Hardware for pfsense

ChrisD. · 12 May 2017 at 17:05

As per the title, anyone recommend a box that I can stick pfsense on off the shelf? Only needs two gig ports as I have a tonne of switches at home.

ChrisD. · 12 May 2017 at 17:39

Nothing too heavy, vpn server, dyndns, some port forwarding, dns, dhcp and my broadband rarely gets above 50mbit. But I'd like to futurproof if I ever get FTTP etc.

ChrisD. · 12 May 2017 at 22:55

How much was it?

ChrisD. · 13 May 2017 at 08:59

I'm wondering about switching from my Edgerouter Lite because I don't really know the config or CLI and I'm not sure I'm willing to learn it as it isn't all that widely used. I figure a lot of people and organisations use pfsense plus I'm a Linux nerd so it'd be something nice to sink my teeth into.

ChrisD. · 15 May 2017 at 14:40

I actually have an Intel NUC at home, I could get a USB to NIC dongle and try it out?

It's being used to run OpenPHT at the moment but I have a Pi I could put in its place while I test.

ChrisD. · 16 May 2017 at 07:30

Well I guess I've gone a little crazy as I've spent more than I'd like by ordering a SG-2200. At least I 100% know it will work.

ChrisD. · 16 May 2017 at 11:44

Steve_bullockuk said:
This was my line of thinking aswell. Mine has been great so far.

Make sure you check out the pfSense subreddit. Some really good stuff on there.

Cheers. I'll have a go at setting it all up tonight. Should be interesting.

ChrisD. · 16 May 2017 at 19:51

Had a quick go at setting it all up tonight. I followed the wizard and got a WAN connection and all LAN seems to be working fine using the DHCP scope. However I can't get any LAN to WAN traffic.

Everything I've read suggests it should just work out of the box after the config wizard. Anything I've likely missed?

ChrisD. · 17 May 2017 at 08:39

Caged said:
Presume you've set outbound NAT and declared an interface on the WAN side of things?

No, as everything I read suggests it should be ready to work after the wizard. I'll have a look at NAT tonight.

Impressed with it so far, the GUI is miles better than the ER-L one.

ChrisD. · 17 May 2017 at 19:39

Came home, plugged the pfsense box back in, changed nothing and it all came to life.

ChrisD. · 18 May 2017 at 08:35

The TBB graph looks good:

6c44756076cdcd049abc03865b0a10586d762364-18-05-2017.png

Got some basic rules on the Firewall now and the network seems to run more than fine. Need to set up an OpenVPN server on it which will be this weekends task.

ChrisD. · 18 May 2017 at 10:52

Nice one, I'll take a look.

ChrisD. · 18 May 2017 at 12:36

moogle said:
Well that is dense, I know it's router software.

Maybe I should have said what are they using it for, what uses or advantages does it have over a normal router, what benefits does it bring, why would one build one.
Is that easier to read for you?

It's fast, secure, it has lots of features, it's probably one of the best firewalls on the market. I have no need for wireless as I run Ubiquiti kit and I am generally not a fan of regular consumer routers. Plus I like to tinker and learn as it may come in useful in my job.

I had an RT-N66U for a long time and while it was good, the CPU usage used to sit quite high which caused a few problems. I then tried a Draytek router and it was garbage, then Edgerouter Lite which was good but a bit of a beta feel to it.

ChrisD. · 18 May 2017 at 17:55

moogle said:
I haven't reached the limits of my ASUS router yet , but I have been thinking of messing about with an old computer and making it a pfsense box, the caching aspect of it interested me quite a bit. Not that I needed to save bandwidth, but the idea of optimising it certainly appealed.

The ASUS is a good bit of kit, but if I was downloading from USENET, streaming something, running OpenVPN and other things, CPU usage used to hit 90%+ regularly and I noticed some slow down. Granted, I didn't get this with the Edgerouter Lite, but as I said before I wasn't a huge fan of the beta like software and clunky interface. It's certainly not as polished as pfsense or the Ubiquiti Wifi kit.

moogle said:
I can see it's for very specific and advanced usage requirements. The AV part is a nice feature true, still doesn't stop your PC from scanning it again right?

No, you can still scan with PC. I mostly use Mac's at home with no AV installed.

moogle said:
Any reason to buy those specialised hardware boxes instead of using an old PC? Other than compatibility and power saving?

Not really, it's easy enough to set up in a VM to have a play around with. I just wanted an appliance to plug and play and be done with it.

ChrisD. · 19 May 2017 at 13:53

Plus the interfaces in the Dell might give you issues as they tend to use Broadcom.

ChrisD. · 20 May 2017 at 09:40

Thought I'd locked myself out as I was reconfiguring the accounts on it, luckily I had SSH enabled and there's a list of configs to roll back to. Very neat.

ChrisD. · 20 May 2017 at 14:30

lmfy2k said:
How much did your pfsense box cost on the end mate ? Does it come with full warranty too?

£360 off Amazon and yes it does.

ChrisD. · 22 May 2017 at 10:32

We are running Sophos AV on our email gateway at work and we can't get it to pick up the EICAR test virus.

ChrisD. · 23 May 2017 at 10:14

lmfy2k said:
@ChrisD. what kind of throughput are you getting through the pfsense device? have you tried Openvpn as client yet?

Haven't measured anything specific but it maxes my FTTC connected with ease. Haven't set up OpenVPN as of yet.

ChrisD. · 29 May 2017 at 11:54

Just configured it so that I can access my Vigor 130 from the pfsense box, took about 5 minutes using the online documentation. Really happy with it so far.