TOPIC: pfSense users

@ wapakman,

madaming pwedeng gawin sa pfsense gaya ng Access Point, Squid at VOIP Box (Future Project).

pwede rin ba gamitin kahit may sarili kang server let say ung server ko all around na timer, printing, scanning. cd burning... pwedeng gamitin pa ung pfsense dito? ano magiging epekto nito kapag dito nakainstall ung pfsense?

Common Deployments

pfSense is used in about every type and size of network environment imaginable, and is almost certainly suitable for your network whether it contains one computer, or thousands. This section will outline the most common deployments.
Perimeter Firewall

The most common deployment of pfSense is as a perimeter firewall, with an Internet connection plugged into the WAN side, and the internal network on the LAN side. It supports multiple Internet connections as well as multiple internal interfaces.

pfSense accommodates networks with more complex needs, such as multiple Internet connections, multiple LAN networks, multiple DMZ networks, etc. Unlike many similar solutions, you can deploy systems with dozens of interfaces if needed.

Some users also add BGP capabilities to provide connection redundancy and load balancing.
LAN or WAN Router

The second most common deployment of pfSense is as a LAN or WAN router. This is a separate role from the perimeter firewall in midsized to large networks, and can be integrated into the perimeter firewall in smaller environments.
LAN Router

In larger networks utilizing multiple internal network segments, pfSense is a proven solution to connect these internal segments. This is most commonly deployed via the use of VLANs with 802.1Q trunking. Multiple Ethernet interfaces are also used in some environments.
Note

In environments requiring more than 3 Gbps or 1 million packets per second of sustained throughput, no router based on commodity hardware offers adequate performance. Such environments need to deploy layer 3 switches (routing done in hardware by the switch) or high end ASIC-based routers. As commodity hardware increases in performance, and general purpose operating systems like FreeBSD improve packet processing capabilities in line with what new hardware capabilities can support, scalability will continue to improve with time.
WAN Router

For WAN services providing an Ethernet port to the customer, pfSense is a great solution for private WAN routers. It offers all the functionality most networks require and at a much lower price point than big name commercial offerings.
Wireless Access Point

pfSense can be deployed strictly as a wireless access point. Wireless capabilities can also be added to any of the other types of deployments.
Special Purpose Appliances

Many deploy pfSense as a special purpose appliance. The following are three scenarios we know of, and there are sure to be many similar cases we are not aware of. Most any of the functionality of pfSense can be utilized in an appliance-type deployment. You may find something unique to your environment where this type of deployment is a great fit.
VPN Appliance

Some users drop in pfSense as a VPN appliance behind an existing firewall, to add VPN capabilities without creating any disruption in the existing firewall infrastructure. Most pfSense VPN deployments also act as a perimeter firewall, but this is a better fit in some circumstances.
Sniffer Appliance

One user was looking for a sniffer appliance to deploy to a number of branch office locations. Commercial sniffer appliances are available with numerous bells and whistles, but at a very significant cost especially when multiplied by a number of branch locations. pfSense offers a web interface for tcpdump that allows the downloading of the resulting pcap file when the capture is finished. This enables this company to capture packets on a branch network, download the resulting capture file, and open it in Wireshark for analysis.

pfSense is not nearly as fancy as commercial sniffer appliances, but offers adequate functionality for many purposes at about 2% of the total cost.
DHCP Server Appliance

One pfSense user deploys single interface pfSense installs as solely DHCP servers. In most environments this probably does not make much sense. But in this case, the user's staff were already familiar and comfortable with pfSense and this enabled further deployments without additional training for the administrators, which was an important consideration in this deployment.
DNS Server Appliance

There is a pre-built DNS Server appliance available, pfDNS. This is a custom version of pfSense with a simplified web interface, providing only the functionality desired on a system functioning strictly as a DNS server. There is a tinydns package available for pfSense that allows you to add this functionality to a stock pfSense install.
Voice over IP (VoIP) Appliance

A FreeSWITCH package is available.

stanelope wrote:

pwede rin ba gamitin kahit may sarili kang server let say ung server ko all around na timer, printing, scanning. cd burning... pwedeng gamitin pa ung pfsense dito? ano magiging epekto nito kapag dito nakainstall ung pfsense?

pfsense box is an independent box.

isipin mo na lang na isa syang router pero in pc-form nga lang, yan medyo maliliwanagan ka na kung may effect or wala ang router (or pfsense box) sa network mo.

isip-isip :)

donjee wrote:

Common Deployments

pfSense is used in about every type and size of network environment imaginable, and is almost certainly suitable for your network whether it contains one computer, or thousands. This section will outline the most common deployments.
Perimeter Firewall

The most common deployment of pfSense is as a perimeter firewall, with an Internet connection plugged into the WAN side, and the internal network on the LAN side. It supports multiple Internet connections as well as multiple internal interfaces.

pfSense accommodates networks with more complex needs, such as multiple Internet connections, multiple LAN networks, multiple DMZ networks, etc. Unlike many similar solutions, you can deploy systems with dozens of interfaces if needed.

