Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Anyone here using pfSense in anger?

  • 13-01-2016 1:58pm
    #1
    Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭


    Without giving away details, I'm looking at new firewall / router solutions for a small number of branch offices across Europe.

    One of our network guys is championing pfSense. (https://pfsense.org/)

    His argument is ... why buy expensive, backdoored and closed "solutions" when you can literally build your own.


    Recent news about backdoors in some vendors kit, and the prices of other vendors has me thinking ... maybe he's right.

    I've played with it, in a VM, and it seems feature rich and stable. One big concern is the lack of customer endorsements published.

    So ... has anyone here got experience or thoughts on pfSense?

    /EDIT - I know this could go in Networks & Comms ... but I'm looking for an InfoSec response :)


Comments

  • Registered Users, Registered Users 2 Posts: 1,193 ✭✭✭liamo


    Although I'm not currently using it, I have in the past used pfSense in a home and in a small business setting and have found it to be an excellent solution.

    I also know one company who use it for IPSec connections to over 100 of their customers with great success.

    For branch office connectivity you could do far worse than pfSense.

    It's certainly worth spending some time testing it as a solution.


  • Registered Users, Registered Users 2 Posts: 648 ✭✭✭Tenshot


    I have a pfSense installation acting as firewall for a small business park with around 15-20 companies sharing a high-speed Internet connection, each on their own VLAN.

    Most tenants have private sub-nets NAT'd to the outside world, while 3-4 are using pfSense bridged to a public IP subnet specific to that company. Everything is going through a single pfSense installation hosted on a mid-end PC with 2 x Gigabit Ethernet ports, plus an additional 10/100 port for management.

    It's been working very well for the past 12 months and I'd happily use it again.

    The only thing we had a small issue with was the quality of stats reporting. The main control panel integrates RRD and some other traffic monitors but these are only easily accessed by logging in; we wanted to make them available to non-technical site staff without granting full admin access to the firewall. I ended up having to develop a small proxy to handle this.


Advertisement