PfSense Training Project Tracker: Difference between revisions

Convert all Netgate FUND001 training PDFs into CITWiki pages with detailed summaries. Each wiki page should include: learning objectives, key concepts, step-by-step lab instructions adapted for virtual environment, and troubleshooting tips.

• [x] SEG1 — Introduction to pfSense → Training: pfSense Introduction
• [x] SEG2 — Interfaces, VIPs, and Rules → Training: Interfaces and Firewall Rules
• [x] SEG3 — NAT and VIPs → Training: NAT and Virtual IPs
• [x] SEG4 — pfSense Services → Training: pfSense Services
• [x] SEG5 — VPNs and IPsec → Training: IPsec VPN
• [x] SEG6 — OpenVPN → Training: OpenVPN
• [x] SEG7 — WireGuard → Training: WireGuard
• [x] SEG8 — Multi-WAN → Training: Multi-WAN
• [x] SEG9 — Traffic Shaping → Training: Traffic Shaping
• [x] SEG10 — High Availability → Training: High Availability
• [x] SEG11 — Other Features → Training: Monitoring and Packages

• [x] Lab 1 — Intro, Getting Started, Backup/Restore → Training Lab 1: Introduction and Backup Restore
• [x] Lab 2 — Interfaces, Firewall Rules, Aliases → Training Lab 2: Firewall Rules and Aliases
• [x] Lab 3 — Virtual IPs and NAT → Training Lab 3: NAT and Virtual IPs
• [x] Lab 4 — Services and Branch Network Setup → Training Lab 4: Services and Branch Network
• [x] Lab 5 — IPsec → Training Lab 5: IPsec VPN
• [x] Lab 6 — OpenVPN → Training Lab 6: OpenVPN
• [x] Lab 7 — WireGuard → Training Lab 7: WireGuard
• [x] Lab 8 — Multi-WAN → Training Lab 8: Multi-WAN
• [x] Lab 9 — Traffic Shaping → Training Lab 9: Traffic Shaping
• [x] Lab 10 — High Availability → Training Lab 10: High Availability

• [x] Introduction Training (Module 0) → Training: Setting Up a Firewall for Yourself — Personal/small business firewall
• [ ] the-pfsense-documentation.pdf → Summarize into Training: pfSense Complete Reference or link as external reference
• [ ] WindowsTrainingSupportFiles.zip → Extract and document client software requirements (Training: Client Software Requirements)
• [ ] Training Videos (4× .mkv) → Catalog timestamps and link from relevant wiki pages

Build the virtual training environment on Comfac's 200-core / 1TB RAM machine.

• [ ] A.1 Install Ubuntu Server LTS on 200-core host
• [ ] A.2 Configure KVM/libvirt with storage pools (NVMe for images, SSD for ephemeral clones)
• [ ] A.3 Set up network bridges: `br-mgmt`, `br-lan`, `br-wan`, `br-dmz`, `br-internet`
• [ ] A.4 Configure VLANs for student isolation (one VLAN per student or per lab)
• [ ] A.5 Install and configure Ansible controller (host or container)

• [ ] B.1 Download pfSense CE ISO and create qcow2 golden image (2 vCPU, 1 GB RAM, 8 GB disk)
• [ ] B.2 Create Ubuntu Server 22.04/24.04 golden image (1 vCPU, 1 GB RAM, 10 GB disk)
• [ ] B.3 Create Windows 10/11 thin client golden image (2 vCPU, 4 GB RAM, 40 GB disk) — OR decide to use Linux clients only
• [ ] B.4 Create "Internet Router" golden image (Ubuntu with FRR/Quagga or simple static routes, 1 vCPU, 512 MB RAM)
• [ ] B.5 Test each golden image boots and functions correctly

• [ ] C.1 Write Ansible playbook: `lab1-student-env.yml` (1 pfSense + 1 client)
• [ ] C.2 Write Ansible playbook: `lab2-student-env.yml` (1 pfSense + 1 client + 1 server)
• [ ] C.3 Write Ansible playbook: `lab3-student-env.yml` (1 pfSense + 1 server + internet)
• [ ] C.4 Write Ansible playbook: `lab4-student-env.yml` (2 pfSense + 2 clients + 1 server)
• [ ] C.5 Write Ansible playbooks for Labs 5–10 (VPNs, Multi-WAN, Shaping, HA)
• [ ] C.6 Write Ansible playbook: `cleanup-student-env.yml` (destroy VMs, free resources)
• [ ] C.7 Write Ansible playbook: `reset-student-env.yml` (revert to snapshot/linked clone base)
• [ ] C.8 Test all playbooks end-to-end with a single student ID

