pfSense firewall workshop guide

[email protected] Created by Sopon Tumchota Date : July 2015

Firewall Workshop Guide


รายละเอียดเนื้อหาการอบรม • เรื่องทั่วไปเกี่ยวกับ Firewall และ pfSense

– Basic Routing and Firewall

– pfSense Open Source Firewall

– pfSense Installation

– pfSense System and Basic Config

• การก าหนดเงือนไขให้ pfSense Firewall – NAT Config

– Firewall Rule Config

– Aliases and Virtual Server IP’s

• การควบคุมการท างานของ pfSense Firewall – DHCP Server Config – DNS Forwarder Config – Captive Portal Config – Load Balanced Config – Dynamic DNS Config – OpenVPN Client and Server Config – Proxy Server (Squid) Install and Config

• การตรวจและการแก้ปัญหาภายในระบบเครือข่าย – System Monitoring – Captive Portal Monitoring – DHCP Monitoring – Interface Monitoring – Load Balanced Monitoring – Services and Traffic Monitoring


สิ่งที่ผู้เข้าร่วมอบรมจะต้องจัดเตรียม • Note Book or PC พร้อมระบบปฏิบัติการ Windows Clients เช่น Windows

7 Pro เป็นต้น จ านวน 1 ชุด ความต้องการพื้นฐานดังนี้ – RAM ไม่น้อยกว่า 4-6 GB – CPU ไม่น้อยกว่า Core i5 – 1 x Gigabit Ethernet – Browser Software เช่น IE, Chrome, Firefox เป็นต้น

• VMWare Workstation Version 9 เป็นต้นไป • SSH Clients Software เช่น Putty เป็นต้น • SFTP Clients Software เช่น WinSCP เป็นต้น


Basic Routing & Firewall


What is a Firewall?

• A choke point of control and monitoring • Interconnects networks with differing trust • Imposes restrictions on network services

– only authorized traffic is allowed

• Auditing and controlling access – can implement alarms for abnormal behavior

• Itself immune to penetration • Provides perimeter defence


Classification of Firewall Characterized by protocol level it controls in

• Packet filtering

• Circuit gateways

• Application gateways

• Combination of above is dynamic packet filter


Firewalls – Packet Filters


Firewalls – Packet Filters • Simplest of components

• Uses transport-layer information only – IP Source Address, Destination Address

– Protocol/Next Header (TCP, UDP, ICMP, etc)

– TCP or UDP source & destination ports

– TCP Flags (SYN, ACK, FIN, RST, PSH, etc)

– ICMP message type

• Examples – DNS uses port 53

• No incoming port 53 packets except known trusted servers


Usage of Packet Filters

• Filtering with incoming or outgoing interfaces – E.g., Ingress filtering of spoofed IP addresses

– Egress filtering

• Permits or denies certain services – Requires intimate knowledge of TCP and UDP port utilization on a number of

operating systems


How to Configure a Packet Filter

• Start with a security policy

• Specify allowable packets in terms of logical expressions on packet fields

• Rewrite expressions in syntax supported by your vendor

• General rules - least privilege – All that is not expressly permitted is prohibited

– If you do not need it, eliminate it


Every ruleset is followed by an implicit rule reading like this.


Security & Performance of Packet Filters

• IP address spoofing – Fake source address to be trusted – Add filters on router to block

• Tiny fragment attacks – Split TCP header info over several tiny packets – Either discard or reassemble before check

• Degradation depends on number of rules applied at any point • Order rules so that most common traffic is dealt with first • Correctness is more important than speed


Port Numbering • TCP connection

– Server port is number less than 1024 – Client port is number between 1024 and 16383

• Permanent assignment – Ports <1024 assigned permanently

• 20,21 for FTP 23 for Telnet • 25 for server SMTP 80 for HTTP

• Variable use – Ports >1024 must be available for client to make any connection – This presents a limitation for stateless packet filtering

• If client wants to use port 2048, firewall must allow incoming traffic on this port

– Better: Stateful filtering knows outgoing requests


Firewalls – Stateful Packet Filters • Traditional packet filters do not examine higher layer context

– matching return packets with outgoing flow

• Stateful packet filters address this need

• They examine each IP packet in context – Keep track of client-server sessions

– Check each packet validly belongs to one

• Hence are better able to detect bogus packets out of context


Stateful Filtering


Firewall Outlines • Packet filtering





Firewall Gateways • Firewall runs set of proxy programs

– Proxies filter incoming, outgoing packets

– All incoming traffic directed to firewall

– All outgoing traffic appears to come from firewall

• Policy embedded in proxy programs

• Two kinds of proxies – Application-level gateways/proxies

• Tailored to http, ftp, smtp, etc.

