PfSense as a firewall only, plus other routers…does it make sense?



  • Hello All,

    I am contemplating setting up a pfSense box on my home network to serve as a firewall only. I currently have Verizon FiOS internet (and TV) service, which requires their ActionTec router to be the "first" device in the chain (and tech support needs to be able to hit it). Right now I have an Apple Airport Extreme wired to the ActionTec so that the Verizon box is just serving up DHCP and the Apple AP is serving up wireless. I'd like to insert a pfSense box between the Verizon box and the AP (as a pass through) to serve singularly as a firewall. Does that make sense?

    I'd be open to getting rid of the Apple AP if I can get a pfSense configured router with the same feature set (that I need) from the Apple AP. But this is a secondary thought to the first plan, above…unless the first one is unworkable or worthless. In that case I'd love to build a rocking pfSense router & firewall box.

    I'm looking for your experts thoughts/opinions before I move forward. Thanks!



  • If NAT is done by the Verizon's router (and you have no DMZ forwarding) - pfsense behind it makes no sense as all the "attacks" will be carried by the first router.



  • The FiOS router currently handles NAT, but I am pretty unhappy with it's performance overall. It's prone to crashing and needed hard restarts, its throughput seems pretty poor, and the user interface is a pain. Hence my idea to essentially bridge it so that the pfSense box servers as the DHCP server and is the "first line of defense."