Are pfsense firewalls any good for home or business? Which businesses are supported by pfsense? What are the advantages and disadvantages of using pfsense? How big can they go? Lots of questions! Fortunately Tom answers these and many more in this video. // MENU // 00:00 ▶ Introduction 01:29 ▶ What pfSense is and Tom's experience with pfSense 03:43 ▶ Tom and Open Source 04:38 ▶ The benefit of pfSense being Open Source 05:21 ▶ Systems Tom has deployed with pfSense 07:22 ▶ pfSense licensing cost 09:09 ▶ Using pfSense at home 11:45 ▶ Virtualization 12:28 ▶ Raspberry Pi support 13:02 ▶ Virtualization vs hardware 14:37 ▶ Tom's recommendation for small/medium businesses 19:43 ▶ pfSense actual cost (pfSense vs pfSense+) 22:22 ▶ Reasons not to use pfSense 24:45 ▶ Tom's biggest pfSense deployment 26:07 ▶ pfSense above 10G 27:11 ▶ pfSense and VPN 28:32 ▶ Handling lots of VPN connections 29:29 ▶ Advice for starting a consulting business 31:09 ▶ Technical skills vs sales skills 32:22 ▶ The benefit of having sales skills 35:58 ▶ It's about the customer, not the product you use 38:02 ▶ How Tom got his first customers 40:21 ▶ Why Tom has a KZbin channel 43:46 ▶ This video is not sponsored by a VPN company 43:53 ▶ Skills to learn in 2022 to get started 48:13 ▶ Story 1 - Hacked client 49:10 ▶ Story 2 - That will never happen in the real world 51:28 ▶ Story 3- We've all done it 52:40 ▶ Final advice 54:15 ▶ Networking with people // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZbin: kzbin.info // Tom's SOCIAL // Twitter: twitter.com/TomLawrenceTech KZbin: kzbin.info Website: lawrencesystems.com/ LinkedIn: www.linkedin.com/in/lawrencesystems/ Instagram: instagram.com/lawrencesystems/ // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

This was a lot of fun! Thanks thanks for taking the time to do this.

This is gold. Tons of respect for both of you guys.

I went to OPNSense after Netgate was in denial on leaking (my) personal data on their (old) forum. As they were not serious about securing their forum, I extended that observation to their products.

David and Lawrence, always talking about the right stuff. These guys are gold.

an hour long video on pfsense, david bombal and Lawrence systems... i never knew i wanted this! 😃 i love this! 😊

2 of my favourite guys on KZbin. Loved every minute of the conversation. Best 1 hour spent. Legends 👍

We use open source in the military. In one embarrassing moment I had to explain to an officer that his "new top secret battalion level chat room" was in fact just mIRC on a laptop and some of us had been using it since we were 14 years old.

I love these kinds of videos. Although I have my own network setup but having videos where you have two big network youtubers having a real conversations without it being prescripted is refreshing.

I use it extensively. Primarily to control access to the management network, but also to protect guest networks and add a secondary control to VPN systems. Been using since 2011. It's great!

Stumbled upon this video after a few weeks of networking research (for setting up networking in my home). I'm a web developer who's dabbled in the business side of things as well and there's a ton of fantastic advice in your video here; thanks for much to the both of you for sharing!

David, make video on "How to choose laptop which has pre-built wifi adapter which is suitable for hacking and where we get monitor mode, packet siffing and more" Consequently, make video on laptop that is suitable for hacking

I'm happy that you and Tom has had a time to conversation and sharing knowledge about firewalls. I hope there would be more videos between the two of you sharing your knowledge :)

Tom has taught me so much about pfsense through his videos. I've been running it since 2015. I started off with a Netgate SG3100 but ran out of puff when I upgraded my WAN to 1Gb. So I bought a second hand Dell R210 M2 with a 4 port Intel NIC and rolled my own pfsense box. Reddit was useful to get suggestions for the best hardware platform for my needs and I paid about £170 in total for the machine, NIC and SSD that it runs on. I have multiple VLANs for different networks, WAN redundancy over 4G, multiple OpenVPN servers for me and the segregated guest network, custom firewall rules and UPS monitoring. All of this I've learned from Tom's videos. Tom's video's are a total wealth of guidance and help and his delivery is such that he gives a lot of confidence. If I want to do something with pfsense, Tom's channel is the first place I go to.

