Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Configure Firewall and WAN Router in same server?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      reachrishikh
      last edited by

      Hi,
      I'm a complete newbie when it comes to Linux/BSD platforms, having only ever used Windows before.

      We have a small office network comprising of a few servers that need to be connected to the internet. We're planning to set up another machine and install pfSense on it as the firewall. We haven't purchased our router that connects to the ISP's connection yet. Our ISP has a fiber-optic line coming into our building, and they have a router there that then provides internet connectivity to other tenants through ethernet cable, so we'll just be needing a basic ethernet router.

      Now my question is - since we have decided to save a ton of money by using standard PC hardware with pfSense installed in lieu of a commercial grade hardware firewall, could we also save some more money by configuring this same machine to also act as our WAN router? That way we won't have to buy the router for connecting to the ISP's connection.
      Is this method secure? Or do you guys recommend using pfSense in differing roles (like Firewall or Router or DHCP server, etc) on different servers?

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        @reachrishikh:

        could we also save some more money by configuring this same machine to also act as our WAN router? That way we won't have to buy the router for connecting to the ISP's connection.

        Yes, if allowed by your ISP and approved by other tenants.(It is not clear if "we" means your office or the collective building tenants sharing the internet connection)

        @reachrishikh:

        Is this method secure?

        Yes, if correctly configured (depending on what you mean by "secure").

        @reachrishikh:

        Or do you guys recommend using pfSense in differing roles (like Firewall or Router or DHCP server, etc) on different servers?

        No, not normally necessary but depends on exactly what roles you have in mind.

        1 Reply Last reply Reply Quote 0
        • R
          reachrishikh
          last edited by

          Hi,
          "We" means strictly my office in the entire post above.

          Thanks for the reply, I will have to check with my ISP then if I can connect to them using the pfSense router.

          The only roles we need to use this for are the firewall and the router. We already have other machines on the network taking care of everything else.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            pfSense in standard configuration is a router and firewall. If your ISP are providing connectivity via ethernet then you will not need any other hardware. The pfSense WAN interface will connect directly to that. Your ISP should have no problem with that, it's exactly the same as connecting any commercial router.

            Steve

            1 Reply Last reply Reply Quote 0
            • R
              rakeshvijayan
              last edited by

              In my firm we have more 60 computer using internet connection with load balancing .In my pfsence i configured dhcp squid firewall ip forwarding to web what else we need rather than pfsence . yes you can save more money if you have knowledge to problems in pfsence here more Ideal and technical persons available here to help us with their experience . from ISP all fiber end are ended in a GE converter out put connection may vary base on 10/100/1000 in my firm I have one 100 based and 1000 base card is used to handle the incomming connection .so you have to know about that configure it before

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.