pfsense

D

Drunkard #1

Expert Member
Joined
Aug 15, 2007
Messages
3,668
Reaction score
18
Hi All

I have a few questions that someone with pfsense experience may be able to help with. Thanks in advance.

Is there an add-on that would give me the same functionality as Mikrotik User Manager? If I can't achieve the same control as User Manager, is it at least possible to get some per user bandwidth monitoring in place? It's not that I don't want to pay the $45 for Mikrotik, it's just physically difficult installing a new router OS onto the server (setting up monitors and keyboards when space is tight etc). I've already had to do this once as smoothwall was lacking these essential features (and DHCP lease listing).

I can obviously set up a whitelist of "pre-approved" sites that staff can visit (work related sites). What IP address should i use for a specific site, how will I know if specific sites use more than 1 IP or embed objects from other sites? What should the rule say?

Any help appreciated.
 
! Thread necro alert !

Would just like to start up the discussion again regarding pfSense. It has actually matured a lot since 2008 and have just moved our office firewall over to pfSense. I wanted to go with Smoothwall but the community (Express) version does not support multiple WAN connections.

With pfSense I have now set up three WAN connections that failover beautifully. We have two ADSL lines which share priority and then a backup 3g link which will kick in if both those connections are down.

Took me a while to figure out exactly how to do this properly as there some tiny toggles that if overlooked fook with everything.

Anybody else have any experience working with pfSense? Would like to hear what nifty things you have done.
 
DrJohnZoidberg said:
! Thread necro alert !

Would just like to start up the discussion again regarding pfSense. It has actually matured a lot since 2008 and have just moved our office firewall over to pfSense. I wanted to go with Smoothwall but the community (Express) version does not support multiple WAN connections.

With pfSense I have now set up three WAN connections that failover beautifully. We have two ADSL lines which share priority and then a backup 3g link which will kick in if both those connections are down.

Took me a while to figure out exactly how to do this properly as there some tiny toggles that if overlooked fook with everything.

Anybody else have any experience working with pfSense? Would like to hear what nifty things you have done.
Click to expand...

I've been using it at home. I also chose it because of the multiple WAN feature for when I eventually connect to the WUG.
 
Drunkard #1 said:
Hi All

I have a few questions that someone with pfsense experience may be able to help with. Thanks in advance.

Is there an add-on that would give me the same functionality as Mikrotik User Manager? If I can't achieve the same control as User Manager, is it at least possible to get some per user bandwidth monitoring in place? It's not that I don't want to pay the $45 for Mikrotik, it's just physically difficult installing a new router OS onto the server (setting up monitors and keyboards when space is tight etc). I've already had to do this once as smoothwall was lacking these essential features (and DHCP lease listing).

I can obviously set up a whitelist of "pre-approved" sites that staff can visit (work related sites). What IP address should i use for a specific site, how will I know if specific sites use more than 1 IP or embed objects from other sites? What should the rule say?

Any help appreciated.
Click to expand...

What I think you need to add on pfsense is Squid, Squid Gaurd and SARG in transparent mode. This will provide you with reporting and real time monitoring. Another addon is Captive Portal where you have user manager and some additional control measures if you require it, like user accounts, vouchers etc. This is used for hotspots normally but as the saying goes "if you can script it you can do it".
 
The only issue with Squid in transparent mode is that it does not check https traffic.
 
Necropolis said:
The only issue with Squid in transparent mode is that it does not check https traffic.
Click to expand...

This.

If you have a office server setup then use group policies to change proxy settings for client machines to point to the correct proxy. pfSense also has the sarg module to create reports which also allows you to view by username when connecting to a ldap server - this is pretty sweet.
 
DrJohnZoidberg said:
! Thread necro alert !

Would just like to start up the discussion again regarding pfSense. It has actually matured a lot since 2008 and have just moved our office firewall over to pfSense. I wanted to go with Smoothwall but the community (Express) version does not support multiple WAN connections.

With pfSense I have now set up three WAN connections that failover beautifully. We have two ADSL lines which share priority and then a backup 3g link which will kick in if both those connections are down.

Took me a while to figure out exactly how to do this properly as there some tiny toggles that if overlooked fook with everything.

Anybody else have any experience working with pfSense? Would like to hear what nifty things you have done.
Click to expand...

Just implemented a setup at work. As primary and as a secondary firewall for failover (2 boxes). Segregated wifi for office use and then setup a guest wifi for guest use which has no LAN access and is accessible via captive portal on a voucher system.

Working well so far. Also using proxy + squid reports.

J
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X