Need a firewall appliance with certain abilities

Rifter0876 said:
starting to sound like a broken record in here but Pfsense with pfblockerng-dev.
Click to expand...

The only reason I haven't gone this way is that I know nothing about pfsense. I just found out today it's free software. Good start. So I downloaded the latest build.
But I have no clue what to do with it now.
Do I grab an old PC I'm not using and install it on that?

I do have an IBM Lenovo Intel i350-T4 4x 1GbE 1000Base-T Gigabit Adapter......can I use that?

Is there a guide somewhere?
 
Barometer said:
The only reason I haven't gone this way is that I know nothing about pfsense. I just found out today it's free software. Good start. So I downloaded the latest build.
But I have no clue what to do with it now.
Do I grab an old PC I'm not using and install it on that?

I do have an IBM Lenovo Intel i350-T4 4x 1GbE 1000Base-T Gigabit Adapter......can I use that?

Is there a guide somewhere?
Click to expand...
Install it on any hardware you like. Video guides all over YouTube
 
Can pfSense show you the traffic (Ip addresses, port) through your router in real time like a watchguard firebox does?
 
FNtastic said:
Nah. Because cloudflare only helps when accessing via the domain name. When they hit the IP directly, it completely bypasses anything cloudflare does. It should be considered useless when it comes to securing a network/server. OP would still need to do everything he originally intended to do from the firewall side. It'd be double the work. And, that's assuming OP is using a domain name and is only wanting to accept traffic over port 80/443...
Click to expand...
Did you read what I said or just immediately dismiss it??
  • An assumption is made that he has a registered domain. Though if he's paying for a static IP, chances are good he's also got a domain registered.
  • Configure his firewall to only accept connections for those services from CloudFlare's IPs.
  • CloudFlare Spectrum is an additional service that allows CloudFlare to protect ports other than 80/443
I'm not sure where the double duty is that you speak of. I'm also unsure of what kind of cost Spectrum is and whether or not it would be cheaper vs buying his own equipment.
 
USMCGrunt said:
Did you read what I said or just immediately dismiss it??
  • An assumption is made that he has a registered domain. Though if he's paying for a static IP, chances are good he's also got a domain registered.
  • Configure his firewall to only accept connections for those services from CloudFlare's IPs.
  • CloudFlare Spectrum is an additional service that allows CloudFlare to protect ports other than 80/443
I'm not sure where the double duty is that you speak of. I'm also unsure of what kind of cost Spectrum is and whether or not it would be cheaper vs buying his own equipment.
Click to expand...
This is not a replacement for an on-site firewall, no matter how you try to spin it.
 
Using old hardware is the cheapest way to go, especially if trying out pfsense. It is a great firewall distro and it should do everything you were asking for and do it fairly easily. It also has lots of help tutorials available online since so many people use it.


If you end up wanting something much smaller to run pfsense with, I have been using one of these for a couple years now without a single issue. Uptime has been perfect on it. I go half a year+ on uptime, and only that because of minor blackouts that happen during construction around here
https://www.amazon.com/Protectli-Fi...ords=pfsense&qid=1552402635&s=gateway&sr=8-12
https://www.amazon.com/Firewall-App...ords=pfsense&qid=1552402635&s=gateway&sr=8-15
https://www.amazon.com/Q190G4-S02-B...words=pfsense&qid=1552402635&s=gateway&sr=8-2
https://www.amazon.com/Firewall-App...words=pfsense&qid=1552402635&s=gateway&sr=8-1

Just make sure whatever hardware you use has AES-NI instruction in it, otherwise future pfsense wont work on the hardware as they are moving to cryptographic acceleration hardware requirement.
 
As an Amazon Associate, HardForum may earn from qualifying purchases.
Apply an acl using the bogon list. Gets rid of a lot of crap sources, updated regularly.
 
pfSense or Sophos if you're ok with a free solution.

I suggest Fortigate since this is for a business, though. I'd totally run Fortigate any day. Palo is my preferred, but Fortigate's a bit more palatable to the wallet.
 
FNtastic said:
This is not a replacement for an on-site firewall, no matter how you try to spin it.
Click to expand...

I've worked a good bit with cloud based solutions recently. Using a cloud service like this may also cause additional latency, and your logs on stored in their cloud environment.
Nicklebon said:
Check Point, Fortinet, Junpier, Palo and pretty much every other real firewall does this. Geo blocking isn't rocket science. I've done this for years at home with both Check Point and Fortigate appliances.
Click to expand...
Cmustang87 said:
pfSense or Sophos if you're ok with a free solution.

I suggest Fortigate since this is for a business, though. I'd totally run Fortigate any day. Palo is my preferred, but Fortigate's a bit more palatable to the wallet.
Click to expand...

If your employer works with a Palo Alto Networks reseller you can get one for home use significantly discounted (or request a lab unit).
 
So I ended up building a pfsense box from an older (circa 2005) AMD 64 X2 4200 machine.

I like it. I've been able to turn off the Firebox(s) now and the room is so much quieter.

Good choice.

Pretty simple and straight forward with just a short learning curve.
 
You must log in or register to reply here.
Back
Top