Mastering pfSense
eBook - ePub

Mastering pfSense

  1. 406 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Mastering pfSense

About this book

Master the art of managing, securing, and monitoring your network using the powerful pfSense 2.3

About This Book

  • You can always do more to secure your software – so extend and customize your pfSense firewall
  • Build a high availability security system that's fault tolerant – and capable of blocking any threats
  • Put the principles of better security into practice – unlock a more stable and reliable firewall

Who This Book Is For

SysAdmins and security pros – get more from the world's leading firewall with this book. You can always do more to secure your software, so start here.

What You Will Learn

  • Configure pfSense services such as DHCP, Dynamic DNS, captive portal, DNS, NTP and SNMP
  • Set up a managed switch to work with VLANs
  • Use pfSense to allow, block and deny traffic
  • Make use of the traffic shaper to lower and raise the priority of certain types of traffic
  • Set up and connect to a VPN tunnel with pfSense
  • Incorporate redundancy and high availability by utilizing load balancing and the Common Address Redundancy Protocol (CARP)
  • Explore diagnostic tools in pfSense to solve network problems

In Detail

pfSense has the same reliability and stability as even the most popular commercial firewall offerings on the market – but, like the very best open-source software, it doesn't limit you. You're in control – you can exploit and customize pfSense around your security needs.

If you're familiar with pfSense you probably knew that already. This book builds on any knowledge you may already have, and provides you with a clear route to expand your skills and pfSense's capabilities. You'll learn how to customize and configure pfSense to construct a firewall that can protect you from any potential security threats. Find out how to set up a VPN, and build a high-availability system that provides redundancy and fault tolerance – essential when security and software performance are so interdependent.

With further guidance on how to use a diverse range of third-party packages – all of which will help you unlock more from pfSense, this book covers everything you need - and more – to get a high-quality, reliable firewall up and running for a fraction of the cost.

Style and approach

Practical and actionable, tackle some advanced functionalities of pfSense with minimum fuss. We know you don't just want an instruction manual – you want to put the principles of better security into practice. That's exactly why we produced this book.

Tools to learn more effectively

Saving Books

Saving Books

Keyword Search

Keyword Search

Annotating Text

Annotating Text

Listen to it instead

Listen to it instead

Information

Publisher
Packt Publishing
Year
2016
eBook ISBN
9781786463432
Edition
1
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Mastering pfSense

