• Administrator

    This thread is meant to be a place for you to share your stories involving pfSense.

    You can share implementations, specs, configurations – the idea is to help others gain insight and help them take design elements based on real implementations.

    So, what is your case study?

    Thanks to several people including Snailkhan, FlashPan, and jonesr for getting the idea going. I'll try and fill this description post out more in time.


  • My goals were a reliable internet connection and a router that could handle torrents. Nothing worse than seeing that yellow caution icon without an internet connection. I overloaded two Asus routers with torrent activity. It was almost two months before determining the cause of my internet woes was the combination of consumer-grade router hardware and firmware with torrent activity. I considered Cisco, SonicWall, ZyXEL USG40/40W, Sophos, OPNsense before opting for pfSense. I wanted to configure router to send traffic through VPN with PIA. I have server-grade motherboards and compatible RAM for a pfSense device so it made a tough decision somewhat easier. I didn’t want either Linux based firmware or ‘another computer’. I have structured wiring which means wireless is not a concern. I do not wirelessly stream video or games. Wired clients are 5 HTPC, 2 HDTV, 4 WDTV boxes, server, tablet, NAS and PC equipment. Wireless clients are smartphones.

    Specs
    M/B: Supermicro X8SIA-F
    CPU: Xeon X3470
    RAM: 16GB ECC
    HDD: WD Blue 250GB
    WAP: Asus RT-N56U

    Configuration
    Snort
    pfBlockerNG
    Squid3

    I’m still learning about packages and considering Surcata. I haven’t done anything elaborate with configuration.

    I will be upgrading to Supermicro A1SRM-2758 with 8GB RAM to take advantage of features such as AES-NI and Quick Assist Technology for VPN.

  • Administrator

    Thanks Blade Runner!

    I'll go ahead and cross-post this "case study" /u/sysvival posted over on the pfSense subreddit a while back to keep the ball rolling:

    https://www.reddit.com/r/PFSENSE/comments/1mk54f/building_an_enterprise_network_using_pfsense_and/

    It's a great read.

  • Administrator

    Here is another of someone replacing all of their remote Meraki devices with SG-2220s. They also had a MX90 at corporate and have replaced that with an SG-4860.

    https://www.reddit.com/r/PFSENSE/comments/42syzb/bye_bye_meraki/


  • I'm repeating myself from the comment jdillard referenced:

    Myself, I have worked in IT for decade+ and have used pfSense for 8ish years. Until three years ago I was working for SMBs and what I do at home puts the earlier IT company employer's infrastructure to shame. Now I work in the IT department for a school and get excited whenever my boss mentions he is considering pfSense, after my strongest recommendations.

    I think I started out with pfSense for similar reasons to Blade Runner, my ISP supplied modem/router would just freeze up if I "used too much internet". I would say I was one or two steps above absolute novice at the time, so my appreciation for pfSense beyond the usual its free/high quality/comprehensive features/expandability comes from how it made me want to try new things for the sake of it, improve my knowledge and learn new skills.

    I used pfSense a fair bit when I worked at a IT training company. I delivered CompTIA's Network+, Security+ and Server+ and ended up replacing most of the labs in the training materials with pfSense equivalents, the students loved it. One in particular said to me in a breathless whisper "We pay £1000's for X and this thing does everything it can do and more".

  • Administrator

    Thanks jonesr, it's great to hear stories of people growing their careers alongside pfSense!

    Here is another story from /r/pfsense where he replaced a Cisco ASA with a SG-2440 (coincidently during the IKE vulnerabilities) with plans to replace more: https://www.reddit.com/r/PFSENSE/comments/45hw1t/out_with_the_old_and_in_with_the_new_i_received/

    Here is some backstory where he asked if pfSense would be a good fit for his needs: https://www.reddit.com/r/PFSENSE/comments/45asyu/convert_from_an_asa_5505_ipsec_vpn_to_pfsense/


  • Hi guys!

    OK so I got inspired (for a little write-up) and want to share my experience with pfSense.
    I`m working for a company which primary focus is IT security. 10 employees, nothing fancy.

