Interest in pfSense, the FreeBSD-based open source router and firewall software, seems to increase with each release, and it is not difficult to understand why. Building on the successes of PF (the stateful firewall that pfSense utilizes) and m0n0wall (the firewall/router project that pfSense began as a fork of), pfSense has undergone over a decade of development under the auspices of a talented group of volunteers. During this period, many improvements to its functionality and ease of use have been made. Equally important is the proliferation of third-party software that further extends pfSense's functionality. These enhancements have transformed pfSense into a powerful tool with many features that could only be found in enterprise-level networking equipment until not too long ago.
pfSense derives its name from the fact that it makes FreeBSD's firewall, PF, make sense to non-technical users. This concept lives on in pfSense 2.3, which was released in April 2016. The web GUI has been redesigned, with old themes replaced by new, CSS-based themes. Pages resize when the browser window resizes, and firewall rules can be reordered by dragging and dropping them, making configuration even easier. Upgrading to newer versions of pfSense is also easy, ensuring that the user can take advantage of the latest features without spending a disproportionate amount of time updating the system.
In this book, we will explore the advantages of using pfSense and learn how to utilize its many features. We will briefly cover installation and configuration, but the main focus will be on some of the more advanced functionality of pfSense, such as VLANs, VPNs, traffic shaping, redundancy, and high availability. This book also includes a brief survey of available third-party packages that can be immensely useful if you have specific requirements, such as implementing dynamic routing or spam blocking. We will conclude by acknowledging that at some point, something is likely to go wrong, and we will therefore cover troubleshooting. By the end of the book, you should have a thorough understanding of the features of pfSense and how to implement these features in your networks.
The arrangement of topics in this book is designed to get progressively more difficult. Therefore, if you read the book from cover to cover, the material should become more challenging. If you find some topics more interesting than others, however, you should be able to jump around without too much difficulty. Moreover, I find that a hands-on approach to learning is often beneficial, and you will likely gain a greater understanding of the material—as well as an understanding of some of the practical issues of networking—if you try to implement some of the features described in the book.
Chapter 1, pfSense Essentials, introduces pfSense, the advantages of utilizing it, some hardware considerations and installation/configuration tips and provides solutions for some common problems that arise during installations and upgrades. This chapter provides information to help you get your pfSense system up and running.
Chapter 2, Advanced pfSense Configuration, covers configuration of the services most commonly used with pfSense, such as DHCP, captive portal, DNS, Dynamic DNS, and NTP. The services described here are used in a number of common deployment scenarios.
Chapter 3, Working with VLANs, discusses the advantages of using Virtual LANs (VLANs), and how to implement them in pfSense. Using VLANs requires the deployment of managed switches, so we briefly discuss switch configuration. The chapter concludes with a discussion of VLAN troubleshooting.
Chapter 4, pfSense as a Firewall, covers the creation of firewall rules, including both interface-specific rules and floating rules. Related topics such as Network Address Translation (NAT), aliases, and schedules are also covered.
Chapter 5, Traffic Shaping, discusses how to implement traffic shaping in pfSense. We will cover the traffic shaper wizard, but we will also discuss how to manually set up traffic-shaping rules.
Chapter 6, Virtual Private Networks, explains the advantages of virtual private networks (VPNs), covers some basic concepts, and shows you how to implement VPN tunnels using all the three protocols supported by pfSense (IPsec, L2TP, and OpenVPN). We will cover both server and client configuration.
Chapter 7, Redundancy and High Availability, discusses several ways of using pfSense to eliminate single points of failure within our network. The chapter covers gateway groups, load balancing, and Common Address Redundancy Protocol (CARP, which allows us to set up redundant firewalls).
Chapter 8, Routing and Bridging, covers two topics that are likely to arise as your networks become larger and more complex. Both static and dynamic routing are discussed, as are bridging interfaces and the issues associated with configuring bridges in pfSense.
Chapter 9, Extending pfSense with Packages, provides an admittedly brief overview of how to install packages and which packages are available. The list of available packages has been trimmed considerably in pfSense 2.3, but the remaining packages, such as Squid, pfBlocker, and Nmap, provide considerable functionality, as this chapter demonstrates.
Chapter 10, Troubleshooting pfSense, begins by providing a troubleshooting framework for resolving network problems and covers some of the more common networking problems. We then discuss some of the diagnostic tools pfSense provides that can help us in troubleshooting.