Pf sense 2.0

4,074 views

Published on

Pf sense 2.0 - Щеряна Шопова

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,074
On SlideShare
0
From Embeds
0
Number of Embeds
17
Actions
Shares
0
Downloads
143
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Pf sense 2.0

  1. 1. pfSense 2.0pfSense 2.0Shteryana Shopova OpenFest, Sofia November, 2011
  2. 2. pfSense - Introduction● FreeBSD-based open-source distribution for firewalls and routers● Started in 2004 based on m0n0wall● Powerful and flexible firewalling and routing platform● Versions ● Legacy 1.2.3 ● Latest stable – 2.0 – released 17th September, 2011
  3. 3. pfSense - Applications pfSense 2.0● Firewall (incl. redundant setups)● SOHO Router● WAN Router● Wireless Access Point/Captive Portal● VPN Appliance (OpenVPN, IPSec, L2TP, PPTP)● VoIP Appliance (FreeSWITCH)● Sniffer appliance●
  4. 4. System Requirements pfSense 2.0● 100Mhz Pentium CPU, 128MB RAM, 1GB Hard driver/512MB CF card (embedded)● Throughput ● 10-20Mbps – 266Mhz CPU ● 21-50Mbps – 500Mhz CPU ● 51-200Mbps – 1GHz CPU ● 201-500Mbps – 2.0Ghz CPU, PCI-e network adapters ● 501Mbps+ - server-class hardware, 3.0Ghz CPU, PCI-X/PCI-e network adapters● Features/Installed Packeges ● VPN – CPU resource and/or HW entcyption, 500Mhz CPU for 10Mbps IPSec ● Captive Portal - CPU resource ● Large state tables – 1Кb RAM per conection ● Packages – additional RAM - snort, ntop, etc – at least 512Mb RAM
  5. 5. pfSense - Features pfSense 2.0● pf firewall from OpenBSD ● Stateful filtering of IP, UDP and TCP streams based on various parameters ● Max connections limit per rule, selective logging per rule ● Filtering based on OS ● Policy routing ● Transperent L2 filtering, Traffic normalization ● NAT and Load balancing ● Redundancy – carp and pfsync● WebUI● Package management● Update & configuration management
  6. 6. NewpfSense 2.0 2.0 Features in● New instalation options● New interface types ● GRE and GIF tunnels ● Dial-up modem and Multi-link PPP ● 3G, VAP and more wireless cards supported ● LAGG● Bridging enhancements● Multiple gateways (dynamic) & Multi- WAN● WebGUI improvements – HTTPS, context help menus
  7. 7. NewpfSense 2.0 Features (cont.)● Firewall ● Layer 7 filtering ● Traffic shaper rewritten ● EasyRule ● Extended advanced rule options ● Extended NAT options ● Rule scheduling handled by pf ● State summary view & real-time stats in WebUI
  8. 8. NewpfSense 2.0VPN Features -● L2TP VPN added● IPSec ● Ipsec-tools 0.8 ● Mobile IPSec works with Android/iPhone● OpenVPN ● Remote access configuration wizzard ● Client export package ● OpenVPN Status page
  9. 9. pfSense2.0 New in 2.0● User management ● Local database ● LDAP ● Raduis ● Authentication diagnostics● Cert manager● Config history ● diff, download, descriptions
  10. 10. Available packages pfSense 2.0● Advanced routing ● OpenBGPD, OpenOSPFD● Telephony ● FreeSWITCH, SIP Proxy● Network Management ● Zabbix, nagios● Network diagnostics ● Bandwithd, rated, iperf, nmap, pfflowd● Web proxy ● Squid, squidGuard, LightSquid, HAVP Antivirus●
  11. 11. Planned releases - 2.0.1 pfSense 2.0● http://redmine.pfsense.org● Maintenance release● Expected - ???● Status - ~ 20% issues fixed
  12. 12. Planned releases - 2.1 pfSense 2.0● The big step - IPv6 ● pf, carp, traffic shaper, load balancer, captive portal, DHCPv6, PPPoE, PPTP● Packages updates● New Varnish package● cryptodev support● Improved policy routing & route metrics● Super vlan (RFC 3069)
  13. 13. PfSense 2.0 webUI menus pfSense 2.0 DEMO
  14. 14. pfSense 2.0Thank you!
  15. 15. pfSense 2.0Questions?

×