The firewall, that ubiquitous piece of technology that should be a part of every network, is a crucial choice. Many networking engineers look to Cisco as the default, but a growing number are using open source firewall options like pfSense firewall. You might have heard of the pfSense software project. They recently received a good amount of buzz from the much anticipated pfSense 2.1 release, but what is pfSense firewall and why is it so attractive?

Who is pfSense?

Before we dive into what it does, lets look at the pfSense® software project as a whole for a moment. Anyone in networking has heard of Cisco, but the pfSense firewall software brand might be unfamiliar to you. It began as an offshoot of the m0n0wall project in 2004, taking the work it started in embedded firewall applications and applying the advancements towards device driven firewalls. pfSense® software has become a favored alternative for network firewalls, with over 167,000 recorded live installs as of April 2013.

What is pfSense firewall software?

In their own words:

“pfSense® software is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.“ – pfsense.org

Basically pfSense firewall software is an engine that makes a firewall go, but not the actual hardware. This means that a firewall with pfSense® software is not an apples to apples comparison to a Cisco, SonicWall or HP firewall. Those devices are an all-in-one solution with hardware and OS rolled into “off the shelf” solutions, where much of your customizability is in the licensing models you are willing to pay for.

pfSense® software was designed to be a customizable platform that could be hardware agnostic. This allows the engineer to meet the needs of the project with a device with the right I/O and specifications, and then customize the pfSense firewall software settings to their needs.

The Hard Line on Hardware with pfSense firewall

As mentioned, pfSense® software is hardware agnostic. The minimum specifications — a 100 MHz Pentium CPU, 128MB of RAM, and a 512 MB storage medium — are easy to reach, but a firewall with pfSense® software is as good as the parts you build it from. Most network engineers utilize small, power-efficient, appliance-like computers for firewall applications that support connectivity (5 LAN for example) and desired throughput (200 Mbps) while having good speed of CPU and RAM.

Firewalls: pfSense® software vs Cisco

The case for pfSense® software is similar to the one made for use of Linux based OS’s in business environments, which should not be a surprise since its core is FreeBSD. The open source, flexible, customizable free version vs. known, pricey, off the shelf option. Lets take a second and look at the pfSense® software project as compared to Cisco, the industry leader:

Cisco Logo

PFSense Logo

ProsPros
  • Brand name recognition
  • Industry Leader
  • High quality hardware
  • High quality software
  • Single solution
  • Many support options
  • Well documented solutions
  • Inexpensive
  • No licensing fees
  • Free upgrades
  • Simple but effective design
  • Lowered cost for redundancy
  • Open source (Linux software)
  • Customizable
  • Hardware agnostic
  • Easy Installation
ConsCons
  • Expensive initial investment
  • Expensive licensing
  • Req Cisco certifications
  • Slow to upgrade
  • Limited offerings
  • Limited SMB targeting
  • Not modular, closed source
  • Limited free support
  • Little brand recognition
  • Limited safetynet
  • No update schedule

When should I select a firewall with pfSense® software instead of another?

There is not an easy “If/then” solution to this. Cisco Firewalls, as well as Barracuda, HP, Sonicwall and others, are all good devices. Each has their own strength and weakness. Where a pfSense firewall makes sense is when cost and customizability are a concern; when your network engineer feels comfortable with the choice; or when you need a firewall that has a feature just not found in another option.

Firewalls are one of the most important parts of a network. Picking the right firewall should be done carefully, but a network’s needs are not always served by throwing money at the problem and more often than not, the firewall that ends up being used is overkill. Find the right firewall for you, but don’t discount pfSense® software as an inexpensive alternative.