This Small Business IT tip might just help your business to save some operating expenses and start you on the path to easy I.T. infrastructure management.
Maybe your business started as 1 or 2 employees in an office with a desk, a phone, a computer, and an internet connection. Then it grew to 4-5 employees connected together by a small network switch to share files and the internet connection. Now you have 10, 15, 30 or more employees all sharing the same internet connection; fighting for bandwidth, trying to check email, browse websites, and transfer files to and from clients.
Then there’s the intern. He was hired on for some part time work that couldn’t afford a full time salary, but for what he lacks in pay, he surely makes up for by using the company internet connection for bit-torrent downloads, music streaming, games, and other things.
Sure you could fire the intern, but then you have to go looking for another source of cheap labor, and chances are that future interns may come with the same issues.
So instead, why not just fix the root of the problem; your router.
Many small businesses are still using the router that was provided by their Internet Service Provider (ISP). The ISP issued routers are almost always very basic and provide the bare essentials to get their service to your network. Usually DHCP, NAT Routing, and basic Firewalling. They typically do not do any advanced packet filtering, Quality of Service, Intrusion Detection, user authentication, or even wireless. So the control over your internet connection is limited to basically providing internet access and that’s it.
In comes pfSense. pfSense is an operating system based on FreeBSD and is designed to quickly setup a complete router, Gateway, Intrusion Detection, and a whole lot more very quickly. The best part about pfSense is that it can be run from very old hardware. The current minimum requirements are a Pentium 100MHz processor and 128MB of RAM. Even though you “can” run pfSense on the minimum hardware I would suggest at least a Pentium 4 or AMD Athlon XP processor and at least 1-2GB of RAM. Newer hardware is better because if it breaks, you have a chance of getting a replacement quicker (and everything eventually breaks in I.T.).
There is no way I can go through all of the features and possible configurations for a pfSense (that’s why you hire a professional) . But here is an overview of a typical hardware setup and a look at some of the most useful addon packages.
- Computer (an old but good one)
- IBM Thinkcentre M52 8215
- Pentium 4
- 1GB DDR2-533 RAM
- 40GB Hard Drive
- 16x DVD-ROM Drive
- Build in Network Card for Wan (NIC1)
- Network Card for Lan (NIC 2)
- Intel PRO/1000 GT Desktop Adapter
You can install tons of “packages” that add functionality to pfSense, but even without adding any packages, you get a full featured router, gateway, firewall.
Lets start with pfSense as a firewall. To setup, you need to download the install cd image from www.pfSense.org and burn it to a CD, then boot from that CD.
After the initial install you should get a screen similar to this, where you would configure things like IP address and the location to your internet gateway and DNS servers. At this point, your pfSense computer becomes an appliance and all of the management and configuration takes place on another computer on your network.
So from another computer on your network you will login to pfSense using the IP address that you assigned to your new pfSense appliance, setup a few basic parameters and finish with a fully operational firewall.
The firewall by default is setup for semi-restrictive access but can easily be reconfigured to lock down any services you don’t want your users to get to, or you can open up ports to your internal web server, mail server or other company servers. The install and setup is really quick especially if you have done it before. In about 30-45 minutes you can have a rugged and powerful solution that performs very well when compared against enterprise (expensive $$) equipment from vendors such as Cisco, Juniper, and SonicWall. And this solution lets you add tons of features that vendors usually charge $1000′s for.
Some Basic Addon Packages To Start With
Squid, is an addon that provides proxy service that can be used to more efficiently share your limited internet bandwidth, block unwanted traffic, limit each user’s connection speed and authenticate users; among other things. Squid can block many of the typical user caused network slow downs.
Snort, is an Intrusion Detection Service that can be setup to detect when malicious attempts are being made to access your network. It can also help to detect when your internal network has been infected with a virus, malware, or has become part of a botnet.
pfBlocker, this is a new package that combines a few older packages into one sure blocker. It can block entire countries, specific threats, or address ranges.
mailreport, this package can send you daily, weekly or monthly emails and graphs to let you know how your router or your internet connection is doing.
The best part about pfSense is how easily customizable it is, but the hardest part about pfSense is how customizable it is.
If you want to look into setting up a pfSense router at your business or just need help configuring a portion of it, give us a call, we’ve done it before.