PFSenseThe Open Source Firewall presented by Sobit

PFSenseOpen source firewall project started in 2004 as a fork of M0n0wall.

Based on the PF (packet filter) functionality of BSD.

The name echoes the design goal of providing a reliable firewall that is easy to use - to make “sense” of PF.

Designed to run on PC hardware or embedded devices.

Current version is 2.01

Basic Management through CLI

Advanced Administration through web based GUI

Main dashboard is customizable with “widgets”

Minimum Hardware RequirementsThe following outlines the minimum hardware requirements for pfSense 1.2.x. Note the minimum requirements are not suitable for all environments, see the Hardware Sizing Guidance page for information.

CPU - 100 MHz Pentium  RAM - 128 MB

Requirements specific to individual platforms follow.  

Live CDCD-ROM drive USB flash drive or floppy drive to hold configuration file

Hard drive installationCD-ROM for initial installation1 GB hard drive

Embedded512 MB Compact Flash card Serial port for console

Sizing GuideThroughput Considerations

 If you require less than 10 Mbps of throughput, you can get by with the minimum requirements. For higher throughput requirements we recommend following these guidelines, based on our extensive testing and deployment experience. These guidelines offer a bit of breathing room because you never want to run your hardware to its full capacity.

10-20 Mbps - No less than 266 MHz CPU21-50 Mbps - No less than 500 MHz CPU51-200 Mbps - No less than 1.0 GHz CPU201-500 Mbps - server class hardware with PCI-X or PCI-e network adapters, or newer desktop hardware with PCI-e network adapters. No less than 2.0 GHz CPU. 501+ Mbps - server class hardware with PCI-X or PCI-e network adapters. No less than 3.0 GHz CPU.

http://www.pfsense.org/index.php?option=com_content&task=view&id=52&Itemid=49

Embedded Options

Kits available from several vendors

Netgate Unassembled kit starts at $188

Includes 4gb CF card

500 MHz AMD Geode LX800 CPU

Or...

Buy a Watchguard and convert it!

Why Watchguard sucks:

Subscription based software model. No subscription, no updates.

Dedicated Windows App for management. App version must match Firewall firmware.

Even with support, newer firmware requires newer hardware.

Limited scaleability.

So Why Use a Watchguard?1U x86 architecture

Inexpensive. $40-$100 for most models.

Identical hardware for x700 up. Model num designated licensing.

Supports IDE HDD and Compact Flash for storage

6 Ethernet Interfaces

Storage Options

WG supports CF cards and HDD. We’ll focus on formatting and booting with CF cards but 2.5” IDE drives are an acceptable alternative.

Formatting the CF Carddiskutil to unmount disk

sudo su

Expand .gz file send to dd to copy off to CF Card

Be patient. Transfer takes ~9 min for 1gb.

Windows Loaddownload physdiskwrite | http://m0n0.ch/wall/physdiskwrite.php

Open a command window as admin ("cmd")

Type "diskpart" and hit enter.

Type "list disk" and hit enter to find out the number of your drive.

Type "select disk X" (where you replace X with the number of your drive) and hit enter.

Type "clean" and hit enter.

physdiskwrite [-u] [-d driveno] <image-file>

Successful Boot Process

Null modem cable connection on boot

Standard terminal - 9600, 8, N

http://doc.pfsense.org/index.php/HOWTO_Install_pfSense#Mac_OS_X

pfSense shows 6 RealTec Nics

1st step is to define inside/outside interfaces

Initial Setup

Assign WAN and LAN Int

With interfaces assigned, boot process is complete.

Default IP is: 192.168.1.1 with DHCP enabled.

Browse to GUI

LAN connection will present a self-signed certificate

u: adminpw: pfsense

Startup wizard will now run

Setup WizardWizard will prompt for:

Hostname settings

NTP settings

WAN settings

Password Change

Success!

You now have a pfSense box!