    So I started with Coyote firewall back in 2004, implemented it also in the company in 2006 and it worked for half of year. Needs were growing so I decided it`s time to move on. I picked up spare box and loaded few things up. I was choosing between monowall, smoothwall and ipcop. I settled with Smoothwall in the end. It is cool project but was lacking more advanced options and additional network segments (they only have green, orange, purple and red oh and also blue).
    Then after few years I decided to try pfSense.

    FreeBSD was new to me but yet similar to Linux so I kind of managed to get things going. Major drawback (and also huge favour I did to myself) was hardware support. My Dlink and realtek and some other crappy NICs just wouldn`t work. Some did but performance was awful. So I decided to get some Intel gigabit NICs and ever since no more problems AT ALL in this area. Important lesson learned here.  8)

    I think I started with version 2.X back then in 2012 and since I havent moved to other product not at home or work. Hardware was supported quite well so no problems in this area. Now its naturally only better and 2.3 is really outstanding not only in this but also in other areas.

    I`m running 8 internal networks, dual wan, snort, squid, using aliases, VLANs, ipsec site2site, openvpn for mobile clients, you name it… On a 200€ box.

    But what is truly amazing here, are the developers and community. People are helping each other, ideas are accepted, devs are reachable and things get fixed really and I mean reaaaaly fast. This is the true strength of this great project. Good product+good devs+awesome community = :)

    I think that I have resolved every single problem I had with the help of the forum members and alongside gained A LOT of knowledge and very important practices and principles of networking.

    So in a nutshell, I was looking for a product that can replace Smoothwall and I found top product with awsome community :)

    So this is it, I apologize for spelling errors etc. as English is not my primary language, and I hope I helped someone with this post :)

    See you on forums :)

  • Administrator

    Here is another well written story that was shared on reddit about replacing an ASA with pfSense:

    https://www.reddit.com/r/PFSENSE/comments/4dcg9l/success_story_replaced_an_asa_with_pfsense/


  • I've been using pfsense for about 4 years now with 3 machines and stopped upgrading after 2.1.5 because of the errors with the Squid packages.
    Finally I've installed from scratch the latest version and some of the problems I had with https sites have been solved and it's allot faster.
    I'll be doing the same thing to the other 2 proxies.


  • so I decided to upgrade my security for my home network and build a router.
    installation went get, set up seemed to go smoothly as well, until I tried to get out to the internet.
    the pfSense box will ping numerous websites so I know it's working with my modem.
    accessing it from my computer to work with the GUI works perfect to. I sat everything up and tried to access the world wide web and nothing happens. Checked my rules and everything seems fine.
    So then I started reading countless posts trying to find if I had set anything up incorrectly. I spent hours reading through this forum. I even ended up watching hours of setup videos that gave exactly NO information on writing permissions for web access.
    The small handful of posts and vids that actually showed someone writing permissions I copied exactly. Still no internet access.
    I've gone as far as re-configuring my NIC's, changing IP addresses and the results are always no external internet access.
    Finally I lost connection to the GUI and that's the final straw.

    I will not be using this software. I have spent days messing with this easy to use system and have grown tried of hearing its name.


  • @that:

    so I decided to upgrade my security for my home network and build a router.
    installation went get, set up seemed to go smoothly as well, until I tried to get out to the internet.

    videos that gave exactly NO information on writing permissions for web access.
    I will not be using this software. I have spent days messing with this easy to use system and have grown tried of hearing its name.

    Since you used your first post to complain about the product one has to assume your intent was nothing more but to come here and troll. pfSense comes out of the box ready to access the web. If you set up your client for dhcp and still had problems the normal person would have asked around as to why it didn't work when over 100k other installs work so flawlessly. Including every install Ive ever done.  If you decided to set your client static how did you set it? You could have made an error there.

    My guess is that you immediately started changing settings with no real understanding of how to do so. But decided not to ask any questions for yourself or describe in a better place such as the general forum tab.

    And videos- this forum and commercial support are the only official places for for obtaining support. If you are on youtube looking for someone to show you how you never know the level of skill or if that person has any real clue about what they are talking about.

    Thus my belief that this is simply a troll.  Please prove me wrong.


