Mastering pfSense manage, secure, and monitor your on-premise and cloud network with pfSense 2.4
Install and configure a pfSense router/firewall, and become a pfSense expert in the process. About This Book You can always do more to secure your software ? so extend and customize your pfSense firewall Build a high availability security system that's fault-tolerant ? and capable of blocking p...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham ; Mumbai :
Packt
2018.
|
| Edición: | 2nd edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009631469606719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright and Credits
- Dedication
- Packt Upsell
- Contributors
- Table of Contents
- Preface
- Chapter 1: Revisiting pfSense Basics
- Technical requirements
- pfSense project overview
- Possible deployment scenarios
- Hardware requirements and sizing guidelines
- Minimum hardware requirements
- Hardware sizing guidelines
- The best practices for installation and configuration
- pfSense configuration
- Configuration from the console
- Configuration from the web GUI
- Configuring additional interfaces
- Additional WAN configuration
- General setup options
- Summary
- Questions
- Further reading
- Chapter 2: Advanced pfSense Configuration
- Technical requirements
- SSH login
- DHCP
- DHCP configuration at the console
- DHCP configuration in the web GUI
- DHCPv6 configuration in the web GUI
- DHCP and DHCPv6 relay
- DHCP and DHCPv6 leases
- DNS
- DNS resolver
- General Settings
- Enable DNSSEC support
- Host Overrides and Domain Overrides
- Access Lists
- DNS forwarder
- DNS firewall rules
- DDNS
- DDNS updating
- RFC 2136 updating
- Troubleshooting DDNS
- Captive portal
- Implementing captive portal
- User manager authentication
- Voucher authentication
- RADIUS authentication
- Other settings
- Troubleshooting captive portal
- NTP
- SNMP
- Summary
- Questions
- Chapter 3: VLANs
- Technical requirements
- Basic VLAN concepts
- Example 1 - developers and engineering
- Example 2 - IoT network
- Hardware, configuration, and security considerations
- VLAN configuration at the console
- VLAN configuration in the web GUI
- QinQ
- Link aggregation
- Add firewall rules for VLANs
- Configuration at the switch
- VLAN configuration example 1 - TL-SG108E
- VLAN configuration example 2 - Cisco switches
- Static VLAN creation
- Dynamic Trunking Protocol.
- VLAN Trunking Protocol
- Troubleshooting VLANs
- General troubleshooting tips
- Verifying switch configuration
- Verifying pfSense configuration
- Summary
- Questions
- Chapter 4: Using pfSense as a Firewall
- Technical requirements
- An example network
- Firewall fundamentals
- Firewall best practices
- Best practices for ingress filtering
- Best practices for egress filtering
- Creating and editing firewall rules
- Floating rules
- Example rules
- Example 1 - block a website
- Example 2 - block all traffic from other networks
- Example 3 - the default allow rule
- Scheduling
- An example schedule entry
- Aliases
- Creating aliases from a DNS lookup
- Bulk import
- Virtual IPs
- Troubleshooting firewall rules
- Summary
- Questions
- Chapter 5: Network Address Translation
- Technical requirements
- NAT essentials
- Outbound NAT
- Example - filtering outbound NAT for a single network
- 1:1 NAT
- Example - mapping a file server
- Port forwarding
- Example 1 - setting up DCC
- Example 2 - excluding a port
- Example 3 - setting up a personal web server
- Network Prefix Translation
- Example - mapping an IPv6 network
- Troubleshooting
- Summary
- Questions
- Chapter 6: Traffic Shaping
- Technical requirements
- Traffic shaping essentials
- Queuing policies
- Priority queuing
- Class-based queuing
- Hierarchical Fair Service Curve
- Configuring traffic shaping in pfSense
- The Multiple LAN/WAN Configuration wizard
- The Dedicated Links wizard
- Advanced traffic shaping configuration
- Changes to queues
- Limiters
- Layer 7 traffic shaping
- Adding and changing traffic shaping rules
- Example 1 - modifying the penalty box
- Example 2 - prioritizing EchoLink
- Traffic shaping examples
- Example 1 - adding limiters
- Example 2 - penalizing peer-to-peer traffic
- Using Snort for traffic shaping.
