Pfsense is noted as the worlds most trusted open source network security solution with thousands of enterprises using it.
Often coming up in the top 10 firewalls (paid and unpaid) it has proven to be one of the most stable and feature rich firewalls. PfSense is deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and as a VPN endpoint. PfSense can be installed as a virtual machine or on a physical computer.
Some of the many features of PfSense include the following:
- Easy to use web interface
- Configurable dashboard with widgets so you see what’s important when you log in
- Stateful firewall – Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic
- NAT- 1:1 and outbound NAT.
- High availability – a combination of CARP, pfsync, and configuration synchronization provides high availability functionality so when one firewall falls over, the backup takes over automatically
- Multi WAN – enables the use of multiple Internet connections, with load balancing and/or failover, for improved Internet availability and bandwidth usage distribution.
- Server load balancing – distribute load between multiple servers
- VPN: SSL based OpenVPN and IP SEC
- PPOE server – local user database can be used for authentication
- Reporting and monitoring; lightsquid reports,Wan interface gateway ping response times, individual interface throughput. Real time display of queues.
- Dynamic DNS – register your public IP with a number of dynamic DNS service providers
- Captive portal – allows you to force authentication, or redirection to another page for network access. Commonly used on hot spot networks, but is also widely used for an additional layer of security on wireless or Internet access.
- DHCP relay and server
- Splitting of bandwidth – Allows you to split a link into different increments
- Web browsing anti-virus scanning with the full proxy server using ClamAV
- High performance web proxy URL filter.
- Network diagnostic tools such as ping, traceroute, port tests and nmap via the GUI
- Built in packet sniffer
- Suricata or SNORT- High Performance Network IDS, IPS and Security Monitoring engines