Is pfSense for us ?
-
Hi
We are looking for a firewalling solution for a colo rack we are setting up. We are thinking of running pfsense on a Dell R200 with dual broadcom nics and around 2GB of ram (though we can put more in if required up to 8GB).
Really we are after the basic range of firewalling, QoS to prioritise traffic to/from certain clients servers (RDP traffic etc), and also reporting for giving clients 95th percentile reports for billing.
Is pfsense something that we could use? We have also been recommended untangle, though we have also heard horrorstories as well.
Any comments welcome.
Olly
-
There is a learning curve for pfsense, as for anything powerful enough. I recommend it highly. Also, get the pfsense book (and possibly the "book of pf" (i think that is the title) if you want more nitty-gritty about the guts of PF).
-
Hmmm it also needs to be easily managed, so that a tech can make basic changes easily (firewall rules etc).
-
The billing issue is the ISP downside to PF…..The rest is fantastic! I use it as a frontend firewall, and it works flawlessly!
-
You wouldnt then know of a way to get the ISP-ness and 95th percentile reporting with pfsense? Some people have mentioned cacti and that may be an option but I'm keen to get as few a solutions as possible.
-
Nope…not integrated with PFsense....
-
You wouldnt then know of a way to get the ISP-ness and 95th percentile reporting with pfsense? Some people have mentioned cacti and that may be an option but I'm keen to get as few a solutions as possible.
Cacti would be one way but that would not give you per-IP statistics, only per-interface.
For that kind of task you can use pfflowd to export netflow data to an external collector which can handle the billing info. There are many, many netflow collector packages out there though, I'm not sure which ones are recommended these days.
-
The billing issue is the ISP downside to PF…..
Nah, you have Netflow, which is what most ISPs use for that purpose (regardless of network gear).
