What features make pfsense a firewall?
-
https://www.pfsense.org/about-pfsense/features.html
-
PFSense does stateful Layer3/4 packet filtering. It also does a bunch of other things, but this is the main feature of any firewall.
-
I have to install all these packages into pfsense or these all are built in features ??
Firewall
Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic
Limit simultaneous connections on a per-rule basis
pfSense software utilizes p0f, an advanced passive OS/network fingerprinting utility to allow you to filter by the Operating System initiating the connection. Want to allow FreeBSD and Linux machines to the Internet, but block Windows machines? pfSense software allows for that (amongst many other possibilities) by passively detecting the Operating System in use.
Option to log or not log traffic matching each rule.
Highly flexible policy routing possible by selecting gateway on a per-rule basis (for load balancing, failover, multiple WAN, etc.)
Aliases allow grouping and naming of IPs, networks and ports. This helps keep your firewall ruleset clean and easy to understand, especially in environments with multiple public IPs and numerous servers.
Transparent layer 2 firewalling capable - can bridge interfaces and filter traffic between them, even allowing for an IP-less firewall (though you probably want an IP for management purposes).
Packet normalization - Description from the pf scrub documentation - "'Scrubbing' is the normalization of packets so there are no ambiguities in interpretation by the ultimate destination of the packet. The scrub directive also reassembles fragmented packets, protecting some operating systems from some forms of attack, and drops TCP packets that have invalid flag combinations."
Enabled in the pfSense software by default
Can disable if necessary. This option causes problems for some NFS implementations, but is safe and should be left enabled on most installations.
Disable filter - you can turn off the firewall filter entirely if you wish to turn your pfSense software into a pure router. -
Is this question serious?
-
-
Help with what exactly? Using Google, perhaps? You claim to have used things like ISA and TMG and come here to post something like this?
-
Not sure what packages you are referring to, but yes, the features of the pf packet filter are included in pfSense which is based on pf.
-
Help with what exactly? Using Google, perhaps? You claim to have used things like ISA and TMG and come here to post something like this?
I am just going to use pfsense, I was bit confused and just clearing my confusion, ISA and TMG are totally different from pfsense. and obviously after searching on google, i came to this platform, but here the friends like you are not saying welcome to me. :-\
-
Uh. Perhaps, define what makes a firewall from your point of view. Bottom line:
- No, pfSense is not UTM.
- No, proxy ain't considered a firewall feature.
-
Definition: A firewall is a network security system, either hardware- or software-based, that controls incoming and outgoing network traffic based on a set of rules.
Since pfsense does this - there you go its a firewall ;) Is that what you were looking for?
It uses PF, here this is info on PF which stands for PACKET FILTER.. kind of the heart of any firewall ;)
http://www.openbsd.org/faq/pf/
-
let me share you my idea, I just want to create a network like this
pfsense as firewall >>> squid cache as proxy on centos7 >>> server2008 as FTP server, I want to share my ftp server over the network with security, that is why i am too much concerned related to security point of view.
what you people suggest.
what should i do to create a network like this. -
I would suggest to NOT run an FTP server in the first place if you want a secure transfer protocol. Even the less on an OS like W2008.
-
Yeah I'm with dok, if you worried about security wtf would the words ftp come in to same sentence.. FTP has been deprecated for YEARS… If you want to securely xfer files there are much better ways. SFTP for example.. For that matter simple https website.. 2k8 also quite old, is it even r2?? Your just going to use the ftp server that is part of IIS???
So your wanting to use squid as a reverse proxy? Is that how you want to use it to your ftp server? Or http you serving up off the iis box as well?
-
but can you people please explain what are the features in pfsense that we can call this a Firewall,
Firewalls are filtering traffic by using rules or rule sets, in pfSense this job is done by the packet filter pf.
as i think pfsense have only squid in it?
And ClamAV as a AV, Snort or Suricata as a IDS/IPS, but this are only features, options and functions
that came by default or over a packet system inside of pfSense. There are also on top many different
variants of firewalls available on the market and they all will be differ each from another by using different
techniques and functions. One of them would be the "NG-Firewall" that is working also application based.Please elaborate.
A router is routing packets from one to another or more networks, a firewall is inspecting packets to
separate packets from one to another or more networks and because that a firewall is also capable to
route packets make them not automatically being in the same area or on the same stage of devices.
