Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Preface

OPNsense is one of the most powerful open source firewalls and routing platforms available. With OPNsense, you can now protect networks using features that were only available to closed source commercial firewalls before.

This book is a practical guide to building a comprehensive network defense strategy using OPNsense. You'll start with the basics, understanding how to install, configure, and protect network resources using native features and additional OPNsense plugins. Next, you'll explore real-world examples to gain in-depth knowledge about firewalls and network defense. You'll then focus on boosting your network defense, preventing cyberthreats, and improving your knowledge of firewalling using this open source security platform.

By the end of this OPNsense book, you'll be able to install, configure, and manage the OPNsense firewall by making the most of its features.

Who this book is for

This OPNsense firewall book is for system administrators, network administrators, network security professionals, and enthusiasts who wish to build and manage an enterprise-grade firewall using OPNsense.

What this book covers

Chapter 1, An OPNsense Overview, will introduce you to the OPNsense project and tell you about its history, license, fork motivations, and where you can find help if you need it. We will learn a little bit about FreeBSD and its fork, HardenedBSD, and explore OPNsense features and the common deployment scenarios you can use them in.

Chapter 2, Installing OPNsense, will teach you how to choose the right OPNsense version for your project, download it, and do the initial configuration. We will also see how to expand OPNsense features with plugin installations and briefly discuss FreeBSD's packages.

Chapter 3, Configuring an OPNsense Network, discusses networking configuration and concepts in OPNsense. We will dive into each network interface type and see some examples of how to use each one and learn about the different types of virtual IP addresses. At the end of the chapter, we will tackle some of the common problems with networking and how to solve them.

Chapter 4, System Configuration, provides steps on how to configure OPNsense common and advanced settings, managing users, groups, and certificates, how to add external authentication, and how to perform backups and restores.

Chapter 5, Firewall, starts with firewalling concepts and the features available on OPNsense. We will learn how to manage rules, change firewalling settings when necessary, and troubleshoot common issues using diagnostic tools and logs.

Chapter 6, Network Address Translation (NAT), explores the different types of Network Address Translation (NAT), such as port forwarding, outbounds, and one-to-ones, and how to use each one. We will also briefly discuss IPv6 network prefix translation and how to troubleshoot NAT common problems.

Chapter 7, Traffic Shaping, provides an overview of traffic shaping and how to use it on OPNsense to prioritize and limit network bandwidth. We will learn about pipes and queues, how to combine them to create rules, and how to monitor them.

Chapter 8, Virtual Private Networking, will dive into the Virtual Private Network (VPN) world. We will explore the different types of deployments and technologies available on OPNsense, and learn how to troubleshoot some common issues and monitor VPN tunnels.

Chapter 9, Multi-WAN – Failover and Load Balancing, explores some multi-Wide Area Network (WAN) strategies such as load balancing and failover. We will learn how to create gateway groups and policy-based rules using them. We also will see some caveats while using multi-WAN on OPNsense and how to solve the most common issues with it.

Chapter 10, Reporting, will teach you how to correctly read graphs, which is a very important part of managing a firewall. We will explore the available graphs and how to use them to identify possible unexpected behaviors in a network or see a firewall's health.

Chapter 11, Deploying DHCP in OPNsense, discusses one of the possible firewall duties – providing IP addresses to network hosts. We will learn about the Dynamic Host Configuration Protocol (DHCP) concepts used by OPNsense and how to use them to perform dynamic IP address leasing.

Chapter 12, DNS Services, covers DNS resolvers, what the available options are on OPNsense core, and the features available in each one. We will also take a brief look at dynamic DNS and explore some available DNS plugins to see how to troubleshoot common issues with DNS resolving.

Chapter 13, Web Proxy, shows how to configure and understand the different options to deploy a web proxy, one of the top features of a firewall solution. With it, you will be able to extend the control capabilities of OPNsense to another level.

Chapter 14, Captive Portal, shows how to configure and use a captive portal with OPNsense, and covers the most common deployments and issues and how to solve them.

Chapter 15, Network Intrusion (Detection and Prevention) System, explores IDS/IPS concepts, Suricata and Netmap implementations on OPNsense, and how to use them to alert or block threats on a network.

Chapter 16, Next-Generation Firewall with Zenarmor, Zenarmorexplores the ZenarmorZenarmor plugin, which broke the commercial-only next-generation firewall barrier and brought to the open source world this wonderful feature. We will examine its features and how to install and use it to apply a layer 7 control in a network.

Chapter 17, Firewall High Availability, shows how to configure high availability by connecting two firewalls to sync configuration, connect states, and preserve network connectivity if something goes wrong with one of our firewalls.

Chapter 18, Website Protection with OPNsense, delves into the NGINX plugin, with which OPNsense became a strong full-featured Web Application Firewall (WAF), helping you to protect your network and web servers.

Chapter 19, Command Line Interface, explores the shell command-line interface and some of the most relevant FreeBSD commands to manage the operating system, networking, and firewalling. We also will learn how to customize some parts of the system and use commands to improve information extraction from logs.

Chapter 20, API – Application Programming Interface, explores the APIs on OPNsense, how they work, and how to use them, with some scripting examples.

To get the most out of this book

A basic understanding of how a firewall works will be helpful to make the most of this book.

Download the color images

We also provide a PDF file that has color images of the screenshots and diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781801816878_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "For the WAN interface, type em0."

A block of code is set as follows:

end value: 1000

current states number: 750

start value: 500

(1000 – 750) / (1000 – 500) = 0,5

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

opnsense@ubuntu:~$ traceroute 8.8.8.8

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets

1 _gateway (192.168.56.3) 2.277 ms 4.733 ms 4.707 ms

2 10.0.2.2 (10.0.2.2) 4.685 ms 4.548 ms 4.512 ms

3 * * *

4 192.168.15.1 (192.168.15.1) 13.798 ms 14.349 ms 14.316 ms

Any command-line input or output is written as follows:

$ bzip2 -d <filename>.bz2

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: "With VirtualBox installed and running, click on the New button."

Tips or Important Notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you've read OPNsense Beginner to Professional, we'd love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we're delivering excellent quality content.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Preface

Create new playlist

Sign In

Sign Up