I recently migrated from a SRX210H to PFSense for my internet edge device.
The main motivation for this was the SRX’s pretty awful Java+Flash GUI. The Juniper command line is fantastic, but I’m trying to remove flash from my life, I just can’t deal with it any more.
PFSense has a really nice GUI and it is Unix based, so it was an easy choice.
The PFSense install is pretty straightforward, but here are a couple things that I tweaked for my setup (everything is pretty googleable):
- Keep an eye on your MBUF usage. That’s basically a memory buffer for your NICs. If you are running a quad port NIC you will probably have to increase it from the Unix command line like I did.
- Turn on the Intel temp sensors from the GUI (System>Advanced>Misc)
- Setup TRIM. I’m not sure if this was 100% necessary. If you are going to do it, don’t wait until after you rack the server like I did.
- Setup manual outbound NAT with a static port for Asterisk. Once again, I’m not sure this was necessary, but the internet claims it is needed for Asterisk to work properly.
- Create aliases for commonly used IP ranges (Firewall>Aliases). I have one for the private IPv4 range so that I can easily create outbound rules (! private_IPV4).
- Once you have everything working turn off logging for the default drop rules (Status>System Logs>Settings). Watching the logs for the default drop rule will be useful for troubleshooting, but it can be pretty distracting once everything is set-up.
The SSD Question
There seems to be some question on the Internet as to whether PFSense eats SSDs or not. The concern is that things like the state table, and all of the system logs cause SSDs to wear out really fast.
I’m using a 30GB Crucial M4 SSD in mine. I’ve been using SSDs in all of my systems for some time now without any issue, so I’m willing to take the chance.
I’ll update this post if it dies