Need a Firewall to replace a PFSense Box

[wordpresssecurity]

Hi, Need a Open Source or Enterprise firewall to repace a Pfsense box.

Our Specs:

I have a client (School). They currently use Pf Sense for their Firewall. The firewall purpose is to divide the networks in to 3: Admin office (192.168.0.0/24 RANGE), Cat Lab ((192.168.1.0/24 RANGE),and Teachers Wi-Fi (10.0.0.0/24 RANGE), the proxy server also acts as a DHTP server giving out IP addresses to Clients when needed, most of the PC’s I set to Static any way.

The 3 Networks is then plugged into a Cisco Switch each in their own VLAN. From the different servers also plugged into the VLAn they belong to.

The other purpose of the server is to block websites like Porn, Social Networking etc.

The problems I have with it:
1. Does not block https sites so facebook, YouTube is open when using an https url.
2. Does not allow VPN!!!
a. The clients wants to be able to VPN from home to the network and work from home able to access all network drives as if they are there.
3. Internet keeps on dropping for no reason (ADSL)


So I need a Fortigate/Fortinet/Open Source Firewall that will replace the PFsense but still provide the same and even beter functionality like VPN etc.

Will appreciate any suggestions...

 

[The_Unbeliever]

A new firewall will not prevent ADSL from dropping - usually this is a physical media problem, or a router problem.

1. You will need to add a rule allowing VPN traffic both inwards and outwards access
2. pfSense is capable of filtering HTTPS : https://forum.pfsense.org/index.php?topic=72528.0
3. You will need to add a VPN server to the inside of your network, so that people will be able to VPN in.

You never mentioned what kind of VPN your client want to use - is it PPTP or OpenVPN?

 

[roxashe]

Why not get a Mikrotik box in place with a WebProxy on it?

 

[DrJohnZoidberg]

Yes. Librarian is right. Pfsense can do all those things.

 

[Sinbad]

The pfSense box is actually probably the best open source thing you're gonna get for this application.
As for https - just blacklist the domains you're worried about. I assume you have a web proxy installed and running on it.

 

[DrJohnZoidberg]

PM if you need help with setting your pfSense box up correctly.

I am doing exactly what you want to do on our pfSense box at the office. We block SSL websites just fine and have quite a complex arrangement of VPNs with all kinds of routing like IPsec tunnels getting routed over the office VPN and specific traffic going over a specific client OpenVPN connection.

Honestly, I haven't found anything pfSense cannot do.

 

[DrJohnZoidberg]

pfSense quite happy with VPNs:

 

[wordpresssecurity]

Thanks for the reply

Thanks for all the input. Will maybe just have to re-install and config from the start.

Need to be able to do Client to Site vpn to access server resources etc.

 

[The_Unbeliever]

Thanks for all the input. Will maybe just have to re-install and config from the start.

Need to be able to do Client to Site vpn to access server resources etc.

Why not look at virtualizing it (if possible)...

 

[nomdeplume]

With regards to blocking sites I use the free OpenDNS but the paid has more options. On my Mikrotik router i hand out the respective DNS and redirect all queries in case somebody has a static entry. It is not foolproof but a very slick solution for the ease of use.