P7 - Monitor pfSense with PRTG (Basic Monitoring Setup)
PRTG – P7 How to Monitor pfSense with PRTG (Basic Monitoring Setup)
pfSense is a powerful firewall and router, but without monitoring, issues can easily go unnoticed. A firewall may appear operational while CPU overload, interface congestion, or state table exhaustion silently impact your network performance.
In this tutorial, you will learn how to Monitor pfSense with PRTG Network Monitor using a structured basic monitoring setup. This guide is ideal for system administrators and network engineers managing firewall infrastructure in home labs, SMB networks, and production environments.
We will configure essential sensors to monitor firewall availability, CPU usage, WAN/LAN traffic, VPN activity, disk usage, and state table utilization. With proper alert thresholds in place, PRTG provides real-time visibility and proactive notifications.
By implementing this monitoring strategy, you can quickly detect failures, performance bottlenecks, and abnormal traffic behavior before they cause downtime.
This video is part of the PRTG Network Monitoring Tutorial Series.
🔧 Step 1: Enable SNMP on pfSense
To Monitor pfSense, SNMP must be enabled first.
Community string: This is the same as the SNMP password; PRTG must enter it exactly as is.
Example:
Bind Interface: Do not select WAN (do not make it public on the internet, it’s dangerous)
Exposing SNMP on WAN is a major security risk. Always restrict it to internal interfaces only.
🔐 Step 2: Open the Firewall for SNMP
Navigate to:
Firewall → Rules → LAN
Add rule:
• Action: Pass
• Protocol: UDP
• Source: PRTG IP
• Destination: This Firewall
• Port: 161 (SNMP)
This rule allows the PRTG server to query pfSense securely over SNMP.
🖥 Step 3: Add Device in PRTG
Add a new device in PRTG.
IP: Enter pfSense IP
This registers the firewall as a monitored device.
⚙ Step 4: Configure SNMP Credentials
Go to:
Device → Settings → SNMP Credentials
Configure:
• SNMP Version: v2c
• Community String: prtg_snmp_2025
• Port: 161
The community string must match exactly what was configured in pfSense.
📊 Step 5: Add Important Sensors for pfSense
Now we configure the core monitoring components required to properly Monitor pfSense.
#1. Ping Sensor
• Add Sensor → Ping
Purpose:
• Check if pfSense is alive or dead
This is the most basic availability check.
#2. SNMP System Uptime
• Add Sensor → SNMP System Uptime
Purpose:
• Determine if the firewall reboots or freezes
Unexpected uptime resets may indicate crashes or power issues.
#3. CPU pfSense
• Add Sensor → SNMP CPU Load
Very important to detect pfSense overload.
High CPU usage may indicate heavy traffic, IDS/IPS load, VPN encryption stress, or attack attempts.
#4. Monitor Interface (WAN/LAN)
• Add Sensor → SNMP Traffic
• Select interface:
o WAN
o LAN
o OPT (if any)
Purpose:
View bandwidth and detect network congestion.
WAN Traffic Monitoring
• Monitor bandwidth
• Network congestion warning
• Beautiful, easy-to-understand graph
Errors / Discards help detect:
• Cable errors
• NIC errors
• Switch port errors
Ignore all disconnected states (default) → Avoid red warnings due to dormant/unused interfaces
Show in and out traffic as positive and negative area graph → Easiest graph to view for firewalls
Alert Threshold – WAN
Traffic Total
Upper Warning: 80 → Traffic WAN > 80 Mb/s → Warning
Upper Error: 90 → Traffic WAN > 90 Mb/s → Error
Errors In
Upper Warning: 1 → 1 error → Warning
Upper Error: 10 → 10 errors → Error
Errors Out
Upper Warning: 1 → 1 error → Warning
Upper Error: 10 → 10 errors → Error
Discards In
Upper Warning: 1 → Packet dropped → Warning
Upper Error: 10 → Packets dropped many times → Error
Discards Out
Upper Warning: 1 → Packet dropped → Warning
Upper Error: 10 → Packets dropped many times → Error
Tip: WAN traffic depends on your home bandwidth. For example, 100 Mb/s, use % → 80 Mb/s ~ 80% → correct.
