbix server to monitor a Pfsense firewall using SNMP.
