Discuss settings for PfSense regarding safety.
Discuss settings for PfSense regarding safety.
Hello everyone, I’m about to begin a new position with a small business and noticed a significant security gap in their network setup—specifically, no firewall installed. To address this risk, I’m evaluating a firewall solution. My initial idea is PfSense. It’s free, I can leverage existing hardware, and I’m planning to configure it myself. My questions are: 1) How effective is PfSense? 2) What’s the difficulty in setting it up and configuring? 3) Does it perform well as a firewall? 4) Have others used it and shared their experiences? 5) Would you recommend alternatives like SonicWall instead? Thanks ahead, Xeb
1) If you grasp the basics of what a firewall does, PFSense or OPNSense works well—it's similar but with some variations.
2) It's neither more challenging nor significantly simpler than other firewalls I've encountered recently (compared to Mikrotik RouterOS, Watchguard, Fortigate).
3) I've deployed PFSense in many businesses, and my company has done it for hundreds. We also set up numerous Cisco ASAs, thousands of Watchguards, and supported around a hundred FortiGate devices that weren't installed.
4) From a security standpoint, PFSense performs just like other firewalls. Any solution needs proper setup to function effectively. Each firewall offers customizable options, but many can operate without advanced features.
5) The key distinction lies in additional offerings: other platforms provide subscription-based IDS/IPS updates. PFSense doesn’t include this out-of-the-box, though plugins like Snort or Suricata can add it. For most small businesses, a standard firewall with basic configuration is sufficient.
@brwainer Let me dig deeper and explore further. If firewall knowledge is just a starting point, I’ll keep searching for more clarity.
Thanks for the advice. I was already researching this. I aim for no more than three networks: one internal, one for customer Wi-Fi, and one for the service department to isolate them from the rest. We’re all aware of how damaging a virus can be on a company network.
Additionally, restrict management interfaces for the guest network; typically block all networks unless specific access is required by owners or clients, especially when contracts are limited to hardware support. For malware protection, consider deploying IDS/IPS or a web proxy with malware filters, though this involves more setup—such as installing certificates on devices—for HTTPS traffic through proxies. Configure an OpenVPN server on pfSense, allowing VPN access only to authorized users. Use strong passwords and avoid leaving them on sticky notes, as they are frequently exposed in business environments.
Thank you once more for providing the input. I'll begin working on it once you're ready and have a better understanding. I'm not looking to finalize anything until I've explored it thoroughly.