Home Page Icon
Home Page
Table of Contents for
OPNsense Beginner to Professional
Close
OPNsense Beginner to Professional
by Julio Cesar Bueno de Camargo
OPNsense Beginner to Professional
OPNsense Beginner to Professional
Contributors
About the author
About the reviewers
Preface
Section 1: Initial Configuration
Chapter 1: An OPNsense Overview
Chapter 2: Installing OPNsense
Chapter 3: Configuring an OPNsense Network
Chapter 4: System Configuration
Section 2: Securing the Network
Chapter 5: Firewall
Chapter 6: Network Address Translation (NAT)
Chapter 7: Traffic Shaping
Chapter 8: Virtual Private Networking
Chapter 9: Multi-WAN – Failover and Load Balancing
Chapter 10: Reporting
Section 3: Going beyond the Firewall
Chapter 11: Deploying DHCP in OPNsense
Chapter 12: DNS Services
Chapter 13: Web Proxy
Chapter 14: Captive Portal
Chapter 15: Network Intrusion (Detection and Prevention) Systems
Chapter 16: Next-Generation Firewall with Zenarmor
Chapter 17: Firewall High Availability
Chapter 18: Website Protection with OPNsense
Chapter 19: Command-Line Interface
Chapter 20: API – Application Programming Interface
Other Books You May Enjoy
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
OPNsense Beginner to Professional
Next
Next Chapter
Preface
Table of Contents
Preface
Section 1: Initial Configuration
Chapter 1
: An OPNsense Overview
About the OPNsense project
Project history
A new project with a lot of improvements on old code
Rock-solid FreeBSD – HardenedBSD
FreeBSD
Why OPNsense?
My personal experience
Features and common deployments
Core features
Common deployments
Where to get help?
Some facts
Summary
Chapter 2
: Installing OPNsense
Technical requirements
Versions and requirements
Versioning
Hardware
Downloading and installing OPNsense
Configuring VirtualBox to install OPNsense
Mounting the OPNsense ISO file
Installing OPNsense
Unmounting the ISO installation file
Setting up a LAN network
Configuring network interfaces
Updating firmware
Checking for system updates in WebGUI
Checking system updates using the CLI
Installing plugins
Advanced – Accessing the CLI through SSH
FreeBSD packages
PKG basic operations
Summary
Chapter 3
: Configuring an OPNsense Network
Technical requirements
Hardware considerations
FreeBSD NIC names
The ifconfig command
Basic network configuration
WebGUI – network interface configuration
Assigning network interfaces
Overview of the network interface
Types of interfaces
Bridge
GIF
GRE
LAGG
Loopback
VLAN
VXLAN
Proposed exercise – creating another type of network interface
Exploring virtual IPs
IP alias
CARP
Proxy ARP
Proposed exercise – creating a virtual IP address
Network diagnostics and troubleshooting
True story – how to use ARP Table diagnostics
Common issue – local network hosts can't open websites
Summary
Chapter 4
: System Configuration
Technical requirements
Managing users and groups
Creating users and groups
External authentication
Certificates – a brief introduction
General settings
The administration page
The General page
About OPNsense logging
Advanced settings
Cryptography settings
Configuration backup
Summary
Section 2: Securing the Network
Chapter 5
: Firewall
Technical requirements
Understanding firewalling concepts
A stateful firewall
The Packet Filter
Firewall aliases
Importing and exporting aliases
The firewall rules
The rule processing order
Rule actions
Firewall settings
Diagnostics and troubleshooting
Troubleshooting
Summary
Chapter 6
: Network Address Translation (NAT)
Technical requirements
NAT concepts
Port forwarding
Caveats
Creating a port forwarding rule
Outbound NAT
NAT outbound modes
Adding an outbound NAT rule
One-to-one NAT
Adding a one-to-one NAT rule
Summary
Chapter 7
: Traffic Shaping
Technical requirements
Introduction to traffic shaping
dummynet and ipfw – a brief introduction
Possible scenarios
Controlling hosts' and users' bandwidth usage
Protocol prioritization
Creating rules
Monitoring
Summary
Chapter 8
: Virtual Private Networking
Technical requirements
OPNsense core VPN types
IPSec
OpenVPN
IPsec versus OpenVPN
Site-to-site deployments using IPsec
Phase 1 configuration
Phase 2 configuration
IPSec BINAT
IPSec diagnostics
VPN deployments using OpenVPN
Site-to-site deployment
Remote user deployment
OpenVPN diagnostics
OpenVPN is connected but the traffic is not reaching the tunnel's destinations
OpenVPN client is not connecting to the server/a site-to-site tunnel doesn't become up
A single user cannot connect
Summary
Chapter 9
: Multi-WAN – Failover and Load Balancing
Technical requirements
Failover and load balancing
Failover
Creating gateway groups
Policy-based routing
Creating a firewall rule to enable the failover configuration
Load balance
Troubleshooting
Summary
Chapter 10
: Reporting
Technical requirements
System health graphs
RRDtool and health graphs
Understanding Netflow and how to use it
Configuring Netflow in OPNsense
Exploring real-time traffic
Troubleshooting common problems in the network using Netflow and graphs
Summary
Section 3: Going beyond the Firewall
Chapter 11
: Deploying DHCP in OPNsense
Technical requirements
DHCP concepts
DHCP server
DHCP relay
Diagnostics
Summary
Chapter 12
: DNS Services
Technical requirements
Core DNS services
Default DNS resolvers on OPNsense
DNS plugins
DDNS
Troubleshooting
Making a DNS lookup using the CLI
Summary
Chapter 13
: Web Proxy
Technical requirements
Web proxy fundamentals
The explicit method
The transparent method
Why use a web proxy?
OPNsense web proxy core features
Basic configuration
Custom error pages
Configuring a web proxy with the explicit method
Testing the web proxy
Transparent web proxy configuration
Additional web proxy configurations
Web filtering
Web filtering practice
Web filtering – final thoughts
Reading logs and troubleshooting
Log files
Web proxy service issues
Summary
Chapter 14
: Captive Portal
Technical requirements
Captive Portal concepts
OPNsense Captive Portal implementation
Setting up a guest network
Testing the configuration
Using voucher authentication
Web proxy integration
Common issues
HTTPS page redirection while using the Captive Portal
Summary
Chapter 15
: Network Intrusion (Detection and Prevention) Systems
Technical requirements
IDS and IPS definition
Suricata and Netmap
Rulesets
Configuration
Testing
SSL fingerprint
Troubleshooting
Summary
Chapter 16
: Next-Generation Firewall with Zenarmor
Technical requirements
Layer7 application control with Zenarmor
Choosing a Zenarmor edition
Hardware requirements
Paid subscriptions
Installing and setting up the Zenarmor plugin
Summary
Chapter 17
: Firewall High Availability
Technical requirements
High availability concepts
Active-active and active-passive modes
CARP – how it works
The preempt behavior
Configuring high availability
Proposed scenario
Testing the HA configuration
Caveats
Summary
Chapter 18
: Website Protection with OPNsense
Technical requirements
Publishing websites to the world
About the NGINX plugin
NGINX
Installing and configuring the NGINX plugin
Adding WAF rules
Troubleshooting
Testing for configuration issues
Logs reading
Summary
Chapter 19
: Command-Line Interface
Technical requirements
Directory structure
Managing the backend daemons
Useful system commands
Advanced customization
Customizing the XML configuration file
Filtering log files
Filtering logs
Summary
Chapter 20
: API – Application Programming Interface
Technical requirements
Concepts
Setting up API keys
API calls
GET method example
POST method example
Summary
Other Books You May Enjoy
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset