5 PFsense packages to install for your network's VPN gateway
One of the features of pfSense is its ability to expand with packages. Using packages allows the basic installation of pfSense to remain compact, but allows users to install only the packages necessary for their conditions.
In this article, you will find a list of the top 5 pfSense packages that you will most likely need to set up your corporate network. Each package includes a brief description of what the package does and how it can help your network.
to install packages, you must use the full version of pfSense. currently, packages are not supported in embedded or liveCD versions.
Squid is the most popular package for pfSense. Squid is a caching proxy server that can improve the performance of your Internet connection.
Squid creates a cache of frequently used web pages, images, or other files that clients request from the Internet. If the requested item is found in the cache, Squid can deliver it directly to the requesting computer, rather than using a WAN connection.
The Squid Package can be configured to run transparently, which means that traffic on your network will be automatically routed through a proxy server without having to change any configuration on connected computers.
another advantage of installing this package is that in combination with LightSquid, you can view reports on websites visited by computers on your network.
PfBlockerNG is the perfect package for blocking incoming and outgoing traffic based on an IP address or domain name. This package provides a wide range of features to protect your network from unwanted traffic, including country blocking, IP/DNS blacklist, and IP reputation blocking.
The DNS blacklist Feature allows you to add multiple external blacklists to block traffic, such as ads, threats, and malware.
This is a great package if you use a mail server on the network. By adding a spam blacklist such as Spamhaus, you can block spam even before it reaches your server port.
another very useful package for pfSense - SquidGuard is a high-speed url filter and URL router.
By Uploading your own blacklist or using one of the freely available lists, you can configure which sites your network users are allowed to access and at what time. The package can also be configured using schedules to grant access based on the time of day.
SquidGuard can also force the use of domain names that prevent users from bypassing the blacklist by simply entering an IP address. Blocked URLS can be redirected to an external website or an internal information page.
It is Important to analyze network traffic usage to optimize performance and find potential problems in your company. Darkstat is a network traffic monitor that runs in the background and displays your network usage statistics.
The Data collected by this package can be viewed using the web interface. An easy-to-use HTML interface lets you view the best senders and recipients of traffic on your network. You can drill down on the charts to see which protocols and ports take up most of your network's bandwidth.
This package provides a quick way to identify traffic to block or prioritize on the network.
Snort is a very popular open source intrusion detection and prevention system (IDS / IPS). Installing this package on pfSense allows you to analyze network traffic to detect attacks, buffer overflow attacks, port scans, and more.
the Snort Engine is based on signatures that are regularly updated by the community. Snort can be configured to automatically send a warning, block, or log an intrusion attempt.
If you are concerned about the security of your network, I strongly recommend installing Snort.
installing packages in pfSense is quick and easy. First, open the package Manager, which can be found by clicking on the system menu in the web interface.
Click the Available packages tab to view a complete list of all available applications. When you find the package you want to install, just click the plus icon on the right side of the package description.
PfSense will automatically install the package and create a new menu entry. Most packages create an entry in the services menu, but some place their settings in a different category.
PfSense will automatically check for updates for installed packages. To check for updates, go to the Installed packages tab in the package Manager. If an update is available for a package, the package version section will be displayed in red for an outdated package.
to automatically install the updated version of the package, click the PKG button that appears on the right side of the screen. After that, PfSense will remove the outdated version and install the update.
PfSense has many other packages besides the ones I listed in this article. Since pfSense is an open source application, you can also develop your own packages and submit them to the repository. Almost any normal FreeBSD package can be converted to work in pfSense. If you are interested in learning more about package development, visit doc.pfsense.org.
Михаил Дегтярёв (aka LIKE OFF)