– Circuit-level gateways/proxies • Working on TCP level


Firewalls - Application Level Gateway (or Proxy)


Application-Level Filtering • Has full access to protocol

– user requests service from proxy

– proxy validates request as legal

– then actions request and returns result to user

• Need separate proxies for each service – E.g., SMTP (E-Mail)

– NNTP (Net news)

– DNS (Domain Name System)

– NTP (Network Time Protocol)

– custom services generally not supported


App-level Firewall Architecture

Daemon spawns proxy when communication detected …

Network Connection

Telnet daemon

SMTP daemon

FTP daemon

Telnet proxy

FTP proxy SMTP

proxy


Firewalls - Circuit Level Gateway


A typical SOCKS connection through interface A, and rogue connection through the external interface, B.


Bastion Host • Highly secure host system

• Potentially exposed to "hostile" elements

• Hence is secured to withstand this – Disable all non-required services; keep it simple

• Trusted to enforce trusted separation between network connections

• Runs circuit / application level gateways – Install/modify services you want

• Or provides externally accessible services


Screened Host Architecture


Screened Subnet Using Two Routers


Dynamic Packet Filters

• Most common

• Provide good administrators protection and full transparency

• Network given full control over traffic

• Captures semantics of a connection


Routing Filters

• All nodes are somehow reachable from the Internet

• Routers need to be able to control what routes they advertise over various interfaces

• Clients who employ IP source routing make it possible to reach ‘unreachable’ hosts – Enables address-spoofing

– Block source routing at borders, not at backbone


Routing Filters (cont)

• Packet filters obviate the need for route filters

• Route filtering becomes difficult or impossible in the presence of complex technologies

• Route squatting – using unofficial IP addresses inside firewalls that belong to someone else

• Difficult to choose non-addressed address space


pfSense Open Source Firewall


Introduction

• FreeBSD-based open-source distribution for firewalls and routers

• Started in 2004 based on m0n0wall

• Powerful and flexible firewalling and routing platform


Applications

• Firewall (incl. redundant setups)

• SOHO Router

• WAN Router

• Wireless Access Point/Captive Portal

• VPN Appliance (OpenVPN, IPSec, L2TP, PPTP)

• VoIP Appliance

• Sniffer appliance


Features

• pf firewall from OpenBSD – Stateful filtering of IP, UDP and TCP streams based on various parameters – Max connections limit per rule, selective logging per rule – Filtering based on OS – Policy routing – Transparent L2 filtering, Traffic normalization – NAT and Load balancing – Redundancy – carp and pfsync

• WebGUI • Package management • Update & configuration management


New Features in 2.x

• New installation options • New interface types

– GRE and GIF tunnels – Dial-up modem and Multi-link PPP – 3G, VAP and more wireless cards supported – LAGG

• Bridging enhancements • Multiple gateways (dynamic) & Multi-WAN • WebGUI improvements – HTTPS, context help menus


New Features in 2.x (Cont.)

• Firewall – Layer 7 filtering

– Traffic shaper rewritten

– Easy Rule

– Extended advanced rule options

– Extended NAT options

– Rule scheduling handled by pf

– State summary view & real-time stats in WebGUI


New Features in 2.x VPN

• L2TP VPN added

• IPSec – IPSec-tools 0.8

– Mobile IPSec works with Android/iPhone

• OpenVPN – Remote access configuration wizard

– Client export package

– OpenVPN Status page


New Features in 2.x Package

• Advanced routing – OpenBGPD, OpenOSPFD

• Telephony – FreeSWITCH, SIP Proxy

• Network Management – Zabbix, nagios

• Network diagnostics – Bandwithd, rated, iperf, nmap, pfflowd

• Web proxy – Squid, squidGuard, LightSquid, HAVP Antivirus

• And More …


System Requirements • 100Mhz Pentium CPU, 128MB RAM, 1GB Hard driver/512MB CF card (embedded) • Throughput

– 10-20Mbps – 266Mhz CPU – 21-50Mbps – 500Mhz CPU – 51-200Mbps – 1GHz CPU – 201-500Mbps – 2.0Ghz CPU, PCI-e network adapters – 501Mbps+ - server-class hardware, 3.0Ghz CPU, PCI-X/PCI-e network adapters

