|  PFSense Firewall server is a system designed to prevent unauthorized access to or from a private network. PFSense Firewall Server uses the customised distribution of FreeBSD for its firewall features. The firewall is very powerful, and has a wide variety of options that allow you to restrict outsiders from getting in or insiders from getting out. You can limit people's access based on their computer's address, or based on particular services (such as e-mail or the web).
pfSense open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a popular project with more than 1 million downloads since its inception, and proven in countless installations ranging from small home networks protecting a PC and an Xbox to large corporations, universities and other organizations protecting thousands of network devices. For more details please visit www.pfsense.org
Common Deployment
- Firewall : The most common deployment of pfSense is as a perimeter firewall, with an Internet connection plugged into the WAN side, and the internal network on the LAN side. It supports multiple Internet connections as well as multiple internal interfaces. pfSense accommodates networks with more complex needs, such as multiple Internet connections, multiple LAN networks, multiple DMZ networks, etc.
Unlike many similar solutions, you can deploy systems with dozens of interfaces if needed.
- Router :The second most common deployment of pfSense is as a LAN or WAN router. This is a separate role from the perimeter firewall in midsized to large networks, and can be integrated into the perimeter firewall in smaller environments. pfSense can also be deployed strictly as a wireless access point. Wireless capabilities can also be added to any of the other types of deployments.
- VPN :Many deploy pfSense as a special purpose appliance. Some users drop in pfSense as a VPN (Virtual Private Network) appliance behind an existing firewall, to add VPN capabilities without creating any disruption in the existing firewall infrastructure. Most pfSense VPN deployments also act as a perimeter firewall, but this is a better fit in some circumstances.
Our Services
- Installation and Configuration of PfSense Firewall Server
- System Implementation
- Helpdesk and Remote Server Support Services
- PfSense Firewall Maintenance Services
- OSS Product Consultation.
-
 System Overview
-
 System Log
-
 Nat Outbound
-
 Port Forward
-
 Dns Tooltips
| Firewall |
State Table |
Redundancy |
- Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic.
- Able to limit simultaneous connections on a per-rule
basis.
- PfSense utilizes p0f, an advanced passive
OS/network fingerprinting utility to allow you to filter
by the Operating System initiating the connection.
Want to allow FreeBSD and Linux machines to the
Internet, but block Windows machines? pfSense can
do so (amongst many other possibilities) by
passively detecting the Operating System in use.
|
- Adjustable state table size - there are multiple
production pfSense installations using several
hundred thousand states.
- The default state table size is 10,000, but it can be
increased on the fly to your desired size. Do not set
it arbitrarily high.
- On a per-rule basis:
- Limit simultaneous client connections
- Limit states per host
- Limit new connections per second
- Define state timeout
- Define state type
|
- CARP from OpenBSD allows for hardware failover.
Two or more firewalls can be configured as a
failover group. If one interface fails on the primary
or the primary goes offline entirely, the secondary
becomes active. pfSense also includes configuration
synchronization capabilities, so you make your
configuration changes on the primary and they
automatically synchronize to the secondary firewall.
- pfsync ensures the firewall's state table is replicated
to all failover configured firewalls. This means your
existing connections will be maintained in the case
of failure, which is important to prevent network
disruptions.
|
| Network Address Translation (NAT) |
NAT Limitations |
Real Time Informations |
- Port forwards including ranges and the use of multiple public IPs.
- 1:1 NAT for individual IPs or entire subnets.
- Outbound NAT
- Default settings NAT all outbound
traffic to the WAN IP. In multiple WAN
scenarios, the default settings NAT
outbound traffic to the IP of the WAN
interface being used.
- Advanced Outbound NAT allows this
default behavior to be disabled, and
enables the creation of very flexible
NAT (or no NAT) rules.
- NAT Reflection - in some configurations, NAT
reflection is possible so services can be accessed by
- public IP from internal networks.
|
- PPTP and GRE Limitation - The state tracking code in pf for the GRE protocol can only track a single session per public IP per external server. This means if you use PPTP VPN connections, only one internal machine can connect simultaneously to a PPTP server on the Internet.
- A thousand machines can connect simultaneously
to a thousand different PPTP servers, but only one
simultaneously to a single server. The only available
work around is to use multiple public IPs on your
firewall, one per client, or to use multiple public IPs
on the external PPTP server. This is not a problem
with other types of VPN connections. A solution for
this is currently under development.
|
- Maximum concurrent connections - Limit the
number of connections to the portal itself per client
IP. This feature prevents a denial of service from
client PCs sending network traffic repeatedly
without authenticating or clicking through the
splash page.
- Idle timeout - Disconnect clients who are idle for
more than the defined number of minutes.
- Hard timeout - Force a disconnect of all clients after
the defined number of minutes.
- Logon pop up window - Option to pop up a window
with a log off button.
- MAC filtering - by default, pfSense filters using MAC
addresses.
- Authentication options - There are three
authentication options available.
|
|