  • I've  been hearing and reading about pfSense for about 3 years, which started because the IT administrator at my school accepted my request to have a look at their firewalls and server setup out of sheer curiosity, where I saw their untangle firewall and started doing my own research with old hardware and virtualization.

    My Asus RT-N66U followed by an Edgerouter Lite served me well, but about a month ago I took the plunge after a long power cut at home and installed esxi on a laptop I had laying around and wasn't using (Toshiba Tecra R950-11F) and put pfSense on it. It took some screwing around to understand VLANs on my managed switch and to run my laptop as a router with a single ethernet port but it all worked out in the end.

    My setup:
    Modem on Unifi Switch port 1
    Laptop on switch port 2
    Everything else including 3 unifi access points on the remaining ports

    100/6 internet connection

    The setup took care of a 30+ device LAN party thanks to some simple flexible traffic limiters. Had 7 different steam downloads going at one point without a hitch or any interference with browsing and other streaming.

    I'm sure I'm not doing this in the most power efficient and sensible way, and the laptop I'm using is definitely overpowered for this sort of stuff, but I've always loved experimenting with these things.


  • I had gone through my share of off-the-shelf firewall and router products, the stuff you can buy at Wal-Mart, all the way through to small Checkpoint and Netscreen products. All of them were less than satisfactory in one way or another. Some were cheap and it showed, others were expensive to acquire and maintain. None of which met my evolving needs. The open source stuff was kinda rough at the time, and I tried a few, but there was always something that hit me wrong. However, growing up on SystemV, I always had an attraction to the simplicity and power of Unix. Generally, my opinions of other OS's of the time was, Linux was a coagulation of shareware atop a Windows-like kernel and Windows itself was the devil. So, it all started for me with a Supermicro Intel D510 M/B, FreeBSD 7, an Intel 1G multiport NIC and pf, and I "rolled my own" for many years. Between 100-200Mb of blazing port-to-port throughput served me well for a long time!

    Then, the long awaited pfSense 2.0 changed my life. The pf and FreeBSD tools I knew and loved, all bundled together in a reasonably fashionable and logical UI, and I've had no reason to change my mind yet.

    Today, that same Intel D510 is a Stratum 1 time source, one of several. Supermicro and Intel are still my M/B and processor choice for all things. I've opened my mind a bit and embraced Linux for those things it's good for, ousted Windows in favor of OS X/MacOS, unless absolutely necessary, and FreeBSD is the basis for almost all my critical server needs, most of which run on top of VMware ESXi hypervisors, managed by VMware VCenter.

    My PfSense build as it runs today:

    Supermicro X9SCL+-F
    Intel E3-1230v2
    Intel i350-T4 for 2 WAN interfaces
    Chelsio T520-SO-CR for all LAN-type interfaces (12 VLANs total)

    VMware ESXi 5.5
    PfSense 2.3.4_1

    Multi-WAN
    Avahi
    DHCP
    DNSMASQ
    NTP
    OpenVPN
    FreeRADIUS
    Snort

    And while I don't have facilities to test the throughput capabilities of the 10G ports (the 10G interfaces are for aggregation of multiple 1G VLANs) or all ports simultaneously, VLAN-to-VLAN 1G throughput is a non-issue with a few rules in place, and I'm certain sustaining this level of performance over several interfaces simultaneously is a reality. Additionally, 100+Mb of OpenVPN throughput (WAN links are 100Mb and 150Mb per) are a reality.

    For those concerned about pricing, this particular hardware build, and most of my builds frankly, have been and are "Frankensteins". The latest hardware iteration available is never a good choice, 1 or 2 hardware generations previous is fairly safe, older hardware, safest of all. I've enjoyed great success and trouble-free operation with a collection of both new and used hardware. I buy spares for 10-25% of the cost new for most wear items (fans, disk drives, etc.). CPU's, by and large, are indestructible, but do need to be handled carefully. Same for quality motherboards and NICs. Memory and hard drives, similar to CPU's, handle with care and buy spares. Virtualization minimizes hardware requirements, and makes things very easy.

    The D510 was quiet, and I have had silent, low-power builds when needed. They are do-able and completely satisfactory. Just know that life is all about compromises, and silent/cool will almost always compromise performance in some way.  Luckily, I have space and the environmental control to not worry about heat and noise now, so I don't.

