• businessstartup1.jpg
  • products1.jpg
  • software_product_dev1.jpg
  • banner_products1.jpg

pfSence Software Firewall 

pfSense® software includes most all the features in expensive commercial firewalls, and more in some cases. This section is intended to prove that to you and get you started on path of deploying pfSense software in your environment.

The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality. Through this package system pfSense software is able to provide most of the functionality of common commercial firewalls, and many times more.

pfSense Firewall Features

Firewall

  • Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic.
  • Limit simultaneous connections on a per-rule basis.
  • pfSense software utilizes p0f, an advanced passive OS/network fingerprinting utility to allow you to filter by the Operating System initiating the connection. Want to allow FreeBSD and Linux machines to the Internet, but block Windows machines? pfSense software allows for that (amongst many other possibilities) by passively detecting the Operating System in use.
  • Option to log or not log traffic matching each rule.
  • Highly flexible policy routing possible by selecting gateway on a per-rule basis (for load balancing, failover, multiple WAN, etc.)
  • Aliases allow grouping and naming of IPs, networks and ports. This helps keep your firewall rule set clean and easy to understand, especially in environments with multiple public IPs and numerous servers.
  • Transparent layer 2 firewalling capable - can bridge interfaces and filter traffic between them, even allowing for an IP-less firewall (though you probably want an IP for management purposes).
  • Packet normalization - "'Scrubbing' is the normalization of packets so there are no ambiguities in interpretation by the ultimate destination of the packet. The scrub directive also reassembles fragmented packets, protecting some operating systems from some forms of attack, and drops TCP packets that have invalid flag combinations."
  • Disable filter - you can turn off the firewall filter entirely if you wish to turn your pfSense software into a pure router.

State Table

The firewall's state table maintains information on your open network connections. The pfSense software is a stateful firewall; by default all rules are stateful.

Most firewalls lack the ability to finely control your state table. The pfSense software has numerous features allowing granular control of your state table, thanks to the abilities of OpenBSD's pf.

Network Address Translation (NAT)

  • Port forwards including ranges and the use of multiple public IPs.
  • 1:1 NAT for individual IPs or entire subnets.
  • Outbound NAT.
  • Default settings NAT all outbound traffic to the WAN IP. In multiple WAN scenarios, the default settings NAT outbound traffic to the IP of the WAN interfaces being used.
  • Advanced Outbound NAT allows this default behaviour to be disabled, and enables the creation of very flexible NAT (or no NAT) rules.
  • NAT Reflection - NAT reflection is possible so services can be accessed by public IP from internal networks.

High Availability

CARP from OpenBSD allows for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active. The pfSense software also includes configuration synchronization capabilities, so you make your configuration changes on the primary and they automatically synchronize to the secondary firewall.
pfsync ensures the firewall's state table is replicated to all failover configured firewalls. This means your existing connections will be maintained in the case of failure, which is important to prevent network disruptions.

Limitations

Only works with static public IPs, does not work with stateful failover using DHCP, PPPoE, or PPTP type WANs.

Multi-WAN

Multi-WAN functionality enables the use of multiple Internet connections, with load balancing and/or failover, for improved Internet availability and bandwidth usage distribution.

Server Load Balancing

Server load balancing is used to distribute load between multiple servers. This is commonly used with web servers, mail servers, and others. Servers that fail to respond to ping requests or TCP port connections are removed from the pool.

Virtual Private Network (VPN)

The pfSense software offers three options for VPN connectivity, IPSec, OpenVPN, and PPTP.

PPPoE Server

The pfSense software offers a PPPoE server. For more information on the PPPoE protocol, see this Wikipedia entry. A local user database can be used for authentication, and RADIUS authentication with optional accounting is also supported.

Reporting and Monitoring

RRD Graphs

The RRD graphs in the pfSense software maintain historical information on the following.

  • CPU utilization
  • Total throughput
  • Firewall states
  • Individual throughput for all interfaces
  • Packets per second rates for all interfaces
  • WAN interface gateway(s) ping response times
  • Traffic shaper queues on systems with traffic shaping enabled

Real Time Information

Historical information is important, but sometimes it's more important to see real time information.

  • SVG graphs are available that show real time throughput for each interface.
  • For traffic shaper users, the Status -> Queues screen provides a real time display of queue usage using AJAX updated gauges.
  • The front page includes AJAX gauges for display of real time CPU, memory, swap and disk usage, and state table size.

Dynamic DNS

A Dynamic DNS client is included to allow you to register your public IP with a number of dynamic DNS service providers.
A client is also available for RFC 2136 dynamic DNS updates, for use with DNS servers like BIND which support this means of updating.

Captive Portal

Captive portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access.

DHCP Server and Relay

The pfSense software includes both DHCP Server and Relay functionality.

pfSence Software Firewall Services Offered by CISI Kenya

  • pfSence Software Firewall implementation.
  • pfSence Software Firewall technical support.
  • pfSence Software Firewall upgrades.
  • pfSence Software Firewall consultancy.

Cyberoam Hardware Firewall 

Cyberoam UTM delivers enterprise-class network security with stateful inspection firewall, VPN and IPS, offering the Human Layer 8 identity-based controls and Layer 7 application controls. It ensures high levels of network security, network connectivity, continuous availability and secure remote access with controlled network access to road warriors, telecommuters, partners, customers.

Cyberoam Firewall Features

  • Cyberoam offers a well-coordinated defense through tightly integrated best-of-breed solutions over a single interface. The result is a complete, dependable shield that Internet threats find extremely difficult to penetrate. Stateful Inspection Firewall.
  • Virtual Private Network - VPN.
  • Gateway Anti-Virus and Anti-Spyware.
  • Gateway Anti-Spam.
  • Intrusion Detection and Prevention - IDP.
  • Content & Application Filtering.
  • Bandwidth Management.
  • Multiple Link Management.
  • Comprehensive Reporting.

Benefits of Cyberoam Firewall

  • Block adult/unsafe Internet content.
  • Manage Internet access for guests.
  • Monitor on-line activities of kids.
  • Be safe from viruses, botnet, intruders, and hackers.
  • Protect desktop, laptop, Smart Phone, iPad, gaming consoles, and more, from Internet threats.
  • Real-time protection against all Internet threats.
  • Rapid deployment.
  • Zero network configuration.
  • Single management interface - web based GUI.
  • Safe business environment.
  • Enhanced productivity.
  • Meets regulatory compliance requirements.

Cyberoam Hardware Firewall Services Offered by CISI Kenya

  • Cyberoam Hardware Firewall implementation.
  • Cyberoam Hardware Firewall Sales.
  • Cyberoam Hardware Firewall technical support.
  • Cyberoam Hardware Firewall licensing.
  • Cyberoam Hardware Firewall Upgrades.
  • Cyberoam Hardware Firewall consultancy.

Newsletter Subscription

© 2010 - 2017 CISI Kenya Ltd.. All Rights Reserved. Designed By CISI Kenya.