Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Shall I recommend pfsense ?

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 620 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      basantashrestha
      last edited by

      As a IT consultant, I have been asked to recommend firewall with following features :

      Users: 50 (approx)
      Bandwidth: 25 Mbps (approx)
      SSL/IPSEC VPN support
      Dual ISP active/active load balancing
      Application and URL filtering (optional)

      Does pfsense support all these ?
      If yes, does community version support these of we need to get specific netgate model ? Please sugest.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        25 Mbps for 50 users? First thing I would recommend as a consultant would be more bandwidth ;)

        But sure pretty much anything that would run pfsense would handle such a setup. A good entry level box that would allow for say up to a gig would be a sg3100.

        I would for sure say you should grab a copy and install it an play with it on your own connection before recommending it to anyone... I have been using it for 10+ years.. And really wouldn't recommend anything but pfsense..

        And yes pfsense can do your listed requirements.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        JKnottJ 1 Reply Last reply Reply Quote 0
        • JKnottJ
          JKnott @johnpoz
          last edited by

          @johnpoz said in Shall I recommend pfsense ?:

          25 mbps for 50 users? First thing I would recommend as a consultant would be more bandwidth ;)

          I recall the days when a company would get a fractional T1 for their internet connection. A full T1 is 1.544 Mb/s. Back in the late 90s, the IBM Canada HQ had a T3 (45 Mb) for about 4000 employees, IIRC. The original Internet ran over 56 K. These days, many people have a Gb for their home.

          BTW, 25 millibit/sec would be real slow for even one user. 😉

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            hehe true.. Mbps I got lazy, fixing my typo now thanks.

            Yeah internet use to be slow.. I remember the days of 300 baud modems ;)

            But back then a common website home page wasn't 3MB in size either..

            I just looked cnn front page is 6MB ;)

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              It can't, directly, do application filtering. You can use Snort with OpenappID to some extent but currently that only blocks hosts. The upcoming Snort version will allow per connection blocking though.

              Steve

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Well depends on what you make of "application blocking" It can be done native if your just talking the ports the application talk on..

                But as its listed as optional, and it can be done with optional packages. snort and openappID and proxy for url filtering.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.