PFSenseThe Open Source Firewall presented by Sobit
PFSenseOpen source firewall project started in 2004 as a fork of M0n0wall.
Based on the PF (packet filter) functionality of BSD.
The name echoes the design goal of providing a reliable firewall that is easy to use - to make “sense” of PF.
Designed to run on PC hardware or embedded devices.
Current version is 2.01
Basic Management through CLI
Advanced Administration through web based GUI
Main dashboard is customizable with “widgets”
Minimum Hardware RequirementsThe following outlines the minimum hardware requirements for pfSense 1.2.x. Note the minimum requirements are not suitable for all environments, see the Hardware Sizing Guidance page for information.
CPU - 100 MHz Pentium RAM - 128 MB
Requirements specific to individual platforms follow.
Live CDCD-ROM drive USB flash drive or floppy drive to hold configuration file
Hard drive installationCD-ROM for initial installation1 GB hard drive
Embedded512 MB Compact Flash card Serial port for console
Sizing GuideThroughput Considerations
If you require less than 10 Mbps of throughput, you can get by with the minimum requirements. For higher throughput requirements we recommend following these guidelines, based on our extensive testing and deployment experience. These guidelines offer a bit of breathing room because you never want to run your hardware to its full capacity.
10-20 Mbps - No less than 266 MHz CPU21-50 Mbps - No less than 500 MHz CPU51-200 Mbps - No less than 1.0 GHz CPU201-500 Mbps - server class hardware with PCI-X or PCI-e network adapters, or newer desktop hardware with PCI-e network adapters. No less than 2.0 GHz CPU. 501+ Mbps - server class hardware with PCI-X or PCI-e network adapters. No less than 3.0 GHz CPU.
http://www.pfsense.org/index.php?option=com_content&task=view&id=52&Itemid=49
Embedded Options
Kits available from several vendors
Netgate Unassembled kit starts at $188
Includes 4gb CF card
500 MHz AMD Geode LX800 CPU
Or...
Buy a Watchguard and convert it!
Why Watchguard sucks:
Subscription based software model. No subscription, no updates.
Dedicated Windows App for management. App version must match Firewall firmware.
Even with support, newer firmware requires newer hardware.
Limited scaleability.
So Why Use a Watchguard?1U x86 architecture
Inexpensive. $40-$100 for most models.
Identical hardware for x700 up. Model num designated licensing.
Supports IDE HDD and Compact Flash for storage
6 Ethernet Interfaces
Storage Options
WG supports CF cards and HDD. We’ll focus on formatting and booting with CF cards but 2.5” IDE drives are an acceptable alternative.
Formatting the CF Carddiskutil to unmount disk
sudo su
Expand .gz file send to dd to copy off to CF Card
Be patient. Transfer takes ~9 min for 1gb.
Windows Loaddownload physdiskwrite | http://m0n0.ch/wall/physdiskwrite.php
Open a command window as admin ("cmd")
Type "diskpart" and hit enter.
Type "list disk" and hit enter to find out the number of your drive.
Type "select disk X" (where you replace X with the number of your drive) and hit enter.
Type "clean" and hit enter.
physdiskwrite [-u] [-d driveno] <image-file>
Successful Boot Process
Null modem cable connection on boot
Standard terminal - 9600, 8, N
http://doc.pfsense.org/index.php/HOWTO_Install_pfSense#Mac_OS_X
pfSense shows 6 RealTec Nics
1st step is to define inside/outside interfaces
Initial Setup
Assign WAN and LAN Int
With interfaces assigned, boot process is complete.
Default IP is: 192.168.1.1 with DHCP enabled.
Browse to GUI
LAN connection will present a self-signed certificate
u: adminpw: pfsense
Startup wizard will now run
Setup WizardWizard will prompt for:
Hostname settings
NTP settings
WAN settings
Password Change
Success!
You now have a pfSense box!