I've worked in the private sector my entire professional life with Cisco gear for networking and Microsoft for server things. I recently took a job in my local county's government.
I've dabbled at home on my T1 - hosting email and web for friends and family, churches, and a small business here & there. I've always considered myself "a Cisco major with a Microsoft minor" - Cisco for the network, Windows Server NT/2000/2003 for the servers.
Here at the county we've got all Cisco network electronics, but now that I'm in the public sector and no longer have the "billable hours!" driving force, I've had the time and encouragement to learn FreeBSD, and as a result I have learned and implemented a few open source solutions here - RT
to name two. I am really digging FreeBSD, it's awesome.
A couple weeks ago I had to power cycle my PIX 506e at home, and I noticed it seemed to be running very hot. It's pretty normal for a 506e to run pretty warm - but I thought this was too hot. I began to think about alternatives to my PIX - I could not be without a firewall if that thing burned up. I made sure I had a fresh copy of its running config, and started looking around... I found pfSense.
I promptly obtained an old Dell Optiplex GX150 small form factor desktop chassis: 1GHz P3, 512MB PC133 RAM, 10GB hard drive, one integrated 10/100 NIC and one low-profile D-Link 10/100 PCI NIC.
I downloaded the LiveCD, booted it up and ended up with a hard drive install of pfSense. I spent about 2 hours exploring & replicating my PIX 506e's config into pfSense. I have a /29 of public IPs, with a couple of them NAT'd into services running on my private ten-dot network. Doing the Virtual IPs then doing the Static 1:1 NATs threw me for a loop at first, but everything else went very smooth and trouble-free. In a PIX, you simply write the NAT statement, and those public IPs you are NAT'ing into private IPs kind of just "float" without being formally assigned to any particular interface anywhere. Proxy ARP, etc. just happens automatically when you write your static NAT statement. The Virtual IPs was an extra step, but certainly no big deal - just something new to learn.
I turned on HTTPS and added a firewall rule so I could get at it from the public subnet at work, and the next day had OpenVPN working perfectly, thanks in large part to this thread
by Frewald - thanks Frewald!
I am EXTREMELY pleased with pfSense!
For me it a complete and never-look-back replacement for my Cisco PIX 506e at home. All the built-in functionality rocks, OpenVPN gives me the exact same connectivity I had running the Cisco VPN Client v5 with my PIX, and my throughput & overall performance feels significantly better.
I see a lot of potential with this - county government has many different tendrils of connectivity into other state and local agencies - pfSense will be a nice economical alternative to a Cisco PIX or ASA when I need to properly firewall & secure things around here.
Thanks for a great product!