MASTERING PFSENSE 2 4 master the art of managing securing and monitoring your on premises and cloud network using the powerful pfsense 2 4 3 Zientara
Visit to download the full and correct content document: https://textbookfull.com/product/mastering-pfsense-2-4-master-the-art-of-managing-s ecuring-and-monitoring-your-on-premises-and-cloud-network-using-the-powerful-pfse nse-2-4-3-zientara/
More products digital (pdf, epub, mobi) instant download maybe you interests ...
MASTERING PFSENSE master the art of managing securing and monitoring your on premises and cloud network using the powerful pfsense 2 4 3 2nd Edition David Zientara
https://textbookfull.com/product/mastering-pfsense-master-theart-of-managing-securing-and-monitoring-your-on-premises-andcloud-network-using-the-powerful-pfsense-2-4-3-2nd-edition-davidzientara/
Network Analysis Using Wireshark 2 Cookbook: Practical recipes to analyze and secure your network using Wireshark 2, 2nd Edition Nagendra Kumar Nainar
https://textbookfull.com/product/network-analysis-usingwireshark-2-cookbook-practical-recipes-to-analyze-and-secureyour-network-using-wireshark-2-2nd-edition-nagendra-kumar-nainar/
Chemistry 2: VCE units 3 & 4 1st Edition Stokes
https://textbookfull.com/product/chemistry-2-vce-units-3-4-1stedition-stokes/
Proclus Commentary on Plato s Timaeus Book 3 Volume 4
Proclus on the World Soul Part 2 Proclus
https://textbookfull.com/product/proclus-commentary-on-plato-stimaeus-book-3-volume-4-proclus-on-the-world-soul-part-2-proclus/
Mastering Embedded Linux Programming Second Edition
Unleash the full potential of Embedded Linux with Linux 4 9 and Yocto Project 2 2 Morty Updates Chris Simmonds
https://textbookfull.com/product/mastering-embedded-linuxprogramming-second-edition-unleash-the-full-potential-ofembedded-linux-with-linux-4-9-and-yocto-project-2-2-mortyupdates-chris-simmonds/
Introducing Bootstrap 4 Create Powerful Web Applications Using Bootstrap 4 5 Second Edition Jorg Krause Krause Jörg
https://textbookfull.com/product/introducing-bootstrap-4-createpowerful-web-applications-using-bootstrap-4-5-second-editionjorg-krause-krause-jorg/
Introducing Bootstrap 4: Create Powerful Web Applications Using Bootstrap 4.5 - Second Edition Joerg Krause
https://textbookfull.com/product/introducing-bootstrap-4-createpowerful-web-applications-using-bootstrap-4-5-second-editionjoerg-krause/
Beginning Swift Master the fundamentals of programming in Swift 4 Safari
https://textbookfull.com/product/beginning-swift-master-thefundamentals-of-programming-in-swift-4-safari/
Mastering phpMyAdmin 3 4 for Effective MySQL Management 1st Edition Delisle Marc
https://textbookfull.com/product/mastering-phpmyadmin-3-4-foreffective-mysql-management-1st-edition-delisle-marc/
Mastering pfSense
Manage, secure, and monitor your on-premise and cloud network with pfSense 2.4
David Zientara
SecondEdition
BIRMINGHAM - MUMBAI
Mastering pfSense Second Edition
Copyright © 2018 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Commissioning Editor: Vijin Boricha
Acquisition Editor: Shrilekha Inani
Content Development Editor: Priyanka Deshpande
Technical Editor: Mohit Hassija
Copy Editor: Safis Editing
Project Coordinator: Virginia Dias
Proofreader: Safis Editing
Indexer: Mariammal Chettiyar
Graphics: Tom Scaria
Production Coordinator: Shantanu Zagade
First published: August 2016
Second edition: May 2018
Production reference: 1040518
Published by Packt Publishing Ltd.
Livery Place 35 Livery Street Birmingham B3 2PB, UK.
ISBN 978-1-78899-317-3
www.packtpub.com
Tomymother,IsabelZientara,andtothememoryofmyfather,Francis,fortheirconstantencouragement andsupport,andforalwayskeepingmefocusedonwhatisimportant.Tomysiblings,whohavealwaysbeen therewhenneeded.
Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.
mapt.io
Why subscribe?
Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals
Improve your learning with Skill Plans built especially for you
Get a free eBook or video every month
Mapt is fully searchable
Copy and paste, print, and bookmark content
PacktPub.com
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.
Contributors
About the author
David Zientara is a software engineer and IT professional living in northern New Jersey. He has 20 years of experience in IT, and he has been the lead software engineer for Oxberry since the mid1990s. His interest in pfSense prompted him to create a pfSense website in June 2013, and eventually to author this book. Iwishtothankmyeditorsforhelpingensurethatthefinalproductisthebestthatitcanbe.Ialsowishto thankmyparentsfortheirconstantsupportinmyendeavors.
About the reviewer
Shiva V.N. Parasram is a professional cyber security trainer and the owner of the Computer Forensics and Security Institute (CFSI). He is also a Certified EC-Council Instructor (CEI), and his qualifications include an M.Sc. in network security (Distinction), CEH, CHFI, ECSA, CCNA, NSE, and more. He has successfully executed and delivered forensic investigations, penetration tests, and security training for large enterprises, and he is also the author of Digital ForensicswithKaliLinux, PacktPublishing.
"Ifyouhavetobeanything,bebrave."–IndraJ.Parasram.
"Alwaysbepatient,son."–HarryG.Parasram. Tomyparentsandbestfriends.Thelovethatstayed,theloveIknow.Thankyou.
Packt is searching for authors like you
If you're interested in becoming an author for Packt, please visit autho rs.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.
Table of Contents
Title Page
Copyright and Credits
Mastering pfSense Second Edition
Dedication
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images Conventions used
Get in touch
Reviews
1. Revisiting pfSense Basics
Technical requirements
pfSense project overview
Possible deployment scenarios
Hardware requirements and sizing guidelines
Minimum hardware requirements
Hardware sizing guidelines
The best practices for installation and configuration
pfSense configuration
Configuration from the console
Configuration from the web GUI
Configuring additional interfaces
Additional WAN configuration
General setup options
Summary
Questions
Further reading
2. Advanced pfSense Configuration
Technical requirements
SSH login
DHCP
DHCP configuration at the console
DHCP configuration in the web GUI
DHCPv6 configuration in the web GUI
DHCP and DHCPv6 relay
DHCP and DHCPv6 leases
DNS
DNS resolver
General Settings
Enable DNSSEC support
Host Overrides and Domain Overrides
Access Lists
DNS forwarder
DNS firewall rules
DDNS
DDNS updating
RFC 2136 updating
Troubleshooting DDNS
Captive portal
Implementing captive portal
User manager authentication
Voucher authentication
RADIUS authentication
Other settings
Troubleshooting captive portal
NTP
SNMP
Summary
Questions
3. VLANs
Technical requirements
Basic VLAN concepts
Example 1 – developers and engineering
Example 2 – IoT network
Hardware, configuration, and security considerations
VLAN configuration at the console
VLAN configuration in the web GUI
QinQ
Link aggregation
Add firewall rules for VLANs
Configuration at the switch
VLAN configuration example 1 – TL-SG108E
VLAN configuration example 2 – Cisco switches
Static VLAN creation
Dynamic Trunking Protocol
VLAN Trunking Protocol
Troubleshooting VLANs
General troubleshooting tips
Verifying switch configuration
Verifying pfSense configuration
Summary
Questions
4. Using pfSense as a Firewall
Technical requirements
An example network
Firewall fundamentals
Firewall best practices
Best practices for ingress filtering
Best practices for egress filtering
Creating and editing firewall rules
Floating rules
Example rules
Example 1 – block a website
Example 2 – block all traffic from other networks
Scheduling
Example 3 – the default allow rule
An example schedule entry
Aliases
Creating aliases from a DNS lookup
Bulk import
Virtual IPs
Troubleshooting firewall rules
Summary
Questions
5. Network Address Translation
Technical requirements
NAT essentials
Outbound NAT
Example – filtering outbound NAT for a single network
1:1 NAT
Example – mapping a file server
Port forwarding
Example 1 – setting up DCC
Example 2 – excluding a port
