We took the final barrier for you, now you just have to plug it in and power it up…
Ever since the introduction of open source, there has been one common challenge that binds them all..
the lack of turn-key open source appliances,so if you like the software you will have to build your own server, firewall, phone system or whatever open source appliance you require.
In the end that is where the real cost is as you need to find out where to buy quality hardware, test and install the software on it…
And then? Well most of the time things aren’t going as planned.
So when we introduced our first appliances we had two things in mind:
+ and make it affordable.
With our OPN line appliances we added another dimension to this philosophy
and for the first time open source can finally win the battle from the commercial competitors.
Take a look for yourself and be amazed!19" 1U rack mountable, OPN line enclosure
Our 19" rack enclosure is a durable 1U powder coated rack mountable enclosure, especially designed and build for our OPN line of open source appliances.
The highligts of the OPN rack enclosures are:
+ powder coated metal (for more information about powder coating, see this wiki)
+ a clean front panel without visable screws
+ high quality finish with chrome handles and power led
+ laser engraved port labels and logo's (oem options are available)
+ power connector located at the rear of the unit
+ good heat dissipation (passive, no fan required)
+ build for silent, fanless network appliances
Dimensions (WxHxD) :
485mm x 44mm x 204mm
Weight : approx. 3,5Kg
Standard colors: off-white front panel (RAL9002) / dark blue base unit (RAL5003)
pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. Being based on the fabulous m0n0wall foundation pfSense provides almost all of m0nowalls' features and several important features on top of that.Versions
Currently all OPNsense appliances can be delivered with either pfSense 2.0.1 Release or pfSense 1.2.3 Release.
According to the pfSense development team 2.0 is the preferred version for new installations.
pfSense includes most of the features available in expensive commercial firewalls, and more in many cases. The following is a list of features available in the pfSense 1.2.3 release. All of these things are possible in the web interface, without touching anything at the command line.
* Stateful inspection firewall more...>
+ Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic
+ Able to limit simultaneous connections on a per-rule basis
+ pfSense utilizes p0f, an advanced passive OS/network fingerprinting utility to allow you to filter by the Operating System
initiating the connection.Want to allow FreeBSD and Linux machines to the Internet, but block Windows machines?
pfSense can do so (amongst many other possibilities) by passively detecting the Operating System in use.
+ Option to log or not log traffic matching each rule.
+ Highly flexible policy routing possible by selecting gateway on a per-rule basis (for load balancing, failover, multiple WAN)
+ Aliases allow grouping and naming of IPs, networks and ports.
This helps keep your firewall ruleset clean and easy to understand, in environments with multiple public IPs
and numerous servers.
+ Transparent layer 2 firewalling capable - can bridge interfaces and filter traffic between them,
even allowing for an IP-less firewall (though you probably want an IP for management purposes).
+ Packet normalization, so there are no ambiguities in interpretation by the ultimate destination of the packet.The scrub
directive also reassembles fragmented packets, protecting some operating systems from some forms of attack, and drops
TCP packets that have invalid flag combinations.
o Enabled in pfSense by default
o Can disable if necessary. This option causes problems for some NFS implementations, but is safe and should be left
enabled on most installations.
+ Disable filter - you can turn off the firewall filter entirely if you wish to turn pfSense into a pure router.
* Granular control over state table more...>
The firewall's state table maintains information on your open network connections. pfSense is a stateful firewall, by default all rules are stateful. Most firewalls lack the ability to finely control your state table. pfSense has numerous features allowing granular control of your state table, thanks to the abilities of OpenBSD's pf.+ Adjustable state table size - there are multiple production pfSense installations using several hundred thousand states.
* Traffic Shaper more...>
Please look at version 2.0 for that functionality.
For more information on pfSense trafficshaping capabilities (including version 2.0, Layer 7) see PFSenseDocs.
* Captive portal more...>
or clicking through the splash page.
