Is it OK?



  • as I know pfSense is a freeBSD based and made for firewall purpose.
    But, after sometime, the function is becoming wide, not only a firewall but also proxy, traffic management, etc.

    Do you think it'll be just OK with all that stuff, according the first purpose of pfSense - firewall -.

    for me it's running very well, but it will become not suitable if we call pfSense as firewall OS.



  • You are absolutely right.
    The more applications you add to an appliance the chances for failure increases. As long as you understand the security risk involved go ahead and run it. If you are really worried about performance and security then separate your services to different appliances.

    You can search the forums and find that people don't like it when someone asks how to turn pfsense into an ftp server or NAS device but using pfsense as a cache server and traffic management is idealy the same thing, a risk. You are adding additional services that will lower security.

    Now please also understand that running squid and snort and traffic management of the pfsense box is most of time necessary to get the functionality of the above mentioned examples. If you want traffic going in and out of the box to be monitored then you have no choice but to run snort on the box if you want that functionality on the network. Same thing with squid. How will you transparently cache data if squid is not running on the pfsense box?
    It’s a two sided argument. Just know the security risk when you install a service. If you run SSH on pfsense then also run Denyhost (Mcrane and I should have a denyhost package soon)


Log in to reply