Common Deployments¶
pfSense® software can meet the needs of nearly any type and size of network environment, from a SOHO to datacenter environments. This section outlines the most common deployments.
Perimeter Firewall¶
The most common deployment of pfSense software is a perimeter firewall. pfSense accommodates networks requiring multiple Internet connections, multiple LAN networks, and multiple DMZ networks. BGP (Border Gateway Protocol), connection redundancy, and load balancing capabilities are configurable as well.
See also
These advanced features are further described in Routing and Multiple WAN Connections.
LAN or WAN Router¶
pfSense software configured as a LAN or WAN router and perimeter firewall is a common deployment in small networks. LAN and WAN routing are separate roles in larger networks.
LAN Router¶
pfSense software is a proven solution for connecting multiple internal network segments. This is most commonly deployed with VLANs configured with 802.1Q trunking, described more in Virtual LANs (VLANs). Multiple Ethernet interfaces are also used in some environments. High-volume LAN traffic environments with fewer filtering requirements may need layer 3 switches or ASIC-based routers instead.
WAN Router¶
pfSense is a great solution for Internet Service Providers. It offers all the functionality required by most networks at a much lower price point than other commercial offerings.
Special Purpose Appliances¶
pfSense can be utilized for less common deployment scenarios as a stand-alone appliance. Examples include: VPN appliance, Sniffer appliance, and DHCP server appliance.
VPN Appliance¶
pfSense software installed as a separate Virtual Private Network appliance adds VPN capabilities without disrupting the existing firewall infrastructure, and includes multiple VPN protocols.
Sniffer Appliance¶
pfSense offers a web interface for the tcpdump
packet analyzer. The captured
.cap
files are downloaded and analyzed in Wireshark.
See also
For more information on using the packet capture features of pfSense, see Packet Capturing.