• Features/Installed Packages – VPN – CPU resource and/or HW encryption, 500Mhz CPU for 10Mbps IPSec – Captive Portal - CPU resource – Large state tables – 1 Kb RAM per connection – Packages – additional RAM - snort, ntop, etc – at least 512Mb RAM


pfSense Installation


Installation Contents • Choose Installation Type • Download pfSense • Prepare Installation Media • Connect to Serial Console (NanoBSD, Memstick-serial) • Performing a Full Install (LiveCD, Memstick) • Embedded / NanoBSD • Assign Interfaces on the Console • pfSense Default Configuration • Post-Install Tasks • Installation Troubleshooting • Additional Information


LAB - Basic Network Diagram


LAB – Class Room Network Diagram


LAB – IP v4 Address Define การก าหนด IP Address ส าหรับผู้เข้าร่วมอบรม pfSense Open Source Firewall

Item Clients ISP#1 IP / 24 ISP#2 IP / 24 ISP#3 IP /24 LAN IP Subnet 1 Personal NB 01 30.30.30.10 30.31.30.10 30.32.30.10 192.167.11.0/24 2 Personal NB 02 30.30.30.20 30.31.30.20 30.32.30.20 192.167.20.0/24 3 Personal NB 03 30.30.30.30 30.31.30.30 30.32.30.30 192.167.30.0/24 4 Personal NB 04 30.30.30.40 30.31.30.40 30.32.30.40 192.167.40.0/24 5 Personal NB 05 30.30.30.50 30.31.30.50 30.32.30.50 192.167.50.0/24 6 Personal NB 06 30.30.30.60 30.31.30.60 30.32.30.60 192.167.60.0/24 7 Personal NB 07 30.30.30.70 30.31.30.70 30.32.30.70 192.167.70.0/24 8 Personal NB 08 30.30.30.80 30.31.30.80 30.32.30.80 192.167.80.0/24 9 Personal NB 09 30.30.30.90 30.31.30.90 30.32.30.90 192.167.90.0/24 10 Personal NB 10 30.30.30.100 30.31.30.100 30.32.30.100 192.167.100.0/24 11 Personal NB 11 30.30.30.110 30.31.30.110 30.32.30.110 192.167.110.0/24 12 Personal NB 12 30.30.30.120 30.31.30.120 30.32.30.120 192.167.120.0/24 13 Personal NB 13 30.30.30.130 30.31.30.130 30.32.30.130 192.167.130.0/24 14 Personal NB 14 30.30.30.140 30.31.30.140 30.32.30.140 192.167.140.0/24 15 Personal NB 15 30.30.30.150 30.31.30.150 30.32.30.150 192.167.150.0/24 16 Personal NB 16 30.30.30.160 30.31.30.160 30.32.30.160 192.167.160.0/24 17 Personal NB 17 30.30.30.170 30.31.30.170 30.32.30.170 192.167.170.0/24 18 Personal NB 18 30.30.30.180 30.31.30.180 30.32.30.180 192.167.180.0/24 19 Personal NB 19 30.30.30.190 30.31.30.190 30.32.30.190 192.167.190.0/24 20 Personal NB 20 30.30.30.200 30.31.30.200 30.32.30.200 192.167.200.0/24 21 DHCP Client Service 30.30.30.201-250 30.31.30.201-250 30.32.30.201-250 N/A


Choose Installation Type

• 64-bit vs 32-bit – Does pfSense support 64 bit systems – Is 32-bit or 64-bit pfSense Preferred

• Full vs Embedded vs LiveCD – Full Install is performed to an SSD or HDD. – Embedded is used for CF/SD/USB media. – A third, much less used type, is running the LiveCD without installing to disk.

• LiveCD vs Memstick vs Memstick Serial – LiveCD (ISO image, CD/DVD disc): Easy and familiar to many. – Memstick: Like the LiveCD, but run from a USB thumb drive. – Serial Memstick: Like the Memstick image, but runs using the serial console rather

than VGA.

https://doc.pfsense.org/index.php/Does_pfSense_support_64_bit_systems




https://doc.pfsense.org/index.php/Is_32-bit_or_64-bit_pfSense_Preferred








Choose Installation Type

• NanoBSD vs NanoBSD+VGA – NanoBSD: Embedded install type using the serial console by default.

– NanoBSD+VGA: Like NanoBSD, but uses the VGA console instead.