Table of Contents

Mastering pfSense
Credits
About the Author
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
1. pfSense Essentials
pfSense project overview
Possible deployment scenarios
Hardware requirements and sizing guidelines
Minimum specifications
Hardware sizing guidelines
Using a laptop
Introduction to VLANs and DNS
Introduction to VLANs
Introduction to DNS
The best practices for installation and configuration
Troubleshooting installation
pfSense configuration
Configuration from the console
Configuration from the web GUI
Configuring additional interfaces
General setup options
Advanced setup options
Upgrading, backing up, and restoring pfSense
Backing up and restoring pfSense
Restoring a configuration with Pre-Flight Install
Summary
2. Advanced pfSense Configuration
DHCP
DHCP configuration at the console
DHCP configuration in the web GUI
DHCPv6 configuration in the web GUI
DHCP relay and DHCPv6 relay
DHCP and DHCPv6 leases
DNS
DNS Resolver
DNS Forwarder
DDNS
DDNS updating
RFC 2136 updating
Troubleshooting DDNS
Captive portal
Implementing captive portal
Troubleshooting captive portal
NTP
NTP configuration
NTP troubleshooting
SNMP
Configuring SNMP
Troubleshooting SNMP
Summary
3. Working with VLANs
Basic VLAN concepts
An example network
Hardware, configuration, and security considerations
VLAN configuration at the console
VLAN configuration in the web GUI
VLAN configuration at the switch
VLAN configuration example one – TL-SG108E
VLAN configuration example two – Cisco switches
Static VLAN creation
Dynamic Trunking Protocol
VLAN Trunking Protocol
Troubleshooting VLANs
General troubleshooting tips
Verifying switch configuration
Verifying pfSense configuration
Troubleshooting example
Summary
4. pfSense as a Firewall
An example network
Firewall fundamentals
Firewall best practices
Best practices for ingress filtering
Best practices for egress filtering
Creating and editing firewall rules
Floating rules
An example rule
Scheduling
An example schedule
NAT/port forwarding
Inbound NAT (port forwarding)
1:1 NAT
Outbound NAT
Network Prefix Translation
An example NAT rule
Aliases
An example alias
Virtual IPs
An example VIP
Troubleshooting
Summary
5. Traffic Shaping
An example network
Traffic shaping essentials
Queuing policies
Configuring traffic shaping in pfSense
The Multiple LAN/WAN Configuration wizard
The Dedicated Links wizard
Advanced traffic shaping configuration
Changes to queues
Limiters
An example limiter
Layer 7 traffic shaping
Changes to rules
Example rule changes/rule creation
Traffic shaping examples
Example #1 – adding limiters
Example #2 – prioritizing Skype
Example #3 – penalizing P2P traffic
Troubleshooting traffic shaping
Summary
6. Virtual Private Networks
VPN fundamentals
IPsec
L2TP
OpenVPN
Choosing a VPN protocol
Configuring a VPN tunnel
IPsec configuration
IPsec peer/server configuration
IPsec mobile client configuration
Client configuration
IPsec configuration using the ShrewSoft VPN Client
IPsec configuration using vpnc
L2TP configuration
OpenVPN configuration
OpenVPN server configuration
Server configuration with the wizard
LDAP configuration with the wizard
RADIUS configuration with the wizard
OpenVPN client configuration
Client-specific overrides
OpenVPN Client Export Utility
Troubleshooting VPN connections
Summary
7. Redundancy and High Availability
An example network
Basic concepts
Load balancing configuration
Gateway load balancing
Load balancing outbound traffic with aliases
Server load balancing
CARP configuration
CARP with firewall failover
Multi-WAN with CARP
An example configuration – load balancing and CARP
Troubleshooting load balancing and CARP
Summary
8. Routing and Bridging
Basic concepts
Bridging
Routing
Routing with pfSense
Static routes
Public IP addresses behind a firewall
Dynamic routing
RIP
OpenBGPD
Quagga OSPF
Policy routing
Bridging with pfSense
Bridging interfaces
Special issues
Bridging example
Troubleshooting routing and bridging
Summary
9. Extending pfSense with Packages
Basic considerations
Installing packages
Popular packages
Squid
Issues with Squid
Squid as a reverse proxy server
SquidGuard
LightSquid
pfBlockerNG
ntopng
Nmap
Other packages
Snort
Suricata
HAProxy
Summary
10. Troubleshooting pfSense
Troubleshooting basics
Common networking problems
Wrong subnet mask or gateway
Wrong DNS configuration
Duplicate IP addresses
Network loops
Routing issues
Port configuration
Black holes
Physical issues
pfSense troubleshooting tools
System logs
Dashboard
Interfaces
Services
Monitoring
Traffic graphs
Firewall states
States
States summary
pfTop
tcpdump
tcpflow
ping, traceroute, and netstat
ping
traceroute
netstat
Troubleshooting scenarios
User cannot connect to a website
VLAN configuration problem
Summary
Index

Mastering pfSense

Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: August 2016
Production reference: 1240816
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78646-343-2
www.packtpub.com

Credits

Author
David Zientara
Reviewer
Brian Scholer
Commissioning Editor
Pratik Shah
Acquisition Editor
Prachi Bisht
Content Development Editor
Abhishek Jadhav
Technical Editor
Vishal K. Mewada
Copy Editor
Madhusudan Uchil
Project Coordinator
Judie Jose
Proofreader
Safis Editing
Indexer
Tejal Daruwale Soni
Graphics
Kirk D'Penha
Production Coordinator
Arvindkumar Gupta
Cover Wor...

Table of contents

  1. Mastering pfSense

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Mastering pfSense by David Zientara in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.