Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall for production network

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      snort
      last edited by

      Hello Guys,

      Hope you have a great Christmas!

      In the mid February I'm planning to colocate another server, and right now I'm thinking about firewall solution. It will be a VMware host on Dell R620 (2 x CPU Intel E5-2600 v2, 128GB RAM, 2 NIC (1Gbps port and management port) I was thinking about hardware solution but the licenses for the hw firewall are too expensive (over 1000 pounds for IDS).

      I did some research and I think that software firewall pfsense will be the best option.

      1. Does anyone using pfsense for production servers ? have you got any problems ?
      2. The traffic on existing server is between 20Mbit/s and 150Mbit/s up - Do you think that IDS like snort or suricata will work without any problems with pfsense on this traffic ?
      3. Some software don't support private IP addresses, the server network setting have to be configured on public IP address - is it possible to pass traffic from server in DMZ through pfsense on public IP addresses ? (80.80.80.80 –> pfSense --> 80.80.80.80)

      Thanks,
      Snort

      1 Reply Last reply Reply Quote 0
      • M
        Mr. Jingles
        last edited by

        0. I think a dedicated appliance would be appreciated, not a virtual appliance. Security wise.

        1. Yes, many, many, many people and companies do (and yes, many, many, many problems occur: that is what this forum is for; it's almost just like in real life: problems  ;D ).
        2. I think 99,9999999999999999999999999999999999999% it won't be any problem. But I will humbly leave this to the Great Steve or others to reply: they know all the nasty details I don't.
        3. I'm a noob, I'll leave this question for the Masters who actually know what they are doing  ;D

        6 and a half billion people know that they are stupid, agressive, lower life forms.

        1 Reply Last reply Reply Quote 0
        • chpalmerC
          chpalmer
          last edited by

          Whenever someone around me asks questions about implementing pfSense in any commercial environment I usually pull up this document and show them.

          https://doc.pfsense.org/index.php/Comparison_to_Commercial_Alternatives

          pfSense can easily be configured to port forward on a port by port,  1:1 NAT, or even act only as a firewall to devices/computers behind it that have their own public IP addresses.

          :)

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.