[K12OSN] OT: Firewall solution suggestion
Terrell Prude' Jr.
microman at cmosnetworks.com
Sun Jan 16 05:41:03 UTC 2011
Posts don't need to pertain specifically to K12LTSP/K12Linux. We're
about FOSS in K-12 schools, so this definitely applies. And it's great
that you could save all that coin with FOSS. Right now, every dime counts.
But I do have a couple of questions. I use OpenBSD's PF firewall code
(similar to, but much easier syntax to read than, iptables), so I'm
wondering what advantage pfSense gives over something like OpenBSD PF.
Second, I was looking for screenshots of pfSense on their Web site.
Unfortunately, the pfSense folks put their screenshot gallery in the
proprietary Adobe Flash format instead of something FOSS-friendly like
JPEG's. I know, not your doing, but what the heck would any FOSS
project do something that inane for?
--TP
Barry Cisna wrote:
> Hello All,
>
> This topic does not pertain to K12LTSP per see but I think it may do
> some users of K12LTSP some good if they do not know about this firewall,
> pfSense.
> We are a k-12 school district. We have been using a Linux based firewall
> commercial product for the last 9 years which has worked great. But as
> time marches on the neccessity to have two WAN connections this product
> simply did not offer a transparent failover as well as load balancing
> if one wan went down. We are a rural school so without a doubt we do
> have one of our two wans go down from time to time.
>
> Enter pfSense. I installed pfSense on three offcast 1u servers we
> had,and these have worked great for the last year. It provides Ipsec
> Open and pptp vpns and many other niceities.
> This is going to save our school about $7500 per year not having to have
> a contract for our previous firewall solution. But more of a savings is
> not having to roll a van to two remote buildings to switch wires to the
> second WAN. I tried reading several solutions using a conventional Linux
> firewall with some scripting to make a downed wan link fail over to the
> second wan but simply could not make it work transparently.
> If you have multiple wan connections this may be worth looking into for
> you. I know Cisco of course does have this same capability if you are
> willing to spend the $$$!.
> Can't beat the price AND reliability of pfSense from what I have
> learned,though. pfSense runs on FreeBSD and is about a 68mb iso FWIW.
> Hope this may help someone else here.
>
> Take Care,
> BC
>
More information about the K12OSN
mailing list