 PF Sense packages and the PF Sense package manager. So the package manager is pretty cool and it allows you to add a lot of add-ons for PF Sense. And I like this feature quite a bit. But of course, once you get a bunch of packages in a list, you immediately go to the question, okay, I see all these fun things in here. Which one should I load? What should I be loading here in PF Sense? What works? So I'm gonna make a short list of the ones I usually load for people and talk about why I load them. And ones I find useful, there's more in there. Maybe you have more use cases for those than I do, but these are the basics here. I am gonna skip and top PNG and skip Sericata and Snort. I have separate videos on those. And I generally do load like Sericata on a system if someone's gonna be taking the time to manage that system and make sure those alerts are addressed in there. So if not loading Sericata just gives you a good feeling, but no extra protection if you're not gonna manage the alerts and spend time fine-tuning it. But these are the basic ones outside of that. And as well as the same with N-top PNG, it's very resource intensive and I don't find it to be that amazing, so to speak. It's kind of cool when you're doing and diagnosing and trying to dig in some stuff, but leaving it running all the time just kind of taxes the system generally unnecessarily. And if it's not a more powerful PF Sense, it can also just suck up a lot of CPU time and log time and potentially create other issues if you don't have a fast system. So basic packages that I have installed in most systems. This is our demo system we have here. We're gonna start with ARP Watch. And ARP Watch is a pretty neat little tool. Now, ARP Watch is gonna rely on the fact that you have email set up and it's under system advance and last tab allows you to have notifications and you can set SMTP server up. So PF Sense can notify you via email if there's any changes. Now ARP Watch specifically watches a network and perhaps if you wanted to have a lockdown network for your servers where there's no changes going on. Well, ARP Watch is great for that because you can say, all right, I'm gonna point it at that particular network and if anything happens on the network, if there's any change, someone plugged another server into a switch or something like that, it immediately notifies you if a MAC address changes, if there's something going on in your server side network. So obviously you don't want this on your LAN side network because you have computers shutting off, turning on, they come and go, new devices, your phone comes on the network, your phone goes off that network. Those are gonna create noise and then it becomes very useless. But when you talk about a lockdown security side of the network that is a separate place where your servers live, you wanna know if there's any change to that network and ARP Watch is a really simple way to do that. So I really only load this if the client has a separate network that needs to be monitored if they don't or if everything's like a more flat network or smaller office where that's just not necessary or you don't want the network server on another segment. Okay, I don't know what you use it, but it's a cool one there if you wanna watch a specific segment of a network for changes. You can even put this on any insecure network because you can monitor each one. It's basically anytime you want a network and you just wanna be notified anytime there's a change and have it send an email to you. But like I said, it's a time waster if you stick it on a network that has devices coming and going. Next one down, Darkstat. Darkstat's pretty cool. It, first warning, if you set up Darkstat and we'll show you where it's set up out, you go here to Diagnostics, Darkstat Settings which is where we're at now. It binds to port 666 by default. Now because I'm accessing this in the lab, I've tied it both to my LAN and WAN address, but there's no security on Darkstat. It just works. So it's a read-only, it's not like you're manipulating any data, but by the way, whatever address you bound it to, create your own rules if you need to, but it's going to allow anyone to view that statistics and data in there. So it gives you this cool real-time graph to show you the data. Then you can click on any host and see the hosts that are connected. Here's my computer connected to this lab machine and you can see the connections and accumulations on there. But it's nice when you're just looking for where's all the data going and trying to sort that out. So it's a really basic kind of blunt tool, but it's kind of cool because it gives little graphs and it does look pretty neat. And you know, get an idea of where some of these requests are going to and what computers are making those requests. Like I said, it's a basic tool, but it gives you an idea of where to start looking. I still, my go-to is going to diagnostics and PFTOP, the built-in PFTOP to dig into connections and see where they're actually going and what's actually touching what on here. For example, we'll pull this up. 192.1683.9. Let me go to host. This will give me much more in depth, but host, dark stack can be that first point of, okay, first, why is this particular IP address pulling a lot of data? And you can sort how much data is being pulled by IP address on there. So like I said, it's a handy little utility and doesn't tax the system very much having it on there. IPERF is for benchmarking. We're going to go over here to diagnostics, IPERF client, and then under that is IPERF server. And IPERF allows you to create either TCP, UDP sessions between other boxes. You can download IPERF directly loaded on a multitude of different things from your phone to your Linux box to your Windows box. And then unfortunately, this is IPERF version one, not IPERF three, the current version. I'm not sure why they package an older version. I'm guessing it's a VSD thing just to have the old version on there, not the new one, but it does allow quick, easy ways to determine speed between two devices and make sure that you can see that how much speed you can get across and maybe have two PF sense boxes. You can expose IPERF to the internet, don't leave it exposed, maybe create a temporary rule and you want to connect to your other PF sense box to see what kind of traversal they have for speed or internal boxes to see if they can connect to it very fast. So it's handy. I do like it when I've got to do a little bit of that testing and make sure the PF sense can talk to something at a reasonable speed and it doesn't have to run as a service. So it's not something that's running all the time. You can start and stop it as a service. So it's not really taking up anything on the PF sense to leave it on there. End map. Now while end map is available, I never really use it inside of here because it just doesn't expose all the features. This