• Virtual Machines

Virtual Machines, such as VMware/ESX, should be installed using the ISO image

– Installing_pfSense_in_vmware_under_windows

– pfSense 2 on VMware ESXi 5

https://doc.pfsense.org/index.php/Installing_pfSense_in_vmware_under_windows

https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5





Download pfSense

• Visit https://www.pfsense.org/download/mirror.php?section=downloads

• Pick the chosen Computer Architecture, Platform, and Console type

• Download the MD5 checksum and/or SHA256 checksum files to verify the image later

• Pick a mirror and click the link on its row to download the image from there

• Wait for the download to complete

• Verify Downloaded Files

https://www.pfsense.org/download/mirror.php?section=downloads

https://doc.pfsense.org/index.php/Verify_Downloaded_Files

https://doc.pfsense.org/index.php/Verify_Downloaded_Files


Prepare Installation Media

The downloaded image must be written to target media before it can be used. For a Full Install, this media is used to boot and install and then will not be needed again, and for LiveCD it will remain connected to the firewall. For Embedded, the target media is the disk (CF/SD) that will contain the Operating System. • Write the ISO (LiveCD): If the LiveCD .iso file was downloaded, it must

be burned to a disc as an ISO image. See Writing ISO Images for assistance.

• Writing Memstick or NanoBSD images: This task is covered with great detail in the Writing Disk Images article here on the wiki.

https://doc.pfsense.org/index.php/Writing_ISO_Images

https://doc.pfsense.org/index.php/Writing_Disk_Images


Connect to Serial Console

Before attempting to install or boot, if a serial-based image was used, such as NanoBSD or Memstick-Serial, connect to the serial console with a null modem cable and with appropriate terminal options. See Connecting to the Serial Console for specifics.

https://doc.pfsense.org/index.php/Connecting_to_the_Serial_Console


Performing a Full Install (LiveCD, Memstick)

• Power on the target system and connect the install media: Place the CD into the drive or plug the Memstick into a USB port. If the BIOS is set to boot from CD/USB, pfSense will start.

• For other boot issues, Installation Troubleshooting.

• As the operating system boots and pfSense starts, a prompt is presented with some choices and a countdown timer. At this prompt, press i to invoke the installer now.

https://doc.pfsense.org/index.php/Installation_Troubleshooting



First, the installer console can be changed to use a different font, screen map, or key map. Most people do not need to change these, but it may help with some international keyboards.



At the Select Task prompt, choose Quick/Easy Install.



The Quick/Easy Install option assumes the first located disk is the intended target, so be sure there is only one SSD/HDD is present in the system.

NOTE: A GEOM mirror (software RAID) may also be configured by choosing Custom Install and then invoking the option to create the mirror and select the disks. Once that has been completed, then it is possible to return to the Select Task screen and proceed with a Quick/Easy Install Because the next step is destructive to whatever is currently on the target disk, confirmation is required to proceed. Select OK then press Enter.



The install will proceed, wiping the target disk and installing pfSense. Copying files may take some time to finish.

After the files have been copied to the target disk, a choice is presented to select the console type. Standard defaults to the VGA console. Embedded defaults to serial console.



Now the system must reboot so that pfSense may start from the target disk. Select Reboot and then press Enter. Be sure to remove the disc or USB Memstick so that the system will not attempt to boot from there next time.



After the system reboots, pfSense will be running from the target disk. The next step is to Assign Interfaces on the Console below.


Embedded / NanoBSD

• Before attempting to boot, if ALIX hardware is being used, ensure the device has the latest BIOS (at least 0.99h) and set CHSmode in the BIOS. See ALIX BIOS Update Procedure for details.

• Install the target media into the device, and ensure the BIOS is configured to boot from that disk.

• If everything is configured correctly the kernel will begin to load. For serial console images, systems with VGA output will stop displaying with a "/" on the screen or may stop at a "BTX" message. From that point on all output is sent to COM1. Connect to the serial console to view the remaining output.

https://doc.pfsense.org/index.php/ALIX_BIOS_Update_Procedure

https://doc.pfsense.org/index.php?title=Connecting_to_a_Serial_Console&action=edit&redlink=1


Assign Interfaces on the Console

• The default configuration file on pfSense 2.2 has em0 assigned as WAN, and em1 assigned as LAN. If the target hardware hasem0 and em1, then the assignment prompt is skipped and the install will proceed as usual.

• A list of network interfaces and their MAC addresses that were located on the system will appear, along with an indication of their link state if that is supported by the network card. The link state is denoted by "(up)" appearing after the MAC address if a link is detected on that interface. The MAC (Media Access Control) address of a network card is a unique identifier assigned to each card, and no two network cards should have the same MAC address. After that, a prompt will be shown for VLAN configuration.



