Book Image

Mastering pfSense - Second Edition

By : David Zientara
Book Image

Mastering pfSense - Second Edition

By: David Zientara

Overview of this book

pfSense has the same reliability and stability as even the most popular commercial firewall offerings on the market – but, like the very best open-source software, it doesn’t limit you. You’re in control – you can exploit and customize pfSense around your security needs. Mastering pfSense - Second Edition, covers features that have long been part of pfSense such as captive portal, VLANs, traffic shaping, VPNs, load balancing, Common Address Redundancy Protocol (CARP), multi-WAN, and routing. It also covers features that have been added with the release of 2.4, such as support for ZFS partitions and OpenVPN 2.4. This book takes into account the fact that, in order to support increased cryptographic loads, pfSense version 2.5 will require a CPU that supports AES-NI. The second edition of this book places more of an emphasis on the practical side of utilizing pfSense than the previous edition, and, as a result, more examples are provided which show in step-by-step fashion how to implement many features.

Related Content you might be interested in

Current Title:

Small book image
Mastering pfSense - Second Edition
David Zientara
May, 2018 | 450 pages
Small book image
Network Security with pfSense
Manuj Aggarwal
Jul, 2018 | 152 pages
Small book image
OPNsense Beginner to Professional
Julio Cesar Bueno de Camargo
Jun, 2022 | 464 pages
Small book image
CompTIA Network+ Certification Guide
Glen D Singh | Rishi Latchmepersad
Dec, 2018 | 422 pages
Table of Contents (15 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Revisiting pfSense Basics
Revisiting pfSense Basics
Technical requirements
pfSense project overview
Possible deployment scenarios
Hardware requirements and sizing guidelines
Hardware sizing guidelines
The best practices for installation and configuration
pfSense configuration
Summary
Questions
Further reading
2
Advanced pfSense Configuration
Advanced pfSense Configuration
Technical requirements
SSH login
DHCP
DNS
DDNS
Captive portal
NTP
SNMP
Summary
Questions
3
VLANs
VLANs
Technical requirements
Basic VLAN concepts
VLAN configuration at the console
VLAN configuration in the web GUI
Configuration at the switch
Troubleshooting VLANs
Summary
Questions
4
Using pfSense as a Firewall
Using pfSense as a Firewall
Technical requirements
An example network
Firewall fundamentals
Firewall best practices
Creating and editing firewall rules
Scheduling
Aliases
Virtual IPs
Troubleshooting firewall rules
Summary
Questions
5
Network Address Translation
Network Address Translation
Technical requirements
NAT essentials
Outbound NAT
1:1 NAT
Port forwarding
Network Prefix Translation
Troubleshooting
Summary
Questions
6
Traffic Shaping
Traffic Shaping
Technical requirements
Traffic shaping essentials
Configuring traffic shaping in pfSense
Advanced traffic shaping configuration
Traffic shaping examples
Using Snort for traffic shaping
Troubleshooting traffic shaping
Summary
Questions
Further reading
7
Virtual Private Networks
Virtual Private Networks
Technical requirements
VPN fundamentals
Configuring a VPN tunnel
Troubleshooting
Summary
Questions
8
Redundancy and High Availability
Redundancy and High Availability
Technical requirements
Basic concepts
Server load balancing
CARP configuration
An example of both load balancing and CARP
Troubleshooting
Summary
Questions
Further reading
9
Multiple WANs
Multiple WANs
Technical requirements
Basic concepts
Multi-WAN configuration
Example – multi-WAN and CARP
Troubleshooting
Summary
Questions
10
Routing and Bridging
Routing and Bridging
Technical requirements
Basic concepts
Routing
Bridging
Troubleshooting
Summary
Questions
11
Extending pfSense with Packages
Extending pfSense with Packages
Technical requirements
Basic considerations
Installing packages
Important packages
Other packages
Summary
Questions
Further reading
12
Diagnostics and Troubleshooting
Diagnostics and Troubleshooting
Technical requirements
Troubleshooting basics
pfSense troubleshooting tools
Troubleshooting scenarios
Summary
Questions
13
Assessments
Assessments
Chapter 1 – Revisiting pfSense Basics
Chapter 2 – Advanced pfSense Configuration
Chapter 3 – VLANs
Chapter 4 – Using pfSense as a Firewall
Chapter 5 – Network Address Translation
Chapter 6 – Traffic Shaping
Chapter 7 – Virtual Private Networks
Chapter 8 – Redundancy and High Availability
Chapter 9 – Multiple WANs
Chapter 10 – Routing and Bridging
Chapter 11 – Extending pfSense with Packages
Chapter 12 – Diagnostics and Troubleshooting
14
Another Book You May Enjoy
Another Book You May Enjoy
Leave a review - let other readers know what you think

Questions

Answer the following questions:

  1. Name the two most common types of VPN deployments.
  2. (a) Identify the three VPN protocols supported by the current version of pfSense. (b) Which protocol does not natively support encryption?

  1. Identify the three protocols encompassed by IPsec.
  2. If we are setting up an IPsec connection and Key Exchange version is set to Auto, what will happen if we try to initiate a site-to-site connection to (a) a firewall where the Key Exchange version is set to IKEv1? (b) a firewall where the Key Exchange version is set to IKEv2? (Assume that the rest of the configuration is correct.)
  3. (a) Which port must always be unblocked for IPsec to function? (b) What is the default OpenVPN port?
  4. What are the three authentication options for L2TP?
  5. What option was added to the Diffie-Hellman key configuration in pfSense 2.4?
  6. With OpenVPN, what alternatives are there...
Previous Section
End of Chapter 7
Next Chapter