Say strictly, pfsense is free, open a source, the custom-built version that passes transformed FreeBSD, it basically uses as firewall and road by implement. Besides can serve as an able-bodied and agile firewall and road by platform, it still includes a lot of correlated characteristics of other and program package, can expand further function and won't increase potential safe flaw. It is reported, pfSense had been downloaded millions of second, the network that is waited for by a lot of families, company, university uses the network device that will protect its computer and other.

This project began 2004 as a subproject of M0n0wall, be installed at complete PC again and it is worn is not M0n0wall is embedded hardware system. In addition, pfSense still offerred the Compact Flash that is based on installation built-in mirror, but this is not the problem that its pay close attention to most.

Its latest edition is originally 1.2, included commercial firewall or route by implement a lot of character in equipment, it included a manageable graphical user interface that is based on Web. Although it has free firewall, way by implement a few good character, but also be not apple-pie. The author will be elaborated somewhat at the back.

Pfsense technology feature

PfSense serves as a firewall, port of address of supportive basis IP, source address, purpose address, source, target port undertake filtering. For example, if we use source address to filter, set pair of in-house networks child net IP address undertakes monitoring, so the communication that comes from here location or request will undertake an analysis according to firewall regulation. If we use a target to filter, so the IP address that firewall will arrive at surveillant data communication. If target address is located in in firewall regulation, firewall can carry out appropriate action.

The operating system dactylogram that one of best firewall character are its passivity identifies a function, this function can detect passively operating system of a certain connective, allow firewall prevents join according to joining the operating system of node comes. It supports politic way by, can be received through the bridge or transparent mode moves, allow in equipment of network of park of user general PfSense, and do not beg additional configuration. PfSense offerred network address to change (NAT) and port transmit function, but when using NAT, have the restriction of the agreement such as PPTP, GRE, SIP.

Still have a bit, pfSense supports link of many wide area newwork, it is OK of the hair outside carrying out balance with entered load. Only limitation is it can come true to allocate of communication equably between join of wide area newwork only, and the user cannot distinguish according to the join of make choice of the first order of specific communication.

PfSense uses IPSec, OpenVPN, PPTP, its support is fictitious demesne network (VPN) . Because have the restriction of NAT, in join be when coming true through NAT, IPSec VPN also got restrict, lack the support that carries to client of long-range or mobile VPN thereby. This software still supports a few high-quality IPSec character, like net border close key is exchanged (the NAT Traversal in IKE) , this calls NAT-T, still support Xauth. The user can choose OpenVPN to break through a few limitation of this respect, still can put in a few limitation nevertheless. Although develop group commitment,in its the version lieutenant general that did not come resolves these restriction.
Previous12 Next