Pfsense as firewall good or not good?

blackmetal

Hi,
we have about 3 full rack in a datacenter and we want use pfsense as transparent firewall for manage our network traffic and block some connections and prevent dos , so we decide use pfsense with rackmount server (e3-1220/4g ram/with ssd hard drive), so my questions are :
1. how many rules it can handle without problem?
2. can it handle about 200 firewall rules withno problem?
3. if i receive too much packets (pps or bps attack) it does not goes down?
4. it does not cause any other problem for my network?

our average uplink usages is about 30~35mbit but some times we have peak about 300-400mbit ,

i want know is it good that use pfsense as firewall for my network ?
if i receive dos attack ccr does not failed and goes high load?
thanks,

Nullity

1. Dunno.
2. Yes.
3. Too many packets will always be "too many." Impossible to answer.
4. It causes as many problems as the admin allows.

If ddos is a concern, a hardware firewall may be best.

I think you need to spend a day or two reading about pfSense and return with better questions. Search Google, the wiki, and this forum. Good luck. :)

blackmetal

i am searching about pfsense about 2 days but i could not findout pfsense is good for me or use mikrotik ccr 1016 as firewall but i am sure %90 about pfsense,
can add pfsense rule that if destination 1.2.3.4 reciev more than 500 pps from source ip 4.3.2.1 then blocked those packets is more than 500?
thnas,

mer

@blackmetal:

i am searching about pfsense about 2 days but i could not findout pfsense is good for me or use mikrotik ccr 1016 as firewall but i am sure %90 about pfsense,
can add pfsense rule that if destination 1.2.3.4 reciev more than 500 pps from source ip 4.3.2.1 then blocked those packets is more than 500?
thnas,

I believe that if you have a specific pass rule for that traffic, you can add qualifiers like Max Connections Per Second will will put the offending IP into a table for blocking.

blackmetal

when pfsense block ip can we see which IPs is blocked?

fragged

@blackmetal:

when pfsense block ip can we see which IPs is blocked?

You can set logging enabled/disabled for each firewall rule (+ default allow/block rules).

blackmetal

can i know what is your suggestions between pfsense and mikrotik ccr 1016-12g and why ?

muswellhillbilly

http://wiki.mikrotik.com/wiki/Manual:RouterOS_features

https://www.pfsense.org/about-pfsense/features.html