is more of a login and run it as a command line. So you log into that PF sense box, type end map and it's your standard, all the details from using end map from the command line. And this is really nice when you want to scan a client's network looking for things if they have a PF sense at the head end because end map now sits at the pivotal point of the network if they have several different VLAN, several different LANs set up because this has access and has feet in all of them. One box, I can scan all the separate networks through here, create a series of files. I just dump them all out to an exportable file, copy them back off and bring them over to the local machine to do more analysis on them. Like I said, my preference is to run it right from the command line and get all the information you need with whatever parameters I want for that network scan. But it does open it up within the UI here so you can do a little bit of scanning on devices and get some information about them. And this is what it looks like when you run the scan on a local one so you can see what's open, what it can see and what it can get at when it's on this right here. Next on the list, open VPN client export. Obviously I only load this if they're even using open VPN but this is a great utility to make it really easy to export VPN settings. And of course you find that under VPN, I will go here, go back, then under client export and it builds an automatic export. I've done this in my open VPN videos with some customization so you can choose the server, choose the details about the server and export easily to open VPN config. Now this is a common I load on the majority of the time. Pretty much everyone's systems is PF Blocker and G because PF Blocker's awesome. And I've done a video on this specifically about how to configure it. There's two sides to PF Blocker. There's the external blocking that is great if they have ports open, if they don't have ports open I don't worry about that as much. And then there is the outbound blocking in the sync holding that you can do on some of the databases to say all right, they don't need to go to these sites and put in risk sites to just black hole those, you know and some people use it for ads and it works for that as well. So sync holding bad sites, ad sites and things like that and it's all doing it via DNS. So it's not exactly like a web filter but sync holding via DNS quite a few different crappier bad or ad sites is always great. The last one I load is status traffic totals. I'm gonna drag over my firewall to show you what that looks like once it's loaded up. So status traffic totals is under the status menu and it gives you these cool little graphs that you can go hourly, daily or even monthly and see how much data per month was pushed out across each of the networks on there in and out. So it's definitely a kind of novel way to do this and it gathers all the statistics that has options if we display advanced here. Export is a CSV. One note is when you set this up, when you first load it you just have to click enable graphing because by default it doesn't graph anything. So if you load this and assume it just works it doesn't but it's not too intensive on the machine. It just gathers up statistics and puts this pretty basic graph together for all of it but it also is handy because of the CSV export that it has. So if you ever wanna do some further longer term analysis and this can be helpful for bandwidth if you wanna make sure you are capacity playing enough you can look at how much over time each of your networks and each of your network segments is using. So this is handy little utility for doing that and especially if you wanna know things like just how much VPN is being used. You can select like this right here, save as default, I'm gonna add in that VPN as well and I can now add in how much the two VPNs that we have set up on our network are using. So handy little utility, it initially says right under here under traffic totals and it's a little bit more in depth because it's keeping cumulative over time and PF sense doesn't have a lot of that out of the box by default you're cumulative over time until you load the traffic status totals. So hopefully this is helpful, like I said there's not a long list of things that I install in here but it's just a handful of them. This is my PF sense, my server so I do have Sericata and Xabx on here because I use Xabx for monitoring but I do have those in here as well and like I said it comes back to you case if you're using Nagios for monitoring that is also built into PF sense because it has that an option but you even as I mentioned can see like Ntot PNG over here I don't have it set up or in use as a constantly running even on my server which is a reasonably fast server. It's a Xeon at three gigahertz four core system. So hopefully this helps and gets you started with PF sense like I said feel free to play with all the packages they're free, they're not no charge even what you wanna add on and maybe you'll find some other ones that are useful. I do recommend cause people have asked me about loading like third party packages. I go with what is recommended and known to work based on the people, the developer development team at PF sense cause if a package is really good and really popular it can be properly submitted to be officially supported but you can get some unpredictable results if you run things unpredictably on your firewall which because this is at the edge of the network and supposed to be protecting it I highly recommend not loading random things on here unless it's for experimentation or for your lab or for some testing but not in a production environment at least not in any of mine do I run any one off third party packages unless I'm super confident and I can't think of any time I've done that recently. Might be fun to play with a few things and load them on there but for most part I stick with what they support because then it becomes part of the regular updates that they have in there. All right, thanks. Thanks for watching. If you liked this video, give it a thumbs up if you wanna subscribe to this channel to see more content, hit that subscribe button and the bell icon and maybe YouTube will send you a notice when we post. If you wanna hire us for a project that you've seen or discussed in this video head over to laurancesystems.com where we offer both business IT services and consulting services and are excited to help you with whatever project you wanna throw at us. Also, if you wanna carry on the discussion further head over to forums.laurancesystems.com where we can keep the conversation going and if you wanna help the channel out in other ways we offer affiliate links below which offer discounts for you and a small cut for us that does help fund this channel. And once again, thanks again for watching this video and see you next time.