• [ ] D.1 Evaluate Kimchi vs Apache Guacamole vs custom NoVNC proxy
• [ ] D.2 Install and configure chosen NoVNC solution
• [ ] D.3 Integrate NoVNC with student authentication (LDAP, local wiki accounts, or simple token-based)
• [ ] D.4 Build student dashboard: list of phases/labs, "Launch Lab" button, countdown timer
• [ ] D.5 Test 5 concurrent NoVNC sessions for stability
• [ ] D.6 Test 20 concurrent NoVNC sessions for performance

Design the student-facing training program.

• [x] E.1 Define "Setting Up a Firewall for Yourself" scope: home office / small business
• [x] E.2 Write Module 0: Why You Need a Firewall (threats, NAT basics, basic topology)
• [x] E.3 Write Module 1: Install pfSense on Old PC or VM (hardware requirements, USB install, first boot wizard)
• [x] E.4 Write Module 2: Basic WAN + LAN Setup (DHCP, DNS, first internet connection)
• [x] E.5 Write Module 3: Essential Firewall Rules (block incoming, allow outgoing, ICMP)
• [x] E.6 Write Module 4: Port Forwarding for Common Services (game server, camera, NAS)
• [x] E.7 Write Module 5: VPN for Remote Access (WireGuard road warrior setup)
• [x] E.8 Write Module 6: Backup and Updates (config.xml backup, update schedule)
• [x] E.9 Create hands-on lab for Introduction Course (single pfSense + 1 client VM)
• [ ] E.10 Record or source video walkthroughs for each module

• [x] F.1 Map each SEG slide deck to a wiki training page with summary + key takeaways
• [x] F.2 Adapt Netgate labs from physical/virtualbox environment to KVM/Ansible environment
• [ ] F.3 Update IP addressing schema for Comfac virtual lab (avoid conflicts with production)
• [ ] F.4 Write pre-lab briefing pages (what you'll learn, expected outcomes)
• [ ] F.5 Write post-lab review pages (common mistakes, verification steps, "show me" checklist)
• [ ] F.6 Create quiz questions for each phase (5–10 questions, auto-graded if possible)

Run the training with a small group before full rollout.

• [ ] G.1 Recruit 3–5 internal Comfac IT staff as pilot students
• [ ] G.2 Run Phase 1 (Foundations) with pilot group — collect feedback
• [ ] G.3 Run Phase 2 (NAT & Services) with pilot group — collect feedback
• [ ] G.4 Run one VPN lab (IPsec or OpenVPN) with pilot group — test resource limits
• [ ] G.5 Document all bugs, confusion points, and timeouts
• [ ] G.6 Refine playbooks and wiki pages based on pilot feedback

• [ ] H.1 Measure actual CPU/RAM/disk usage per student during pilot
• [ ] H.2 Adjust VM specs if over- or under-provisioned
• [ ] H.3 Test memory overcommit ratios for safe concurrency scaling
• [ ] H.4 Document maximum safe concurrent student count

Prepare for regular training delivery.

• [ ] I.1 Create student onboarding guide (how to access portal, use NoVNC, reset lab)
• [ ] I.2 Create instructor guide (how to monitor progress, assist students, grade labs)
• [ ] I.3 Set up scheduling system (book lab time slots, prevent over-allocation)
• [ ] I.4 Create completion certificates or badges

• [ ] J.1 Set up host monitoring (Prometheus/Grafana or simple `libvirt` stats)
• [ ] J.2 Configure alerts for host resource exhaustion
• [ ] J.3 Schedule weekly base image updates (pfSense patches, OS updates)
• [ ] J.4 Document disaster recovery (rebuild host from Ansible, restore golden images)

Per-student minimum: 6 vCPUs, 6.5 GB RAM, 62 GB disk Per-student full lab: 10 vCPUs, 10.5 GB RAM, 110 GB disk 200-core / 1TB capacity: 20–40 concurrent students (conservative to optimized)

Next Actions (This Week):

1. Summarize the-pfsense-documentation.pdf into a reference page
2. Document WindowsTrainingSupportFiles.zip contents
3. Catalog training video timestamps
4. Begin Ansible playbook drafting for Lab 1 environment
5. Evaluate Kimchi vs Guacamole for NoVNC portal