• VLANS

The option to assign VLANs is presented first. If VLANs are not required, or they are not known, enter No here. VLANs are optional and are only needed for advanced networking. VLAN-capable equipment is also required if they are to be used. See VLAN Trunking for details.

https://doc.pfsense.org/index.php/VLAN_Trunking

https://doc.pfsense.org/index.php/VLAN_Trunking


Assign Interfaces on the Console • LAN, WAN, OPTx

– The first interface prompt is for the WAN interface. If the interface is known, enter its name, such as igb0 or em0 and press Enter. If the identity of the card is not known, see the next section for the Auto Assign Procedure.

– The second interface prompt is for the LAN interface. Enter the appropriate interface, such as igb1 or em1, and press Enter again. If only the WAN interface is to be used, and no LAN, press Enter without giving any other input.

– Only one interface (WAN) is required to setup pfSense. If more interfaces are available they may be assigned as LAN and OPTx interfaces. The procedure is the same for additional interfaces: Enter the appropriate interface name, then press Enter.

– When there are no more interfaces to add, press Enter. The list of assigned interfaces is displayed. If the mappings are correct, enter y, otherwise enter n and repeat the assignment.

– NOTE: If only one NIC is assigned (WAN), This is called Appliance Mode. In this mode, pfSense will move the GUI anti-lockout rule to the WAN interface so the firewall may be accessed from there. The usual routing functions would not be active since there is no "internal" interface. This type of configuration is useful for VPN appliances, DNS servers, etc.



• Auto Assign Procedure

For automatic interface assignment, first unplug all network cables from the system, then type a and press Enter. Now plug a network cable into the interface that should connect to the WAN, and press Enter. If all went well, pfSense should know now which interface to use for the WAN. The same process may be repeated for the LAN, and any optional interfaces that will be needed. If a message is displayed such as No link-up detected, see Installation Troubleshooting for more information on sorting out network card identities.



pfSense Default Configuration

After installation and interface assignment, pfSense has the following default configuration: • WAN is configured as an IPv4 DHCP client • WAN is configured as an IPv6 DHCP client and will request a prefix delegation • LAN is configured with a static IPv4 address of 192.168.1.1/24 • LAN is configured to use a delegated IPv6 address/prefix obtained by WAN (Track IPv6) if one is available • All incoming connections to WAN are blocked • All outgoing connections from LAN are allowed • NAT is performed on IPv4 traffic leaving WAN from the LAN subnet • The firewall will act as an IPv4 DHCP Server • The firewall will act as an IPv6 DHCPv6 Server if a prefix delegation was obtained on WAN, and also enables SLAAC • The DNS Resolver is enabled so the firewall can accept and respond to DNS queries • SSH is disabled. • WebGUI is running on port 443 using HTTPS • Default credentials are set to a username of admin with password pfsense


Post-Install Tasks

After installation and assignment, a shell menu is presented on the console with a number of options. pfSense now is ready to be accessed via the network, either on the LAN interface (if one is assigned), or on the WAN interface in a single interface deployment.


Post-Install Tasks

• Connect to the GUI – The WebGUI is used to configure the vast majority of items in pfSense. It may

be accessed by any modern browser, though Firefox and Chrome are preferred.

– Connect a client PC to the LAN of the firewall and ensure it obtained an IP address. If it did not, it may be plugged into the wrong port.

– Open a web browser and navigate to https://192.168.1.1/, using the default username admin and password pfsense to login.

– The first visit to the WebGUI will be redirected to the setup wizard, which is also accessible at System > Setup Wizard. Proceed through the wizard and configure things as desired.

https://192.168.1.1/

https://192.168.1.1/

https://192.168.1.1/


pfSense System and Basic Config


Starting pfSense wizard Start your web browser and connect to LAN IP with http:// or https://

Enter default credentials:

User: admin

Password: pfsense

This starts a configuration wizard:


Starting pfSense wizard (Cont.) • Once you logged in, a setup wizard window appears that will guide

you through the initial configuration


Starting pfSense wizard (Cont.) On the next screen, enter the hostname, and domain for pfsense, by following provide a Primary DNS server and secondary DNS and click Next


Starting pfSense wizard (Cont.) Choose the time zone and click next.