Tip: WAN traffic depends on your home bandwidth. For example, 100 Mb/s, use % → 80 Mb/s ~ 80% → correct.
Alert Threshold – OpenVPN (ovpns1)
Traffic Total
Upper Warning: 10 → Traffic > 10 Mb/s → Warning (depending on baseline)
Upper Error: 20 → Traffic > 20 Mb/s → Error
Errors In
Upper Warning: 1 → Packet error → Warning
Upper Error: 5 → Packet error → Error
Errors Out
Upper Warning: 1 → Packet errors → Warning
Upper Error: 5 → Error packet → Error
Discards In
Upper Warning: 1 → Packet abandoned → Warning
Upper Error: 5 → Packet dropped → Error
Discards Out
Upper Warning: 1 → Packet abandoned → Warning
Upper Error: 5 → Packet dropped → Error
VPN traffic is usually small, so the threshold is lower than WAN, and so are errors/discards.
Low → Set low to catch anomalies.
#5. Disk Usage pfSense
Purpose:
• Monitor hard drive (especially if there is a lot of logging)
Add sensor:
• Sensor: SNMP Custom
• Channel Name: Disk Usage
• OID:
• Value Type: Absolute (integer)
• Unit: %
Alert:
• Upper Warning: 80
• Upper Error: 90
Log-heavy environments can fill storage quickly, causing system instability.
#6. Monitor State Table
Add sensor:
• SNMP Custom Advanced
Current states OID:
Enable Limits:
Upper Warning: > 70% Max
Upper Error: > 85% Max
State table exhaustion can cause connection failures and dropped sessions.
🚀 Why You Must Monitor pfSense Properly
When you properly Monitor pfSense, you gain:
Real-time firewall visibility
Early detection of overload conditions
WAN congestion awareness
VPN anomaly detection
Disk and state table protection
Reduced downtime risk
A firewall is the core of your network. Without monitoring, failures are reactive. With PRTG, monitoring becomes proactive.
📌 Final Thoughts
You have now configured a complete basic monitoring setup to Monitor pfSense using PRTG Network Monitor.
By enabling SNMP, opening secure firewall rules, configuring credentials, and adding essential sensors such as Ping, Uptime, CPU, WAN traffic, VPN traffic, Disk Usage, and State Table monitoring, you now have full visibility into firewall health and performance.
This structured approach ensures your pfSense environment remains stable, secure, and optimized.
In the next tutorial, we will continue expanding advanced monitoring capabilities within the PRTG ecosystem.
See also related articles
P3 – Powerful Guide 2026 Monitor WAN IP with PRTG
P3 – Powerful Guide 2026 Monitor WAN IP with PRTG PRTG – P3 Monitor Internet & WAN IP Using PRTG Network Monitor Monitoring your Internet connection is critical for any business infrastructure. If your WAN connection goes down, services such as email, VPN, remote access, and cloud applications become unavailable...
Read MoreP2 – Secure PRTG Fast: Change Port PRTG & Enable SSL
P2 – Secure PRTG Fast: Change Port PRTG & Enable SSL PRTG – P2 Secure PRTG with SSL | Enable HTTPS & Change Default Port Securing your monitoring system is not optional — it is essential. In this guide, we will walk through how to secure PRTG Network Monitor by...
Read MoreP1 – Complete Install PRTG Guide for Windows 10
PRTG – P1 How to Install PRTG on Windows 10 | Initial Setup & Configuration 🚀 Install PRTG on Windows 10 – Initial Setup & Configuration (P1) If you are starting your monitoring journey, learning how to Install PRTG properly is the first critical step. In this tutorial, I will...
Read More