Need a firewall appliance with certain abilities

Discussion in 'Networking & Security' started by Barometer, Mar 7, 2019.

  1. Burner27

    Burner27 [H]ardness Supreme

    Messages:
    6,188
    Joined:
    Oct 23, 2000
  2. Barometer

    Barometer [H]Lite

    Messages:
    88
    Joined:
    Mar 25, 2012
    The only reason I haven't gone this way is that I know nothing about pfsense. I just found out today it's free software. Good start. So I downloaded the latest build.
    But I have no clue what to do with it now.
    Do I grab an old PC I'm not using and install it on that?

    I do have an IBM Lenovo Intel i350-T4 4x 1GbE 1000Base-T Gigabit Adapter......can I use that?

    Is there a guide somewhere?
     
  3. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,324
    Joined:
    Jul 6, 2013
    Install it on any hardware you like. Video guides all over YouTube
     
    Barometer likes this.
  4. Barometer

    Barometer [H]Lite

    Messages:
    88
    Joined:
    Mar 25, 2012
    This is awesome. Im doing this.
     
  5. Barometer

    Barometer [H]Lite

    Messages:
    88
    Joined:
    Mar 25, 2012
    Can pfSense show you the traffic (Ip addresses, port) through your router in real time like a watchguard firebox does?
     
  6. USMCGrunt

    USMCGrunt 2[H]4U

    Messages:
    3,113
    Joined:
    Mar 19, 2010
    Did you read what I said or just immediately dismiss it??
    • An assumption is made that he has a registered domain. Though if he's paying for a static IP, chances are good he's also got a domain registered.
    • Configure his firewall to only accept connections for those services from CloudFlare's IPs.
    • CloudFlare Spectrum is an additional service that allows CloudFlare to protect ports other than 80/443
    I'm not sure where the double duty is that you speak of. I'm also unsure of what kind of cost Spectrum is and whether or not it would be cheaper vs buying his own equipment.
     
  7. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,324
    Joined:
    Jul 6, 2013
    This is not a replacement for an on-site firewall, no matter how you try to spin it.
     
  8. EniGmA1987

    EniGmA1987 Limp Gawd

    Messages:
    179
    Joined:
    May 2, 2017
    Using old hardware is the cheapest way to go, especially if trying out pfsense. It is a great firewall distro and it should do everything you were asking for and do it fairly easily. It also has lots of help tutorials available online since so many people use it.


    If you end up wanting something much smaller to run pfsense with, I have been using one of these for a couple years now without a single issue. Uptime has been perfect on it. I go half a year+ on uptime, and only that because of minor blackouts that happen during construction around here
    https://www.amazon.com/Protectli-Fi...ords=pfsense&qid=1552402635&s=gateway&sr=8-12
    https://www.amazon.com/Firewall-App...ords=pfsense&qid=1552402635&s=gateway&sr=8-15
    https://www.amazon.com/Q190G4-S02-B...words=pfsense&qid=1552402635&s=gateway&sr=8-2
    https://www.amazon.com/Firewall-App...words=pfsense&qid=1552402635&s=gateway&sr=8-1

    Just make sure whatever hardware you use has AES-NI instruction in it, otherwise future pfsense wont work on the hardware as they are moving to cryptographic acceleration hardware requirement.
     
  9. capnstabn

    capnstabn Limp Gawd

    Messages:
    439
    Joined:
    Jan 6, 2006
    Whats your budget? And do you work in IT?
     
  10. pek

    pek prairie dog

    Messages:
    818
    Joined:
    Nov 7, 2005
    Apply an acl using the bogon list. Gets rid of a lot of crap sources, updated regularly.
     
  11. Cmustang87

    Cmustang87 [H]ardness Supreme

    Messages:
    4,373
    Joined:
    Oct 4, 2007
    pfSense or Sophos if you're ok with a free solution.

    I suggest Fortigate since this is for a business, though. I'd totally run Fortigate any day. Palo is my preferred, but Fortigate's a bit more palatable to the wallet.
     
  12. capnstabn

    capnstabn Limp Gawd

    Messages:
    439
    Joined:
    Jan 6, 2006
    I've worked a good bit with cloud based solutions recently. Using a cloud service like this may also cause additional latency, and your logs on stored in their cloud environment.
    If your employer works with a Palo Alto Networks reseller you can get one for home use significantly discounted (or request a lab unit).
     
  13. Barometer

    Barometer [H]Lite

    Messages:
    88
    Joined:
    Mar 25, 2012
    So I ended up building a pfsense box from an older (circa 2005) AMD 64 X2 4200 machine.

    I like it. I've been able to turn off the Firebox(s) now and the room is so much quieter.

    Good choice.

    Pretty simple and straight forward with just a short learning curve.
     
    NoOther likes this.
Tags: