Do people using pfsense all work in IT?



  • It's my general wondering and an open question to the community here.

    Since maybe 3 years I'm running local internet access point for up to 30 computers based on pfsense.
    I'm dealing with computers (generally speaking) for past 20 years. Networking started and is till now a hobby for me. I think I have a decent working knowledge of pfsense and networking principals. I never did it professionally so I wonder:

    • is this kind of background enough to start thinking about merging personal interests with potential career development?

    I'm assuming big majority of people on this forum work in IT so I would like to get a rough idea of how much a working knowledge of pfsense in this instance would correlate with real life job experience and which entry position would be within reason to target, if anyone would like to dignify this thread with an answer?



  • I have PfSense in production in about 20 offices and compared to a lot of people on this board I'm a real new guy and not very knowledgeable.



  • I work in IT and have been using and very lightly contributing to it since 1.0 dropped. before that I used what it forked from (m0n0wall if you are not familiar).



  • I used m0n0wall as a captive portal for guest wireless at a small convention/training space, worked great.  It went in when a previous employee said we'd need to spend a bunch on a appliance like solution, I used a recently retired Dell PowerEdge 2850.  I think I put it in around February of 2010.  It ran for a while after I left, although I heard they migrated to pfSense due to state table issues.  If I knew about pfSense at the time, I would have used it instead (I had been using m0n0wall at home for quite some time.)

    I currently work with a -very- large LAN party group that hosts 400+ person LAN parties, often with dual 100Mb uplinks.  We use pfSense on decent hardware ("white box" server) and it's perfectly stable.



  • I work in IT professionally, though we don't use pfsense at work, I have heard of pfsense being used in such circumstances.

    Though it's not common, if a company has enough funding for budgets they tend to (if their network is relatively large), they tend to go for much more profound hardware, in the sense of companies like Cisco, at work we use a Netgear patch box (not sure what it actually is), since the gateway's an old server we used to use.



  • I'd estimate 90-95% of the people here are in IT. Not necessarily networking and security experts, though many have very impressive credentials, some are more entry level folks looking to grow their skillset. The last ~5-10% tend to be students with IT-related interests, and some people who are reasonably technical but not in IT by trade who are running it at home or some network they're managing somewhere being someone who knows something about computers.

    I'm not sure what split our user base is between home use and business, but there are easily tens of thousands of boxes running in various business networks, big universities, state local and federal government in multiple countries, and more. Most of our business customers we get because the people in charge use it at home first, see it can do everything their <big name="" vendor="">box can do and then some in some areas, and when it comes time to upgrade firewalls or put in a new colocation or office, they go with pfSense instead of dropping an order of magnitude more money on commercial gear to provide the exact same end result or a lesser result in some cases. Other times their existing firewall starts flaking out and they need a replacement fast, and there's little faster than being able to install pfSense on about anything you have laying around and throw it in. It works out so well they don't bother going back to commercial alternatives.

    Can you build on your experience running a small network like that to get into networking and security professionally? Sure, you'll have to dig in and learn more things than you'll pick up just running a small network though. Read general networking books, general security books, our book http://pfsense.org/book is good for having very solid firewalling and related theory in addition to specifics with pfSense. Lot of that knowledge transfers over to any firewall, so it's a good choice for learning firewall topics in general. You can definitely build upon what you've learned to get to a professional level in networking and/or security, but it'll require a good deal of work beyond just what you've picked up here and there running such a network. That's probably enough background to get started in a help desk type role, which is the common entry-level position in IT, and work your way up from there. The vast majority of IT people I know, and myself personally, started out in a help desk/desktop support type of position, worked on their own to grow their skillset, and got promoted up through the organization to positions in networking, security, or similar after proving their skills and determination to grow professionally. If you're established in some other career you may have to take a significant pay cut to start off in an entry level IT role, and be prepared to not make a whole lot of money for a couple years or so while working your way up the ladder.</big>



  • I'm a home user with no work history in the IT field. I taught myself to use computers in 1992, my first being an AppleII, and currently have a computer running OpenBSD 5.2 and a laptop running FreeBSD 9.0.

