Published on
June 10, 2009 in
pfSense.
Jake describes his experiences with router systems pfSense and Check Point
After been using the CheckPoint safe@office in a live environment for almost two month I have now decided to go back to using my homebuilt pfSense firewall.
Both firewalls have pros and cons. For me the pros of the pfSense made it for me. The biggest pros of the pfSense is definitely the speed. Even if both firewalls are able to deliver around 100 mbit/s throughput, the CheckPoint has some nasty lags sometimes, and drops the connections sometimes to IRC, MSN, ICQ and also webdownloads. Even thou I made a rule to allow all those protocols. Anyway, the biggest pros of the CheckPoint is without a doubt it’s power consumption, heat and sound level. It has a power consumption of about 15-20W compared to my pfSense which is about 60W. No heat or whatsoever from the CheckPoint either. And it makes NO sound at all, it’s fanless.
Whole article here (cyberinfo.se - 06/10/2009)
pfSense is also mentioned at the bottom of the “Enterprises cut costs with open-source routers” article on news.idg.no
FreeBSD
1) Martin Wilke is looking for people to test QT 4.5.1. He also reports he managed to get Firefox 3.1 Beta4 working on FreeBSD. Please test.
2) Ivan Voras has done some virtualised benchmarking of
- Ubuntu 8.10,
- FreeBSD 7.1 and
- Windows Server 2008 R2 beta
on the three currently most prominent virtualisation platforms:
- VMWare ESX 3.5 U3,
- Citrix XenServer 5.0 U2,
- Microsoft Hyper-V 2008 R2
The results are mostly better then I thought they will be. Especially suprising was FreeBSD’s more than decent performance which actually lead the others in one benchmark…”
… The results show that a wholly-virtualized FreeBSD machine under ESXi was consistently almost as fast as the para-virtualized Xen Linux.
pfSense
About a month ago, the pfSense developers gave a sneak preview of the new pfSense dashboard theme. Following feedback and comments, Holger Bauer has now designed a new theme:
Well, after there was not too much love for my last theme I tried to do something more masscompatible this time trying to take all the critics in consideration that I earned so far:
- less colorful, stick with the original pfSense-colors (grey/red)
- don’t waste too much space for the header/footer
- kind of corporate look
- static menu, that doesn’t scroll away (I guess that at least was
- something everybody liked about the hackathon theme)
- more lightweight on graphics
- So here is what I came up with so far. This is still in the making so (like always) your feedback is appreciated and might influence the final result.
New design here
BSD Certification
Dru Lavigne has an update on the BSDA Exam
The BSD Associate Exam is now over a year old! Here are some interesting
atats so far:
- 12 Events in all of 2008; 14 events in just the first half of 2009
- Over 1000 people have registered for a BSDCG ID (needed to register for an exam)
- The exam has been held in US, Brazil, Canada, Germany, Japan, France, Denmark, Ukraine, Netherlands, Argentina, and the UK
- So far, 66 people have passed the BSDA exam and received their certificates
- Read further
Published on
March 27, 2009 in
pfSense.
Cisco products are generally good and reliable, but often expensive. RickC had some issues with a Cisco firewall and takes the free pfSense for a spin, and he loves it… Is that surprising?
…
Enter PFSense - the BSD-based firewall distro closely related to the m0n0wall project. Having used several host-based firewalls like Smoothwall and m0n0wall over the years, I figured I’d give PFSense a shot. I threw together a PIII 550 with 256MB RAM and a pair of Intel NICs - and installed pfsense, which is actually a LiveCD that you can then install to disk or usb drive. The most basic setup is done from a menu-driven CLI, but once the Interfaces are assigned and the LAN side has an IP, you can access the web UI. Better yet - it’s a web UI that works! From their I was able to config PPPoE and all the NAT settings I needed in minutes. From there is was just a matter of moving a few cables and I was switched over with an absolute minimum of downtime.
The feature set of pfsense is rich, easily on par with commercial appliances. IPSEC, 1:1 NAT, inbound and outbound load balancing, fail-over, good logging options, lots of built-in graphing and monitoring and an excellent UI. It’s built on BSD 7.0 and costs you absolutely nothing. The distro is under constant development and it’s current status as per Secunia is zero unpatched vulnerabilities. The PFsense community is strong and development of utils and add-ons offers many options to the operator. The nice thing about having such a reasonable solution - you can easily afford to build a backup to either run in failover mode or use to swap out should your pfsense hardware fail.
I will likely continue to use PFSense going forward as my main firewall. I guess I will still play with the 851 I can use it to learn more IOS and become a 1337 Cisco zealot like those I so admire.
Full story on parallel42.ca (23/03/2008)
Published on
March 27, 2009 in
pfSense.
The pfSense Team had their ‘09 hackaton recently with 7 developers working hard on v2.0. Judging from feedback, changelog and the 2.0 dashboard sneak peek, this was a successful get-together.