    Virtualization: Technological godsend. Makes upgrades, experimentation, mistakes, errors, and the occasional brain fart much easier to overcome. Snapshots and reversion are your friend. Type 1 is best, Type 2 will do if that's all you have. I know. I've done them both. Performance on Type 2 is 50% of Type 1. Type 1 is 97% of bare metal, mostly indistinguishable.

    Security as it relates to pfSense and virtualization: Don't "share" physical pfSense interfaces with other VMs,or vSwitches, as the temptation will be there. Figure out another way - this falls under the "Don't do silly things with virtualization" rule. Other than that, the standard mantra applies. Less is always more. Fight for every rule. Remember pf doesn't allow anything to pass, by default, on an interface. Any rule added is a potential security hole.

    I'm still very satisfied after many years. What other products can I say this about? Too damn few. Great job pfSense folks!


  • Gonna kill this beast this week, just wanted to share it as a good memory of an outstanding reliable piece of software.
    Runs inside VMware ESXi 3.5.0, on a recycled HP DL380 G4, originally put in operation in 2005.  8)
    The physical machine was only stopped for a couple of minutes about 10 years ago, to add RAM. The 32 GB SCSI drives have been replaced 2 times (with used ones).


  • LAYER 8 Global Moderator

    While the ability for any software and your hardware/system to run for such a long time is nice.

    That you would run your firewall on software that is no longer updated or maintained is BAD security..  2.1.5 should of been updated when it went EOL..  Its still running esxi 3.5 that went end of extended support back in 2013 and end of even technical guidance back in 2015 is not good practice from any point of view especially security.


  • I began using pfsense for a few reasons.  Basically, it appeared to me that the normal verizon actiontech routers were purposely designed to allow anyone to crack the wifi and access the router remotely.

    The other major reason was that the ISP provided router did a horrible job with managing static DHCP and seemed to leave ports opened by u-pnp open forever.

    Also, as mentioned previously pfsense can be provisioned with an enormous state table.

    After using it, I also really liked all of the added features such as VPN.

    It does what it is supposed to do very reliably and has been doing so for many years now.


  • @johnpoz:

    While the ability for any software and your hardware/system to run for such a long time is nice.

    That you would run your firewall on software that is no longer updated or maintained is BAD security..  2.1.5 should of been updated when it went EOL..  Its still running esxi 3.5 that went end of extended support back in 2013 and end of even technical guidance back in 2015 is not good practice from any point of view especially security.

    Agree with everything! This box, however, was only handling internal routing between some private networks. Didn't have access to the internet either - updating wasn't easily possible. Was also a low-priority segment - it's now being killed forever and nothing comes in place.


  • I hope this thread is still alive :)

    I was using m0n0wall for a long time (still have one that's been alive without reboot almost 7 years!) before I came across the first customer needing VLAN, about 12 years ago I think. I got recommended to check out pfsense, and I have since then never looked back. These days I run my own company and importing hardware and building our own routers based on APU2 board and pfsense. We have at least 200+ installations out there, and we're also running pfsense in our small datacenter where we maintain our smallest customers, as well as the two geographical backup sites we keep for customer data. And, at home of course, where I hide my entire network behind an OpenVPN service setup in pfsense.

    I'm originally a Windows-guy, but after I met pfsense I realised there's a whole world of open source out there so I started learning, and today roughly half of our services are based on open source.

    Comparing pfsense to Cisco or the likes, I'd say there is no competition when it comes to price / functionality / reliability (as long as you use an appropriate hardware). Only kind words from me!

    ...and were are also retailers for Netgate in Sweden, not that we have a lot of customers of the size demanding that good hardware.


  • @Phatsta I am using PfSense now for about a year and find it to be a great tool!
    I am still a very young novice in it's use, but saying that, it has saved my PC's from countless attacks and intrusion as well as providing a safe network a reality.


  • We moved a couple of years ago from a Fortigate-HA/MPLS based solution to a full pfSense one. HQ plus 5 subsidiaries in EU and one in US are site-to-site connected. All hardware is based on Denverton C3K with IDS/IPS. No regrets at all.