+ Idle timeout - Disconnect clients who are idle for more than the defined number of minutes.
after authenticating or clicking through the captive portal, users can be forcefully redirected to the defined URL.
every machine behind the router will be authorized after one user is authorized.
MAC filtering can be disabled for these scenarios.
You may wish to exclude some machines for other reasons.
* 802.1Q VLAN support more...>
* VPN more...>
This is most commonly used for site to site connectivity to other pfSense installations,
other open source firewalls (m0n0wall, etc.), and most all commercial firewall solutions (Cisco, Juniper, etc.).
It can also be used for mobile client connectivity.
This limits pfSense's usefulness with mobile IPsec clients. OpenVPN or PPTP is a better solution.
* Some of the more advanced capabilities of ipsec-tools are not supported until 2.0, including DPD, XAuth, NAT-T, and others.
OpenVPN is a flexible, powerful SSL VPN solution supporting a wide range of client operating systems.
See the OpenVPN website for details on its abilities.
PPTP is a popular VPN option because nearly every OS has a built in PPTP client, including every Windows release since Windows 95 OSR2.
See this Wikipedia article for more information on the PPTP protocol.
The pfSense PPTP Server can use a local user database, or a RADIUS server for authentication.
RADIUS accounting is also supported. Firewall rules on the PPTP interface control traffic initiated by PPTP clients.
for outbound PPTP connections. This means if you have only one public IP, and use the PPTP Server, PPTP clients inside your network will not work.The work around is to use a second public IP with Advanced Outbound NAT for your internal clients. See also the PPTP limitation under NAT on this page.
* DNS: DynDNS, RFC 2136 more...>
A Dynamic DNS client is included to allow you to register your public IP with a number of dynamic DNS service providers.
* Can only update one account with a single provider. 2.0 enables the use of unlimited accounts.
* Only works when pfSense has the public IP assigned to one of its interfaces.
If you have a modem that obtains your public IP and gives pfSense a private IP,
the private IP will be registered with the provider.
In 2.0, there is an option to determine your actual public IP and correctly register it.
* Redundancy, CARP, failover more...>
* And much more...>
pfSense includes both DHCP Server and Relay functionality
Reporting and Monitoring
The RRD graphs in pfSense maintain historical information on the following:
* Total throughput
* Firewall states
* Individual throughput for all interfaces
* Packets per second rates for all interfaces
* WAN interface gateway(s) ping response times
* Traffic shaper queues on systems with traffic shaping enabled
Real Time Information
Historical information is important, but sometimes it's more important to see real time information.
SVG graphs are available that show real time throughput for each interface.
For traffic shaper users, the Status -> Queues screen provides a real time display of queue usage using AJAX updated gauges.
The front page includes AJAX gauges for display of real time CPU, memory, swap and disk usage, and state table size.
pfSense is also equiped with a package manager that gives you access to many additional features, such as:
* Intrusion detection with the Snort package
* High Availability package
* Internet Proxy, uses the Squid package
* and many more...
however most packages can be installed on a Flash Based version as well (use a flash card >= 1Gb)
For more information about pfSense and it's features go to www.pfsense.org
New in pfSense 2.0
Version 2.0 of pfSense holds many new features and supports Layer 7 protocol filtering
For a comprehensive list of changes and new features in pfSense 2.0 see the '2.0 New Features and Changes'
Screenshot(s)open in separate window
|Enclosure Type||Rack mountable [19"]|
|Dimensions [ W x H x D ]||485mm x 44mm x 204mm|
|CPU type||Intel Atom Z510/Z530 1.1Ghz/1.6Ghz|
|Ethernet ports [total]||5|
|Fast Ethernetports [10/100Mbps]||None|
|Gbit Ethernetports [100/1000Mbps]||5|
|SFP+ 10Gbit [DA/SR] ports||No|
|Other ports||1x Serial Console, 2x USB 2.0|
|Storage Type [Default]||Hard Drive|
|Storage Size [Default]||320Gb|
|Package contents||OPN-line appliance, Powersupply, Configuration cable, Quickstart guide, DVD with firmware & tools|