What is a firewall

A firewall is a device which controls network traffic. In small systems, the firewall is usually at the connection to the Internet. Ideally, firewalls should control network traffic in both directions, but in small networks, it is common to allow all traffic outbound but to control inbound traffic. Operating systems like Microsoft Windows include machine-level firewalls, which give protection against local network threats and are very useful on machines used on public networks.

How do firewalls work?

Network traffic has a source and destination address and uses different protocols that use different port numbers. Typically legitimate traffic has predictable characteristics which can identify it compared to other network traffic. By setting up firewall rules which specify a combination of source and destination addresses and port numbers, it is possible to control what traffic can enter or leave the network.

Firewall rules can become very complicated, and understanding the nature of the traffic you want to allow is the first step. Once there are many rules, getting them in the wrong order can cause unintended consequences. It is vital to ensure that carelessly created rules don’t allow unwanted traffic.

Quality firewalls log data flow, and these logs are useful in troubleshooting problems. Logs are helpful when investigating security problems.

PFSense FirewallPlanning and implementing PFSense open source firewalls.

PFSense is an enterprise-quality open-source router firewall product. It runs on FreeBSD and can be installed on a computer or as a Virtual Machine. It is also available as a hardware device, starting with a palm-sized appliance.

In the Virtual Machine configuration, PFSense is installed on an existing host and will replace a hardware router. A PPPoE modem interfaces the DSL line to the server when connected to a broadband circuit. PFSense has many built-in network services, including DHCP and VPN. PFSense has regular security updates.

The benefits of switching to PFSense include

  • A better level of security than typical routers with built-in firewalls
  • Available as a community edition with no licencing costs or a paid support version for mission-critical systems
  • It is very stable, so it rarely needs reboots.
  • Supports IPV6
  • No capital cost compared to buying a router apart from a PPPoE modem in ADSL or VDSL configurations.
  • Saving rack space and therefore cost in a data centre environment.
  • Practically no power usage if installed as a virtual machine
  • Being able to site wireless access points with the users rather than with the server in small environments.

Atomik.biz will plan, implement and support PFSense solutions.