  • I recently switched to pfSense. I'm still pretty new to it. Here is my story.

    I used to have a $20 router. Now that I think about it, it's quite a piece of garbage. The router has a build-in reboot function. I can set the router to reboot itself every day or every week. So that the router won't acting funky. Back then, rebooting router is believed to be a necessary periodic action that everyone is expected to do.

    After about 1 or 2 years of use, I finally burnt out that little garbage router. It refuse to connect to internet anymore (or maybe refused to route, who knows). I then switched to a used old cisco/linksys router. I flashed a DD-WRT system on it. That's the first time I know that router can have an OS that's not from the factory. This cisco/linsys router is very reliable. I rarely need to touch it. It just always runs good.

    However, over the years, I gradually reached the limit of that cisco/linksys router. It still works fine, but I now need more functions that requires more powerful hardware. For example, OpenVPN won't work on that router because the CPU is too weak. This is when I learned that you can actually install a "router OS" on any computer. I started my research and finally landed my eyes on pfSense.

    My current network:
    Netgear modem (I don't know the model, but it's not the default modem that my ISP give me. This modem is very reliable)
    pfSense on a Qotom fanless pc. i5 5200U cpu, 8gb ram, 521gb SSD (I realized this big SSD might be a waste)
    Netgear 8 port switch
    Netgear access point.

    In this question I posted, I talked more about my pfSense settings if you are interested.
    https://forum.netgate.com/topic/154474/multi-openvpn-client-random-openvpn-connection-customize-sticky-connection


  • Quick story here, just to confirm a point about ProxMox adapter performance.

    I set up pfSense 2.4.5-RELEASE-p1 (amd64) on ProxMox on Friday, and when I was creating the VM it was crashing if I used the Virtio Parallel driver for the NICs so I changed to E1000.

    After install eveything worked but bandwidth throughput was slowed by half.

    I shut down pfSense and changed the NIC drivers to Virtio and started pfSense back up.

    On boot pfSense ran through interface assignments, but I was pleased to find that once I was back up and running, none of my configurations had been lost and everything was working as it should.

    I did have to reconfigure the Snort interface in order to get Snort running again but once I did that everything was running well.

    I ran speed test again and got full bandwidth and pfSense is running great.

    Moral of the story is anyone having throughput problems on ProxMox deployments, needs to make sure they are using the Virtio Driver (where supported) because it does make a huge difference (at least from my experience with Intel NICs)

    My set up is:

    2.4.5-RELEASE-p1 (amd64) with Snort in VM on ProxMox 6.2-4
    On HP T730 thin client 64GB M.2 SSD, and 16GB Memory
    Intel EXPI9404PTLBLK PRO/1000 PT 4-Port PCIE NIC

    Sean


  • Hello
    I have been working in the IT business my whole career.
    When I retired I was not aiming as being a "couch potato" so I search for an activity as a volunteer
    and I discover Emmaüss Connect a caritative French association.

    Emmaüs Connect fights for the digital inclusion of the most vulnerable people in France,
    where a quarter of the population is unable to use the internet on a daily basis.

    I joined the local team in Lyon France where I provided lectures regarding basics used of laptops, smartphones
    and tablets.

    From an IT side I found that the small local network didn't have any protection aka the cable modem/routeur
    was directly connected to the PCs.

    Talking to the local responsible I suggested that we implement some basic strategy to protect our local network.
    The constraint was to make it at 0 Euros as you may understand.
    After looking around on what was available on the software market I choose pfSense because it got an excellent
    reputation, it was modular and available to be implemented on a recycled PC.

    So I moved that way and with the help of the pfSense user forum and the many excellent tutorials available on Youtube
    I end up with a pfSense configuration that is now up and running 24 hours a day.
    The Firewall protects our small network.
    I also added the following packages:

    pfBlockerNG : to filter what is going out because we don't want people going to "bad" sites using our network.
    Captive portal : so we can provide free vouchers to the people we are supporting to use our network to connect to the internet.
    OpenVPN : so I can do remote monitoring/maintenance on the firewall.

    I like to really thank the whole pfSense community for the great product they have made and keep maintaining actively.
    I will be a real advocate for it.
    If anyone is in the same situation I will be happy to help/share.

