What this book covers

Chapter 1, Initial Configuration, covers pfSense firewall configuration from the point of initial installation, and covers much of what most users will need to configure, such as setting up WAN, LAN, and optional interfaces; enabling SSH access and generating RSA keys; and adding VLANs.

Chapter 2, Essential Services, includes the services that crucial to virtually every pfSense deployment – namely, DHCP, DHCP6, DNS, and dynamic DNS. This chapter also covers how to configure pfSense for use as a wireless access point.

Chapter 3, Firewall and NAT, covers the basics of creating firewall rules (standard and floating), as well as how to leverage aliases and scheduling to impose rules on a flexible basis. Different forms of Network Address Translation (NAT) are covered, along with two specialized forms of NAT designed to make online gaming easier: UPnP and NAT-PnP.

Chapter 4, Additional Services, is a new chapter covering services that are less commonly enabled but still useful for many home and SOHO deployments. Captive portals are covered, including all forms of authentication currently supported by pfSense, including RADIUS authentication. The chapter also covers the Network Time Protocol (NTP) and the Simple Network Management Protocol (SNMP).

Chapter 5, Virtual Private Networking, shows how to set up pfSense to act as the endpoint of a VPN tunnel, both as a peer-to-peer entity with another firewall at the opposite end of the connection, and as a client-server entity with a mobile client at the other end. Recipes are provided covering the three protocols supported by the current version of pfSense: IPsec, OpenVPN, and L2TP.

Chapter 6, Traffic Shaping, is another new chapter. This chapter demonstrates how to leverage the capabilities of pfSense to achieve a certain Quality of Service (QoS), using both the traffic shaper wizard and floating rules for policy-based routing. Deep packet inspection, however, is not possible using the built-in traffic shaper. To make this possible, we need the third-party package known as Snort, and this chapter covers the installation and configuration of Snort.

Chapter 7, Redundancy, Load Balancing, and Failover, covers the essential ways in which pfSense provides for load balancing and failover. Namely, it covers multiple WAN setups (which enable us to aggregate bandwidth and/or provide failover capabilities when we have multiple internet connections), load balancing using pfSense's built-in server load balancing capabilities, and the Common Address Redundancy Protocol (CARP), which allows us to have a completely redundant firewall on standby.

Chapter 8, Routing and Bridging, covers cases that many pfSense deployments may rarely encounter, if ever. This chapter demonstrates how to bridge interfaces, how to add a static route, and the dynamic routing protocols of the Routing Information Protocol (RIP), Border Gateway Protocol (BGP), and Open Shortest Path First (OSPF).

Chapter 9, Services and Maintenance, covers a number of services and utilities, most of which are useful for diagnostics and troubleshooting. Wake-on LAN (WOL), Point-to-Point over Ethernet (PPPoE), and enabling Syslog are covered, as well as command-line utilities such as ping and traceroute.

Appendix ABacking Up and Restoring pfSense, provides a brief guide to backing up pfSense, restoring pfSense from either the web GUI or SSH/command line interface, and the various options for updating pfSense.

Appendix BDetermining Hardware Requirements, is a brief primer showing how to choose the best pfSense configuration after you determine your firewall requirements. You will even learn how and where to deploy pfSense to fit your environment's security needs.