Pfsense and other firewalls

  • I have been reading and playing with 1.0.1 and it looks like something I can really use.  What I need to know before implementing this using openvpn. If IPsec will work better, I would like to hear those thoughts as well.

    Does anyone have any experience using pfsense with other firewalls, particullarly sonic wall?
    Do they play nicely together?
    If so, did you have any issues getting them talking?
    Does anyone have a pfsense server hosting/serving more than one remote site?  Example of what I am looking to do;

    local office                                                        Health Dept
                                  pfsense server –-------------------------------- pfsense remote 1
                                      / |
                                    /  | 
                                  /    |   
                                /      |     
                              /        |       
                            /    Courthouse   
                          /      Sonic Wall     
        Drug Taskforce Office        Water and Electric Plant
          pfsense remote 2                  Cisco model???

    I have read the pdf on multi wan and ovpn, but I know how documentation can be much different than personal experience, trials, and frustration.  If anyone has even remote exposure to a solution like this in their environment I would be more than interested in your thoughts and experiences.

  • I haven't used openvpn yet but I have several locations running ipsectunnels. Biggest network consists of 12 locations that are all connected to each other through the mainoffice (only location that has a static IP) which acts as vpn concentrator. This setup is only using pfSense's everywhere.

    I also have another setup where a pfSense CARP cluster has VPN connections to a cisco pix, another pfSense and a sonicwall. Everything works smooth :-) For some examples how to configure the non pfSense systems see .

    Before you start to set this up you need to do some subnetcalculations. If you use IPSEC for that and need the remote locations to talk to each other through the central location you need to use some bigger subnetmasks at the central unit.

Log in to reply