I have a little bit of time today, so thought I’d write a bit about the firewall I use at work. Previously I had a SonicWall Pro 230 at the head office which worked very well. It was a little 1U unit, and to be honest, once it was running I very rarely had to touch it. It was quite expensive when initially bought, I still have it now, although it’s in a storage unit now and I doubt I’ll ever need to use it again.
So what did I replace it with? Well, when the company initially split and the IT and Research departments moved to a separate office, I setup m0n0wall on an old Compaq PC SFF that I got off eBay for about a tenner. I installed 2 extra PCI Network cards, a IDE to compact flash converter (again, from eBay) and then installed m0n0wall on the flash card using my laptop and a PCMCIA to Compact Flash converter. I set the interfaces to be WAN (plugged into the Cisco router), LAN (plugged into my switch and DMZ (plugged into an access point and running the captive portal, for guests to the office to use).
All this was pretty straight forward, the idea behind using the compact flash card is that is used less power and generated less heat and less noise. You can use a HDD or even run it from CD if you like. M0n0wall is packed full of features and is so simple to use, I really rate it highly.
Long story short here, we moved office again and I needed something a bit more powerful, so I ended up installing PFSense on and old IBM P4 PC that I had lying around. This time I stuck in a 4 port PCI network card. installed PFSense on an IDE hard drive, stuck in a 80GB HDD and 2GB RAM, all a bit of overkill, but I had lots of spares. The total cost of this lot, about £10 for the 4 port PCI Network Card, again off eBay. I built 2 of these as they were so cheap, so I have a hot spare ready to go, should anything happen to the main PFSense box.
PFSense is very similar to m0n0wall but more powerful and suited more towards a PC with a hard drive and a bit more power. There are loads of packages you can install with only a few clicks, various monitoring tools and Squid Proxy Cache for example. Again, its mega easy to use, the GUI is absolutely fantastic, I wont go into all the features right now, I’ll save these for another day. Some of the features I do use are the dial in VPN (which links to IAS on a windows 2003 server to authenticate users with their domain login), Traffic Shaper, NAT, Firewall (obviously). As for reliability, its up there with the best, I never have any trouble with it in over 2 years of running it, and that’s the way I like things as It makes my job a lot easier.
At home right now I’m running m0n0wall on a tiny 3 port Alix 2 Classic box from Yawarra which is great, although I blew the PSU a while back, but that was my fault, long story. Again, I have WAN (plugged into my Cable box which handily has sticky IP’s, so I’ve been on the same IP since day 1, useful when I’m hosting this site there!), LAN (plugged into a switch) and then DMZ (which is plugged into an access point, with basic WEP protection, so fiends that come over can access the net, but not my files!)
There are other course other firewall options which I would recommend having a play with, i.e. Endian, Smoothwall and IPCop to name but a few, It really depends what you are after and I get on well with PFSense so that’s why I’m still using it.
I’ll review my firewall setup later this year, but I cant see any reason for me to move away from PFSense.