Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setup Roadmap / Security Best Practices

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 5.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      guardian Rebel Alliance
      last edited by

      Hi All

      I'm new to pfSense, but so far I'm impressed with the quality of the software and how nice the community is here.

      So far I've completed basic install and setup, got DHCP/DNS Resolver more or less configured, done a couple of firewall rules and leaned how to install packages.

      I'm hoping to get some ideas on suggested setup to secure a home network that I use to run a small businesses for myself and my wife. Have a half a dozen computers - mix of Win8.1/Linux/FreeNAS/Android Phones/Tablets/Laptops/a Media Player (that I don't let access the internet directly for security reasons)/and several VMs which I hope to connect to VPNs.

      Now the real work of proper setup begins. Hear are the main goals I want to accomplish:

      • Lock down as much as possible while still maintaining reasonable usability and not creating a maintenance nightmare

      • Good monitoring and display of activity so that it is easy to determine if there is something going on that shouldn't be.

      • Setup IDS/IPS - Best choice Suricata / Snort / pfBlocker / Other… or some combination-I'm hoping someone with experience can provide some guidance based on their experience.

      • To the greatest extent possible plug the privacy leaks created by Microsoft Windows 8.1 (not going to touch 10) by blocking telemetry and other objectionable "phone home" behavior.  Hence the need for good monitoring to spot such activity.

      Any suggestions would be much appreciated.  If I can come up with a good "recipe" I'll do my best to document it so others can benefit.

      Thanks.

      If you find my post useful, please give it a thumbs up!
      pfSense 2.7.2-RELEASE

      1 Reply Last reply Reply Quote 0
      • R Offline
        RyujinJakka
        last edited by

        I have spent quite some time lurking around here pretty well doing the same. While there is no magic bullet, the goal for me has been to have high security with low maintenance.

        I have quite a complex home network (to help emulate a corporate network for testing but also for security) and I am always looking to find ways to help secure it better.

        I have found this thread to be a pretty good starting point with some good security info; https://forum.pfsense.org/index.php?topic=78062.0

        There is also some pretty good info in the wiki such as this one for forcing your (or something like OpenDNS) DNS servers; https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

        Hope some of this helps and I hope some people smarter than us chime in too! pfSense is a great platform that is improving all the time.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.