    Thanks again
    Pierre


  • I'm not sure how well this fits in with the topic, since I'm not a network admin or engineer, and I've only been using pfSense for a short time for my home network.

    I had been using some consumer-grade routers at home and found them unsatisfactory, often unstable, and generally unreliable.

    I had tried an inexpensive brand of routers that was less consumer-oriented and that worked ok. I also tried one of the mesh systems and that worked ok too. Neither was really ideal though.

    Some of my friends and co-workers had been telling me I needed to switch to pfSense. I resisted at first because I thought it would be overkill. I looked at the Netgate appliances and thought the SG-1100 might not be enough to allow for future growth and the SG-3100 seemed too expensive.

    I also wanted to try Untangle, IPFire, Sophos, and another project that I won't name.

    I got some hardware and tried these out and it didn't take long to decide that pfSense made the most sense to me and offered the features that I wanted. It was really easy to install and configure and has great docs.

    I've since found that some of the features I originally wanted, like Suricata, really didn't add anything for me at this time. I also talked to some people and found that faster internet is going to be a long time coming to my neighborhood, so I'm not going to need to handle gigabit speeds anytime soon.

    The SG-1100 would probably have been ideal for me, although I wouldn't have been able to try the other software on it, so it didn't seem as attractive until I really decided that what I wanted was pfSense. (The SG-2100 arrived a bit too late, but would have been an excellent choice too.)

    pfSense is the router/firewall for me. It feels comfortable and I'm looking forward to learning even more about it and finding ways to make it even more useful and informative.


  • I just wanted to run pfSense virtualized and discovered that it is not possible. - The thread got hijacked by a whole load of senior members who seem to believe that virtualization is all about dual-booting (hardly) and ProxMox was recommended.

    No problem there, but ProxMox is hell to run, will not install pfSense, and does not like anything but Debian distros. VMWare, on the other hand, can be made to run on Windows, but software pfSense will not work with it, and cannot be used for PPoE IPv4 with PPP IPv6 ...so absolutely useless; especially so bearing in mind that, even given all the right DNS information, it absolutely refuses to connect to your ISP on FTTP connections even with the ethernet cable plugged directly into the mainboard.

    Thank goodness for Draytek: the experts are right when they say that pfSense (and others) cannot even come close to them and, more importantly, at least they work.


  • @2RTzC5KbQGH4aG I'm glad that you found something that works for you, but I've never heard any "experts" recommending Draytek. :-)

    I've worked in IT for many years and I think this is the 2nd time I've even heard Draytek mentioned. They sort of remind me of Zyxel, and that's not really a good thing.

    BTW, I know people who run pfSense virtualized and some of those are using ProxMox. I don't use Windows, so I can't comment on that. As for ProxMox not liking anything but Debian, that's simply not true.

    Again, I'm glad that you've found something that works for you, but my experience with pfSense has been completely positive.


  • @2RTzC5KbQGH4aG said in Share your pfSense stories!:

    I just wanted to run pfSense virtualized and discovered that it is not possible.

    That's an absolute load of... I run many, many PFsense installations like virtual machines in both VMware and Hyper-V and it works great.

    Thank goodness for Draytek: the experts are right when they say that pfSense (and others) cannot even come close to them and, more importantly, at least they work.

    The one who proclaims Draytek over PFsense clearly haven't got many miles on their back. I agree it's somewhat like Zyxel, and that's saying a lot. Its just a load of manure. Probably a sales pitch that stuck. Nothing more.

    PFsense can compete with the best. I would argue it's in class with Cisco, any day. I've had serious relationships that lasted shorter than the uptime in PFsense. And the possibilities are literally endless (well as long as we're talking networking of course). And to have a GUI beats Cisco every day.

    Go back, analyse your notes and come back when you realised where you were wrong.

  • LAYER 8 Global Moderator

    @2RTzC5KbQGH4aG said in Share your pfSense stories!:

    The thread got hijacked by a whole load of senior members who seem to believe that virtualization is all about dual-booting (hardly)

    WHAT? That thread your talking about... You stated and I quote
    "Would like to setup a Dual Boot with pfsense on a Lap top."

