Separate names with a comma.
Discussion in 'Networking & Security' started by Barometer, Mar 7, 2019.
The only reason I haven't gone this way is that I know nothing about pfsense. I just found out today it's free software. Good start. So I downloaded the latest build.
But I have no clue what to do with it now.
Do I grab an old PC I'm not using and install it on that?
I do have an IBM Lenovo Intel i350-T4 4x 1GbE 1000Base-T Gigabit Adapter......can I use that?
Is there a guide somewhere?
Install it on any hardware you like. Video guides all over YouTube
This is awesome. Im doing this.
Can pfSense show you the traffic (Ip addresses, port) through your router in real time like a watchguard firebox does?
Did you read what I said or just immediately dismiss it??
An assumption is made that he has a registered domain. Though if he's paying for a static IP, chances are good he's also got a domain registered.
Configure his firewall to only accept connections for those services from CloudFlare's IPs.
CloudFlare Spectrum is an additional service that allows CloudFlare to protect ports other than 80/443
I'm not sure where the double duty is that you speak of. I'm also unsure of what kind of cost Spectrum is and whether or not it would be cheaper vs buying his own equipment.
This is not a replacement for an on-site firewall, no matter how you try to spin it.
Using old hardware is the cheapest way to go, especially if trying out pfsense. It is a great firewall distro and it should do everything you were asking for and do it fairly easily. It also has lots of help tutorials available online since so many people use it.
If you end up wanting something much smaller to run pfsense with, I have been using one of these for a couple years now without a single issue. Uptime has been perfect on it. I go half a year+ on uptime, and only that because of minor blackouts that happen during construction around here
Just make sure whatever hardware you use has AES-NI instruction in it, otherwise future pfsense wont work on the hardware as they are moving to cryptographic acceleration hardware requirement.
Whats your budget? And do you work in IT?
Apply an acl using the bogon list. Gets rid of a lot of crap sources, updated regularly.
pfSense or Sophos if you're ok with a free solution.
I suggest Fortigate since this is for a business, though. I'd totally run Fortigate any day. Palo is my preferred, but Fortigate's a bit more palatable to the wallet.
I've worked a good bit with cloud based solutions recently. Using a cloud service like this may also cause additional latency, and your logs on stored in their cloud environment.
If your employer works with a Palo Alto Networks reseller you can get one for home use significantly discounted (or request a lab unit).
So I ended up building a pfsense box from an older (circa 2005) AMD 64 X2 4200 machine.
I like it. I've been able to turn off the Firebox(s) now and the room is so much quieter.
Pretty simple and straight forward with just a short learning curve.