0%

Book Description

A practical, example-driven guide to configuring even the most advanced features of pfSense 2.x

Key Features

  • Build a high-availability fault-tolerant security system with pfSense 2.x
  • Leverage the latest version of pfSense to secure your cloud environment
  • A recipe-based guide that will help you enhance your on-premise and cloud security principles

Book Description

pfSense is an open source distribution of the FreeBSD-based firewall that provides a platform for ?exible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options, which makes determining requirements a little more difficult and a lot more important compared to other offerings.

pfSense 2.x Cookbook ? Second Edition starts by providing you with an understanding of how to complete the basic steps needed to render a pfSense firewall operational. It starts by showing you how to set up different forms of NAT entries and firewall rules and use aliases and scheduling in firewall rules. Moving on, you will learn how to implement a captive portal set up in different ways (no authentication, user manager authentication, and RADIUS authentication), as well as NTP and SNMP configuration. You will then learn how to set up a VPN tunnel with pfSense. The book then focuses on setting up traffic shaping with pfSense, using either the built-in traffic shaping wizard, custom ?oating rules, or Snort. Toward the end, you will set up multiple WAN interfaces, load balancing and failover groups, and a CARP failover group. You will also learn how to bridge interfaces, add static routing entries, and use dynamic routing protocols via third-party packages.

What you will learn

  • Configure the essential pfSense services (namely, DHCP, DNS, and DDNS)
  • Create aliases, firewall rules, NAT port-forward rules, and rule schedules
  • Create multiple WAN interfaces in load-balanced or failover configurations
  • Configure firewall redundancy with a CARP firewall failover
  • Configure backup/restoration and automatic configuration-file backup
  • Configure some services and perform diagnostics with command-line utilities

Who this book is for

This book is intended for all levels of network administrators. If you are an advanced user of pfSense, then you can flip to a particular recipe and quickly accomplish the task at hand; if you are new to pfSense, on the other hand, you can work through the book chapter by chapter and learn all of the features of the system from the ground up.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. pfSense 2.x Cookbook Second Edition
  3. About Packt
    1. Why subscribe?
    2. PacktPub.com
  4. Contributors
    1. About the author
    2. About the reviewer
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the color images
      2. Conventions used
    4. Sections
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
      5. See also
    5. Get in touch
      1. Reviews
  6. Initial Configuration
    1. Introduction
    2. Applying basic settings to General Setup
      1. Getting ready
      2. How to do it...
      3. See also
    3. Identifying and assigning interfaces
      1. Getting ready
      2. How to do it...
      3. See also
    4. Configuring a WAN interface
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Configuring a LAN interface
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    6. Configuring optional interfaces from the console
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    7. Enabling SSH access
      1. How to do it...
      2. How it works...
      3. There's more...
      4. See also
    8. Generating authorized RSA keys
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    9. Configuring SSH RSA key authentication
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There’s more...
      5. See also
    10. Accessing the SSH
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    11. Configuring VLANs
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    12. Assigning interfaces from the console
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    13. Configuring a WAN interface from the console
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    14. Configuring a LAN interface from the console
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    15. Configuring optional interfaces from the console
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    16. Configuring VLANs from the console
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
  7. Essential Services
    1. Introduction
    2. Configuring the DHCP server
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
        1. Deny unknown clients
        2. DNS servers
        3. Gateway
        4. Domain name
        5. Default lease time
        6. Maximum lease time
        7. Failover peer IP
        8. Static ARP
        9. Dynamic DNS
        10. Additional BOOTP/DHCP options
      5. See also
    3. Configuring the DHCP6 server
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
        1. Prefix delegation
      5. See also
    4. Configuring static DHCP mappings
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Configuring the DHCP relay
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    6. Specifying alternate DNS servers
      1. Getting ready
      2. How to do it...
      3. How it works...
        1. Using the DNS resolver
        2. Using your WAN DNS servers
      4. See also
    7. Configuring the DNS resolver
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also...
    8. Configuring a stand-alone DHCP/DNS server
      1. How to do it...
      2. How it works...
        1. Register DHCP leases in DNS resolver
      3. See also
    9. Configuring dynamic DNS
      1. Getting ready
      2. How to do it...
      3. How it works...
        1. Specifying an alternative service using RFC 2136
    10. Adding a wireless access point
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
  8. Firewall and NAT
    1. Introduction
    2. Creating and using aliases
      1. How to do it...
      2. How it works...
      3. There's more...
        1. Using an alias
        2. Editing an alias
        3. Deleting an alias
        4. Bulk importing aliases
      4. See also
    3. Creating a firewall rule
      1. How to do it...
      2. How it works...
      3. There's more...
        1. The source port
        2. Ordering firewall rules
        3. Duplicating firewall rules
        4. Advanced features
      4. See also
    4. Setting a firewall rule schedule
      1. How to do it...
      2. How it works...
      3. There's more...
        1. Selecting dates or days of the week
      4. See also
    5. Creating a floating rule
      1. How to do it...
      2. How it works...
      3. There's more...
      4. See also
    6. Creating a NAT port forwarding entry
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
        1. Port redirection
          1. Port redirection example
      5. See also
    7. Creating an outbound NAT entry
      1. How to do it...
      2. How it works...
      3. There's more...
      4. See also
    8. Creating a 1:1 NAT entry
      1. How to do it...
      2. There's more...
      3. See also
    9. Creating an NPt entry
      1. How to do it...
      2. How it works...
    10. Enabling UPnP and NAT-PnP
      1. How to do it...
      2. How it works...
      3. There's more...
        1. Security warning
      4. See also
  9. Additional Services
    1. Introduction
    2. Creating a captive portal without authentication
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    3. Creating a captive portal with voucher authentication
      1. How to do it...
      2. How it works...
      3. There's more...
      4. See also
    4. Creating a captive portal with User Manager authentication
      1. How to do it...
      2. How it works...
      3. See also
    5. Creating a captive portal with RADIUS authentication
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. See also
    6. Configuring NTP
      1. How to do it...
      2. There's more...
    7. Configuring SNMP
      1. Getting ready
      2. How to do it...
      3. There's more...
      4. See also
  10. Virtual Private Networking
    1. Introduction
      1. Choosing the right VPN server
    2. Configuring the IPsec OpenVPN server – peer-to-peer
      1. How to do it...
      2. How it works...
      3. There's more...
    3. Configuring the IPsec VPN service – client/server
      1. How to do it...
      2. How it works...
      3. There's more...
    4. Connecting to the IPsec VPN service
      1. Getting ready
      2. How to do it...
    5. Configuring the OpenVPN service
      1. How to do it...
      2. There's more...
    6. Connecting to the OpenVPN service
      1. Getting ready
      2. How to do it...
      3. There's more...
    7. Configuring the L2TP VPN service
      1. How to do it...
  11. Traffic Shaping
    1. Introduction
    2. Configuring traffic shaping using the traffic-shaping wizard
      1. How to do it...
      2. How it works...
      3. There's more...
      4. See also
    3. Configuring traffic shaping using floating rules
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    4. Configuring traffic shaping using Snort
      1. How to do it...
      2. How it works...
      3. There's more...
      4. See also
  12. Redundancy, Load Balancing, and Failover
    1. Introduction
    2. Adding multiple WAN interfaces
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    3. Configuring server load balancing
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    4. Configuring a CARP failover group
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
  13. Routing and Bridging
    1. Introduction
      1. Routing
        1. Dynamic routing
      2. Bridging
    2. Bridging interfaces
      1. How to do it...
      2. How it works...
      3. There's more...
    3. Adding a static route
      1. How to do it...
      2. How it works...
      3. There's more...
    4. Configuring RIP using routed
      1. How to do it...
      2. How it works...
    5. Configuring BGP using FRR
      1. How to do it...
      2. How it works...
    6. Configuring OSPF using FRR
      1. Getting ready
      2. How to do it...
      3. How it works...
  14. Services and Maintenance
    1. Introduction
      1. A structured approach to problem solving
    2. Enabling Wake-on-LAN
      1. How to do it...
      2. How it works...
      3. There's more...
      4. See also
    3. Configuring PPPoE
      1. How to do it...
      2. How it works...
      3. There's more...
      4. See also
    4. Configuring external logging with a syslog server
      1. Getting ready
      2. How to do it...
    5. Using ping
      1. How to do it...
      2. How it works...
      3. See also
    6. Using traceroute
      1. How to do it...
      2. How it works...
      3. See also
    7. Using netstat
      1. How to do it...
    8. Using pfTop
      1. How to do it...
      2. See also
    9. Using tcpdump
      1. How to do it...
    10. Using tcpflow
      1. How to do it...
  15. Backing Up and Restoring pfSense
    1. Introduction
    2. Backing up pfSense
      1. How to do it...
      2. How it works...
      3. There's more...
      4. See also
    3. Restoring pfSense
      1. How to do it...
      2. How it works...
      3. There's more...
    4. Updating pfSense
      1. How to do it...
      2. How it works...
      3. There's more...
      4. See also
  16. Determining Hardware Requirements
    1. Determining our deployment scenario
    2. Determining our throughput requirements
    3. Determining our interface requirements
    4. Choosing a standard or embedded image
    5. Choosing a form factor
      1. Installing the embedded platform on a desktop/server/laptop
      2. Installing the standard platform on an appliance
    6. Summary
  17. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think
44.200.26.112