pfSense Firewall or Linksys/Cisco router for small offices

firewall small-business cisco pfsense linksys

I'm about to start switching some networks around for multiple small offices. Each office has about 10 to 15 users and 10 to 15 computers. Each office has a spread of generic routers and access points. The routers vary from being used as routers, to just being an access point for wireless. Nothing formal has really ever beem implemented for each of the 10 offices.

What I'm wanting is to set up a pfSense box for each office to configure things like:

  • traffic shaping (for VoIP QOS)
  • URL Filtering
  • DHCP
  • static routing
  • multiple VLANs

I'll then use some of the existing hardware for wireless. Maybe even integrate the wireless right into the firewall depending on the office layout.

So my question, would this be better to do a full blown firewall box, or but a new business class or high end consumer class Linksys router to do the URL filtering, QOS and DHPC?

Each option could allow for remote access and VPN for remote maintnance and each would only cost a nominal about of money for something decent, i.e. under $250.


pfSense has all of that and more, plus you can scale up to whatever hardware you need: from a simple, 500MHz ALIX-based platform from PCEngines.ch (3 NICs as well, less than $300 all told with PSU, enclosure, and CompactFlash for storage), up to an Axiomtek barebones network appliance with 6 GbE interfaces, Intel Dual Core chipset, 2 GB DDR2 RAM, etc. for growth down the road.

You're not going to find a commercial/SMB firewall that can do as much as you can by building your own pfSense box, and all you're paying for is the hardware you need and (optionally) commercial support (although they have a great book out and the community is excellent).

I have it deployed at close to a dozen clients now, some with simple firewalling/NAT, others with multiple IPsec tunnels, multi-WAN, DMZ, CARP, etc. etc.


I also manage several small offices and the resulting experience is that sooner or later the so called SMB products fall short of expectation. It may be vendor imposed software limitations or the hardware limitations. pfSense is more than capable of doing what you want. This is why I stick with either Cisco (when the budget allows) or pfSense (cheaper, yet capable).

Netgate sells entire Alix Kits for around $210USD (more than enough for a small office).

For me OpenVPN(SSL/TLS) was the selling point.

Related

Getting Exchange to do DKIM
What desk chair do you use? [closed]
numeric subdomain
Linux Based Exchange Replacement [duplicate]
Wildcard subdomain directory names
SQL Server live database backup strategies
Does windows Remote Desktop have any protection against brute force attacks?
Set maximum speed for scp
Reset Windows domain user password
Can rm command complete in a bash script before all files have been removed?
Best RAID setup for multimedia fileserver? [closed]
Do i need to open 25 port to send emails with the php mail function?