Configure Firewall and WAN Router in same server?



  • Hi,
    I'm a complete newbie when it comes to Linux/BSD platforms, having only ever used Windows before.

    We have a small office network comprising of a few servers that need to be connected to the internet. We're planning to set up another machine and install pfSense on it as the firewall. We haven't purchased our router that connects to the ISP's connection yet. Our ISP has a fiber-optic line coming into our building, and they have a router there that then provides internet connectivity to other tenants through ethernet cable, so we'll just be needing a basic ethernet router.

    Now my question is - since we have decided to save a ton of money by using standard PC hardware with pfSense installed in lieu of a commercial grade hardware firewall, could we also save some more money by configuring this same machine to also act as our WAN router? That way we won't have to buy the router for connecting to the ISP's connection.
    Is this method secure? Or do you guys recommend using pfSense in differing roles (like Firewall or Router or DHCP server, etc) on different servers?



  • @reachrishikh:

    could we also save some more money by configuring this same machine to also act as our WAN router? That way we won't have to buy the router for connecting to the ISP's connection.

    Yes, if allowed by your ISP and approved by other tenants.(It is not clear if "we" means your office or the collective building tenants sharing the internet connection)

    @reachrishikh:

    Is this method secure?

    Yes, if correctly configured (depending on what you mean by "secure").

    @reachrishikh:

    Or do you guys recommend using pfSense in differing roles (like Firewall or Router or DHCP server, etc) on different servers?

    No, not normally necessary but depends on exactly what roles you have in mind.



  • Hi,
    "We" means strictly my office in the entire post above.

    Thanks for the reply, I will have to check with my ISP then if I can connect to them using the pfSense router.

    The only roles we need to use this for are the firewall and the router. We already have other machines on the network taking care of everything else.


  • Netgate Administrator

    pfSense in standard configuration is a router and firewall. If your ISP are providing connectivity via ethernet then you will not need any other hardware. The pfSense WAN interface will connect directly to that. Your ISP should have no problem with that, it's exactly the same as connecting any commercial router.

    Steve



  • In my firm we have more 60 computer using internet connection with load balancing .In my pfsence i configured dhcp squid firewall ip forwarding to web what else we need rather than pfsence . yes you can save more money if you have knowledge to problems in pfsence here more Ideal and technical persons available here to help us with their experience . from ISP all fiber end are ended in a GE converter out put connection may vary base on 10/100/1000 in my firm I have one 100 based and 1000 base card is used to handle the incomming connection .so you have to know about that configure it before


Log in to reply