Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How much more secure is pfsense compared to normal routers?

    Firewalling
    4
    9
    19905
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wowser last edited by

      Hi,
      I've been using a typical home netgear wired router (which I assume probably runs linux) and I'm guessing it is hardened, my question is would I really be gaining any extra security by using pfsense, the extra features (like packet shaping!) are great but they are not essential, I was just drawn to it because of the security aspect but now I'm not totally sure, very confused at the moment!.
      Any advice appreciated!

      1 Reply Last reply Reply Quote 0
      • W
        wowser last edited by

        come on guys!, I've got the hardware all ready  :P , just want to know i'm making the right decision

        1 Reply Last reply Reply Quote 0
        • GruensFroeschli
          GruensFroeschli last edited by

          A firewall is only as secure as how secure it is configured.

          I'd say that on most soho routers the default config is already quite secure, but you dont have may options to configure/features.
          With pfSense you have a router that can do stuff only routers in the upper price-segment can do (aliases for rules, timebased rules, multiwan, traffic-shaping, failover, etc.)

          With so many options availlabe there's always the risk bigger of misconfiguration.
          So if you misconfigure your pfSense you can easiely end up with a pretty unsecure network, but i hope that's not the case ;)

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            What GruensFroeschli said.  :)

            pfsense gives you the ability to be much better off than your typical SOHO-grade Linksys/Netgear/Dlink/etc. equipment, though in a default out of the box config there isn't much difference from a security perspective. You have substantially more flexibility with pfsense, which always means substantially more complexity.

            This isn't an easy to answer question without specifics about your network and how it's configured now. If you can detail your current setup, maybe we can offer suggestions as to what you could improve with pfsense.

            1 Reply Last reply Reply Quote 0
            • W
              wowser last edited by

              Thanks a lot for the replies :)

              I'm not too worried about misconfiguration, I was using ipcop for just over a year and it worked out ok.

              Network setup is very simple, it will just be 2 PC's connected a switch, the switch connects to one interface while cable modem connects to the other, I actually built a VIA Epia machine which is low power usage and fanless, and has 2 nics onboard just for this purpose but I didnt think it thru :( , I just assumed my network will be so much secure for some reason.

              As for the rules I just forward some ports for azureus and thats it, no servers running behind the network etc.

              1 Reply Last reply Reply Quote 0
              • GruensFroeschli
                GruensFroeschli last edited by

                For azureus you might want to look into the upnp-feature. (since azureus is upnp-able)

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • S
                  spudgunman last edited by

                  it also depends what your need is, Iptables isn't going to stand up against a real audit. but it will protect your home network just fine. there is nothing "worse" about a homebrew fire wall vs a linksys other then the lack of plug and play (not upnp but the ability to make it work dumb)

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb last edited by

                    @spudgunman:

                    it also depends what your need is, Iptables isn't going to stand up against a real audit.

                    I guess it's good we run BSD and not Linux then!  ;D  The packet filter we use, pf from OpenBSD, is used by some of the highest security network environments in existence. It's used by a number of government agencies around the world, Fortune 500 companies, etc.

                    pf is proven enterprise class, and would stand up fine to a "real audit" (if configured properly). Though for that matter, iptables configured properly would stand up to a "real audit" as well.

                    1 Reply Last reply Reply Quote 0
                    • W
                      wowser last edited by

                      Thanks for the replies everyone.

                      I've taken the plunge and set it up, took a whole day because had to rewire everything as I wanted the server in the loft, however its all done now and working.

                      I've got a small problem though, my broadband speed has dropped, i'm on 4meg and used to be able to download at 420kb sec and now my max is 30, I have no idea whats wrong, either its a coincidence and somethings wrong at my ISP end or the pfsense box is causing it, which I doubt.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post