Is pfSense the right solution for me?



  • Howdy,

    I currently have a T1 line with ENDIAN as my firewall/web content filtering/VPN/SMTP proxy for my small network.  Works wonderful.  We are now ordering a 7Mbps/1Mbps business DSL line to serve as backup and I would like to bond these two connections to get us 8.5Mbps download and 2.5Mbps upload.  ENDIAN Community only has failover support, no bonding/load balancing at this time.

    So I see pfSense does load balancing and has some very cool features, which gives me the idea to put a pfSense box in front of my ENDIAN firewall to get the load balancing and added security.

    My main concerns are that I have an Exchang server onsite, so I need inbound and outbound emails to happen on a specific IP address.  From my initial search, this is possible but I need to make sure.

    The other option (if possible) would be to connect both WAN links to my ENDIAN firewall and be able to specify IP's/subnets (heavy users) to use the DSL line and the rest of the company use the T1.

    This is how my network would look:

    [WAN1]
          |
          |
    [pfSesnse]–-----[ENDIAN Firewall]–------[LAN]
          |
          |
      [WAN2]

    Look forward to hear any feedback!



  • should work if you do right configuration… see the doc of pfsense.
    http://forum.pfsense.org/index.php/topic,16923.0.html



  • AFAIK

    the new release EFW 2.2 can suppport dual-wan



  • I think 2.2 Final only offers failover, not load balancing.

    In pfSense, can I have certain users (by IP) have all traffic go out one WAN interface and the others go out the other?

    For examplem, make 172.30.100.0/24,172.30.20.55 use WAN1 and the rest of the users go out WAN2.



  • Yes.



  • well, maybe u should try read this first ….

    http://foolbaby.wordpress.com/2008/01/06/load-balance-with-2-or-more-red-nic-with-endian-firewall/

    http://beni-santoso.blogspot.com/2008/01/setting-multi-wan-pada-efw.html

    i think, it is better using 1 distro for ur case... which is, if u wanna using pfsense then u should eliminate EFW. and if u wanna continue using EFW, then  pfsense will waiting 4 u...



  • No, using Pfsense instead of EFW only if you want failover and load balancing but if u want to have a content filter . then you need to have EFW or something like smoothwall. i.e. because Pfsense Squid with MultiWAN doesnt works properly. and you will not be able to use squidguard.


Log in to reply