Published on
March 10, 2009 in
pfSense.
The pfSense 2009 hackaton, which started on Saturday, can be followed live on http://hackaton.pfsens.org. You can also join the chat by using the Java viewer embedded on the page or head over to irc.freenode.net and join #pfsense-hackathon.
For other FreeBSD related events, check my FreeBSD Events & Conferences calendar.
Published on
February 6, 2009 in
pfSense.
In this episode Peter Giannoulis joins from TheAcademyPro.com. Chris Gerling is back in studio talking about USB Device Tracking, and Matt is building the new HakHouse firewall/router with PFsense.
To check the pfSense section, skip to minute 16:53
Watch of download the video on hak5.org.
Continue reading ‘USB Device Tracking and PFsense (video)’
Published on
January 28, 2009 in
pfSense.
Scott Ullrich of the pfSense project announced the switch of the builder system over to FreeBSD 7.1.
Currently version is 1.2.3-PRERELEASE-TESTING.
Daily builds can be downloaded here.
Published on
January 13, 2009 in
pfSense.
Chris Buechler has announced the availability of pfSense 1.2.2, a security and bug-fix release of the FreeBSD-based firewall system:
pfSense 1.2.2 released! Only five changes from 1.2.1, but we did want to get these issues fixed and an updated version out there:
- setup wizard fix - removing BigPond from the WAN page on the setup wizard caused problems;
- SVG graphs fixed in Google Chrome;
- IPsec reload fix specific to large (100+ sites) deployments;
- bridge creation code changes - there have always been issues when attempting to bridge more than two interfaces;
- FreeBSD updates for two security advisories on January 7, 2009.
Most users on 1.2.1 won’t have any need to upgrade to 1.2.2, but if any of the above applies to you, then upgrade to this version. 1.2.2 should be used for all new installs.
Links: Release Announcement | Downloads | pfSense-1.2.2 LiveCD-Installer | Website
pfSense project logo
The pfSense project have announced the availability of version 1.2.1:
This is a strictly a maintenance release, meaning it contains only bug fixes in the pfSense code, no new features. Though we also upgraded the base OS from FreeBSD 6.2 to 7.0, which necessitated numerous changes in how things are configured. The change to FreeBSD 7.0 brings improved performance and more hardware support.
Announcement | Changelog | Downloads
If you’re interested in pfSense or if you’re using it in a production environment, you may be interested in the Network Perimeter Redundancy with pfSense presentation that Chris Buechler will be doing at the DCBSDCon 2009.
What do you get when you cross an enterprise-class packet filtering subsystem with a graphical front-end for easy configuration and maintenance? A throbbing headache for commercial vendors like SonicWALL, that’s what.
More details on the presentation can be found here.
To find the details of other 2009 FreeBSD related events and conferences, check my FreeBSD Events calendar.
Matt Hartley has written an article on Intranet Journal about (in his opinion) the 5 best Linux/BSD Firewall tools:
- IPCop
- pfSense
- M0n0wall
- SmoothWall
- Linux LiveCD Router
Over the course of recent years, some people have found the quality of most out-of-the-store firewall appliances either lacking functionality or worse, set at a price that has made them generally out of reach.
Because of this issue, I thought it would be beneficial to write an article to better highlight what works and what does not with regard to turning an older PC into a standalone router/firewall appliance.
He writes the following about m0n0wall and pfSense (both BSD firewalls):
M0n0wall
Regardless of a fantastic effort by IPCop, there is just something to be said about rocking solid BSD solutions. The first that comes to mind is that from m0n0wall. It’s small, 12 MBs small! That is the single biggest distinguishing thing to note about m0n0wall. Its size and portability, that is. Designed to be a replacement for those expensive firewall appliances used today, m0n0wall works on embedded machines, in addition to being quite useful on older x86 PCs as well.
Definitely a little more advanced from a usability standpoint than other solutions out there, but do not let this fool you, because m0n0wall is VERY powerful in all of its BSD goodness. This being said, it should be noted that even though m0n0wall is workable on a older PC, it shines best on embedded systems being used by more advanced administrators. Therefore, this is not a really good solution for new Windows converts looking to convert their old PC into something cool.
pfSense
From what I have been told, the pfSense project was started by the same people as m0n0wall. Those looking to revamp an older PC might be better off going with pfSense. Plenty of features to speak of. Most notable among them include:
- Redundancy — By creating a fallover group, the network will remain secure even in the event of interfaces that go offline for some reason.
- Load Balancing — Provides both inbound and outbound balancing between WAN connections or multiple servers, depending on which way the traffic happens to be going.
- Captive Portal — Force the user to authenticate or simply find themselves redirected to wherever you wish.
Source (IntranetJournal - 16/12/2008)
My name is Gerard van Essen, and I'm the founder of this site. 