    My first experience with firewalls was the Conseal PC Firewall, a rules-based packet filter, on my Windows98 box. Both of my computers run the OpenBSD pf firewall, but my first experience with a hardware firewall is my current pfSense box installation, which I utilize on my home Ethernet network. Having some prior experience with the pf firewall I'm comfortable with pfSense rules and operation and haven't had an ounce of trouble out of it since I first started using it earlier this year.

    I've considered going with a straight OpenBSD or FreeBSD box as a firewall but I'm very happy with pfSense and have no plans to switch over from using it.



  • @cmb:

    Most of our business customers we get because the people in charge use it at home first, see it can do everything their <big name="" vendor="">box can do and then some in some areas, and when it comes time to upgrade firewalls or put in a new colocation or office, they go with pfSense instead of dropping an order of magnitude more money on commercial gear to provide the exact same end result or a lesser result in some cases.</big>

    <big name="" vendor="">I manage the IT infrastructure of a small NGO and that's exactly my case. Started using m0n0wall at home and then "upgraded" to pfSense because of upnp support ;) . When I realized the potential of pfSense I ditched Sonicwall at work. I have been running pfSense in two locations for few years without problems and I recommend it every time I have a chance.</big>



  • @mr_bobo:

    I've considered going with a straight OpenBSD or FreeBSD box as a firewall but I'm very happy with pfSense and have no plans to switch over from using it.

    This has come up before, and for many real-life scenarios pfSense can probably save most "ordinary" network admins a huge amount of time (i.e. do in two hours what one would probably spend 20 hours to accomplish with OpenBSD or FreeBSD). If on the other hand you're looking to build a LNS box for 5k users for an ISP, you'd probably better with plain FreeBSD.


  • Banned

    I work in IT and have 20+ years of experience. I am a dedicated "Windows" guy and know very little of FreeBSD "nerd" stuff. So the GUI of PFsense is what I need and I need a "walkthrough" when it comes to github asf. I have run firewalls like M0n0wall, IPcop and smoothwall. Always returning to PFSense. Currently running 1.2.3, since I have weird issues with 2.0.1 and generally think its not very intuitive compared to 1.2.3. I have been on the forum for quite some time and have learned a lot from the very nice people in here. I got the idea to make Countryblocker for 1.2.3, but dont have the knowledge to make it. Tommyboy180 did, and he did it quickly!



  • I'm a tier II tech who works for the government in the US (Department of Energy) and have the advantage of a large team. I can take what I learn from messing around with the pfsense setup at home, and have a fuller grasp of what our netops team is talking about.

    More recently I purchased a tp-link smart-switch that supports VLANs. I've since converted my pfsense box to ESXI, virtualized my pfsense and setup 5 vlans. Talk about being thrown into the deep end, coming from no working knowledge of vlans other than their purpose.

    Helps greatly when trying to discuss issues at length with netops. I can also go spend the day with them, and see their day-to-day work.

    So just by toying around with pfSense I've exposed myself to basic routing, packet-filtering, squid, VLANs, BGP, ESXI, and a handful of other neat things.

    In summary to answer the OP's question, I would say depending on your devotion and expanding your experimenting, you could easily get an entry level job in the networking field. You'd quickly want to get some cisco training as you without question will run into cisco devices.



  • I'm too working in IT, but more on business IT side like SAP, Oracle DB or new stuff like iPad as single device.
    For those topics is always good to know how the bits travel between end points. I use pfSense on ESXi 5.1 mainly at home; but with the goal to prototype/showcase some solutions for business and to continue learning. Playing around is it too. A bit. A lot bit  ;D



  • should of run a poll!  IT isn't my profession, but I like to tinker with things like pfsense and computer gear.



  • Solid state electronics student for me. Tangentially IT, but not really at the same scale.
    Love pfsense at home though undoubtedly running on an overkill machine.



  • Retired IT type here, started out with MonoWall, moved to SmoothWall for more features but got tired of the lack of direction, progress, bug fixing and the horrible additional tools process there.

    Spent a lot of time reading about small firewalls, both the performance and as important the community and decided pfSense looked like the best spot for me.



  • Police

    first job was in IT as technician but it was rather dull so I did not go back to it after doing my time in army. Computers&networks are more or less just hobby..



  • I work in IT but only use pfSense personally.  I did have it as a guest-wireless firewall in a previous job, but that's about it.  While it is the best of the cheap or free options out there, it fails on useful logging, packages (too many beta packages), timely bug fixes and updates compared to the big boys.



  • @valnar:

    While it is the best of the cheap or free options out there, it fails on useful logging, packages (too many beta packages), timely bug fixes and updates compared to the big boys.

    What kind of logging are you missing ? Considering that not only does pf allow very detailed logging, you can use tcpdump on pflog or the physical interface(s) either from CLI or webGUI, and you can export netflow data.

    Regarding timely bugfixes and updates, I'd be inclined to agree, but I'd think with the significant increase in installed base to 170+k live pfsense systems, it will eventually be possible to improve pace through crowd-funding.

    Anyway pfSense does still miss some "big boy" features (e.g. L2TP/IPsec, GRE NAT proxy, TCP multipath, IPsec IKEv2, IPsec redundancy with multiple Phase-1, IPsec VTI, DMVPN, L7 filtering etc), most of which however are not relevant to probably 95% of the SMB installations. And in return pfsense offers ISC dhcpd, ntpd, unbound, openvpn and so much more.


  • Rebel Alliance Developer Netgate

    @valnar:

    packages (too many beta packages), timely bug fixes and updates compared to the big boys.

    Re: Package versions, that's mostly the fault of the various maintainers just never updating the status. Most all of them are probably at least "stable" but that field is mostly ignored.

    We fix bugs very fast in most situations. We may not have very frequent releases, but the bug fixes are public in the source repos and they can be applied as needed in many cases. And there are always snapshots if one needs certain fixes/features before an official release.



  • @dhatz:

    @valnar:

    While it is the best of the cheap or free options out there, it fails on useful logging

    What kind of logging are you missing ? Considering that not only does pf allow very detailed logging, you can use tcpdump on pflog or the physical interface(s) either from CLI or webGUI, and you can export netflow data.

    valnar, when you have a moment, please elaborate on what you meant by "useful logging" and pfsense limitations vs other platforms.

    TIA.



  • It's not the logging per se, but the user interface for it, hence "useful logging".  If you are familiar with the Checkpoint and Cisco ASDM GUI's, you'd know what I mean - especially for troubleshooting problems.

    Geez, sorry if I offended anyone.  ;)



  • @valnar:

    It's not the logging per se, but the user interface for it, hence "useful logging".  If you are familiar with the Checkpoint and Cisco ASDM GUI's, you'd know what I mean - especially for troubleshooting problems.

    Geez, sorry if I offended anyone.   ;)

    No offence whatsoever taken :-) I was just trying to understand where you were coming from, because "logging" might mean different things to different people.

    Anyway, as I wrote above, while the webGUI doesn't expose too all available functionality to the user, a knowledgeable networking professional can always drop to the CLI and do all sorts of troubleshooting.


  • Rebel Alliance Developer Netgate

    @valnar:

    It's not the logging per se, but the user interface for it, hence "useful logging".  If you are familiar with the Checkpoint and Cisco ASDM GUI's, you'd know what I mean - especially for troubleshooting problems.

    Geez, sorry if I offended anyone.   ;)

    Well it's not really offensive per se, it's just extremely vague and unhelpful. If you can explain what "useful" means specifically, to you, it would help more than a vague complaint.

