Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
pfSense Hang Out April 2014 Introduction to Multi-WAN
Project News ● Two new hardware platforms in stock at store.pfsense.org ○ APU (VK-T40E2) - ALIX successor, AMD T40E CPU, 2...
Heartbleed vulnerability ● OpenSSL security vulnerability leading to disclosure of memory contents ● Affects pfSense versi...
Heartbleed vulnerability ● Primary components affected ○ Web interface ○ OpenVPN ■ shared key not impacted ■ SSL/TLS impac...
Heartbleed vulnerability ● Other impacted components ○ Some packages dependent on OpenSSL ● Recommended remediation ○ Upgr...
Heartbleed vulnerability ● Non-pfSense related things ○ Check all HTTPS servers ■ https://filippo.io/Heartbleed/ ○ Revoke ...
Multi-WAN Goals and Strategies ● Redundancy ● Bandwidth aggregation ● Segregation of priority services
Choosing Internet connectivity ● Cable paths ● Paths to the Internet
Example configuration
Demo setup ● Configuration of second WAN ● Configuration of monitor IPs ● Failover demo ● Load balancing demo ● Other gate...
Demo - NAT and Multi-WAN ● Port forward example ● 1:1 NAT example ● Outbound NAT example
Demo - Advanced Options ● Gateway advanced options ● System>Advanced options ○ Allow default gateway switching ○ State Kil...
Troubleshooting ● Verify rule configuration ● Failover not working ○ Check Status>Gateways ○ Verify monitor IPs ● Load bal...
Questions? Thanks for attending! Comments, suggestions, etc. welcome to gold@pfsense.org
Upcoming SlideShare
Loading in …5
×

Intro to Multi-WAN - pfSense Hangout April 2014

152 views

Published on

Slides for the April 2014 pfSense Hangout video

Published in: Technology
no profile picture user

  • Login to see the comments

  • Be the first to like this

Intro to Multi-WAN - pfSense Hangout April 2014

  1. 1. pfSense Hang Out April 2014 Introduction to Multi-WAN
  2. 2. Project News ● Two new hardware platforms in stock at store.pfsense.org ○ APU (VK-T40E2) - ALIX successor, AMD T40E CPU, 2 GB RAM, 8 GB SanDisk SDHC card, 3 gigabit Realtek NICs ○ C2758 - Rangeley Atom 8 core, 8 GB RAM, 80 GB SATA-3 SSD, 4 gigabit Intel NICs, 1U rack mount ● Support included with these new platforms
  3. 3. Heartbleed vulnerability ● OpenSSL security vulnerability leading to disclosure of memory contents ● Affects pfSense versions 2.1 and 2.1.1 ○ For components in base system - some 2.0.x packages potentially impacted ○ Doesn’t mean you need not upgrade 2.0x and 1.x systems
  4. 4. Heartbleed vulnerability ● Primary components affected ○ Web interface ○ OpenVPN ■ shared key not impacted ■ SSL/TLS impacted if not using TLS authentication, or if untrusted users have TLS key
  5. 5. Heartbleed vulnerability ● Other impacted components ○ Some packages dependent on OpenSSL ● Recommended remediation ○ Upgrade to 2.1.2 ■ WARNING: Upgrade AutoConfigBackup package first ○ Consider re-issuing keys
  6. 6. Heartbleed vulnerability ● Non-pfSense related things ○ Check all HTTPS servers ■ https://filippo.io/Heartbleed/ ○ Revoke and re-issue trusted SSL certificates after patching ○ Check with vendors of other products on applicability
  7. 7. Multi-WAN Goals and Strategies ● Redundancy ● Bandwidth aggregation ● Segregation of priority services
  8. 8. Choosing Internet connectivity ● Cable paths ● Paths to the Internet
  9. 9. Example configuration
  10. 10. Demo setup ● Configuration of second WAN ● Configuration of monitor IPs ● Failover demo ● Load balancing demo ● Other gateway groups usage ○ IPsec ○ OpenVPN ○ Dynamic DNS
  11. 11. Demo - NAT and Multi-WAN ● Port forward example ● 1:1 NAT example ● Outbound NAT example
  12. 12. Demo - Advanced Options ● Gateway advanced options ● System>Advanced options ○ Allow default gateway switching ○ State Killing on Gateway Failure ○ Skip rules when gateway is down
  13. 13. Troubleshooting ● Verify rule configuration ● Failover not working ○ Check Status>Gateways ○ Verify monitor IPs ● Load balancing not working ○ Validate testing methodology ○ Have appropriate expectations
  14. 14. Questions? Thanks for attending! Comments, suggestions, etc. welcome to gold@pfsense.org

×