Pfsense behind ASA



  • We are thinking of moving from Untangle (Free) to Pfsense.  Basically, all I want Pfsense to do initially is filter web traffic content (ie. Facebook, Port etc).  I don't want it to do any routing, firewall-ing, or anything like that.

    Is this possible?

    Would this be ran in a bridge mode for that type of setup?

    Thanks!
    Danno


  • Banned

    And how do you route your traffic from pfsense to the internal servers?



  • I am not sure what you are asking.



  • Yes, it's possible.  Allow All rules on all interfaces will negate the firewall.  It won't act as a router if nothing is using it as their gateway.  Delete all the NAT rules and NAT is disabled.  Install Squid3 and squidGuard and away you go.


  • Banned

    Not necessary.




  • You know, I really should learn to check there more often.  This isn't the first time I've suggested a more complex solution than a simple checkbox here or there.



  • We are thinking of moving from Untangle (Free) to Pfsense.  Basically, all I want Pfsense to do initially is filter web traffic content (ie. Facebook, Port etc).  I don't want it to do any routing, firewall-ing, or anything like that.

    But why not only a CentOS system with a Squid + SquidGuard then?

    Is this possible?

    For sure it will, but only with Squid + SquidGuard it will be much easier to administrating.
    To look out of a window, you don´t need building a skyscraper, a normal house will do it also!


Log in to reply