    Also try 2.1, the firewall log filtering was expanded quite a lot.



  • Did the network admin gig then moved to SysAdmin/Engineering/Development.

    Have used pfsense to hold up 2,000+ students in the past. Some small hosting companies and test/dev environments frequently. Been using at home since 0.6.x or 0.5.x I think….Spring/Summer 2005...Helped Scott setup the forums originally way back when.



  • :D
    Hello, another IT admin here.

    Started using monowall at home, and quickly found about pfsense.

    After a few months, I started to deploy pfsense at most my clients. At the time, sure mainly I was the only using it for vpn in to the office. Nowdays everyone connects trough the internet, and firewalls like pfsense aid a lot in keeping cost down, or better being able to get a massive pc for the firewall.

    At the most important locations, I do have an HP DL380G5 with pfsense. It does make a diference. The best about pfsense, is that you build up as you need. so no matter if you are a beginner in networking, or have quite the experience, pfsense is a great tool to learn and use.

    I would like to take advantage of this topis and thank everyone on the pfsense team.



  • Yep, another IT guy here.

    Been using pfSense at home after getting sick & tired of the consumer level garbage, using DD-WRT to get better functionality, and still needing to reboot the device every week or so. Tried Untangle, the gui was nice, but it made me feel like a donkey with Untangle riding me, dangling a carrot on a stick in front of me to purchase stuff. ClearOS was neat, but felt bloated. Stumbled across pfSense after the 2.0 stable release, and it was love at first install at home (virtualized under ESXi 5).

    And we literally swapped out our Fortigate 80C last night at work (11 hours ago now) in favor of running pfSense 2.1 in a VM, everyone's been telling me today "the internet works so good now!"

    Admittedly, if I wasn't in I.T. I'd probably still be limping along with yet another wrt54g flashed with dd-wrt …..



  • I'd love to stamp a bit "LIKE" on your post…

    Another IT guy - but primarily application focused (not networking). At home, I've played around with multiple router firmwares (dd-wrt, tomato, openwrt) and *NIX based firewall/router distros. Prior to switching to pfSense, I spent a couple years using IPCop, but also looked at ipFire, ClearOS, Untangle, etc.

    In my opinion, nothing comes close to pfSense because of the following:
    1.) It's completely open - no pressure to buy a bunch of crap
    2.) It's a rock solid, no-nonsense firewall distro (no NAS, Media junk, etc.)
    3.) It has tons of add on packages already available (my favorite - Dansguardian)
    4.) The UI and base functionality can be easily modified
    5.) The community is active and helpful



  • Not in IT here I farm but do the IT role for friends and family maintain ~25 boxes mainly windows. I was driven to Pfsense for dual wan as a replacement to a xincom box to balance cable modem and dsl as sometimes even with both we dont have decent internet.



  • Another IT person here. I work for a medium size non profit and do some network, some sysadmin. I started looking for alternatives to cheap little Linksys routers at our branch offices that kept having random issues. I tried IPCop as I was familiar with it but then found pfSense. After swapping in pfSense I liked it so much we got rid of the Sonicwall at the head office and eventually replaced everything with pfSense at around 30 locations. With OpenVPN it runs like a champ!

    I also use pfSense at home and recommend it to others as well. I learned a lot from "the book" and just trying things out in VM.



  • Just a retired IBM pEng (Hardware Failure Analysis)  here, now living in Jasper National Park (Canada), I operate an 80 rental cabin resort which now offers wifi over its 10.1 acres of river front property.

    Thanks to pfSense in part.

    I never studied IT per say, but my old job required I kept my friends close and enemies closer… lol.



  • I work in an IT related position (in Marketing) .. so do I count?



  • @Keljian:

    I work in an IT related position (in Marketing) .. so do I count?

    I don't know - can marketing people count?  ;)

    I play in IT - it can hardly be called work, does that count also?


  • Netgate Administrator

    @phil.davis:

    I play in IT - it can hardly be called work, does that count also?

    Doesn't get better than that. You get my vote.  :)

    Steve



  • I'm a system's designer and consultant that does a lot of programming. I've been building computers since I was 8 years old. Now that I think back, I'm not sure why my dad let an 8 year old handle $3k of computer parts. Anyway, my college job was actually as IT for my University. We were the second tier support and coordinated many projects that involved the admins. We had access to the entire system, from VLANs to servers. The kind of work we did required such access, primarily for debugging reasons. We got so much food from happy teachers after we fixed their computers.

    I now spend most of my time in front of a computer, but I still find myself coordinating admins. I'm not in a management position, I just tend to mesh well with other tech people. They seem to like how I mostly understand and appreciate how and why they do things, so they tend to play well with me. I only ask for permissions that I need, and can explain why I need them and provide alternative ways of accomplishing the same job with pros and cons. I also tend to be good at identifying something that may affect an admin, and ask for their blessing even if I already have access. Admins like that.

    I have an educational and hobby interest in network and server design and security. That was something like 5 classes alone with 3-4 credits per class. But nearly all of my post-graduation professional experience is in system design, programming, customer data interfaces, and SQL.

    Not really IT.

    Computers are so much fun.



  • I'm an economist by education and profession. Started with 'puters a long time ago, and managed to destroy every operating system within hours after installing them. Of course windows (I don't recall the version, it came on two 1.44 floppies  ;D ), OS/2, and a zillion Linux-versions (those were the days, early nineties, 'Linux will be king in 3 years' or so the talking heads in the computer magazines were writing back then). FreeBSD I met early 2000's, the first I didn't crash within hours, so my eternal love goes to FreeBSD, and therefor also to pfSense.



  • I'm sad to say I work in IT also  :P Been in the field for about 16+ years… Started as a Network/Windows Admin for a small company then was recruited by an evil empire (a large MSO) 12+ years ago. Since then I've worked on high end network equipment, window servers, pbx, acd systems. I have gone thru many changes here but it keeps it interesting... These days I work mostly on Telephony/CTI Application servers... Miss working on networks but its fun when I prove the network team wrong because their config is messed up (I hate one-way audio calls)

    Stephen



  • Started as PC-assembling helper in early 90's to pay some bills at university, I am a Mechanical Engineering, M.Sc.

    I am an IT enthusiast and tech-fanatic, now I pay my bills working as VP Maintenance for a major EU Airline.



  • Fun thread. -^_^-

    I'm in IT and am a systems and network administrator. I've been doing it for about 2 years now and was a helpdesk person before that. All in all I think I'm much less a "network admin" for my title than others on here are, as I've only been doing things for corporations for about 4 years now and before that I stocked shelves at walmart. lol

    So really, even though I am a network admin for about 450 employees(several trucking companies) I'm more just that tinkerer at heart. :D I started programming and stuff when I was about 14 and computers were simply a huge passion. I actually really didn't want to go into IT as a profession because I felt like I would be too restricted and I also didn't tend to focus on single areas and thus, was very much so a jack of all trades type. It hasn't been until the last 2.5 years that I have pursued Network administration. VERY hard and fun and frustrating. I like that I have been able to do this, but I'd actually rather be a makeup artist or design makeup. <3 In particular, I'm a nail polish fanatic. lol



  • Not IT in the Business sense, but what is commonly called "manufacturing IT" or "Automation Controls". lots of computing, switching, and routing as it pertains to automated machinery. The business IT work that is increasingly forced on me I perform with a fair degree of rancor.

    I only use pfSense at home, admittedly less and less. I much prefer a Cisco router, but with the speeds I have at home, Cisco equipment would be quite costly, although I just picked up a couple 2851s with VPN modules that I may be switching to, at least temporarily for lab purposes.



  • I just like using hardware that isn't made by any big company - for a variety of reasons.

    It being cheap/free is just an ancillary benefit.

    Not an IT guy.