pfSense is a free and open source operating system for routers and firewalls. Show pfSense can be installed on most commodity hardware, including old computers and embedded systems. pfSense is typically configured and operated though a user-friendly web interface, making administration easy even for users with limited networking knowledge. Generally, one never needs to use terminal or edit config files to configure the router. Even software updates can be run from the web UI. pfSense software modulespfSense is mostly used as a router and firewall software, and typically configured as DHCP server, DNS server, WiFi access point, VPN server, all running on the same hardware device. pfSense also allows for installation of third party open source packages such as Snort or Squid through a built in Package Manager, making it the default choice of many network administrators. pfSense is flexible by design. It can be used on a small home router as well as run the entire network of a large corporation. Nowadays, pfSense is often replacing CISCO and other expensive name brands in large corporate environments, not because it's free, but because it is feature rich and mature platform. Why use pfSense and not one of the off-the-shelf router?Your average off-the-shelf router is unreliable, has limited functionality due to manufacturer lock-down and potentially has multiple software vulnerabilities. Manufacturers of the commodity routers don't have any incentives in patching software bugs, performance problems or even serious security holes. Once the router is sold, there's no reason for the manufacturer to keep spending money on development and security. Open Source operating systems such as pfSense are regularly updated and are known to patch security issues promptly. pfSense puts you in control of your networking. What hardware to choose for pfSense?pfSense can be installed on any hardware - your old computer may become your new router. This is a great way to get started if you have a computer with at least 2 network cards. Once you are convinced you like the platform, you may choose one of the dedicated hardware platforms such as PC Engines APU, TekLager TLSense, Soekris, Netgate or others.
Netgate® virtual appliances with pfSense® Plus software extend your applications and connectivity to authorized users everywhere, through Amazon AWS and Microsoft Azure cloud services. Network your employees, partners, customers, and other parties to share resources in site-to-cloud, cloud-to-cloud, and virtual private cloud (VPC) connectivity. Full firewall/VPN/router functionality all in one available in the cloud starting at $0.08/hr.
Are you in the market for a new router (here’s how to pick one)? If you want to have enterprise-level features, consistent upgrades, and a reliable system you should consider building or buying a pfSense router. Here are 6 reasons why. Editor’s Note: pfSense now comes in two different varieties: pfSense Plus and pfSense CE. Find out which version is right for you. BackgroundLike many, I started off buying a router because I wanted multiple devices on my network to have access to the Internet. I purchased routers primarily based on cost. As I started to get more sophisticated I was drawn to DD-WRT. The ability to take a regular router and add support for static leases, improved firewall features, better traffic analysis and many other features were too much to pass up. I ran DD-wrt on my routers for a while. Eventually, my old Netgear WNDR4000 started to show its age, and I decided it was time for a new router. Initially, I considered buying a new router that was DD-WRT compatible, but I started to look at custom build options too. I was intrigued by all the support and positive information about pfSense and as I researched I found it clicked all the boxes of standard features I was using with DD-WRT:
It also allowed me to step my game up around many other features. I chose to go with pfSense over other router options (e.g. buying off the shelf, Sophos, DD-WRT, and others) for the following 6 reasons. 1. Advanced securityIf you have read a few of my other articles, you know that I believe security is of paramount importance for your home network. It is increasingly important as more sensitive information in our lives goes digital and we increase our interactivity with technology. I decided to get serious about improving my home network security and I use the following pfSense features to do so:
See also What's In My Smart Home Toolkit? 2. VPN optionsRunning a VPN service on your home network has a number of advantages including:
pfSense offers several VPN options, including IPSec, PPTP, L2TP, and OpenVPN. I have configured OpenVPN at home and which affords me secure access to my home network as well as privacy on public networks. I even get notified whenever someone connects to my VPN. 3. Network management optionspfSense has networking functions that many basic SOHO off the shelf routers don’t have. Ones I find of use are:
See also 7 Settings to Configure on Your WI-FI Router Now 4. You can choose your own hardwareThe ability to choose your own hardware allows you to match the specs of your router with the needs of your network. You may have 2 WAN connections or desire multiple VLANs. Then you can purchase hardware with the appropriate amount of network cards. Maybe you already have great access points like I do, in which case you don’t have to buy any wireless gear for your router. You may need to buy more powerful hardware if you are going to run a VPN server or IDS/IPS like snort or Suricata. You can even decide to virtualize your router. You can also replace the router provided by your Internet service provider, often even if they say it is required. I did this when I switched over to fiber. The point is you can buy hardware to your exact specifications, and then you can extend that hardware if your needs change. Here’s help choosing the right hardware for pfSense. 5. Failover tolerantpfSense has a couple of different ways in which it provides failover tolerance.
See also Alexa Guard Overview & Integration w/Home Assistant 6. pfSense is well-supportedWhen using pfSense you have a lot of avenues for support:
Final thoughtsThese are the primary reasons I use pfSense. Since switching, I have been very happy with the stability, features, and support. I’ve even taken steps to virtualize my pfSense router so I can easily spin one up on any host. If you need more reasons to use pfSense have a look at its full feature set. If you’ve already selected your pfSense hardware and are ready to start your install read this pfSense planning advice first. Finally, once you’ve got pfSense up and running, you’ll want to keep pfSense upgraded the right way. Do any of you use pfSense or some other homebuilt router solution? Let us know what and why in the comments or contact me on Twitter. Also, if you enjoyed this article can I ask you for a favor? Please do at least one of the following:
I really appreciate it! |