Subj : Re: pfSense
To   : Nick Andre
From : Mark Hofmann
Date : Mon Aug 29 2022 10:45:57

NA> I'm a HUGE fan of Pfsense, it solved a LOT of headaches here.

I loaded it up as a VM using two virtual network adapters on two different VLANs and was up and working in no time.  Not to mention the plug ins you can add.  It is better than some of the super expensive firewalls on the market.

If I didn't already have a Cisco ASA, I would likely use it as my main firewall.  The one thing I needed it for was upnp for my flux nodes.  I wouldn't recommend enabling upnp on a firewall that is at the border.  Since this is inside, it doesn't present an issue.  

I'm basically port forwarding a few ranges of ports from my Cisco ASA->pfSense, which then port forwards to an IP on the LAN side of it.  I will switch the nodes to use upnp, remove the port forward on pfsense, and all should be automatic.  

All I can say is I'm very impressed by pfSense in many ways.  What it can do, how easy it is to setup, and the low resources it requires can handle a good deal of traffic.

You can even rate limit up/down per IP, single host, etc.  I can't do that nearly that easy (if it is even possible) on my ASA that used to cost a fortune when it was new. 
- Mark

--- WWIVToss v.1.52 
 * Origin:  http://www.weather-station.org * Bel Air, MD -USA (618:100/12.0)

.