I just finished upgrading my pfSense firewall to the latest 1.2-RC2 release. I’ve been running 1.0 (and a pre-1.0 release before that) on a network appliance for several years now. It’s a very solid and stable firewall with a bunch of features usually only found on higher-end equipment.

pfSense is a firewall appliance derived from m0n0wall, based on BSD and has a great web-based configuration interface. I installed this latest release of pfSense into a VMware virtual image, and also have it running on a 1G CF on a mini-itx VIA motherboard.

I have been using pfSense successfully to manage a static IP subnet, using its 1:1 NAT and virtual IP addressing features to route the static IP block to the servers to which the static IPs are assigned. I also use the traffic shaping features to allocate bandwidth for VoIP accounts that terminate at an asterisk appliance on the internal network. Real-time traffic graphs and traffic logs also give and idea of the bandwidth loads on the network.

The pfSense  firewall appliance also serves as a VPN endpoint into my internal network, pfSense offers VPN services through IPsec, OpenVPN, PPPoE, and PPTP. I’m currently using PPTP with Windows XP clients.

Other features of pfsense include captive portals, load balancing, CARP for failover protection, OLSR, RIP, SNMP, UPnP, DHCP server and relay, DNS Forwarder, Wake on LAN, and a packaging system that lets you add on third party packages to the firewall such as radius servers, network monitors, web proxies, and security tools, to name a few.

pfSense contains all its configuration in one XML file which makes it easy to upgrade and configure the firewall. pfSense can be run in an embedded environment (off of a compact flash card, with no console/keyboard) or on normal equipment with I/O enabled. Packaging pfSense into a VMware image was also very straightforward and worked as expected. This virtual firewall image can then be used to decouple the firewall software from the hardware and give me the flexibility to quickly switch hardware as needs change or hardware failures are encountered.

This entry was posted on Wednesday, October 3rd, 2007 at 9:04 am and is filed under Best of Tech, Disruptive Tech, Net Appliances, Use and Recommend. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.