Question Working on new pfsense firewall

Jun 25, 2019
27
0
30
I’m working on building a new pfsense firewall for our business, probably in abit over my head here. Currently using and old PC with pfsense installed. We have it set up to allow “email only” but are looking to add filtered browsing on select devices on the network.

Should mention current setup offers pretty slow browsing/download speeds the few times it is allowed.

But I’m wondering what would be my best route to start new.

Update network cards and add a different pc?

Or get one of these: (not sure if is serves the same purpose) QOTOM Q330G4 Barebone Mini PC - Core i3, AES-NI, 4 Intel LAN, 15Watts, Industrial Mini PC Firewall Gateway Router (Q330G4 Barebone) https://www.amazon.ca/dp/B074PK8ZVG/ref=cm_sw_r_cp_api_i_AdxfDbJE1F6R9
Any help is greatly appreciated
 
Well right on top, restricting user access should be an account management thing, not a firewall thing. Ideally you should be running a MS Domain Server, that way u control access by configuring each user account. Restrict by account, not machine, which can be bypassed easily.

OK, you don't have 1G to spend on a MS server license. Hope u don't have many devices to deal with, 'cuz you will be configuring one at a time.

Myself I've been using a mini-QOTOM for 18 months 24/7, no prob. Is self-contained, silent-no fan, sip very little power. Pfsense easier to configure than I thought, but then I used to deal with command line firewalls. Just don't start loading modules you don't need just because they are there.
 
Last edited:
Jun 25, 2019
27
0
30
Well right on top, restricting user access should be an account management thing, not a firewall thing. Ideally you should be running a MS Domain Server, that way u control access by configuring each user account. Restrict by account, not machine, which can be bypassed easily.

OK, you don't have 1G to spend on a MS server license. Hope u don't have many devices to deal with, 'cuz you will be configuring one at a time.

Myself I've been using a mini-QOTOM for 18 months 24/7, no prob. Is self-contained, silent-no fan, sip very little power. Pfsense easier to configure than I thought, but then I used to deal with command line firewalls. Just don't start loading modules you don't need just because they are there.
Currently using captive portal for restricting new users, is that what you are speaking of?and basically set a user’s ip address to “pass” thru firewall rules, When full internet is needed. I’m not familiar at all with MS server. So you recommend buying the QOTOM instead? I do have a pc to set up, with 8 gig ram, 250 gig ssd, figured I’d get help on which network card to get tho.
 
Jun 25, 2019
27
0
30
If u don't care that your PC is sucking up 60-100+ watts constantly, loud fan, and got enough CPU, go for it, just add another NIC if need to. At least make it run on SSD, 64G more than enough for reliability.
Na, not worried about the above, using a good PC that’s probably a waste to use for this, but had a lot of unreliability issues with our past system, so going to overdo it abit now...

10Gtek for Intel 82576 Chip 1.25G Gigabit Ethernet Converged Network Adapter (NIC), Dual RJ45 - from newegg, will this work for my network speed issue?
 
Are u going to have >1 gig Internet soon or near future? if not, I'd stay with tried&true 1 gig Intel NICS that been around for a few years. Sometimes, latest is not necessarily the greatest. FreeBSD, PFsense OS may not have the driver for your snazzy 10g NIC.
 
Last edited:
Jun 25, 2019
27
0
30
Are u going to have >1 gig Internet soon or near future? if not, I'd stay with tried&true 1 gig Intel NICS that been around for a few years. Sometimes, latest is not necessarily the greatest. FreeBSD, PFsense OS may not have the driver for your snazzy 10g NIC.

Editing here, cause I was mixed up, got 10mbps network speed.

Hopeing to just get our pfsense router to give us that maximum output we can have. Would you have a link for the NIC your suggesting?
 
Last edited:
Editing here, cause I was mixed up, got 10mbps network speed.

Hopeing to just get our pfsense router to give us that maximum output we can have. Would you have a link for the NIC your suggesting?
Editing here, cause I was mixed up, got 10mbps network speed.

Hopeing to just get our pfsense router to give us that maximum output we can have. Would you have a link for the NIC your suggesting?
Pfsense isn't going to help you if you only have 10mbps network!!!! More fuel to the engines Scotty!
 
Pfsense does have a well developed traffic shaper (AKA QOS) everybody needs. You are over-thinking it, the software is free, just need any ole PC box throw in 1-2 NIC, done.

Traffic Shaper = bandwidth management, allows fair access to everybody in the house. Without one, 1 user can monopolize the pipe.

Pfsense got lots of features, quick browse shows parental control possibility. Large community u can ask question, but definitely not for noobs who can't/unwilling to Google for unfamiliar terminologies.

U don't like it, go back to your old box, not losing much.
 
Ok, yup. Thanks for the help you all... we’re kind of in a rural area. And paying a whole lot for the 10mbps already. So upgrading hardware won’t do to much then.
Not Really, I didn't mean to sound dismissive but sharing a 10mbps line is always going to be painful! Pf does have a very clever traffic shaping system but learning how to properly use queues is an art in itself, whether you use priority (PRIQ), class (CBQ) or hierarchical fair service (HFSC). By all means give it a go, it may help but you are always going to be limited by your total bandwidth. (Is that Up/Down?)