@ryanrowe: I like pfSense, but I'd be quicker using it if the web ui had integrated search: I'd like to be able to search through the settings to find which categories contain a keyword, e.g. for ntp or time or users. If you've ever used a mac, there is a feature like this for searching through menu items in the current application. Thanks. Hello, I would also like to have the search feature implemented in the pfSense web gui. I would also like to offer my help in developing it. I just need a hint on where to start. If I clone the github repository and do a pull request would it be ok? For the menu only I already see a simple solution using jquery: parse the DOM and extract the text from all elements with the class "navlnk". What do you think?

We've started from scratch with a different name (NRDM) and though we don't have any published road map, it is progressing well. Contact sales@netgate.com and someone should be able to get you a little more info.

Wanted to at least reply and thank you for the info. I am on an extended trip and will not be back home to try the suggestions out for a while. Once I do get back, I will give it a shot and post back here.

@johnpoz: Yes isolate them to their own vlans..  Limit what they can do into your other networks, limit what they can do outbound to the internet.  And most likely not allow any unsolicited inbound.. For example if you have camera's and you want to to view them while your remote.. VPN into pfsense and view them that way. You most likely will also want to log any outbound traffic they might be doing and you allow.  Or even what you are blocking - why is that camera trying to talk to an IP in china for example. You may want to create different vlans for different types of iot devices, etc..  Comes down to what exact iot devices your installing.. And what their connectivity needs are.  If you wanting say camera's to upload video to the cloud - prob want to lock that down to only allow them access to the official networks for that, etc. Pfsense is great for doing this..  But you will most likely want vlan capable switches and wifi so that you can isolate both wired devices and wifi devices to their own vlans. Thanks for the detailed response Johnpoz! Echoed a few things I had heard and read, which I will be applying. I will post an update of the set up once I get all the devices figured out. Like you pointed out it all comes down tot he exact devices being installed, so i'm going to finalize those first but my security cameras are the ones I want to pay the most attention to, especially because of some of their default plug and play features.

I assume your LTE antenna comes with a LTE modem/router which is what you referred to as 192.168.0.1, correct? And your pfSense router was issued an IP of 192.168.0.2 from DHCP from that LTE modem/router, correct? And you placed the pfSense router in the LTE modem/router's DMZ? You tried to ping from the LTE modem/router to the pfSense's WAN/192.168.0.2? Be a little more clear please.

not much feedback :/

The SG-2220 will probably be a good fit there. I assume you have a Gigabit switch in there on the LAN side? If you needed, for example, VLANs for different hosts and were routing between them via the 2220 you would see some restriction. But if your only traffic through the firewall is to/from the internet there would be no problems. Are you going to be running any VPNs? Packages? Steve

It seems that FreeBSD's tftp and tftp-hpa don't get on too well…. https://lists.freebsd.org/pipermail/freebsd-questions/2011-April/229210.html Well they didn't in 2011... maybe they still don't. How do I get around the problem?

I should start by saying that I only now realize this post probably should have gone in the Hardware section. Sorry Admins. Thanks everyone for your input. After a budget talk I think I like these. For the first location needing the 8 port: Netgear GS108PE-300NAS For the second location needing the 16 port: Netgear GS716T-300NAS I looked at the Ubiquiti gear and it looks great but cost was (always is) the factor.

If this is just for testing purposes set WAN to DHCP and your LAN to whatever you want and then configure your virtual network as you please.

@Steve_B: "These kinds of attacks are possible when a local web server lacks robust CSRF." pfSense has a robust CSRF system. I don't get to use that word enough.  Robust.

The ACB server has been having issues for many months now. Getting really annoying.

@johnkeates: @kpa: Faster boot time != better overall performance. It's possible to cheat during the boot time quite a bit and that's what many Linuses do to achieve on the surface great looking performance. However, the real performance of a firewall/router has nothing to do with boot time but with the performance of the packet filter and the network stack. And seriously, are you going to be rebooting your router/firewall so often that the boot times actually have some significance?  :o I think it's more an issue of scale for his case. 100 routers using 1GB RAM and 2 CPU cores is quite expensive. Yes, we will be booting the firewalls so often that the boot times are very significant, and John's right, it's absolutely about scale for us. We're evaluating this for use where we launch thousands of VMs daily, with individual VMs or small collections of VMs connected to a pfSense VM that is serving as their NAT gateway. Faster boot performance at that scale definitely counts, perhaps moreso than the performance of the packet filter and network stack (although we don't want to ignore the performance of those either).