Skip to main content
Configuring a pfSense Firewall for 8x8 Service
8x8 Support Knowledge Base

Configuring a pfSense Firewall for 8x8 Service

General Information

Note: Guidance on pfSense firewall is publicly available within pfSense documentation.

Administrative Information

  1. In a browser on a computer on the same network as the pfSense firewall, navigate to your pfSense IP address you have assigned to it.
  2. Log in (default credentials shown below).
    • Username: admin
    • Password: pfsense

Tested on the following firmware versions:

  • Fimware version 2.4.3 and later

Adding/editing 8x8 subnets is recommended when available. Please click here and review the Traffic Shaping and Specific Subnet/Port Configuration section.

Procedure

Set Conservative state table optimization

  1. Go to System > Advanced
  2. Click Firewall & NAT
  3. Set ‘Firewall Optimization Options’ to Conservative
  4. Under the ‘State Timeouts’ section set ‘UDP First, Single, and Multiple’ to 300

Set up Outbound NAT

  1. Go to Firewall > NAT
  2. Click Outbound
  3. Set ‘Outbound Nat Mode’ to Manual Outbound NAT rule generation (AON - Advanced Outbound NAT)

Add 8x8 Subnets

  1. Go to Firewall > Rules
  2. Click LAN
     
  3. Click Add
  4. Add each 8x8 subnet one at a time. (One example shown. For the full subnet list, see Virtual Office Technical Requirements.)
  5. Add each 8x8 ports one at a time. (One example shown. For the full port list, see Virtual Office Technical Requirements.)

Set up Traffic Shaping

  1. Go to Firewall > Traffic Shaper.
  2. Click Wizards.
  3. Click Multiple Lan/Wan.
  4. Enter the number of Wan type connections and LAN type interfaces.
  5. Select HFSC for ‘Interface & Scheduler.’
  6. Make sure your Upload and Download speed is set correctly, if you have an internet connection established on your pfSense, it should be set automatically. Enter your interface WAN#1 upload and download speed. (Screenshot below is an example, every network will have different up/down speed, we highly recommend working with your IT department or system administrator for the correct up/down speed for your network.)
  7. Click Next.
  8. Under the ‘Voice over IP’ section Enable Prioritize Voice over IP traffic.
  9. The next Step really depends on how many users you have on your network. In this example, the network is highly unlikely that more than 5 people will have a phone call at the same time. In this step we are going to set bandwidth we want to reserve for our VOIP traffic, in this example we set the ‘Connection for WAN#1 and LAN#1’ limits to 1Mbit/s Up/Down.
    As a rule of thumb you can assume the following traffic rules:

Number of Concurrent Calls

Minimum Required Bandwidth

Recommended Speed

1

100 Kbps Up and Down

3 MBps Up and Down

3

300 Kbps Up and Down

3 MBps Up and Down

5

500 Kbps Up and Down

5 MBps Up and Down

10

1 MBps Up and Down

5-10 MBps Up and Down

  1. Click Next.
  2. The next steps are unique to each network, make sure you go through each section and check anything that pertains to your network until the get to the end of the Wizard.
  3. Confirm the wizard has created the proper queues for your network by navigating back to Firewall > Traffic Shaper.
  4. Click By Interface.
  5. In this section, you can modify or adjust the queues that were created by the Wizard. Note, this is the fastest and easiest way of creating the Traffic Shaping rules, there are multiple ways of creating these queues. You can find more information on creating these rules by visiting the pfSense website and forums.