Netgate pfSense Plus Firewall/VPN/Router
Netgate | 24.11.0Linux/Unix, FreeBSD 14 - 64-bit Amazon Machine Image (AMI)
External reviews
External reviews are not included in the AWS star rating for the product.
Works well with AWS networking
I used the pfSense Netgate firewall/VPN/Router to help study for the AWS Advanced Network Specialty exam. Simple to set up, I used it to build VPNs w/BGP between two VPCs and a remote network using pfSense on two sides and a VGW in the middle. The latest version supports VTI interfaces so you can use route-based VPN instead of policy-based VPN. Without VTI interfaces you can set up a VPN but BGP doesn't work as expected. I had no problems setting up VTI interfaces in the VPN configuration, installing OpenBGPD, and routing traffic using CloudHub VPN and BGP to connect the two VPCs and my remote network together.
In my opinion, the pfSense firewall was easy to set up and the interface is fairly intuitive if you're familiar with networking and security. I've used the community edition for a while and the AWS version has the same look-and-feel. There's also a number of open source options that can be added to extend the functionality of the product.
I think the only downside is the pricing. I wish the t2.nano and t2.micro were both priced the same. The t2.nano is great for a trial run. However, if you install any options you'll probably want something larger than a t2.nano and that will create a significant price increase. Then again, Netgate's pricing seems to be much lower than comparable products in AWS marketplace so it looks like it cost less to run than other products with similar functionality.
I would recommend Netgate pfSense if you are looking for a low-cost stateful firewall that is built using open source software and can do VPN and routing too.
- Leave a Comment |
- 1 comment |
- Mark review as helpful
Great option of perimeter firewall
Great open source firewall
Will not launch in the US-WEST-2 region
I've successfully launched this in other regions, but it will not launch in the US-WEST-2 region. Please fix this! The system log shows the operating system halting and rebooting constantly.
Great for Site-to-Site
Very easy to use.
The UI is Intuitive.
Site-toSite VPN is very stable.
You can upgrade to a newer version from the UI.
Strongly recommended!
IPsec VPN routing issue
GUI is very easy to use, site-to-site VPN tunnel established easily.
However, it seems miss routing config, I could not find a way to route traffic into this VPN tunnel.
Very easy to install out of the gate and a robust routing platform.
So powerful
Pfsense a worth while firewall
pfsense has a range of modules/plugins that can be added in order to shape pfsense to your needs, there is a wide selection and you are sure to find something to do the job. If for any reason you are unable to find a module to do what needs to be done, more than likely a question has been asked on the subject and an answer is easily found, if not you can pose a question on the forums and you will be met with a very patient community.
One of the main benefits is the capability for multiple WANs, allowing you to route traffic how you see fit or even load balance.
You can add squid guard and block/allow websites on a whitelist/blacklist.
Aliasing allows you to add multiple IP's/networks/hosts under a single alias and make firewall rules based on this, so rather than creating 250 firewall rules for 250 nodes, simply alias all 250 and make a single rule for that alias.
There are pages devoted to graphs so you can monitor your network traffic, your physical NICs and the server itself.
There are a ton of features and all the basic/advanced networking needs are met.
I was unable to achieve port forwarding for a VPN. The VPN was PPTP (admittedly I never tried any other methods) on a Windows server. Despite countless hours searching and reading the results and numerous attempts of changing settings, I was unable to use the VPN (had worked previously with a paid firewall solution), whether this issue still stands or was entirely my fault still remains unsolved.
After approximately three years I have found pfsense to become slightly flaky. I have only experienced this with one box (the longest running). Whether this issue boils down to the physical server and/or components or whether this is due to changes over the course of time/corruption of configuration files, is again undetermined.
In reality I have not experienced any real downsides of the solution I cannot link back to me.
It has allowed me multiple WAN connections. With aliasing I can quickly group servers, computers, security equipment etc. Using the aliasing I have been able to dedicate WAN connections for specific purposes ensuring the bandwidth is distributed as necessary with a single firewall rule.
Modules like bandwidthd help me check the hosts consuming the most traffic, squid to help me monitor traffic and squid guard to help me block or allow traffic, make this a great solution.
After moving from one paid licensed solution to another I have found pfsense to not only be free, but completely wipe the floor with anything paid for previously.
My experience with this product is extremely positive and I would definitely recommend it as a great solution.
Easy to setup and checking Software Router
Have a good user interface that I can easily understand and learn how to use it.
I can use an old server to serve 50 peoples without lagging.