PfSense is well-known for providing many features that are only otherwise available on expensive commercial firewalls. Moreover, with the release of pfSense 2.0 in 2011, several new features have been added to the software. Here are five features that provide compelling reasons to deploy pfSense on your network.
Using multiple components with load balancing, a method for distributing workloads across multiple computers or other resources, may increase reliability. It is generally only necessary within large or sensitive systems (for example, popular web sites, large IRC networks, high-bandwidth FTP sites, NNTP and DNS servers), and not all firewall and router products support load balancing. pfSense, however, supports it and can be configured to load-balance or failover redundant WAN interfaces. Load-balancing will divide all traffic among the interfaces while failover will use a single interface, but upon failover, it will automatically switch to another. This brings us to the next feature:
PfSense can be configured to switch to a redundant or standby computer server, system, hardware component or network upon the failure or abnormal termination of the previously active application, server, system, hardware component or network. For example, you could configure pfSense to automatically redirect traffic from the primary web server to a backup web server in the event of a failure. You can even configure multiple pfSense systems for failover, so if one pfSense computer goes down, the firewall still functions.
All firewalls have rules, but pfSense, especially with version 2.0, has made rules highly customizable. For example, a rule can be set up to only accept traffic from a certain OS (Windows. MacOS and Linux are supported, of course, as well as a number of UNIXoid variants and Novell). In addition, there is a scheduling option, so rules will only be invoked during certain hours and days, and numerous other options.
MAC address spoofing
Most of the time, an ISP registers the client’s MAC address for service and billing services. This can be circumvented easily by MAC spoofing, and it is trivially easy in pfSense, where MAC spoofing is as simple as typing in a different MAC address for a network interface. This can be handy if you want to force the ISP’s DHCP server to lease you a new IP address, or for other reasons.
Most firewalls and routers support virtual private networks (VPNs), but few have the flexibility of pfSense. For example, m0n0wall supports VPNs and has many of the options you would expect to see for VPNs (e.g. support for different encryption and hash algorithms and different authentication methods), but m0n0wall only supports the IPSec and PPTP protocols. PfSense, on the other hand, supports IPSec and PPTP as well as OpenVPN and L2TP protocols and has many advanced options, such as NAT traversal (allowing users to connect from behind restrictive firewalls) and dual peer detection.
This list of features is not, by any means an exhaustive one, but these are some of the reasons why pfSense is more flexible and powerful than competing firewall/router products.