Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying OPNsense Beginner to Professional
  • Table Of Contents Toc
  • Feedback & Rating feedback
OPNsense Beginner to Professional

OPNsense Beginner to Professional

By : Camargo
4.3 (8)
Buy this Book
close
close
OPNsense Beginner to Professional

OPNsense Beginner to Professional

4.3 (8)
By: Camargo
Buy this Book

Overview of this book

OPNsense is one of the most powerful open source firewalls and routing platforms available. With OPNsense, you can now protect networks using features that were only previously available to closed source commercial firewalls. This book is a practical guide to building a comprehensive network defense strategy using OPNsense. You’ll start with the basics, understanding how to install, configure, and protect network resources using native features and additional OPNsense plugins. Next, you’ll explore real-world examples to gain in-depth knowledge of firewalls and network defense. You’ll then focus on boosting your network defense, preventing cyber threats, and improving your knowledge of firewalling using this open source security platform. By the end of this OPNsense book, you’ll be able to install, configure, and manage the OPNsense firewall by making the most of its features.
Table of Contents (25 chapters)
close
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Initial Configuration
Section 1: Initial Configuration
Free Chapter
2
Chapter 1: An OPNsense Overview
chevron up
Chapter 1: An OPNsense Overview
About the OPNsense project
Rock-solid FreeBSD – HardenedBSD
Why OPNsense?
Features and common deployments
Where to get help?
Summary
3
Chapter 2: Installing OPNsense
Chapter 2: Installing OPNsense
Technical requirements
Versions and requirements
Downloading and installing OPNsense
Updating firmware
Installing plugins
Advanced – Accessing the CLI through SSH
FreeBSD packages
Summary
4
Chapter 3: Configuring an OPNsense Network
Chapter 3: Configuring an OPNsense Network
Technical requirements
Hardware considerations
Basic network configuration
Types of interfaces
Exploring virtual IPs
Network diagnostics and troubleshooting
Summary
5
Chapter 4: System Configuration
Chapter 4: System Configuration
Technical requirements
Managing users and groups
External authentication
Certificates – a brief introduction
General settings
Advanced settings
Configuration backup
Summary
6
Section 2: Securing the Network
Section 2: Securing the Network
7
Chapter 5: Firewall
Chapter 5: Firewall
Technical requirements
Understanding firewalling concepts
Firewall aliases
The firewall rules
Firewall settings
Diagnostics and troubleshooting
Summary
8
Chapter 6: Network Address Translation (NAT)
Chapter 6: Network Address Translation (NAT)
Technical requirements
NAT concepts
Port forwarding
Outbound NAT
One-to-one NAT
Summary
9
Chapter 7: Traffic Shaping
Chapter 7: Traffic Shaping
Technical requirements
Introduction to traffic shaping
Possible scenarios
Creating rules
Monitoring
Summary
10
Chapter 8: Virtual Private Networking
Chapter 8: Virtual Private Networking
Technical requirements
OPNsense core VPN types
Site-to-site deployments using IPsec
VPN deployments using OpenVPN
OpenVPN diagnostics
Summary
11
Chapter 9: Multi-WAN – Failover and Load Balancing
Chapter 9: Multi-WAN – Failover and Load Balancing
Technical requirements
Failover and load balancing
Policy-based routing
Troubleshooting
Summary
12
Chapter 10: Reporting
Chapter 10: Reporting
Technical requirements
System health graphs
Understanding Netflow and how to use it
Exploring real-time traffic
Troubleshooting common problems in the network using Netflow and graphs
Summary
13
Section 3: Going beyond the Firewall
Section 3: Going beyond the Firewall
14
Chapter 11: Deploying DHCP in OPNsense
Chapter 11: Deploying DHCP in OPNsense
Technical requirements
DHCP concepts
DHCP server
DHCP relay
Diagnostics
Summary
15
Chapter 12: DNS Services
Chapter 12: DNS Services
Technical requirements
Core DNS services
DNS plugins
DDNS
Troubleshooting
Summary
16
Chapter 13: Web Proxy
Chapter 13: Web Proxy
Technical requirements
Web proxy fundamentals
Basic configuration
Web filtering
Reading logs and troubleshooting
Summary
17
Chapter 14: Captive Portal
Chapter 14: Captive Portal
Technical requirements
Captive Portal concepts
Setting up a guest network
Web proxy integration
Common issues
Summary
18
Chapter 15: Network Intrusion (Detection and Prevention) Systems
Chapter 15: Network Intrusion (Detection and Prevention) Systems
Technical requirements
IDS and IPS definition
Suricata and Netmap
Rulesets
Configuration
SSL fingerprint
Troubleshooting
Summary
19
Chapter 16: Next-Generation Firewall with Zenarmor
Chapter 16: Next-Generation Firewall with Zenarmor
Technical requirements
Layer7 application control with Zenarmor
Choosing a Zenarmor edition
Installing and setting up the Zenarmor plugin
Summary
20
Chapter 17: Firewall High Availability
Chapter 17: Firewall High Availability
Technical requirements
High availability concepts
Configuring high availability
Testing the HA configuration
Summary
21
Chapter 18: Website Protection with OPNsense
Chapter 18: Website Protection with OPNsense
Technical requirements
Publishing websites to the world
About the NGINX plugin
Installing and configuring the NGINX plugin
Adding WAF rules
Troubleshooting
Summary
22
Chapter 19: Command-Line Interface
Chapter 19: Command-Line Interface
Technical requirements
Directory structure
Managing the backend daemons
Useful system commands
Advanced customization
Filtering log files
Summary
23
Chapter 20: API – Application Programming Interface
Chapter 20: API – Application Programming Interface
Technical requirements
Concepts
Setting up API keys
API calls
Summary
Why subscribe?
24
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

