Book Image

Mastering pfSense - Second Edition

By : David Zientara
Book Image

Mastering pfSense - Second Edition

By: David Zientara

Overview of this book

pfSense has the same reliability and stability as even the most popular commercial firewall offerings on the market – but, like the very best open-source software, it doesn’t limit you. You’re in control – you can exploit and customize pfSense around your security needs. Mastering pfSense - Second Edition, covers features that have long been part of pfSense such as captive portal, VLANs, traffic shaping, VPNs, load balancing, Common Address Redundancy Protocol (CARP), multi-WAN, and routing. It also covers features that have been added with the release of 2.4, such as support for ZFS partitions and OpenVPN 2.4. This book takes into account the fact that, in order to support increased cryptographic loads, pfSense version 2.5 will require a CPU that supports AES-NI. The second edition of this book places more of an emphasis on the practical side of utilizing pfSense than the previous edition, and, as a result, more examples are provided which show in step-by-step fashion how to implement many features.

Related Content you might be interested in

Current Title:

Small book image
Mastering pfSense - Second Edition
David Zientara
May, 2018 | 450 pages
Small book image
Network Security with pfSense
Manuj Aggarwal
Jul, 2018 | 152 pages
Small book image
OPNsense Beginner to Professional
Julio Cesar Bueno de Camargo
Jun, 2022 | 464 pages
Small book image
CompTIA Network+ Certification Guide
Glen D Singh | Rishi Latchmepersad
Dec, 2018 | 422 pages
Table of Contents (15 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Revisiting pfSense Basics
Revisiting pfSense Basics
Technical requirements
pfSense project overview
Possible deployment scenarios
Hardware requirements and sizing guidelines
Hardware sizing guidelines
The best practices for installation and configuration
pfSense configuration
Summary
Questions
Further reading
2
Advanced pfSense Configuration
Advanced pfSense Configuration
Technical requirements
SSH login
DHCP
DNS
DDNS
Captive portal
NTP
SNMP
Summary
Questions
3
VLANs
VLANs
Technical requirements
Basic VLAN concepts
VLAN configuration at the console
VLAN configuration in the web GUI
Configuration at the switch
Troubleshooting VLANs
Summary
Questions
4
Using pfSense as a Firewall
Using pfSense as a Firewall
Technical requirements
An example network
Firewall fundamentals
Firewall best practices
Creating and editing firewall rules
Scheduling
Aliases
Virtual IPs
Troubleshooting firewall rules
Summary
Questions
5
Network Address Translation
Network Address Translation
Technical requirements
NAT essentials
Outbound NAT
1:1 NAT
Port forwarding
Network Prefix Translation
Troubleshooting
Summary
Questions
6
Traffic Shaping
Traffic Shaping
Technical requirements
Traffic shaping essentials
Configuring traffic shaping in pfSense
Advanced traffic shaping configuration
Traffic shaping examples
Using Snort for traffic shaping
Troubleshooting traffic shaping
Summary
Questions
Further reading
7
Virtual Private Networks
Virtual Private Networks
Technical requirements
VPN fundamentals
Configuring a VPN tunnel
Troubleshooting
Summary
Questions
8
Redundancy and High Availability
Redundancy and High Availability
Technical requirements
Basic concepts
Server load balancing
CARP configuration
An example of both load balancing and CARP
Troubleshooting
Summary
Questions
Further reading
9
Multiple WANs
Multiple WANs
Technical requirements
Basic concepts
Multi-WAN configuration
Example – multi-WAN and CARP
Troubleshooting
Summary
Questions
10
Routing and Bridging
Routing and Bridging
Technical requirements
Basic concepts
Routing
Bridging
Troubleshooting
Summary
Questions
11
Extending pfSense with Packages
Extending pfSense with Packages
Technical requirements
Basic considerations
Installing packages
Important packages
Other packages
Summary
Questions
Further reading
12
Diagnostics and Troubleshooting
Diagnostics and Troubleshooting
Technical requirements
Troubleshooting basics
pfSense troubleshooting tools
Troubleshooting scenarios
Summary
Questions
13
Assessments
Assessments
Chapter 1 – Revisiting pfSense Basics
Chapter 2 – Advanced pfSense Configuration
Chapter 3 – VLANs
Chapter 4 – Using pfSense as a Firewall
Chapter 5 – Network Address Translation
Chapter 6 – Traffic Shaping
Chapter 7 – Virtual Private Networks
Chapter 8 – Redundancy and High Availability
Chapter 9 – Multiple WANs
Chapter 10 – Routing and Bridging
Chapter 11 – Extending pfSense with Packages
Chapter 12 – Diagnostics and Troubleshooting
14
Another Book You May Enjoy
Another Book You May Enjoy
Leave a review - let other readers know what you think

Summary

In this chapter, we began with some basic VPN concepts, with our focus being primarily on the three VPN protocols currently supported by pfSense: IPsec, L2TP, and OpenVPN. We weighed the advantages and disadvantages of each protocol with respect to security, cross-platform support, ease of configuration, and firewall-friendliness. We emphasized that since L2TP lacks confidentiality and encryption, you are not likely to ever implement L2TP in native mode; rather, it is more likely to be implemented in combination with IPsec, making your choice one between IPsec, L2TP/IPsec, and OpenVPN.

We then covered IPsec, L2TP, and OpenVPN configuration in some depth. We covered the OpenVPN Client Export Utility, which makes the process of generating OpenVPN configuration files for different platforms much easier. Finally, in the troubleshooting section, we covered what to do when...

Previous Section
End of Section 6
Next Section