Seminario Ditedi pfSense - parte 2

pfSense
soluzione firewall opensource

Michele Della Marina
Dario Tion
Settembre, 2012

Michele Della Marina - Dario Tion pfSense - soluzione firewall opensource

pfSense

FreeBSD

pfSense is a free, open source customized distribution of
FreeBSD tailored for use as a firewall and router

www.pfsense.org


pfSense

DOCUMENTAZIONE

pfSense: The Definitive Guide http://doc.pfsense.org/


pfSense

INSTALLARE PFSENSE

Live CD
Full Install
Embedded
Virtual Appliance


pfSense

REQUISITI HARDWARE
Throughput necessario Funzionalità richieste


pfSense

REQUISITI MINIMI DI SISTEMA

CPU - 100 MHz Pentium
RAM - 128 MB
1 GB hard drive
512 MB Compact Flash
Serial port for console


pfSense

REQUISITI HARDWARE
Stateful Inspection

STATI RAM (MB)

100.000 97

500.000 488

1.000.000 976

3.000.000 2.900

1 STATO ~ 1KB RAM


pfSense

REQUISITI HARDWARE
Throughput vs CPU/NIC

400

350
A snippet of a comment in
300
the source code for this
driver tells the story
"The RealTek 8139 PCI NIC
Throughput (Mbps)

250
redefines the meaning of 'low
Realtek
200
Intel Pro/1000
end.' This is probably the
worst PCI Ethernet controller
150 ever made, with the possible
exception of the FEAST chip
100
made by SMC."
50

0
MMX 200 MHz II 350 MHz III 700 MHz IV 1.7 GHz

CPU


pfSense

REQUISITI HARDWARE
VPN (IPSEC) Throughput vs CPU

100

90

80

70
Throughput (Mbps)

60

Throughput
50

40

30

20

10

0
CPU 266 MHz CPU 500 MHz CPU XEON 800 FSB MHz


pfSense

REQUISITI HARDWARE
VPN (IPSEC) Throughput vs CPU


pfSense

PROCESSI INSTALLAZIONE


pfSense

ASSEGNAZIONE INTERFACCE

WAN OPT

LAN


pfSense

ASSEGNAZIONE INTERFACCE


pfSense

PFSENSE CONSOLE


pfSense

WEB MANAGEMENT


pfSense

WEB MANAGEMENT: INTERFACCE


pfSense

ALIAS: variabile per agevolare scrittura delle regole


RULES: DEFINIZIONE

Everything that isn't explicitly passed is blocked by default


pfSense

NAT


pfSense

ROUTING

Dove devo andare per andare
dove voglio andare?


DEFAULT RULES / NAT

LAN
WAN

NAT


pfSense


pfSense

VPN: Virtual Private Network

SITE-2-SITE ROAD WARRIOR CLIENT 2 SITE

IPsec
PPTP
OpenVPN

IPsec
OpenVPN


pfSense

VPN: Virtual Private Network

Quale VPN?


pfSense

CA - Certification Authority


pfSense

QOS / BANDWIDTH MANAGEMENT

Traffic Shaping


pfSense

WIZARD: almeno 80 REGOLE QOS

Traffic Shaping


pfSense

LAYER 7 PATTERN

Traffic Shaping
smtp
^220[x09-x0d -~]* (e?smtp|simple mail)
userspace pattern=^220[x09-x0d -~]* (E?SMTP|[Ss]imple
[Mm]ail)
userspace flags=REG_NOSUB REG_EXTENDED

http://l7-filter.sourceforge.net/Pattern-HOWTO


pfSense

PACKAGES / SERVIZI

DHCP
DNS
CAPTIVE PORTAL
FREERADIUS
IDS/IPS (Snort)
BGP ROUTING
INTERNAL CA


pfSense

SYSTEM LOG


pfSense

HIGH AVAILABILITY


pfSense

ESEMPIO DI CONFIGURAZIONE


pfSense

RIFERIMENTI
BIBLIOGRAFIA ed IMMAGINI
Famiglia Simpson :-)
http://en.wikipedia.org/wiki/Morris_worm
http://en.wikipedia.org/wiki/Firewall_(computing)#cite_note-report_unm-2

www.symantec.com
www.malaboadvisoring.it
www.google.com
www.vmware.com
www.laontalk.com
www.guidaacquisti.net/
www.wikimedia.org
www.39italia.com
it.123rf.com/
www.silhouettesclipart.com
www.thenetworkthinkers.com/
www.neomedia.it
www.diablotin.com
www.wired.com
www.cisco.com
www.simonecossu.it


Seminario Ditedi pfSense - parte 2

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a Seminario Ditedi pfSense - parte 2

Semelhante a Seminario Ditedi pfSense - parte 2 (6)

Seminario Ditedi pfSense - parte 2