LinuxCBT.com

Syllabus

Focus: pfSense Firewall

Duration: 14-Hours

  • pfSense - Firewall

    • Introduction - Topology - Features
      • Enumerate important pfSense features
      • Explore network topology
      • Identify key systems to be used
    •  
    • pfSense Installation
      • Identify target platforms
      • Locate and obtain packages
      • Install pfSense on target system(s)
      • Confirm initial installation
      • Explore installation footprint
      • Peruse $SHELL management interface
    •  
    • WebConfigurator Interface
      • Discuss features and benefits
      • Identify target URLs
      • Authenticate and update basic credentials
      • Explore interface
      • Identify key menu items
    •  
    • Basic Routing
      • Identify default configuration
      • Route traffic based on default configuration
      • Update routing to handle new subnet
      • Confirm packet routing through routed interfaces
      • Evaluate results
    •  
    • NAT Table
      • Extend Routing discussion and consider NAT
      • Cover default NAT configuration
      • Create custom NAT configuration
      • Observe packet mangling across interfaces
      • Evaluate results
    •  
    • Firewall Rules | Schedules
      • Identify and test default rules
      • Tweak rules and observe impact on packets
      • Handle various types of common traffic patterns
      • Move packets between subnets across rules interfaces
      • Evaluate various tweaks to firewall rules
      • Schedule rules and evaluate impact
    •  
    • Firewall LOGs | Reports
      • Explore considerable LOG data
      • Generate traffic and observe LOG entries
      • Enable rules based on LOG entries
      • Alter traffic according to desired result
      • Explore various in-built Reports
      • Evaluate results
    •  
    • Packages | Extensibility
      • Explore pfSense default Packages
      • Implement add-on packages
      • Correlate new packages to interface
      • Use add-on to accomplish various tasks
    •  
    • DHCP | DNS Services
      • Explore defaults
      • Influence DHCP Server configuration
      • Set Reservations
      • Configure DNS servics
      • Evaluate performance
    •  
    • DMZs | VLANs
      • Provision additional networks
      • Allocate networks to DMZs | VLANs
      • Configure Routing | Filtering between networks
      • Confirm packet flows
      • Evaluate results
    •  
    • Miscellaneous
      • Explore various areas
      • Administer Users
      • Test access
      • Use Backup | Restoration services
      • Confirm results
    •  
    • Firmware Upgrade
      • Identify current version
      • Perform upgrade
      • Check packet-flow during upgrade
      • Process post-upgrade error
      • Confirm functionality
      • Perform minor firmware upgrade
      • Snapshot VM instance
      • Backup configuration
      • Confirm upgrade
    •  
    • NTP Config
      • Explore interface and default behavior
      • Add NTP Peers
      • Query NTP via various interfaces
      • Restrict NTP to desired networks
      • Apply ACL - Test queries
      • Update server configuration
    •  
    • DNS | Forwarder | Resolver
      • Enable Forwarder
      • Issue queries - analyze results
      • Enable mini tables for DHCP nodes
      • Include domain override
      • Migrate to Resolver config
      • Peruse settings
      • Confirm resolution
      • Debug resolution-issues
    •  
    • SSH PKI Firewall Access
      • Explore default configuration
      • Connect to firewall as various users
      • Enable PKI access across accounts
      • Compound PKI access and test
      • Remove | Replace PKI access and confirm
      • Disable Password-based access
    •  
    • Useful Interfaces | RAM Disk Configuration
      • Use Edit Files interface to manipulate file
      • Explore Command Prompt interface
      • Execute various commands via interface
      • Migrate to RAM Disk configuration
      • Ensure SYSLOG configuration
      • Expand Firewall RAM via Hypervisor
    •  
    • Web Configuration - Force SSL
      • Explore default configuration
      • Test using 'curl' redirects
      • Disable clear-text access
      • Test connectivity - 'curl' && browser
      • Confirm results
    •  
    • WAN-Side Block Config Access
      • Explore default access
      • Test WAN | LAN access
      • Write rules blocking WAN config access
      • Test configuration
    •  
    • Anti-Lockout Configuration
      • Discuss applicability
      • Explore firewall rule
      • Disable Anti-Lockout
      • Discuss residual access
      • Write rules to permit configuration
    •  
    • Condense Rules via Aliases
      • Explore default rule-set
      • Define useful Aliases
      • Apply aliases to existing rules
      • Disable superfluous rules
      • Confirm packet-flow
      • Remove superfluous rules
    •  
    • SMTP Outbound Restriction
      • Identify default rule-set
      • Source outbound SMTP traffic
      • Define Alias to house trusted SMTP nodes
      • Write rules to Allow | Block SMTP accordingly
      • Confirm results
    •  
    • Performance Check
      • Install iperf
      • Explore interface
      • Setup iperf server - remote
      • Use iperf to generate and measure performance
      • Consider results as baseline
    •  
    • Bandwidth Monitor
      • Install Darkstat
      • Configure with appropriate settings
      • Launch and generate traffic
      • Monitor conversations
      • Look for anomalies
    •  
    • Squid Proxy
      • Install Squid
      • Configure with appropriate settings
      • Route HTTP client traffic via Squid
      • Blacklist domain
      • Exempt IP
      • Test proxy communications
      • Self-signed CA
      • Transparent Proxy
      • Test HTTP[s] comms
    •  

UnixCBT pFirewall Edition

  •  
DEMO