Example 3 – setting up a personal web server
Network Prefix Translation
Example – mapping an IPv6 network
Troubleshooting 
Summary
Questions
6. Traffic Shaping
Technical requirements
Traffic shaping essentials
Queuing policies
Priority queuing
Class-based queuing
Hierarchical Fair Service Curve
Configuring traffic shaping in pfSense
The Multiple LAN/WAN Configuration wizard
The Dedicated Links wizard
Advanced traffic shaping configuration
Changes to queues
Limiters
Layer 7 traffic shaping
Adding and changing traffic shaping rules
Example 1 – modifying the penalty box
Example 2 – prioritizing EchoLink
Traffic shaping examples
Example 1 – adding limiters
Example 2 – penalizing peer-to-peer traffic
Using Snort for traffic shaping
Installing  and configuring Snort
Troubleshooting traffic shaping
Summary
Questions
Further reading
7. Virtual Private Networks
Technical requirements
VPN fundamentals
IPsec
L2TP
OpenVPN
AES-NI
Choosing a VPN protocol
Configuring a VPN tunnel
IPsec 
IPsec peer/server configuration
IPsec mobile client configuration
Example 1 – Site-to-site IPsec configuration
Example 2 – IPsec tunnel for remote access
L2TP
OpenVPN
OpenVPN server configuration
OpenVPN client configuration
Client-specific overrides
Server configuration with the wizard
OpenVPN Client Export Utility
Example – site-to-site OpenVPN configuration
Troubleshooting
Summary
Questions
8. Redundancy and High Availability
Technical requirements
Basic concepts
Server load balancing
Example – load balancer for a web server
HAProxy – a brief overview
CARP configuration
Example 1 – CARP with two firewalls
Example 2 – CARP with N firewalls
An example of both load balancing and CARP
Troubleshooting
Summary
Questions
Further reading
9. Multiple WANs
Technical requirements
Basic concepts
Service Level Agreement 
Multi-WAN configuration
DNS considerations
NAT considerations
Third-party packages
Example – multi-WAN and CARP
Troubleshooting
Summary
Questions
10. Routing and Bridging
Technical requirements
Basic concepts
Bridging Routing
Routing
Static routes
Public IP addresses behind a firewall
Dynamic routing
RIP
OpenBGPD
Quagga OSPF
FRRouting
Policy-based routing
Bridging
Bridging interfaces
Special issues
Bridging example
Troubleshooting
Summary
Questions
11. Extending pfSense with Packages
Technical requirements
Basic considerations
Installing packages
Important packages
Squid Issues with Squid
Squid reverse proxy server
pfBlockerNG
ntopng
Nmap
HAProxy
Example – load balancing a web server
Other packages
Snort
Example – using Snort to block social media sites
FRRouting
Zabbix
Summary
Questions
Further reading
12. Diagnostics and Troubleshooting
Technical requirements
Troubleshooting basics
Common networking problems
Wrong subnet mask or gateway
Wrong DNS configuration
Duplicate IP addresses
Network loops
Routing issues
Port configuration
Black holes
Physical issues
Wireless issues
RADIUS issues
pfSense troubleshooting tools
System logs
Dashboard
Interfaces Services Monitoring
Traffic graphs
Firewall states
States States summary
pfTop
tcpdump
tcpflow ping, traceroute and netstat ping traceroute netstat
Troubleshooting scenarios
VLAN configuration problem
Summary
Questions
Assessments
Chapter 1 – Revisiting pfSense Basics
Chapter 2 – Advanced pfSense Configuration
Chapter 3 – VLANs
Chapter 4 – Using pfSense as a Firewall
Chapter 5 – Network Address Translation
Chapter 6 – Traffic Shaping
Chapter 7 – Virtual Private Networks
Chapter 8 – Redundancy and High Availability
Chapter 9 – Multiple WANs
Chapter 10 – Routing and Bridging 
Chapter 11 – Extending pfSense with Packages 
Chapter 12 – Diagnostics and Troubleshooting 
Another Book You May Enjoy
Leave a review - let other readers know what you think
Preface
pfSense is open source firewall/router software based on the FreeBSD packet filtering program PF that can be used as a perimeter firewall, router, wireless access point, DHCP server, DNS server, or VPN endpoint. MasteringpfSense, SecondEdition, is a comprehensive guide to installing, configuring, and customizing pfSense.
Who this book is for
The target audience for this book should have at least an intermediate level of knowledge of computer networking. Some knowledge of pfSense is a plus, although it is not required.
