Shall I recommend pfsense ?

  • As a IT consultant, I have been asked to recommend firewall with following features :

    Users: 50 (approx)
    Bandwidth: 25 Mbps (approx)
    SSL/IPSEC VPN support
    Dual ISP active/active load balancing
    Application and URL filtering (optional)

    Does pfsense support all these ?
    If yes, does community version support these of we need to get specific netgate model ? Please sugest.

  • LAYER 8 Global Moderator

    25 Mbps for 50 users? First thing I would recommend as a consultant would be more bandwidth ;)

    But sure pretty much anything that would run pfsense would handle such a setup. A good entry level box that would allow for say up to a gig would be a sg3100.

    I would for sure say you should grab a copy and install it an play with it on your own connection before recommending it to anyone... I have been using it for 10+ years.. And really wouldn't recommend anything but pfsense..

    And yes pfsense can do your listed requirements.

  • @johnpoz said in Shall I recommend pfsense ?:

    25 mbps for 50 users? First thing I would recommend as a consultant would be more bandwidth ;)

    I recall the days when a company would get a fractional T1 for their internet connection. A full T1 is 1.544 Mb/s. Back in the late 90s, the IBM Canada HQ had a T3 (45 Mb) for about 4000 employees, IIRC. The original Internet ran over 56 K. These days, many people have a Gb for their home.

    BTW, 25 millibit/sec would be real slow for even one user. 😉

  • LAYER 8 Global Moderator

    hehe true.. Mbps I got lazy, fixing my typo now thanks.

    Yeah internet use to be slow.. I remember the days of 300 baud modems ;)

    But back then a common website home page wasn't 3MB in size either..

    I just looked cnn front page is 6MB ;)

  • Netgate Administrator

    It can't, directly, do application filtering. You can use Snort with OpenappID to some extent but currently that only blocks hosts. The upcoming Snort version will allow per connection blocking though.


  • LAYER 8 Global Moderator

    Well depends on what you make of "application blocking" It can be done native if your just talking the ports the application talk on..

    But as its listed as optional, and it can be done with optional packages. snort and openappID and proxy for url filtering.

Log in to reply