Small university network security design with pfSense 2.0.1
Hello! I am planning to design my network with pfsense router/firewall and I'd like to implement next function of the router:
-NAT,DHCP,DNS,DNS Forwarder,DMZ,Captive Portal,SSH,VLAN
I have one public IP (WAN) and I am planning to share Internet via LAN on 4 x Ethernet cards with 4 subnets
So, is it possible? I mean is it enough or I must to enable more function ? does these functions work in one system?
My system configuration: CPU Dual core 2Ghz,RAM 1GB,HDD80 SATA,4x 1000mb NICs
Waiting for your comments !! Thanks
Since you asked for comments:
I noticed in your DMZ you plan to put multiple virtualized Debian servers in VMs on a single physical server running Win2008R2 with Hyper-V. Since in your picture all those VMs will be running Debian Linux, I would use an operating system-level virtualization technology (check http://en.wikipedia.org/wiki/Operating_system-level_virtualization ) which offers practically native performance, instead of Hyper-V (or KVM, Xen etc).
Also, depending on the number of clients you expect to serve, I'd put squid+… on a different system than pfsense itself, probably another "container" on the server in the DMZ.
Finally, depending on your physical netwok topology and the area you'd like to cover with Wifi, I'd consider having both wireless access-points serve both guests & staff/students, using two SSIDs and corresponding VLANs.
Thanks for advise So, you mean to design all under Linux solutions?) I agree,I will think about it!!
Reasons to turn to Unix/linux systems:
-Educational organization has limited financial possiblities (Why should I pay when avalible different free solutions?)
-Network is Windows based network infected with viruses,
-Network OS s are Win Server 2003-buying licences for Client/Server OSs.
-Licences for Office packs,Firewall.antivirus soft and etc.
I know it is difficult to to implement Linux based solutions:knowledge and expearenses and etc.
and the otherwise students and personal adapted on Windows systems
An idea is so:
Access to: to Web, LMS+SQL,Web-conferencing,Corporate Mail-for 600-700 members (70% Web,20%LMS 10%other) existing Internet connection is 3mb/s (Fibre optic connection between University and ISP 1GB, also connection between faculties are realised by fibre-optic connection)
Technology: VLAN,Server Virtualization,Captive Portal(wi-fi), traffic filtering and controling and monitoring
A problem is that some of our 'network engineers' have not any expearence on linux, there are windows administrators and I need to find 'easy solutions' for them with GUI (Webmin,Iptabamin,pfsense)
Need your comments ! Thanks a lot!
marcelloc last edited by
Dansguardian can do content analyse as well antivirus and is free for non comercial use.
It,s Edraw Max http://www.edrawsoft.com/download.php