Site to site VPN connection
-
Hi All, I'm new to the site. this firewall looks really good. I have a couple of questions though…
I currently have a site to site VPN useing checkpoint routers. Our Main office has no intention of switching.
My office just had a 50mbit cable connection installed and the check point router can not handle 50mb so I want to change this device to something that can. to my understanding this PC based firewall will help.My question is; Can I setup a site to site VPN using this software to the checkpoint system in our main office?
if so, how many site to site vpns can this handle?
Can routing rules be set to direct VPN traffic to the VPN site(s) and internet traffic to bypass the VPN?
Thanks
Jason
-
That mainly depends on what kind of VPN tunnel it is.
If it's IPsec, then yes, it can be made to work. When setting up the VPN tunnel, traffic to the subnet you specify will go over the VPN tunnel and everything else will go out to the Internet.
There is no limit to the number of site-to-site tunnels you can have in pfSense. Your only limit is how much throughput that your hardware can handle. Pretty much anything can handle 50Mbit of unencrypted traffic, but it may take something with a fair amount of CPU power handle that much across a VPN.
-
I'm a long time Checkpoint user, and new-to-PFSense user.
The PFS unit will not be swap-replaceable with the CP unit, without doing some setup at the remote end.
Typically, the main HQ controls the "enforcement points" configurations remotely.
They "push" a configuration file that syncs all them together, so if you swich out the CP unit for PFS, I suspect you'll be getting a phone call from HQ when they don't see the CP unit online anymore.You'd need to co-ordinate with them, and they will need to create a new "compatible device" at their end with the parameters of your PFS unit for the VPN tunnel(s).
Be careful about NAT-T. CP handles that well.
PFS, well in the next release (R2) it should.
1.2.3 - not so good.