Protect your network using Pfsense firewall

Overview

Protecting the network with a commercial-grade Free and Open Source(FOSS) firewall was never easy until Pfsense. Managing IT assets is a tough task and sometimes it becomes a nightmare for administrators. Using a firewall and customizing it according to the needs of an organization. The work of the network administrator was made easy and quick. The case is about the transition of INMANTEC: A Business school in Ghaziabad from commercial firewall and bandwidth management software to FOSS firewall software. Challenge was to manage more than 250 computers, laptops, mobile phones, and other Internet connecting devices.

The Challenge

Some of the challenges that were required to address:

  • Managing Bandwidth effectively
  • Manually managing static IPs
  • Stop unwanted threats entering the network
  • Cut spending on commercial firewall and bandwidth software

Pfsense: the Solution

The solution that we tried were:

Solutions mentioned above were tested and only one solution has been able to solve the problem was Pfsense. It is more than a firewall. Others are also good but either they are not easy to install( in case of Sphirewall), bugs appear now and then( zentyal), the basic functionality is not enough to manage then network for that we have to buy the components( Untangle). My personal favorite is Pfsense. I have listed down some of the features that we use for solving the problem :

  • Captive Portal (For managing users on the network, by binding their MAC addresses)
  • Firewall (For managing threats)
  • DHCP Server (For managing IP pool automatically)
  • Traffic Shaper (For managing different types of traffic)
  • Squid (As a caching server to cut the load on internet bandwidth)
  • Squidguard and Clam Antivirus( For blocking malicious websites and HTTP viruses)

Pfsense Installation

The installation part are discussed in many blogs. Some of the blogs and videos are here for your reference

Blogs

Videos

Benefits

The benefits of using Pfsense firewall were many. I will summarize some of them.

  • The learning curve was reduced
  • Installation was quick and easy
  • No need for extra hardware. I installed it on VirtualBox on existing server. All other applications on other appliances of Virtualbox
  • NAT was easy to set up
  • No spending on commercial software
  • Multi-WAN support was easy using load balancing
  • Bandwidth management and monitoring was made easy

Be the first to comment

Leave a Reply

Your email address will not be published.


*


Comment moderation is enabled. Your comment may take some time to appear.