The next edition of FreeBSD Journal will have a comprehensive (3500 word) article covering the major changes and enhancements in the 2.2 release as well as in-depth writing about the upgrade to FreeBSD 10.1 as the base operating system for pfSense. Other major changes and improvements covered include IPsec enhancements, DNS resolver changes, high availability, outbound NAT enhancements, changes to the package system, and more.

Here is an excerpt from that article:

FreeBSD, in combination with a variety of its ports, can make for a powerful firewall solution comparable to and sometimes better than commercial offerings. One potential downside to rolling your own is the learning curve involved in manually configuring all the various underlying components.  The required knowledge base makes building and maintaining such a solution inaccessible to much of the market. There is also a requirement for a significant  amount of “glue code” between various pieces to enable the whole to work in a cohesive manner. pfSense® software has been filling this gap for over a decade.  

pfSense software makes FreeBSD firewalls accessible to every IT professional capable of managing a typical commercial-grade firewall. With pfSense software, everything is managed via an easy-to-use web interface that's similar to the GUIs of Cisco ASAs, Watchguard, Sonicwall and other products. The pfSense project is to network security and FreeBSD what FreeNAS is to Network Attached Storage and FreeBSD. Over the past decade, we’ve grown to 300,000 known live installs. 

While our user base initially comprised mostly users who had very little knowledge of how to manually configure anything in the underlying components, that’s changed significantly in the last few years. When the project first started, we often had to educate new users that FreeBSD is not Linux - in fact, it’s better.  As we grew, some highly-skilled BSD sysadmins scoffed at the idea of using a GUI to manage a firewall. Many of these experts have since gained an understanding of the value and time savings in using pfSense software. 

Understanding the glue tying various components together is beyond new users of BSD firewalls and can be daunting even for the most seasoned professional.  As a common example, consider the scenario of an Internet connection with a dynamic IP Internet address. Depending on the subsystems one has configured, when an IP changes, there are several things that may need to occur including: dynamic DNS updates, clearing cached firewall and NAT states from the previous IP, configuration files for select services need to be updated with the new IP and any affected services subsequently restarted. Stock BSD systems don't have easy facilities to handle circumstances like this, much less do it all automatically. Even seasoned sysadmins appreciate having firewalls that more junior staff can easily manage.  Eliminating 3 AM trouble calls can make for a less grumpy sysadmin.

pfSense software release 2.2 is the culmination of 15 months of development effort in a number of areas.  This article highlights the most significant changes in release 2.2.

SUBSCRIBE TO FreeBSD Journal

Get the Kindle app here

Subscribe in iTunes for your iPad or iPhone

Get the Android app here

NETWORK SECURITY - pfSense has partnered with PatchAdvisor, an industry leader in network security, to conduct comprehensive vulnerability assessments at the customer's request. With the goal of assessing the security posture of your internal network and systems security controls, every device within the network is evaluated for configuration backdoors, trojans, malware, and mis-configuration which can lead to attacks and intrusions from the outside.

Our experienced professionals will examine the internal information systems for implementation of industry best practices and perform a technical review to verify existing vulnerabilities and configuration errors. PatchAdvisor also offers product-independent network designs as well as design reviews of pre-deployment specifications and existing networks with an emphasis on potential vulnerabilities and network management shortfalls.

CARP / HA CONFIGURATION -  The Common Address Redundancy Protocol (CARP) allows multiple hosts to share the same IP address and provide high availability. One or more hosts can fail, and the others will take over for the failed system transparently. In addition to the shared IP address, hosts also have a unique IP address for management and configuration. Our professional services team can configure your firewalls to support high availability, thus reducing the risk of catastrophic failure.

NETWORK DESIGN -  Before you can begin to design a network, you first must determine your needs. What services must you provide to your user community? What are the resources you'll need? You have to take into account network protocols, applications, network speed, and, most important, network security issues. Another important factor your management will probably force you to consider is cost — you can't forget the budget.

We have provided assistance with network design ranging from a review of proposed designs, to completely designing the environment to customer requirements and providing complete, professional network diagrams and documentation. These are commonly larger or more complex networks, such as co-location environments, WISPs, small ISPs, universities, and large corporate environments.

FIREWALL CONVERSION -  Migrating from one firewall vendor to another can be a huge undertaking requiring hours of tedious access and NAT rule rewriting, testing, verification and more!. For customers with an existing firewall looking to convert to pfSense software, we can configure your pfSense software to match the settings of your existing firewall product. We have experience with a wide range of commercial and open source firewalls, and extensive expertise and experience with Cisco PIX and ASA.

For a more comprehensive list of services offered, please see our Professional Services page. Feel free to inquire about your specific needs by sending an e-mail to professional.services@pfsense.org