About the OPNsense project

To introduce you to the OPNsense project, I'll first need to tell a bit of my story and how I fell in love with it.

Project history

To tell the OPNsense story, we need to go back to 2003, when the initial release of m0n0wall was released. The main goal of this project was to have FreeBSD-based firewall software with an easy-to-use web interface (based on PHP) that worked on embedded PCs and old hardware with a good performance but that was just focused on Layer 3 and Layer 4 firewalling. m0n0wall was a good achievement. Still, picky network and security admins were claiming for other features such as web proxying, intrusion detection and prevention systems, and some other features that commercial firewalls were delivering as a default Unified Threat Management Solution (UTM). So, in 2004 a new project began, a m0n0wall fork, with its first public released in 2006. The fork's name? pfSense, and, as the name suggests, it used Packet Filter (PF) as a firewall-based system instead of the ipfilter (another FreeBSD packet filter)of its predecessor. For a long time, pfSense was a unique open source firewall solution, with a big active community and constant improvements. Many network and security administrators that only accepted Linux-based firewalls (yes, I was one of them too!) started to migrate to this FreeBSD-based firewall. These two projects coexisted until 2015, when m0n0wall was discontinued. There were signs of discontent back then; part of the pfSense community was not happy with some things such as changes in licenses and the direction the project was heading in.

Back in 2014, a brave group of developers decided to fork from pfSense and m0n0wall and started the OPNsense project. The first official release was in January 2015, inheriting a lot of code from its predecessors. Still, with a very ambitious plan to change how a lot of things were being done, OPNsense quickly rose as a pfSense alternative and received an important recommendation from the m0n0wall founder, Manuel Kasper, encouraging users from his project to migrate to OPNsense. It was the start of one of the best open source firewall projects.

A new project with a lot of improvements on old code

The following are some of the key features that OPNsense came with:

  • OPNsense came with many new concepts and features that the community could claim credit for, such as a Model View Controller (MVC)-based web interface, a fixed release cycle, and a genuinely open source aspiration. The release cycle is done in two major versions each year, one in January and another in July (the community version) – for example, in 2021, the first version was 21.1 (January 2021), and the second one was 21.7 (July 2021), with a predictable and well-written roadmap. For the business edition, the releases are launched in April and October. The business editions are targeted at businesses and enterprises, containing the improvements delivered to the community version users first.
  • As a Chief Technology Officer (CTO) with dozens of managed OPNsense-based firewalls, it is strategic to use firewall firmware with a predictable roadmap and release life cycle. This way, we can plan things with companies whose business depends on our managed firewalls.

Talking about versions, we need to introduce you to the flavor available:

  • OpenSSL: The default one.

If you don't have any reason to choose LibreSSL, I'll advise you to pick the default one, OpenSSL. We will talk more about versions and installation media in the next chapter.

Talking about improvements, we must speak of the project architecture, starting with the frontend, the Phalcon PHP framework. This framework is used to implement webGUI and its APIs (another considerable improvement compared with its predecessors). It will do the work to render and control all that you can see and do using your web browser to manage your OPNsense.

The OPNsense framework also contains a backend, which is a Python-based service, also known as configd. This backend service will be in charge of controlling services, generating daemons and service config files from Jinja2 templates, and applying these configurations to an operating system.

With this architecture, OPNsense has a significant advantage – a secure way to manage and apply configurations to an operating system without executing root commands directly from the PHP web interface (as pfSense did, for example), reducing the risk of a flaw in webGUI compromising the whole firewall system.

So, now that we know how OPNsense evolved and its benefits, let's take a look at the operating system that serves as the base to this incredible firewall platform – FreeBSD's fork, HardenedBSD. It's essential to understand how the whole system and its components work to become a good OPNsense administrator. Let's go!

End of Section 2
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY