pfSense Firewall or Linksys/Cisco router for small offices
I'm about to start switching some networks around for multiple small offices. Each office has about 10 to 15 users and 10 to 15 computers. Each office has a spread of generic routers and access points. The routers vary from being used as routers, to just being an access point for wireless. Nothing formal has really ever beem implemented for each of the 10 offices.
What I'm wanting is to set up a pfSense box for each office to configure things like:
- traffic shaping (for VoIP QOS)
- URL Filtering
- DHCP
- static routing
- multiple VLANs
I'll then use some of the existing hardware for wireless. Maybe even integrate the wireless right into the firewall depending on the office layout.
So my question, would this be better to do a full blown firewall box, or but a new business class or high end consumer class Linksys router to do the URL filtering, QOS and DHPC?
Each option could allow for remote access and VPN for remote maintnance and each would only cost a nominal about of money for something decent, i.e. under $250.
pfSense has all of that and more, plus you can scale up to whatever hardware you need: from a simple, 500MHz ALIX-based platform from PCEngines.ch (3 NICs as well, less than $300 all told with PSU, enclosure, and CompactFlash for storage), up to an Axiomtek barebones network appliance with 6 GbE interfaces, Intel Dual Core chipset, 2 GB DDR2 RAM, etc. for growth down the road.
You're not going to find a commercial/SMB firewall that can do as much as you can by building your own pfSense box, and all you're paying for is the hardware you need and (optionally) commercial support (although they have a great book out and the community is excellent).
I have it deployed at close to a dozen clients now, some with simple firewalling/NAT, others with multiple IPsec tunnels, multi-WAN, DMZ, CARP, etc. etc.
I also manage several small offices and the resulting experience is that sooner or later the so called SMB products fall short of expectation. It may be vendor imposed software limitations or the hardware limitations. pfSense is more than capable of doing what you want. This is why I stick with either Cisco (when the budget allows) or pfSense (cheaper, yet capable).
Netgate sells entire Alix Kits for around $210USD (more than enough for a small office).
For me OpenVPN(SSL/TLS) was the selling point.