pfSense is an open source firewall/router computer software distribution based on FreeBSD. This firewall developed by Rubicon Communications, LLC (Netgate). It is installed on a physical/ virtual machine to make a dedicated firewall/router for a network. The latest version of this product has been released on June 9, 2020.
pfSense can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage. pfSense firewalls can meet regulatory requirements, (Such as PCI DSS, SOX, GLBA, HIPAA) but that is dependent on configuration, policies, procedures, amongst other things.
Well, now is the time to face a fact. What is this fact? The fact is that there is no such thing as a “hardware firewall”. This applies to all firewall manufacturers. In fact, all firewalls are hardware that runs software. Are you afraid of a firewall that is open source? So know that no software relies on the obscurity of source code for security. For example, open source browsers (like Firefox and Chrome) have had significantly better security track records than Internet Explorer.
In this post, we are going to talk about one of the best pfsense firewalls: XG-7100 1U Firewall Appliance.
XG-7100 1U Firewall Appliance
This Security Gateway Appliance can be configured as a firewall, LAN or WAN router, VPN appliance, DHCP Server, DNS Server, and IDS/IPS. This appliance is ideal for remote office, SMB and enterprise networks. This rack mount firewall enables 18 Gbps routing, 6.5 Gbps of firewall throughput and 1.28 Gbps IPsec VPN throughput.
Let’s take a look at the hardware specifications of this appliance:
CPU: Quad-Core Intel Atom 2.2 GHz
Memory: 8 GB DDR4. Another 16 GB can be added. Total: 24 GB DDR4
Storage: There is three options:
- 32 GB eMMC onboard (default)
- 256 GB M2 SATA SSD
- Two 256 GB SATA SSD (RAID-1)
Expansion Card: by default none. But there are four options:
- DIY expansion riser
- 4 port 1 gigabit-Ethernet
- 2 port 10 gigabit-Ethernet
- 4 port 10 gigabit-Ethernet
The device sells on the manufacturer’s website for $ 999 with default features. But if you want to use more powerful options, this device at its most expensive reaches about $ 2570. Of course, these costs are related to when you do not want the technical support of the manufacturer. If you want it, depending on the tariff you choose, it will cost from $ 399 to $ 2397.
This appliance has 8 gigabit- Ethernet port. Ethernet 1 (eth1) for WAN connection and other gigabit-Ethernet ports for connection to LAN devices. This device also has two optical fiber port with 10 GB bandwidth. These ports are SPF+ type. This device has two USB 2.0 port and one USB 3.0 port. And finnaly, this appliance has a Console (Mini-USB) also.
The basic firewall configuration begins with connecting the device to the Internet. So, neither the modem nor the pfSense appliance should be powered on at this time. Establishing a connection to an ISP starts with connecting one end of an Ethernet cable to the WAN port of the pfSense appliance. The opposite end of the same Ethernet cable should be inserted in to the LAN port of the ISP-supplied modem. Then LAN port of pfsense appliance must connect to the computer which will be used to access the firewall console.
Finally, In order to access the web Configurator, the PC network interface must be set to use DHCP, or have a static IP set in the 192.168.1.x subnet with a subnet mask of 255.255.255.0. Note 192.168.1.1 is the address of the firewall.
- Pre-loaded with pfSense software
- 1U form-factor
- Managing settings through web-based GUI
- Flexible configuration and support for VPN, load balancing, reporting and monitoring
- Simple package management system
- Connecting via encrypted VPN (IPsec, OpenVPN, L2TP) between offices
- Connecting to the Cloud
- Establishing VPN connections with Amazon EC2 cloud instances
- Stateful packet filtering firewall or pure router
- Routing policy per gateway and per-rule for failover and load balancing
- Transparent layer 2 firewall
- Support for IPV6, NAT, BGP
- Captive portal with MAC filtering, RADIUS support, etc
- Reporting and monitoring features with real time information
Our posts about hardware firewalls: