Title Page Copyright and Credits Mastering pfSense Second Edition Dedication Packt Upsell Why subscribe? PacktPub.com Contributors About the author About the reviewer Packt is searching for authors like you Preface Who this book is for What this book covers To get the most out of this book Download the color images Conventions used Get in touch Reviews Revisiting pfSense Basics Technical requirements pfSense project overview Possible deployment scenarios Hardware requirements and sizing guidelines Minimum hardware requirements Hardware sizing guidelines The best practices for installation and configuration pfSense configuration Configuration from the console Configuration from the web GUI Configuring additional interfaces Additional WAN configuration General setup options Summary Questions Further reading Advanced pfSense Configuration Technical requirements SSH login DHCP DHCP configuration at the console DHCP configuration in the web GUI DHCPv6 configuration in the web GUI DHCP and DHCPv6 relay DHCP and DHCPv6 leases DNS DNS resolver General Settings Enable DNSSEC support Host Overrides and Domain Overrides Access Lists DNS forwarder DNS firewall rules DDNS DDNS updating RFC 2136 updating Troubleshooting DDNS Captive portal Implementing captive portal User manager authentication Voucher authentication RADIUS authentication Other settings Troubleshooting captive portal NTP SNMP Summary Questions VLANs Technical requirements Basic VLAN concepts Example 1 – developers and engineering Example 2 – IoT network Hardware, configuration, and security considerations VLAN configuration at the console VLAN configuration in the web GUI QinQ Link aggregation Add firewall rules for VLANs Configuration at the switch VLAN configuration example 1 – TL-SG108E VLAN configuration example 2 – Cisco switches Static VLAN creation Dynamic Trunking Protocol VLAN Trunking Protocol Troubleshooting VLANs General troubleshooting tips Verifying switch configuration Verifying pfSense configuration Summary Questions Using pfSense as a Firewall Technical requirements An example network Firewall fundamentals Firewall best practices Best practices for ingress filtering Best practices for egress filtering Creating and editing firewall rules Floating rules Example rules Example 1 – block a website Example 2 – block all traffic from other networks Example 3 – the default allow rule Scheduling An example schedule entry Aliases Creating aliases from a DNS lookup Bulk import Virtual IPs Troubleshooting firewall rules Summary Questions Network Address Translation Technical requirements NAT essentials Outbound NAT Example – filtering outbound NAT for a single network 1:1 NAT Example – mapping a file server Port forwarding Example 1 – setting up DCC Example 2 – excluding a port Example 3 – setting up a personal web server Network Prefix Translation Example – mapping an IPv6 network Troubleshooting  Summary Questions Traffic Shaping Technical requirements Traffic shaping essentials Queuing policies Priority queuing Class-based queuing Hierarchical Fair Service Curve Configuring traffic shaping in pfSense The Multiple LAN/WAN Configuration wizard The Dedicated Links wizard Advanced traffic shaping configuration Changes to queues Limiters Layer 7 traffic shaping Adding and changing traffic shaping rules Example 1 – modifying the penalty box Example 2 – prioritizing EchoLink Traffic shaping examples Example 1 – adding limiters Example 2 – penalizing peer-to-peer traffic Using Snort for traffic shaping Installing  and configuring Snort Troubleshooting traffic shaping Summary Questions Further reading Virtual Private Networks Technical requirements VPN fundamentals IPsec L2TP OpenVPN AES-NI Choosing a VPN protocol Configuring a VPN tunnel IPsec  IPsec peer/server configuration IPsec mobile client configuration Example 1 – Site-to-site IPsec configuration Example 2 – IPsec tunnel for remote access L2TP OpenVPN OpenVPN server configuration OpenVPN client configuration Client-specific overrides Server configuration with the wizard OpenVPN Client Export Utility Example – site-to-site OpenVPN configuration Troubleshooting Summary Questions Redundancy and High Availability Technical requirements Basic concepts Server load balancing Example – load balancer for a web server HAProxy – a brief overview CARP configuration Example 1 – CARP with two firewalls Example 2 – CARP with N firewalls An example of both load balancing and CARP Troubleshooting Summary Questions Further reading Multiple WANs Technical requirements Basic concepts Service Level Agreement  Multi-WAN configuration DNS considerations NAT considerations Third-party packages Example – multi-WAN and CARP Troubleshooting Summary Questions Routing and Bridging Technical requirements Basic concepts Bridging Routing Routing Static routes Public IP addresses behind a firewall Dynamic routing RIP OpenBGPD Quagga OSPF FRRouting Policy-based routing Bridging Bridging interfaces Special issues Bridging example Troubleshooting Summary Questions Extending pfSense with Packages Technical requirements Basic considerations Installing packages Important packages Squid Issues with Squid Squid reverse proxy server pfBlockerNG ntopng Nmap HAProxy Example – load balancing a web server Other packages Snort Example – using Snort to block social media sites FRRouting Zabbix Summary Questions Further reading Diagnostics and Troubleshooting Technical requirements Troubleshooting basics Common networking problems Wrong subnet mask or gateway Wrong DNS configuration Duplicate IP addresses Network loops Routing issues Port configuration Black holes Physical issues Wireless issues RADIUS issues pfSense troubleshooting tools System logs Dashboard Interfaces Services Monitoring Traffic graphs Firewall states States States summary pfTop tcpdump tcpflow ping, traceroute and netstat ping traceroute netstat Troubleshooting scenarios VLAN configuration problem Summary Questions Assessments Chapter 1 – Revisiting pfSense Basics Chapter 2 – Advanced pfSense Configuration Chapter 3 – VLANs Chapter 4 – Using pfSense as a Firewall Chapter 5 – Network Address Translation Chapter 6 – Traffic Shaping Chapter 7 – Virtual Private Networks Chapter 8 – Redundancy and High Availability Chapter 9 – Multiple WANs Chapter 10 – Routing and Bridging  Chapter 11 – Extending pfSense with Packages  Chapter 12 – Diagnostics and Troubleshooting  Another Book You May Enjoy Leave a review - let other readers know what you think