    Now your saying you wanted to run it as VM? From that thread, and your statements here it is quite clear you have no clue to what your talking about.. You seem to be a troll and nothing more..

  • LAYER 8

    come on.... my isp gave me a Zyxel, it's good if you put it in bridge mode and let pfsense manage everything .... 😧


  • @kiokoman I'd rather have my liver taken out.


  • @kiokoman Based on my experience, Zyxel has a high failure rate. We saw a lot of them DOA when you opened the box. Then they'd fail over the first year of service. We speculated that they were using very low-quality parts or didn't put heatsinks were they were needed, etc.

    Worst of all was the ones that would fail, but not completely. People would be complaining of assorted problems with their internet connection, and when you went to diagnose and troubleshoot maybe you'd find something and maybe you wouldn't. Or the issue would come and go. After a couple of go-arounds, a replacement of the hardware would resolve it - for a while.

    Zyxel was inexpensive to purchase, but it wasn't cost-effective.


  • @stuartkh42 said in Share your pfSense stories!:

    Zyxel was inexpensive to purchase, but it wasn't cost-effective.

    Precisly. Amen.

    Intermittent problems are the most expensive ones, because they are time-consuming and create the most miserable users which reflects poorly on us.

  • LAYER 8

    well.. I'm using it only as a modem .. everything else(router/wifi/voip/firewall/dhcp/share) is disabled / turned off... I had it for free from my isp. no problem so far.. I will think about it when the problem arises. I already have a couple of other modems as a spare part 🙄


  • I've been using pfSense for about 5 years after my Linksys router running DD-WRT was no longer able to keep up with the speed of my internet connection.

    I am so thankful for the pfSense project, the community is friendly/helpful, the documentation is good, and the software is very professional/stable. A sharp contrast from what I was using.

    When our ISP rolled out IPv6, I read that anyone using the ISP provided hardware as it was configureded was exposing all their Windows file/printer shares on the LAN to the internet! Many consumer routers contain serious security flaws and corrective updates are slow or nonexistant.

    pfSense allows me to easilly treat the ISP equipment as part of the untrusted internet. pfSense makes it possible to manage and secure my network using enterprise techiniques that would be impossible with consumer equipment. Secure remote access, Multiple VPNs, VLANs, IDS, IPS, IP/DNS Blocking, Proxies, Reverse Proxies and Enterprise Grade Firewall, pfSense has it all, and more.

    There are some very bright and talented people in the community who really care working with this software, so security gets taken very seriously and the few CVEs that are found get patched very quickly.

    For anyone willing to learn how to set it up, (or pay someone) the possibilities are endless and pfSense can't be beat.


  • I came from ddwrt and was looking for some better security, so maybe 6yrs? Just recently started actually "using" pfsense (snort/vlans).

    My pfsense system has gone through multiple iterations, with the last motherboard dying. I'm "in the process" of building a new box with the new i3 1200 socket.

    So in the meantime I pulled out some random board I had bought back in 2014 and loaded my config on it and it blew me away at how well it runs with +/- 40 clients and two people working from home with mucho teleconferencing.

    My current setup (Don't laugh too hard)
    J1800 motherboard
    1x pcie 2 port intel nic
    1x ssd
    06cd954a-3ade-4f84-a467-5bc89fb87882-image.png

    It literally sits on top of a shelf with an atx power supply next to it (It's fun trying to remember which pins to jump to boot the system).
    I have snort and multiple vlans running and it supports my gigabit connection just (If snort is configured correctly, that's another "in process" thing).

    5633d36c-3462-4bf1-a943-29bc597cb0c1-image.png


  • @nullvalue
    If the PSU has colored wire's it will be the green wire and any black wire.


  • Former organisation hunts companies who are practicing corruption, collusion and nepotism. Usually, these organisations do hostile takeover of other companies. The organisation's goal is one organisation to control them all.

    Short story, me and a few of my colleagues resigned because of their new policies against our conscious and moral values. Remember! Just do the opposite of what this organisation tells you. If they advised you and your family to implant microchipped (WO/2020/060606) for (Covid) prevention, refuse it. When they tell you don't use an open source OS/firewall/router like pfSense, use it. That's my story on why I use pfSense.