Create Your Own Router and Firewall Solution With pfSense
Bohs Hansen / 2 weeks ago
Why a Custom Solution?
Besides the obvious benefits of choosing your hardware components, there is also the software side of things to consider. Picking a system like pfSense offers you the benefits of years of development and refinement from a lot of people.
Picking an open-source software piece like pfSense provides you with one of the safest solutions you can get. A conventional router has a limited time where it will be supported with firmware updates, and that can leave you open to possible attacks. That’s only normal, a company that needs to make a profit also needs to push the newest devices, or they won’t survive. That’s not the case with an open-source software like this as there are hundreds if not thousand of people going through the code and either fixing the bugs or reporting them. Regular updates and fixes offer you a safe environment with an absolute minimum of exploits.
With pfSense, you can be in control of everything in regards to your network traffic. Whether you want to run a custom DNS service to block certain sites or maybe allow only a few select sites to be accessed or you want all the possibilities of a VPN (Virtual Private Network) setup, pfSense can do it. The user interface might not be the fanciest looking one, but it beats a lot commercial router options in both usability and possibilities. With a BSD system as the base, you also have the possibility to enter the prompt either directly or via SSH and install or configure anything you want.
As it is, pfSense already supports IPsec, PPTP, L2TP and OpenVPN setups, it can handle multiple WAN connections and configurations. It offers an extensive Quality of Service (QoS) options that allow you to prioritise traffic and shape your traffic, and it also comes with an incredibly detailed performance data collection and graphing. More basic features such as load balancing, captive portal, and DHCP services included, naturally. For a total sense of security, it even supports fail-over to companion pfSense boxes via the Common Address Redundancy Protocol (CARP).
Voice over IP (VoIP) setups is another area where pfSense shines. Bandwidth and general network quality are critical when it comes to VoIP and just a few lost or delayed packages can result in a bad call quality. With the ability to prioritise specific traffic, you can make sure that your phone setup is running smoothly at all times.
With all the possibilities at hand, it will take a little longer to configure than your average router. That’s a given. As a system designed for maximum network security, there are a few things to keep in mind. Services that are possible to exploit, such as UPnP, are disabled by default in pfSense. They are present, but you’ll need to enable them first if you want to use them.