UnixCBT – pFirewall Edition

UnixCBT – pFirewall Edition
English | Size: 1.31 GB
Category: Misc E-Learning

pfSense – Firewall

Introduction – Topology – Features
Enumerate important pfSense features
Explore network topology
Identify key systems to be used

pfSense Installation
Identify target platforms
Locate and obtain packages
Install pfSense on target system(s)
Confirm initial installation
Explore installation footprint
Peruse $SHELL management interface

WebConfigurator Interface
Discuss features and benefits
Identify target URLs
Authenticate and update basic credentials
Explore interface
Identify key menu items

Basic Routing
Identify default configuration
Route traffic based on default configuration
Update routing to handle new subnet
Confirm packet routing through routed interfaces
Evaluate results

NAT Table
Extend Routing discussion and consider NAT
Cover default NAT configuration
Create custom NAT configuration
Observe packet mangling across interfaces
Evaluate results

Firewall Rules | Schedules
Identify and test default rules
Tweak rules and observe impact on packets
Handle various types of common traffic patterns
Move packets between subnets across rules interfaces
Evaluate various tweaks to firewall rules
Schedule rules and evaluate impact

Firewall LOGs | Reports
Explore considerable LOG data
Generate traffic and observe LOG entries
Enable rules based on LOG entries
Alter traffic according to desired result
Explore various in-built Reports
Evaluate results

Packages | Extensibility
Explore pfSense default Packages
Implement add-on packages
Correlate new packages to interface
Use add-on to accomplish various tasks

DHCP | DNS Services
Explore defaults
Influence DHCP Server configuration
Set Reservations
Configure DNS servics
Evaluate performance

DMZs | VLANs
Provision additional networks
Allocate networks to DMZs | VLANs
Configure Routing | Filtering between networks
Confirm packet flows
Evaluate results

Miscellaneous
Explore various areas
Administer Users
Test access
Use Backup | Restoration services
Confirm results

Firmware Upgrade
Identify current version
Perform upgrade
Check packet-flow during upgrade
Process post-upgrade error
Confirm functionality
Perform minor firmware upgrade
Snapshot VM instance
Backup configuration
Confirm upgrade

NTP Config
Explore interface and default behavior
Add NTP Peers
Query NTP via various interfaces
Restrict NTP to desired networks
Apply ACL – Test queries
Update server configuration

DNS | Forwarder | Resolver
Enable Forwarder
Issue queries – analyze results
Enable mini tables for DHCP nodes
Include domain override
Migrate to Resolver config
Peruse settings
Confirm resolution
Debug resolution-issues

SSH PKI Firewall Access
Explore default configuration
Connect to firewall as various users
Enable PKI access across accounts
Compound PKI access and test
Remove | Replace PKI access and confirm
Disable Password-based access

Useful Interfaces | RAM Disk Configuration
Use Edit Files interface to manipulate file
Explore Command Prompt interface
Execute various commands via interface
Migrate to RAM Disk configuration
Ensure SYSLOG configuration
Expand Firewall RAM via Hypervisor

Web Configuration – Force SSL
Explore default configuration
Test using ‘curl’ redirects
Disable clear-text access
Test connectivity – ‘curl’ && browser
Confirm results

WAN-Side Block Config Access
Explore default access
Test WAN | LAN access
Write rules blocking WAN config access
Test configuration

Anti-Lockout Configuration
Discuss applicability
Explore firewall rule
Disable Anti-Lockout
Discuss residual access
Write rules to permit configuration

Condense Rules via Aliases
Explore default rule-set
Define useful Aliases
Apply aliases to existing rules
Disable superfluous rules
Confirm packet-flow
Remove superfluous rules

SMTP Outbound Restriction
Identify default rule-set
Source outbound SMTP traffic
Define Alias to house trusted SMTP nodes
Write rules to Allow | Block SMTP accordingly
Confirm results

Performance Check
Install iperf
Explore interface
Setup iperf server – remote
Use iperf to generate and measure performance
Consider results as baseline

Bandwidth Monitor
Install Darkstat
Configure with appropriate settings
Launch and generate traffic
Monitor conversations
Look for anomalies

Squid Proxy
Install Squid
Configure with appropriate settings
Route HTTP client traffic via Squid
Blacklist domain
Exempt IP
Test proxy communications
Self-signed CA
Transparent Proxy
Test HTTP comms

About WoW Team

I'm WoW Team , I love to share all the video tutorials. If you have a video tutorial, please send me, I'll post on my website. Because knowledge is not limited to, irrespective of qualifications, people join hands to help me.