Some users also add BGP capabilities to provide connection redundancy and load balancing.
LAN or WAN Router

The second most common deployment of pfSense is as a LAN or WAN router. This is a separate role from the perimeter firewall in midsized to large networks, and can be integrated into the perimeter firewall in smaller environments.
LAN Router

In larger networks utilizing multiple internal network segments, pfSense is a proven solution to connect these internal segments. This is most commonly deployed via the use of VLANs with 802.1Q trunking. Multiple Ethernet interfaces are also used in some environments.
Note

In environments requiring more than 3 Gbps or 1 million packets per second of sustained throughput, no router based on commodity hardware offers adequate performance. Such environments need to deploy layer 3 switches (routing done in hardware by the switch) or high end ASIC-based routers. As commodity hardware increases in performance, and general purpose operating systems like FreeBSD improve packet processing capabilities in line with what new hardware capabilities can support, scalability will continue to improve with time.
WAN Router

For WAN services providing an Ethernet port to the customer, pfSense is a great solution for private WAN routers. It offers all the functionality most networks require and at a much lower price point than big name commercial offerings.
Wireless Access Point

pfSense can be deployed strictly as a wireless access point. Wireless capabilities can also be added to any of the other types of deployments.
Special Purpose Appliances

Many deploy pfSense as a special purpose appliance. The following are three scenarios we know of, and there are sure to be many similar cases we are not aware of. Most any of the functionality of pfSense can be utilized in an appliance-type deployment. You may find something unique to your environment where this type of deployment is a great fit.
VPN Appliance

Some users drop in pfSense as a VPN appliance behind an existing firewall, to add VPN capabilities without creating any disruption in the existing firewall infrastructure. Most pfSense VPN deployments also act as a perimeter firewall, but this is a better fit in some circumstances.
Sniffer Appliance

One user was looking for a sniffer appliance to deploy to a number of branch office locations. Commercial sniffer appliances are available with numerous bells and whistles, but at a very significant cost especially when multiplied by a number of branch locations. pfSense offers a web interface for tcpdump that allows the downloading of the resulting pcap file when the capture is finished. This enables this company to capture packets on a branch network, download the resulting capture file, and open it in Wireshark for analysis.

pfSense is not nearly as fancy as commercial sniffer appliances, but offers adequate functionality for many purposes at about 2% of the total cost.
DHCP Server Appliance

One pfSense user deploys single interface pfSense installs as solely DHCP servers. In most environments this probably does not make much sense. But in this case, the user's staff were already familiar and comfortable with pfSense and this enabled further deployments without additional training for the administrators, which was an important consideration in this deployment.
DNS Server Appliance

There is a pre-built DNS Server appliance available, pfDNS. This is a custom version of pfSense with a simplified web interface, providing only the functionality desired on a system functioning strictly as a DNS server. There is a tinydns package available for pfSense that allows you to add this functionality to a stock pfSense install.
Voice over IP (VoIP) Appliance

A FreeSWITCH package is available.

grabe na internal bleeding ko nito dati rati puro external bleeds lang eh..

parang matinding intindihan to bago ko siguro mapatakbo sa network ko yan...

e di mapupuno din ang harddisk nya dahil iniistore nya ung mga recent opened website?

boss bongh baka pwedeng bumisita dyan sa inyo para makakuha ako idea pano patakbuhin ung pfsense.. ^_^

stanelope wrote:

grabe na internal bleeding ko nito dati rati puro external bleeds lang eh..

parang matinding intindihan to bago ko siguro mapatakbo sa network ko yan...

e di mapupuno din ang harddisk nya dahil iniistore nya ung mga recent opened website?

boss bongh baka pwedeng bumisita dyan sa inyo para makakuha ako idea pano patakbuhin ung pfsense.. ^_^

no problem schedule lang natin, meron kasi ako regular work.
napaguusapan naman yan....

bongh wrote:

stanelope wrote:

grabe na internal bleeding ko nito dati rati puro external bleeds lang eh..

parang matinding intindihan to bago ko siguro mapatakbo sa network ko yan...

e di mapupuno din ang harddisk nya dahil iniistore nya ung mga recent opened website?

boss bongh baka pwedeng bumisita dyan sa inyo para makakuha ako idea pano patakbuhin ung pfsense.. ^_^

no problem schedule lang natin, meron kasi ako regular work.
napaguusapan naman yan....

Baka pwede rin akong makapunta dyan? ^_^ sabay nalang tayo stanelope

pwede rin paandarin ang pfsense as virtual machine un ang setup ko ngayon kaso lang hindi ko pa nasesetup ung sa firewall settings nya load balance palang napagana ko eh... hehehe subukan ko gayahin ung setup ni bong.

eto tignan nyo! meron ba ganito dual wan router nyo. sa pfsense yan

@cruzades & donjee
ask ko lang meron error lumalabas sa pfsense box ko
============
Dec 6 11:05:57 kernel: ad6: TIMEOUT - WRITE_DMA retrying (1 retry left) LBA=84679535
Dec 6 11:05:57 kernel: ad6: error issuing SETFEATURES SET TRANSFER MODE command
Dec 6 11:05:57 kernel: ad6: timeout waiting to issue command
Dec 6 11:05:57 kernel: ad6: WARNING - SETFEATURES SET TRANSFER MODE taskqueue timeout - completing request directly
============

ano kaya ibig sabihin nito.
pag lumalabas kasi ito. yung timer ko "cafesuite" ng no connection pag startup. kailangan pa release then renew yung OPT1 interface para magconnect.

HDD problem kaya ito. na install ko na squid pero hindi ko pa na setup.
not sure if enabled na squid wala naman enable / disable check box. so i assume enable na yun nga lang naka default lang siguro settings.

Patulong naman trouble shoot problem ko. bumabagal din kasi net pag labas ng error. kailangan restart namin pfsense box para mag normal ulit.