WANTED: Assistance in setting up a NEW Firewall for a Windows network
-
Id suggest https://portal.pfsense.org/
-
Thanks for the suggestion, however we're looking for someone to actually do the work for us, NOT us doing it…
We had one guy come forward before, but he's since vanished with no response to emails.
So, as per OP is there anyone that can help us?
-
There really is not much difference in how you were using it before and how you would use it now.
Your DC would just be another box behind the firewall in most setups. Just turn off dhcp on pfsense, and turn on dhcp on your windows server, just point to the pfsense as your gateway.
Your AD members would point to your AD dns, this would be handed out in your dhcp as well vs pointing to pfsense for dns. You could then have your AD dns forward to pfsense, or whatever other outside dns you wanted to point to for NON AD domains, and or even directly from roots.
Happy to help how I can, but there really is not much too it. Are you planning on changing out your current pfsense? If not its as simple as just bringing up dhcp and dns on your AD server(s) and turning off dhcp on the pfsense.
-
Thanks :)
The other area, where we ARE struggling is VPN.
As a software developer we need to take security VERY seriously, however we need to let some external contractors have access to our project management servers…
So we believe a VPN is the way to go, but really have less than ZERO of a clue how to set this stuff up.
Any help?
-
At least in my browser, there is a banner "Need pfSense help?" at the top of most forum pages, which links back to BSD-Perimeter company (creators of pfSense).
Have you tried that option?
-
And yeah that is pretty easy as well, openvpn is a couple of clicks.
If allow remote access to your pfsense, I can set that up for you in like 3 minutes tops. Did you follow the wizard ;)
-
as said before, for professional support (they do remote-installs) go with BSD Perimeter. They developed pfsense, they do hundreds of commercial installs every year.
I'm sure there will be lots of forum members willing to set this up for you, some will even do it for free.
If you really can't find anyone else, and are in dire need, i'd be willing to help out but i'd prefer not to.
(Something can always go wrong, and there are limited recovery options when you are a zillion miles away)kind regards
jeroen
-
Im with heper, get with commercial support if this is for COMPANY, etc.. You said you would be willing to pay - then pay them, this helps everyone out!
I would be happy to do it for free as well, but its not all that difficult - you don't have any IT people there? If you have been working in IT for more than a couple of years and you can not figure out how to setup pfsense, maybe you should not be in the field.
-
I've been in games development for 25 years this year, but not IT also we only have 12 staff so an employed IT person isn't really needed…
In case you're wondering ... Http://www.jawltd.com and http://www.oddworld.com is who we are...
-
I would be happy to help, for free even.. You have not put out anything your looking to do that would take more take more than a few minutes really.
But if your looking to pay, I would go with https://portal.pfsense.org/index.php/support-subscription
You get 5 hours for $600
–--
Support - if you run into a problem with pfSense, we're here to help.Configuration assistance - whether you need some brief guidance on the best approach, or want us to walk you through the configuration via GoToMeeting to control your screen, or log in to your firewall and completely configure it ourselves, we are available for any level of assistance.
Configuration review - we can review your configuration to ensure it follows both pfSense and general firewall best practices, and provide recommendations on improvements.
Network design - When deploying a new network environment, it's important to start with a sound network design. We have provided assistance with network design ranging from a review of your proposed design, to completely designing the environment to your requirements and providing complete, professional network diagrams and documentation. These are commonly larger or more complex networks, such as co-location environments, WISPs, small ISPs, universities, and large corporate environments.
Conversions to pfSense - For customers with an existing firewall looking to convert to pfSense, we can configure pfSense matching the settings of your existing firewall product. We have experience with a wide range of commercial and open source firewalls, and extensive expertise and experience with Cisco PIX and ASA. To determine whether we can convert your existing firewall to pfSense, email us .
I would think the configuration and network design are the 2 your looking for. And nobody knows pfsense better then they do! ;) And for $600 for 5 hours, that's a FAIR rate to be sure.. I would charge the same if I was going to charge you ;)
-
Here's a list of what we're looking for …
1. Setup a VPN using our AD usernames and passwords...
2. We have an Apache/PHP/MySQL server which we'd like to be accessible via LAN and WAN
3. We also have exchange server with ISA for web mail access.
So that's the whole shebang ;)
Stew
-
- not a problem, user manager, servers point it to your AD. Then setup openvpn (what I would suggest as choice)
- that is a simple port forward, pfsense has nothing to do with lan access - unless you have multiple network segments?
- Do you mean OWA, ISA is outdated windows firewall and nothing to do with exchange. OWA is the web access for exchange email. Either way again that is simple port forward.
There really is not much there. And you want to do this with your current pfsense? I would have to assume your port forwards are already setup if your access your Webserver? Is the email new? Or do users currently access it via web?
The hardest part would be getting the info needed from you to point your pfsense to your AD for the vpn integration ;)
I am sure $600 is not out of your companies budget - so just get a support subscription. Might be something you want to keep going forward, if you ever run into problems/questions you got a hotline right into the bat cave ;)
-
I thought ISA was the web server for OWA?