Introduction to pfSense - An Open Source Firewall and Router Platform
What is pfSense?
PfSense is a free, customized distribution of FreeBSD that can turn an old computer into a full featured router and firewall.
PfSense was created in 2004 as a fork of the popular m0n0wall project. The main difference between pfSense and m0n0wall is that pfSense is designed mainly to be installed on PC's instead of embedded devices which allows pfSense to offer more flexibility and features.
PfSense is very flexible and can easily be adapted to numerous applications ranging from a home router to a firewall for a large corporate network. PfSense is easy to install and maintain offering a very useful web based user interface. PfSense includes many features that are often only found in expensive commercial routers.
Popular uses for pfSense
- LAN / WAN Router
- Internet Cafes
- Wireless Hotspot (Captive Portal)
- VPN Router
- DHCP / DNS Server
- Wireless Access Point
- Transparent Squid Proxy Server
- Multi Wan Router or Load Balancer
- DNS Blacklist
- Port Forwarding / NAT (Network Address Translation)
Why use pfSense instead of another router?
PfSense is fast, free, and stable offering tons of great features.
If you have an existing router that doesn't offer the features, or performance you need pfSense is a great choice to replace it with. Offering complete control of the hardware you can customize your pfSense system with the components you want.
If you've ever shopped for routers or firewall's before you probably know that depending on the features you are looking for they can be quite expensive. By using pfSense you can save a ton of money without compromising on features.
PfSense can also be installed on several different embedded platforms such as PC-Engines, Soekris, Alix, and others.
Embedded installs are a good option if you are looking to create a small, quiet, low power appliance to run your network. If you are a consultant it's going to look a lot more professional to set up an embedded pfSense device for a customer instead of an old PC.
If you decide to do your install on an embedded device be sure to download the embedded version of pfSense. The embedded release is designed to be installed on hardware that uses compact flash for storage. The embedded platform has special tweaks that will greatly extend the life of the storage media.
Getting Started with pfSense
In order to setup your own pfSense router you'll need an old computer with at least two network cards installed. If you don't have a spare computer you can probably find one at a low cost on Craigslist, eBay, or local garage sales. PfSense can also run on a number of embedded devices like the Soekris Net5501.
For a complete walk through of the installation process check out this link, setting up a pfSense router.
There are several options for getting support for pfSense. Free support is available through the forums, mailing list, and also on IRC.
BSD perimeter, the company that founded pfSense also offers commercial support which is designed for users running pfSense in an enterprise environment.
A one year support subscription includes 5 hours of support that can be used for configuration questions, network design, migrations to pfSense , as other issues you may encounter.
Commercial support subscribers also gain access to the automatic configuration backup utility which can automatically backup the configuration of your pfSense system. You also get online access to the pfSense book.
There is a great community built around pfSense that offers excellent support and
documentation. If your looking to learn more about pfSense or to become an expert I highly
recommend checking out the book pfSense: The Definitive Guide, created by co-founder
More by this Author
Heavy bandwidth users can slow down your entire network. This hub will show you how to use pfSense to set up traffic shaping to prioritize internet traffic.
Learn how to easily set up a captive portal using pfSense. Captive portals provide an easy way to authenticate users accessing the internet at Wi-Fi hotspots, hotels, apartments, or business centers.
By default the Squid Proxy has no visibility of encrypted HTTPS traffic. Enabling HTTPS interception will allow you to monitor and log encrypted web traffic passing through the Squid proxy server.