Nessus Configuration: Part One

Nessus Configuration

Advanced settings in the Nessus web GUI.

Nessus Configuration: Proxy and Advanced Settings

The first thing you will see when you access Nessus is the login page. You must first enter the login name and password you created when you set up Nessus. Since Nessus uses a web-based front end, you can access the Nessus server from any computer on the local network that has a web browser, making Nessus configuration much easier. This increases the scalability of Nessus for larger organizations. You can configure scan options and make other changes, all from the web interface.

Once you are logged in, there are several settings you can change. If you click on your username (in this example, “nessusadmin”) on the right side of the page, there is a drop-down menu with several options; select “Settings”. On the left sidebar, there is an option called “Proxy”. If you did not set up a proxy during the setup process and need to do so now (for example, if your organization requires that all web traffic be directed through a corporate proxy), you can input the settings here.

Proxy Setting Options

Option Description
Host The host or IP of the proxy
Port The port of the proxy
Username Optional: if a username is required for proxy usage
Password Optional: If a password is required for proxy usage
User-Agent Optional: If the proxy you are using filters specific HTTP user agents, a custom user-agent string can be supplied
Custom Update Host Optional: This can be used to force Nessus to update plugins from a specific host. For example, if plugins must be updated from a site residing in the U.S., you can specify “”

Different Nessus configuration options can be set by clicking on the “Advanced” link in the Settings menu. Each option can be configured by editing the corresponding field and clicking the “Save” button at the bottom of the screen. In addition, the option can be removed completely by clicking on the “X” button.

By default, the Nessus GUI operates on port 8834. To change this port, edit the xmlrpc_listen_port to the desired port. The Nessus server will process the change within a few minutes.

If additional preferences are required, click on the “New Setting” button, input the name and the value, and press “Save”. Once a preference has been updated and saved, Nessus will process the changes within a couple of minutes.

Nessus Configuration

Adding a new user in Nessus.

Nessus Configuration: Adding/Editing Users

During the initial setup, one administrative user is created. Using the credentials specified during the setup, you can log into the Nessus GUI. Once authenticated, click on the “Users” heading at the top. To create a new user, click “New User” on the upper right. This will open a dialog box asking for required details. Input the username and password, verify the password, and determine if the user should have administrator privileges. If a user account needs to be modified, double-click on the user.

You cannot rename a user. If you want to change the name of a user, delete the user and create a new user with the appropriate login name. To remove a user, select the check box next to the account on the list, select “Options” on the upper right, and then click “Delete User” and confirm.

A non-admin user cannot upload plugins to Nessus, cannot restart it remotely, and cannot override the max_hosts/max_checks setting in the configuration section. If the user is intended to be used by SecurityCenter, it must be an admin user. SecurityCenter maintains its own user list and sets permissions for its users.

In the next article, we will cover more Nessus configuration options.

External Links:

Nessus home page on

Nessus on Wikipedia

Advanced Miscellaneous Settings in pfSense

In this article, I will cover some of the Advanced Miscellaneous settings for pfSense. These settings can be found by navigating to System -> Advanced and clicking on the “Miscellaneous” tab.

Advanced Miscellaneous Settings: Proxy Support, Load Balancing, and Power Savings

Advanced Miscellaneous

Some of the Advanced Miscellaneous settings in pfSense.

The first heading in Advanced Miscellaneous settingsĀ  is “Proxy Support”. These settings allow you to configure an external web proxy, rather than add a web proxy such as Squid to pfSense. The first option is “Proxy URL“. In this edit box, specify the URL or IP address of the proxy. Next is “Proxy Port“, which specifies the port to use to connect to the proxy (the default is 8080 for HTTP, or 443 for SSL). Then there is “Proxy Username” and “Proxy Pass“, the username and password for the proxy server.

The next heading in Advanced Miscellaneous settings is “Load Balancing”. I already covered load balancing in a series of previous articles (part one part two part three), so I will keep this brief, but I will note that there are two important settings pertaining to load balancing here. The first is the “Use sticky connections” check box. This setting applies in cases where you have a pool with multiple servers with load balancing enabled. Typically, when load balancing is invoked, successive connections are redirected to the servers in a round-robin fashion, and we don’t care if successive connections from the same source are redirected to different servers. Sometimes we do care, however, and in those cases we can check this check box. If this box is checked, successive connections from the same source will be sent to the same web server. This is referred to as a “sticky connection”, and it will exist as long as there are states in the state table that refer to the connection. Once the states expire, so will the sticky connection, and further connections from that host will be redirected to the next server in the round robin pool.

The second check box is “Allow default gateway switching“. If this box is checked, then if the default gateway fails, it will be switched to another available one. This is useful if you have a multi-WAN setup. If the default gateway fails, outbound traffic will be directed to another gateway (e.g. WAN2), and you will still be able to access the internet. If you do not have this box checked, however, even if you have a multi-WAN setup, if the default gateway fails you will lose internet.

The next heading in Advanced Miscellaneous settings is “Power savings”. Here you will find the “Use PowerD” check box. Checking this box invokes the powerd utility, which monitors the system state and sets various power control options accordingly. There are three modes for powerd: maximum, minimum, and adaptive. Maximum mode chooses the highest performance values; minimum mode selects the lowest performance values (which in turns yields the greatest power savings). Adaptive mode attempts to strike a balance between these two settings by degrading performance when the system appears idle and increasing it when the system is busy. Checking this box will invoke powerd in adaptive mode, if nothing else is changed. There is no way to change the mode to min or max from the GUI (yet). If you want to change the mode, however, you can always edit /etc/inc/ manually. In order to do so, log into your pfSense box via SSH, open up in vi like so:

vi /etc/inc/

and look for the function activate_powerd(). You shouldn’t have to scroll down very far. Look for the following line to edit:

exec(“/usr/sbin/powerd -b adp -a adp”);

the “-b” parameter is for battery and “-a” is for A/C. “adp”, of course, is short for “adaptive”. Chnage these parameters to either “min” for minimum mode or “max” for maximum mode as you see fit; then hit the ESCAPE key and type :wq to save the modified file.

In a future article, I will cover more Advanced Miscellaneous settings, including glxsb crypto acceleration and IP settings.

Other articles in this series:

webConfigurator options in pfSense

Admin Access Options in pfSense

Firewall Advanced Options in pfSense

NAT and Firewall Options in pfSense

Advanced Networking Options in pfSense

External links:

Default gateway switching discussion on

powerd options discussion on

© 2013 David Zientara. All rights reserved. Privacy Policy