Replace Fortigate with pfsense, hd requirment? options to sell fortigate? and other questions

m0zeid

Hello everyone,

I know this is a long post, but instead of opening 3 separate threads here they are in same place :)

So I've been using pfSense in my for many years, and worked in places where mikrotik routers, sophos UTMs were utilized. And now I'm offered a position in a school that depends a lot on internet, portals, SMSs... They like to be fancy with tech stuff

pfSense vs fortigate
Anyway, they have fortigate managing a lot of things plus they have fortinet access points controlled by the fortigate.

Roles of the fortigate afaik:

• web filter
• controlling wifi access depending on device type, certain SSIDs deny phones to connect
• firewall
• routing (local subnets)
• and maybe other stuff

Nearly everything IT related is already implemented, so I don't have much "upgrades" I can offer. But the school is facing financial issues and wants to cut on expenses and that's why I would offer to replace expensive equipment and services with cheaper/free/open-source ones.

So as a basic idea do you think this is a good idea? Or I'm opening the doors of hell?

• firewall: I think it can be managed perfectly with pfsense.
• routing: I will see if there is any good L3 switch and used it for inter-vlan routing
• WiFI APs: I'm thinking of Mikrotik or Unifi APs.
• Web filtration: I use this in my home setup with squid proxy filter, it's a disaster. I'm using the well known and trusted shallalist, but it seems outdated by years. I've tried porn sites, news sites and others that are really well known for more than couple of years and they are not blocked. any suggestion on this point? it's very critical. yes I'm ok with paid lists.

Hardware requirements
Couldn't find an answer, only minimum specs.
We have near 250 computer clients.
200 mbps fiber internet connection and looking for an upgrade (maybe 300)
No VoIP or any video calling going through internet gateway.
I can't buy equipment from netgate atm, I can use one of the computers that I have around (i7, with bunch of RAMs) or I can buy a used high-end workstation from local market.
So what I have now is dell optiplex core i7 3.5 GHz, 128 gb RAM, and 2x256 gb RAID 0 SSDs (chinese models).
Is it enough for the whole school with 200+ mbps speen 250+ computers with snort enabled?

Selling fortigate
If everything is done well, how can I sell the Fortigate equipment?

I would be delightful if I can get help from here :)

NollipfSense

Since you had mentioned pfSense and Mikrotik, you got my attention as I use both and like them and recommend them any chance I get. In my case, pfSense is king of my WAN, and Mikrotik is king of my LAN.

@m0zeid said in Replace Fortigate with pfsense, hd requirment? options to sell fortigate? and other questions:

Web filtration:

I recommend pfBlockerNG-dev...that would stop them before they load.

@m0zeid said in Replace Fortigate with pfsense, hd requirment? options to sell fortigate? and other questions:

Dell optiplex core i7 3.5 GHz, 128 gb RAM, and 2x256 gb RAID 0 SSDs

That should handle your traffic! Pleasant amount RAM in it also, and I would format the SSD ZFS if you haven't done so already.

@m0zeid said in Replace Fortigate with pfsense, hd requirment? options to sell fortigate? and other questions:

how can I sell the Fortigate equipment?

eBay!

psp

@m0zeid said in Replace Fortigate with pfsense, hd requirment? options to sell fortigate? and other questions:

2x256 gb RAID 0 SSDs (chinese models)

About this, I'd change to a RAID1 configuration.

We moved from a couple of FG100-D (HA) to 2 pfSense (CARP) with UniFi APs (12 AP-AC-Pro) and pfBlockerNG-devel.

No regrets.