Pfsense incorporation options

Hey everyone. not sure if there’s an identical thread to what I’m asking… I was wondering if anyone would be willing to share their experience deploying pfsense within their home network. I know Tom has shared several methods to implemeting it and I was wondering what made the most sense.

I know that there are all in one boxes you can buy that have their own custom hardware with a pre-sintalled version of pfsense and Tom has covered these. Alternatively, he’s shown how to build your own system with an old PC. No doubt some of the more cutting edge routers also allow you to include pfsense within their environmentl; like unify?

Ideally, I’d love to run an instance of pfsense with suricata but am aware that this is a more involved project, compared to just buying a unit off the shelf.

It kinda depends on a few things

  • you want the challenge of doing it yourself
  • can you cope with another PC running at home just for pfSense
  • do you have a spare PC + a couple of NIC’s (or do you have vlans)
  • can you afford an SG1100

I’ve never tried enabling Suricata on an SG1100 but my choice would be to grab one as they are small and easy to put out of the way, the hardware is going to be solid and you won’t spend too much time messing around.

That said, I run a HP server at home with a home lab so have pfSense running as a VM on XCP-NG joining about 10 vlans together. I do however have my own office at home that it runs in so the noise doesn’t bug the rest of my family.

1 Like

I run pfSense at home on a PC Engines APU2E4 (low power) with snort running and pfblocker. The pfSense box is setup using a PPPOE connection to local dsl provider and fail over to 4G. pfSense is great with snort and allowing IPSEC vpn (apu supports AES-NI for hardware encryption) connection to the office so we can have an office phone at home (the wife loves that). Have this connected with a US-8-150W for powering the cameras and other devices and it’s vpn support IoT crap and ofcourse QoS.

also great for killing the internet for the kids at 10pm so they will actually get in bed and don’t sneak on their laptops :slight_smile:

The flexibility of having pfSense at home is great but depends if you need it. @garethw mentioned SG1100 is great for home use and ofcourse helps support pfsense project.

1 Like

I switched from a Cisco RV42G to pfSense and i went the VM way for my implementation. My pfSense install has 8 VCPUs and 2GB ram as well as a 20G HDD that is a virtual disk under Proxmox. I have 2 dedicated NIC cards that are setup with each port on them as its own bridge and those are in turned passed to pfSense. I have 1 for my dynamic WAN, another for my static WAN. I then have 4 that are trunked at the hypervisor level and passed to pfSense for my LAN.

1 Like

I went the virtual route as well. I run about a dozen VLANs on it and it works great.

1 Like

Depends on how much you value your time vs your knowledge levels. If you buy something from Netgate, they just seem expensive for the price you can buy two other boxes, you will surely still have to configure it for your needs.

I switched over to pfsense from Asus mainly because I wanted more than 2 VPN servers and I don’t like the idea that I must send my data to Trendmicro to use their graphing features.

Took me 3-4 months to get it fully working to my needs, that is to say when I stopped making changes. Now it’s the odd tweak like switching over to Quad9.

I would say the best feature is the backup and restore capability !

I would be wary of guides on the internet, very few explain why they have selected one setting over another, so it’s monkey see monkey do, it can result in using weak ciphers in your VPN setup !

Initially I started off with pfsense in a VM to try and get familiar with it, it wasn’t a helpful approach.

IMHO I’d say pfsense is worth the effort vs the alternative of a consumer router which ceases to be supported after 3/4 years.

1 Like