Mastering pfSense Second Edition

▶Book Description
pfSense has the same reliability and stability as even the most popular commercial firewall offerings on the market – but, like the very best open-source software, it doesn’t limit you.

You’re in control – you can exploit and customize pfSense around your security needs.

Mastering pfSense - Second Edition, covers features that have long been part of pfSense such as captive portal, VLANs, traffic shaping, VPNs, load balancing, Common Address Redundancy Protocol (CARP), multi-WAN, and routing. It also covers features that have been added with the release of 2.4, such as support for ZFS partitions and OpenVPN 2.4. This book takes into account the fact that, in order to support increased cryptographic loads, pfSense version 2.5 will require a CPU that supports AES-NI.

The second edition of this book places more of an emphasis on the practical side of utilizing pfSense than the previous edition, and, as a result, more examples are provided which show in step-by-step fashion how to implement many features.

▶What You Will Learn
⦁ Configure pfSense services such as DHCP, Dynamic DNS, captive portal, DNS, NTP and SNMP
⦁ Set up a managed switch to work with VLANs
⦁ Use pfSense to allow, block and deny traffic, and to implement Network Address Translation (NAT)
⦁ Make use of the traffic shaper to lower and raise the priority of certain types of traffic
⦁ Set up and connect to a VPN tunnel with pfSense
⦁ Incorporate redundancy and high availability by utilizing load balancing and the Common Address Redundancy Protocol (CARP)
⦁ Explore diagnostic tools in pfSense to solve network problems

▶Key Features
⦁ You can always do more to secure your software – so extend and customize your pfSense firewall
⦁ Build a high availability security system that’s fault-tolerant – and capable of blocking potential threats
⦁ Put the principles of better security into practice by implementing examples provided in the text

▶Who This Book Is For
This book is for those with at least an intermediate understanding of networking. Prior knowledge of pfSense would be helpful but is not required.

Those who have the resources to set up a pfSense firewall, either in a real or virtual environment, will especially benefit, as they will be able to follow along with the examples in the book.

▶What this book covers
⦁ Chapter 1, Revisiting pfSense Basics, covers deployment scenarios for pfSense, hardware requirements, sizing and installation options, and it guides the user through the initial installation and configuration.

⦁ Chapter 2, Advanced pfSense Configuration, covers some of the commonly used pfSense services, such as DHCP, DNS, Dynamic DNS (DDNS), captive portal, Network Time Protocol (NTP), and Simple Network Management Protocol (SNMP).

⦁ Chapter 3, VLANs, covers how to set up a virtual LAN in pfSense, both from the command line and the web GUI, and provides examples showing how to configure some commercially available managed switches.

⦁ Chapter 4, Using pfSense as a Firewall, covers how to implement rules to block, pass, or divert network traffic, as well as virtual IPs, aliases, and scheduling.

⦁ Chapter 5, Network Address Translation, covers Network Address Translation (NAT) in depth, including outbound NAT, port forwarding, 1:1 NAT, and Network Prefix Translation (NPt).

⦁ Chapter 6, Traffic Shaping, covers how to use the pfSense's traffic shaping capabilities, using the traffic shaping wizard, by manually adjusting queues, and by creating custom floating rules.

⦁ Chapter 7, Virtual Private Networks (VPNs), covers the advantages and disadvantages of VPNs and explains how to use pfSense to set up an IPsec, L2TP, or OpenVPN tunnel. Client-server and peer-to-peer options are covered.

⦁ Chapter 8, Redundancy and High Availability, covers load balancing, failover, and implementing redundancy via Common Address Redundancy Protocol (CARP), which allows the user to add one or more backup firewalls.

⦁ Chapter 9, Multiple WANs, covers ways to implement redundancy and high availability into internet connections by having multiple internet connections for failover, load balancing, and bandwidth aggregation. This chapter shows how to set up gateways and gateway groups.

⦁ Chapter 10, Routing and Bridging, covers bridging and static/dynamic routing, including when bridging network adapters is appropriate, as well when it is necessary to configure static routes and how to do it, and discusses the dynamic routing protocols available for pfSense.

⦁ Chapter 11, Extending pfSense with Packages, covers the most significant packages available for pfSense, such as Snort, Squid, HAProxy, and many others.

⦁ Chapter 12, Diagnostics and Troubleshooting, covers what to do when things go wrong. A problem-solving methodology is outlined, and common problems and available troubleshooting tools are discussed. A real-world example of troubleshooting is provided.

⦁ Appendix A, Assessments, answers to the questions mentioned in the chapters.