This is an Introduction To PFSense Firewall 2020 Guide.
Pfsense is an open-source router/firewall software that can be used to turn a computer into a router and firewall. Pfsense started as a fork off the Monowall project whose aim was to provide a web configuration interface for the command line only PF packet filtering program.
This post series will aim to cover as little as possible, the theories associated with PFsense while providing a practical approach to configuring PFsense for the home and corporate environment.
Pfsense can be used as a firewall, in which case, we would need two or more network interface cards on PFsense. It can perform a variety of network and security-related functions. One network interface would be used for the WAN and the other for the LAN. This will enable us to filter inbound and outbound traffic. In some deployments, it will be necessary to create a DMZ demilitarized zone where internet-accessible resources like email servers, web servers are placed in a separate network.
Below is a small list of all the features the PFsense router and firewall can boast of:
- Virtual Private Networking Server
- Firewall / Router
- High Availability
- Load Balancing
- Domain Name System and Dynamic Host Configuration Protocol Server
- Unified Threat Management (UTM) Device
- Intrusion Detection System and Intrusion Prevention System (IDS / IPS)
- Snort or Suricata based IPS/IDS
- Open source add-ons
- Traffic Shaping
- Transparent Caching Proxy
- Stateful Packet Inspection
- Web Content Filter
- GeoIP blocking
- Virtual Local Area Network (VLAN) support
- Deep Packet Inspection
- Many enterprise-grade user authentication options.
- Web content filtering options including Domain Name blacklisting
- System security options
- Copious reporting options
- Backup and Restore
and much more. Simply visit https://pfsense.org for more features and information. As can be seen, the features offered by PFsense is huge, I mean, massive. To get all these features in a commercial firewall like Cisco, you will have to pay hundreds of thousands.
Pfsense can also be used as a WAN router, or a router to connect different LAN segments. A very cost-effective application of PFsense, is using VLANs on the PFsense router to connect different LAN segments. We will see a practical application as we treat the router on a switch configuration.
Pfsense can also be used as a switch. We may not treat this because of the cost implication. Commercial switches are generally not expensive, but purchasing a 24 port network cards to simulate a 24 port switch will be very costly.
Pfsense can also be used as a wireless router. This can be a viable option if the wireless network card to be added is supported by FreeBSD. It should be noted, however, that support for 802.11n and 802.11ac is not good so using PFsense as a wireless router may not be a very good option.
MINIMUM HARDWARE REQUIREMENTS
According to the pfsense official documentation, https://docs.netgate.com/pfsense/en/latest/book/hardware/minimum-hardware-requirements.html, the minimum hardware requirement for pfsense 2.4 is a :
- RAM 512 MB or more
- 4 GB or larger disk drive (SSD, HDD, etc)
- One or more compatible network interface cards
- Bootable USB drive or CD/DVD-ROM for initial installation
- A 64bit intel, ARM or AMD based system.
- 600mhz or greater CPU
If you plan to use VPN(Virtual Private Network), Captive Portal with many users and installed a lot of open source packages, then you will need to upgrade or surpass the recommended hardware requirements.
For the NIC cards, it is recommended to use an Intel NIC card with the PFsense software.
|Take Note: You can visit the official hardware appliance site https://www.netgate.com/products/appliances/ to find hardware appliances for your corporate needs. This will be necessary if you want pfsense to size your environment and give you the best hardware for your needs.|
This ends the Introduction To PFSense Firewall 2020 part. Next, we will install PFsense on a virtual machine for use in our fictitious corporate environment. As much as we can, we will try to implement most, if not all the features that PFsense has to offer in this series.