Note: If the fundamentals in this section are not proficient, additional catching up and self-study will be required before proceeding with pfSense-specific configurations.

• Understand the purpose and function of a network: connecting devices, sharing resources, and enabling communication.
• Identify common network devices: switches, routers, firewalls, access points, servers, and client devices.
• Learn IP addressing basics (IPv4/IPv6), subnetting, and DNS/DHCP roles. Static and Dynamic IP, NAT (Network Address Translation) basics.

• Home vs. enterprise network setups. The critical techniques in scaling and managing larger and larger networks. How to organize and track hosts and IPs and servers.
• Understanding of wired vs. wireless connections and their use cases. The ability to troubleshoot latency, wireless interference (channel assignment), and optimization.
• VPN creation - WireGuard, ZeroTier, and paid VPN services.

• Set up WAN connection with ISP (DHCP, PPPoE, or Static IP).
• Configure LAN interface for internal network.
• Assign DHCP or static IP addressing for devices.

• Add, remove, and configure additional interfaces.
• Bind interfaces to networks with proper IP ranges.

• Perform manual configuration backups and restores.
• Configure AutoConfigBackup service.
• Regularly download and archive backup files for recovery assurance.

• Analyze firewall logs to identify blocked/allowed traffic and misconfigurations.
• Trace connection attempts and NAT translations.

• Monitor and reconfigure RRD data collection for accuracy.
• Reassess load balancing configurations when performance issues arise.

• Gather data from graphs, logs, and monitoring tools to support the case for hardware upgrades or prioritization of resources.

• Use pfBlockerNG to block ads and trackers.
• Prevent preloading of ads and video content, which can otherwise cause significant bandwidth consumption.

• Create VLAN interfaces.
• Tag VLANs appropriately for segmentation.
• Configure inter-VLAN routing and access restrictions.

• Define host, network, and port aliases for easier firewall rule management.
• Use aliases to simplify large or frequently updated rule sets.
• Leverage aliases to help design and assign VLANs without tracing every device manually, while still physically tagging devices and connections for accuracy and accountability.

• Configure multiple gateways.
• Set up load balancing across ISPs.
• Set up failover for redundancy.

• Understand pass, block, and reject behavior.
• Configure rules for WAN, LAN, and VLAN interfaces.
• Implement rules for DMZ environments.

• Place public-facing servers in isolated segments.
• Apply strict firewall rules between DMZ, LAN, and WAN.

• Configure traffic shaping to prioritize critical applications (VoIP, ERP, video conferencing).
• Manage bandwidth allocation to prevent congestion.

• Configure IPsec for site-to-site and secure remote connections.
• Set up OpenVPN for flexible client access.

• Deploy WireGuard as the primary VPN due to its simplicity and performance.
• Highlight cost-effectiveness: can run on a Contabo VM (~₱4,000/year) compared to costly ISP-provided IP addresses.
• Using the WireGuard Docker in a VM, administrators can create unlimited VPN groups, since it leverages UDP hole punching and coordinating servers for efficient scaling.

• Configure pfSense Captive Portal for guest or managed access networks.
• Note that Captive Portal can be resource-intensive, requiring significant bandwidth and processing power.
• May require a dedicated system to run efficiently in large deployments.

• Go beyond built-in RRD graphs with advanced monitoring and visualization.
• Integrate external dashboard tools (Grafana, InfluxDB, etc.).
• Build custom dashboards for latency, throughput, and traffic analysis to support proactive troubleshooting.