Today I want to talk about my two favorite Open Source firwalls; Monowall and PfSense. If you’re into Open Source at all, you’ve probably come across Monowall and PfSense. I personally love Monowall. It’s small and fast. If you put it on really nice hardware, you will have great performance. The only issue I still have with Monowall is lack of Load-Balancing and Fail-Over capability. That’s when I came across PfSense. PfSense was branched off of Monowall to provide more enterprise level functions. PfSense includes Load-Balancing and Fail-Over. You can check out this link to see how to setup a Fail-Over Firewall with PfSense.
There were times at a job where a firewall just failed. I had a client who actually had two firewall fail at the same time after Hurricane Sandy. That wasn’t fun. My first instinct was to run to my good old Monowall, but I didn’t have enough network cards to implement the solution I wanted. I found a hardware router with enough ports to get them going until a long term solution was applied. At another site, I just needed two network ports. So in less than an hour I had found a computer, installed a 2nd network card, downloaded Monowall and configured it for their network to get basic functions running again. This client had to wait for a new firewall to be shipped overnight.
Both Monowall and PfSense provide virtual machine images to make testing a bit easier so you can find the one to best fit your needs. These are worth looking at if you’re tight on a budget and can’t afford Commercially Supported products yet. PfSense offers a paid support subscription that may interest some of you.
So just remember. If you’re ever in a tight bind with a failed firewall and you don’t have high-availability in place, Monowall or PfSense could come to the rescue for you and your company.