Book Image

Mastering pfSense - Second Edition

By : David Zientara
Book Image

Mastering pfSense - Second Edition

By: David Zientara

Overview of this book

pfSense has the same reliability and stability as even the most popular commercial firewall offerings on the market – but, like the very best open-source software, it doesn’t limit you. You’re in control – you can exploit and customize pfSense around your security needs. Mastering pfSense - Second Edition, covers features that have long been part of pfSense such as captive portal, VLANs, traffic shaping, VPNs, load balancing, Common Address Redundancy Protocol (CARP), multi-WAN, and routing. It also covers features that have been added with the release of 2.4, such as support for ZFS partitions and OpenVPN 2.4. This book takes into account the fact that, in order to support increased cryptographic loads, pfSense version 2.5 will require a CPU that supports AES-NI. The second edition of this book places more of an emphasis on the practical side of utilizing pfSense than the previous edition, and, as a result, more examples are provided which show in step-by-step fashion how to implement many features.
Table of Contents (15 chapters)

Chapter 9 – Multiple WANs

  1. Service-Level Agreement (SLA).
  2. Routing in which routing decisions are dictated by administrative policy.
  3. (a) Load balancing. (b) Failover.
  4. Traffic between local interfaces will be routed through the original WAN interface and will never reach the gateway group; pfSense’s default behavior is to route external traffic to the primary WAN interface.
  5. You are configuring an OPT_WAN interface and the OPT_WAN’s DNS server is not the same as the Monitor IP. We do not have to configure a static route for the primary WAN interface because external traffic is routed to it by default, and we do not have to configure a static route if the OPT_WAN’s DNS server is the same as the Monitor IP because pfSense will add a static route for the Monitor IP.
  6. One for each OPT_WAN interface (and one for each 1:1 NAT mapping, if we have any).
  7. Use Sticky...