Firewalls. Everyone needs one and buying a linksys, Netgear or D-link router just doesn’t give you the capabilities that you’ll eventually need. I’m an enterprise technologies architect with over 17 years experience and I’ve worked with all the major firewalls out there including Cisco PIX, Checkpoint, Sonicwall, etc.
There’s one firewall that everybody doesn’t even think about. It’s open-source, has the ability to give you VPN access, Site to Site VPN inclusive, Load Balancing, SIP Proxying, and all of the functionality and performance of a Multi-Thousand Dollar solution without the cost. All of this running on PC Hardware with no licensing fees. I’ve replaced every customer’s firewall with pfsense. Why? Because, simply, it gives you all the flexibility and extensibility + more of the big box solutions for FREE.
Properly configured, they are extremely secure and can do more than all the big box solutions without the ridiculous licensing fees.
I run Site to Site VPNs between my offices and my houses all over the world. Completely secure, completely redundant, and completely (nearly free). After all, I actually pay for the hardware (I buy used Dell Desktops).
So this article will discuss exactly what it takes to make it happen for your home setup, business, or enterprise. If you’re not an enterprise customer, the cost of the hardware is minimal. If you’re an enterprise, a set of redundant, load balancing firewalls should cost you less than $2000.00 USD if even that much.
So Let’s get started.
pfsense is one of the unknown firewall distributions out there that is easy to install and extremely robust with over millions of installations worldwide. It provides everything from transparent firewalling to proxying and more. VPN capabilities, dynamic dns, VOIP proxying, Network Intrusion, Network Statistics reporting, thousands of connections capacity, high throughput, and did I mention my favorite? Support from experienced experts and a community that is very active!!!!
If you run into any problems, I’m available to consult (at very reasonable fixed fees). Advice will always be free, but consulting is what I charge for.
I can even set up a pre-configured firewall for you and ship it out to you or I can come on location to do the job. (Your preference), but telephone advice will always be free.. Just contact me via my contact page on this blog with your information and I’ll be in touch with you very quickly.
So let’s get down to the nitty gritty. You can read about pfsense at the following link: http://pfsense.org
I recommend using an old PC you have laying around if you’re a small business. You can always use a netgate pre-configured appliance, but it won’t handle the p2p traffic or the throughput you’re really looking for unless it’s for an external employee, although, it would still be cheaper to put in a refurbished PC and you’ll get more power and throughput.
If you don’t have an old PC laying around, I recommend the following (please use these links as they actually provide me with a small commission). Buy a used Dell PC (refurbished) and add a couple of cheap Ethernet Cards. You only need two for a simple setup, although you can add as many as you want. I use Intel Based chipset ethernet cards, because they lower the CPU utilization on the machine and perform the best.
Download the pfsense distribution iso and burn it to a CD. The installation is self guided and will allow completely automate the installation for you. Just remember to install it on the hard drive *anything with 20 GB or more is plenty*. Then it’s just a matter of configuring the options you want and it just “works”.
I will be writing a how-to on rules and setting up pfsense properly for a variety of situations, but if you have something special, please feel free to drop me a line and I’d be more than happy to entertain writing a blog post about how to do it.