- Installing and configuring Snort
- Troubleshooting traffic shaping
- Summary
- Questions
- Further reading
- Chapter 7: Virtual Private Networks
- Technical requirements
- VPN fundamentals
- IPsec
- L2TP
- OpenVPN
- AES-NI
- Choosing a VPN protocol
- Configuring a VPN tunnel
- IPsec
- IPsec peer/server configuration
- IPsec mobile client configuration
- Example 1 - Site-to-site IPsec configuration
- Example 2 - IPsec tunnel for remote access
- L2TP
- OpenVPN
- OpenVPN server configuration
- OpenVPN client configuration
- Client-specific overrides
- Server configuration with the wizard
- OpenVPN Client Export Utility
- Example - site-to-site OpenVPN configuration
- Troubleshooting
- Summary
- Questions
- Chapter 8: Redundancy and High Availability
- Technical requirements
- Basic concepts
- Server load balancing
- Example - load balancer for a web server
- HAProxy - a brief overview
- CARP configuration
- Example 1 - CARP with two firewalls
- Example 2 - CARP with N firewalls
- An example of both load balancing and CARP
- Troubleshooting
- Summary
- Questions
- Further reading
- Chapter 9: Multiple WANs
- Technical requirements
- Basic concepts
- Service Level Agreement
- Multi-WAN configuration
- DNS considerations
- NAT considerations
- Third-party packages
- Example - multi-WAN and CARP
- Troubleshooting
- Summary
- Questions
- Chapter 10: Routing and Bridging
- Technical requirements
- Basic concepts
- Bridging
- Routing
- Routing
- Static routes
- Public IP addresses behind a firewall
- Dynamic routing
- RIP
- OpenBGPD
- Quagga OSPF
- FRRouting
- Policy-based routing
- Bridging
- Bridging interfaces
- Special issues
- Bridging example
- Troubleshooting
- Summary
- Questions
- Chapter 11: Extending pfSense with Packages
- Technical requirements
- Basic considerations.
- Installing packages
- Important packages
- Squid
- Issues with Squid
- Squid reverse proxy server
- pfBlockerNG
- ntopng
- Nmap
- HAProxy
- Example - load balancing a web server
- Other packages
- Snort
- Example - using Snort to block social media sites
- FRRouting
- Zabbix
- Summary
- Questions
- Further reading
- Chapter 12 : Diagnostics and Troubleshooting
- Technical requirements
- Troubleshooting basics
- Common networking problems
- Wrong subnet mask or gateway
- Wrong DNS configuration
- Duplicate IP addresses
- Network loops
- Routing issues
- Port configuration
- Black holes
- Physical issues
- Wireless issues
- RADIUS issues
- pfSense troubleshooting tools
- System logs
- Dashboard
- Interfaces
- Services
- Monitoring
- Traffic graphs
- Firewall states
- States
- States summary
- pfTop
- tcpdump
- tcpflow
- ping, traceroute and netstat
- ping
- traceroute
- netstat
- Troubleshooting scenarios
- VLAN configuration problem
- Summary
- Questions
- Appendix A: Assessments
- Chapter 1 - Revisiting pfSense Basics
- Chapter 2 - Advanced pfSense Configuration
- Chapter 3 - VLANs
- Chapter 4 - Using pfSense as a Firewall
- Chapter 5 - Network Address Translation
- Chapter 6 - Traffic Shaping
- Chapter 7 - Virtual Private Networks
- Chapter 8 - Redundancy and High Availability
- Chapter 9 - Multiple WANs
- Chapter 10 - Routing and Bridging
- Chapter 11 - Extending pfSense with Packages
- Chapter 12 - Diagnostics and Troubleshooting
- Another Book You May Enjoy
- Index.
