PfSense Firewall
PfSense is a FreeBSD-based open source firewall and router software offering enterprise features for free.
PfSense Features
- Stateful Packet Inspection (SPI) firewall
- VPN: IPsec, OpenVPN, WireGuard
- Traffic shaping and QoS
- High Availability (CARP)
- Multi-WAN load balancing
Basic Configuration
# Console setup
1) Assign Interfaces: em0=WAN, em1=LAN
2) Set interface IP address
- LAN: 192.168.1.1/24
Web interface
OpenVPN Server Setup
# VPN > OpenVPN > Wizards
1. Authentication Backend: Local
2. Create CA
3. Create Server Certificate
4. Tunnel Network: 10.0.8.0/24
5. Local Network: 192.168.1.0/24High Availability (CARP)
# Two PfSense devices:
# Master: 192.168.1.2
# Backup: 192.168.1.3
# Virtual IP: 192.168.1.1
System > High Avail. Sync
- Synchronize States: Enable
Firewall > Virtual IPs
- Type: CARP
- Address: 192.168.1.1/24
Conclusion
PfSense is a reliable alternative to commercial firewalls. Enterprise support available through Netgate.