Starting pfSense wizard (Cont.) On this screen, configure WAN interface, if you have a PPOE connection or if you need to use this pfsense machine as a router, you need to choose PPOE from the drop menu or else simply select ‘static‘ and set the static IP address, gateway and click ‘Next‘ to continue


Starting pfSense wizard (Cont.) Next, change the admin password, which is used to access the WebGUI and SSH


Starting pfSense wizard (Cont.) After setting admin password, click on reload to make changes


Starting pfSense wizard (Cont.) Click on the link, will take you to pfsense web configurator GUI Dashboard as shown in below picture.


Starting pfSense wizard (Cont.) pfSense WebGUI

Completed

Configuration


pfSense Firewall Configuration


Aliases and Virtual Server IP’s

• Menu “Firewall ---- > Aliases


Aliases and Virtual Server IP’s • Click “ + “ to Add New “Aliases”


Aliases and Virtual Server IP’s • Menu Firewall -- > “Virtual IPs” and Click “+” to Add New One


Aliases and Virtual Server IP’s • Menu System --- > “High Avail. Sync”


NAT Configuration

• NAT Outbound

• Menu Firewall -- > NAT

• Click “+” for New One


NAT Configuration • NAT 1:1 Click “+” for New One


NAT Configuration • NAT Port Forward Click “+” for New One


Gateway, Routing and Group Configuration • Menu System ---- > Routing


Gateway, Routing and Group Configuration

• Menu System --- > Routing --- > groups and



Firewall Rule Configuration • Menu Firewall ---- > Rules ; LAN


Firewall Rule Configuration

• LAN or WAN Interface



Firewall Rule Configuration

• Option Rule Config


pfSense Services Configuration


DHCP Server Configuration

• Menu Services --- > DHCP Server

• Click tab LAN Interface

• Or Option Interface (if have)


DNS Forwarder Configuration

• Menu Services --- > DNS forwarder


DNS Forwarder Configuration • Click “+” for New Host or Domain Overrides


Captive Portal Configuration • Menu Services ----- > Captive Portal ; Click “+” for New Zone

• Enter Zone Name etc… “LANZone”, Description and Continue


Captive Portal Configuration

• Continue to Captive Portal

• For Configuring


Captive Portal Configuration

• Continue to Captive Portal

• For Configuring and SAVE


Load Balanced Server Configuration

• Menu Service --- > Load Balancer

• Pool tab Click “+” for New One


Load Balanced Server Configuration • Virtual Server tab

Click “+” for New One


Dynamic DNS Configuration

• Menu Service --- > Dynamic DNS


OpenVPN Client and Server Configuration

OpenVPN Server

• Menu VPN --- > OpenVPN ; Server tab

• Click “+” for New One Server

• to Configuring



• OpenVPN Server (Cont.)



OpenVPN Client

• Menu VPN --- > OpenVPN ; Client tab

• Click “+” for New One Client

• to Configuring



• OpenVPN Client (Cont.)


Proxy Server (Squid) Installation and Config

Proxy Installation

• Menu System ---- > Packages

• Go to Available Packages --- > Other Categories

• Find “Squid” and Click “+” to Install



• Squid Installing



• Squid Install Completed



• Proxy Server General Configuration



• Proxy Server Cache Configuration


Proxy Server (Squid) Installation and Config • Proxy Server Access Control


Proxy Server (Squid) Installation and Config • Proxy Server Traffic Management


pfSense Monitoring and Troubleshooting


Overview Dashboard Monitoring


System Monitoring • Menu Status --- >

System Log


Captive Portal Monitoring

• Menu Status --- > Captive Portal


DHCP Monitoring • Menu Status ---- > DHCP

Leases


Interface Monitoring • Menu Status --- >

Interfaces


Load Balanced Monitoring

• Menu Status --- > Load Balancer


Services and Traffic Monitoring • Menu Status ---- > Services


Services and Traffic Monitoring • Real-time Traffic Monitor


Services and Traffic Monitoring • Summary Traffic

Monitor


Installation Troubleshooting

If the installation did not proceed as planned,

see Installation Troubleshooting for help.

pfSense Software Support


https://www.pfsense.org/get-support/


Additional Information

For additional information on Installing pfSense, see the page Category:Installation. Sign up for a Gold Subscription, which gives access to the official pfSense book and monthly hangouts that cover a variety of topics as well as our Auto Config Backup service, a secure place to store and retrieve off-site backups.

Get pfSense Book

https://doc.pfsense.org/index.php/Category:Installation

https://portal.pfsense.org/gold-subscription.php

https://www.pfsense.org/get-support/


Good Luck https://doc.pfsense.org Reference from :

Version 2.x

https://doc.pfsense.org/



pfSense firewall workshop guide

Technology

Transcript of pfSense firewall workshop guide