Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
I have two firewalls, one a pfSense and the other a ASA 5505. I initially thought about putting the ASA behind the pfSense.
What are your thoughts on this, good idea, bad idea? Will I see a degradation in the speed of my internet connection?
ASAs don't run IOS. PFSense is, in essence, a hardware firewall as it typically runs on dedicated hardware (or in a VM). A software firewall is something like Norton whatever.
Running two firewalls in a row is likely not ideal for your situation.
....security-obsessed. They used two firewalls from different vendors in a row to avoid a zero-day exploit from a single vendor compromising their network.
Except you're not actually using multiple technologies.
Since I highly doubt you're paying for the SSC module, all the ASA is doing is basically access-lists - just dropping or rejecting datagrams based upon a list. That's the same thing pfSense is doing. The first firewall is going to drop all of the 'bad' traffic (that you've defined), so the second is just going to be pushing the rest through.
Now, if you were to set up, say, a UTM and a Palo Alto, or an ASA with the SSC, or whatever else that's actually doing packet inspection (Cisco gear can do this - but the configuration isn't entry level and you often have to pay for definitions), that might be more security.
really, ALL firewalls are "SF" since they ALL require SF to run.... the difference is that the OS runs solely firewall related tasks on what people say are SF only, unlike say, windows firewall, which is OS related which does other things.
Now, is something like... pfsense / untangle a hardware, or software FW?
Putting two firewalls in a row...all you're doing is creating a double NAT setup, which adds complexity, loss of performance, and....some software that you use across the internet (like remote desktop apps, or VPN clients) doesn't like double NAT and acts weird on you.
Double NAT doesn't increase security. The leak in NAT is when you do a port forward...exposing a service...and that service is compromised. Double NAT will not secure this any further. Now, yeah...some firewalls do better deep SPI than others..but just select 1 and put it at the edge. Having 2 firewalls..1 better than the other..the one that is less good will just be adding complexity and making you lose performance.
If you want to learn different firewalls...just put one in place and use it for a while. When you're bored with it...swap it out with something else. Every couple of months I often change what I'm running at home for my firewall.
You wouldn't have to double NAT with two firewalls. Two firewalls is still a stupid idea.
That's me. I don't trust one device. Much like you don't trust one hard drive for all your data backup needs, you use a RAID array.
I have a pfSense box up and running and just got a ASA gifted to me so I figure why not, right? But my main question is before I try and implement something like this is will there be a degredation of my network and will two device present any problems other than it's not an "ideal" solution?
You wouldn't have to double NAT with two firewalls. Two firewalls is still a stupid idea.
With default settings it will be double NATing.
Oh, okay. Didn't know we were talking about learning by leaving everything at the defaults.