The book should appeal to a wide range of technophiles; anyone interested in pfSense who has an aptitude for understanding networking and the resources to follow along with the examples will benefit from this book.
What this book covers
Chapter 1, RevisitingpfSenseBasics, covers deployment scenarios for pfSense, hardware requirements, sizing and installation options, and it guides the user through the initial installation and configuration.
Chapter 2, AdvancedpfSenseConfiguration, covers some of the commonly used pfSense services, such as DHCP, DNS, Dynamic DNS (DDNS), captive portal, Network Time Protocol (NTP), and Simple Network Management Protocol (SNMP).
Chapter 3, VLANs, covers how to set up a virtual LAN in pfSense, both from the command line and the web GUI, and provides examples showing how to configure some commercially available managed switches.
Chapter 4, UsingpfSenseasaFirewall, covers how to implement rules to block, pass, or divert network traffic, as well as virtual IPs, aliases, and scheduling.
Chapter 5, NetworkAddressTranslation, covers Network Address Translation (NAT) in depth, including outbound NAT, port forwarding, 1:1 NAT, and Network Prefix Translation (NPt).
Chapter 6, TrafficShaping, covers how to use the pfSense's traffic shaping capabilities, using the traffic shaping wizard, by manually adjusting queues, and by creating custom floating rules.
Chapter 7, VirtualPrivateNetworks(VPNs), covers the advantages and disadvantages of VPNs and explains how to use pfSense to set up an IPsec, L2TP, or OpenVPN tunnel. Client-server and peer-to-peer options are covered.
Chapter 8, RedundancyandHighAvailability, covers load balancing, failover, and implementing redundancy via Common Address Redundancy Protocol (CARP), which allows the user to add one or more backup firewalls.
Chapter 9, MultipleWANs, covers ways to implement redundancy and high availability into internet connections by having multiple internet connections for failover, load balancing, and bandwidth aggregation. This chapter shows how to set up gateways and gateway groups.
Chapter 10, RoutingandBridging, covers bridging and static/dynamic routing, including when bridging network adapters is appropriate, as well when it is necessary to configure static routes and how to do it, and discusses the dynamic routing protocols available for pfSense.
Chapter 11, ExtendingpfSensewithPackages, covers the most significant packages available for pfSense, such as Snort, Squid, HAProxy, and many others.
Chapter 12, DiagnosticsandTroubleshooting, covers what to do when things go wrong. A problem-solving methodology is outlined, and common problems and available troubleshooting tools are discussed. A real-world example of troubleshooting is provided.
Appendix A, Assessments, answers to the questions mentioned in the chapters.
To get the most out of this book
I am assuming a basic understanding of networking. Enough knowledge to pass CompTIA's Networking+ exam should be more than enough knowledge. A basic knowledge of computers and how to use a CLI is also necessary. Since pfSense runs on FreeBSD, some experience with BSD and/or Unix-like operating systems such as Linux is helpful, though not strictly necessary. Experience with pfSense is also helpful; I am not assuming any prior knowledge of pfSense although the book does not discuss the initial installation and configuration in depth and instead progresses rapidly to more advanced topics. Readers with no prior knowledge of pfSense may be better served by starting out with a book targeted toward pfSense neophytes such as pfSense2Cookbookby MattWilliamson.
Since the focus in the second edition is more toward providing practical examples of pfSense in action, the reader will get more out of the book if they install pfSense and try some of the examples. Thus, having a system on which to install pfSense or being able to run pfSense in a virtual machine will be a plus. The book outlines the hardware requirements and sizing guidelines. If the reader intends to run pfSense in a virtual machine, they should run it on a system that supports 64-bit virtualization. For some of the examples such as VPNs and setting up a CARP failover group, it is helpful to set up a virtual network with multiple instances of pfSense running on the network.
Download the color images
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it from ht tps://www.packtpub.com/sites/default/files/downloads/MasteringpfSenseSecondEdition_C olorImages.pdf.
Conventions used
There are a number of text conventions used throughout this book.
CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "The nslookup utility is available on Linux, Windows, and macOS."
Any command-line input or output is written as follows:
nslookup packtpub.com 8.8.4.4
Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Navigate to System | Advanced. Make sure the Admin Access tab is selected and scroll down to the Secure Shell section of the page."
Warningsorimportantnotesappearlikethis.
Tipsandtricksappearlikethis.