Correction on Tom's statement that there aren't many firewalls that do TLS 1.3 decryption: All major firewall vendors do in fact support this. That information is very outdated.

Great job on asking what feature he is not recommending to use in pfsense. All the positive stuff you find on a flyer but the negative things are the ones you can only get from someone that has experience with the product.

Im a huge fan of pfSense. For many years...even today many off the shelf solutions weren't optimized for bidirectional 1 Gbps throughput much less multigig. The ones that were cost thousands of dollars in hardware and licensing cost. Now ATT is offering 5 Gbps throughput to regular people. I can't think of any other solution other than pfSense that would be able to provide that much throughput.

I was using DD-WRT on my Linksys router before I found IPCop. OpenVPN on IPCop was easy as pie. Then I tried Monowall before it got forked to pfSense. So been using pfSense since 2008.

Pfsense is super good .As a network engineer , I primarily work on cisco equipment, barracuda ngf + wafs and fortigates. But I have used pfsense in a few businesses.

A question non-relevant,if i want to do a become a pentester it's better that i study(or even take)for the A+,network+,security+,or i go all in with ejpt,or pentest+,OSCP...?

Two of the best KZbin! Learned Cisco from David and Unifi and pfSense from Tom. You guys keep rocking!! We are watching and learning.

12:00 why didnt he just say kvm?

I bought the Netgate SG 3100 several years ago as my edge firewall, router, etc and I absolutely love it. This is coming from a 17 year network engineering veteran that is defintiely a Cisco guy.

I remember monowall and IP COP. Untangle was pretty interesting but the home license support is a joke.

Can adblock home or.pi hole be loaded as a package on pfsense?

The main difference between an expert and a novice is not that an expert doesn’t make mistakes, but that an expert knows how to recover from the mistake without panicking.

David and Tom, thank you so much for this interview, you're both some of my best guys, I also use opensource solution for security and VoIP, for security I do use pfSense, and most of the configs I've done through Tom's videos. David Bombal my master, I've enrolled in couple of his udemy videos and it always help at some moment in tech life.

I use a Protectli Vault 6 Port with PFSENSE

Am looking into pfsense. Loved this video discussion to get a general sense of this software. Also great advice on developing sales skills, as this will help sell your business OR sell your solutions internally for getting the budget to actually implement it.

Just watched this and I went to try it. Seems no longer valid . Can't get the iso anymore. And going now for their hardware ? You must be joking. Should I trust Fortinet/Cisco/Checkpoint over the guys that take a free software then use it , then closing it. Who knows what else are they going to do. At least traditional vendors have a good history behind not like this.

“Engage on Reddit” I would highly adviser against this unless you want the pfsense equivalent of 4Chan.

I've been using pfsense for almost 10 years now, was in ipcop before. I'm loving pfsense.

Two of my favorite influencers!!! What a combination?

Thanks you sir David for a new video... Hope you are doing well...

Been running pfsens on vmware at home since I was a student ~20yrs ago, and since having lots of projects using it, no matter big or small, from the cloud, DC to on-perm. Learn a lot from them and pfsense never let me down :D

Actually for a home network/ test environment you could just use an old pc and throw a relatively cheap 2 port network card^^

Awesome video David! I appreciate Tom and you having this conversation. Very interesting and I enjoyed it. Thanks for all the videos you do. And to Tom as well. Great guys to learn from.

I am so much fun listening to both of you guys, I've been using pfSense for more than a decade now.

If you have fiber internet 1GBps, do not buy the Netgate 1100. The firewall throughput is 250MBps. You will get the full 1GBps throughput (Firewall) if you install PFSense on your own box.

This was a good watch from start to finish. I wonder what Tom thinks about Untangle.. I know he has done a few videos on it!..

Pfsense works great on hyper-v also

I got Pfsense to work with Hyper-V as well. I was pretty happy with it but I moved over to hardware because my Microsoft server takes so long to update each month.

PFSense is a greatway to learn a lot about firewall, as well infact networking in general, I've got my firewall (PFsense) running on a VM and it works great.

I was really surprised how easy it was to set up pfsense. I just reused my old pc, an intel skylake pc with 24gb of ram , pretty overkill but it's what i had!

Thank David tag with Lawrence, I am a longtime old fan of Lawrence, he is awesome with firewall & network stuff. Thanks again David

I completely agree with what you're saying about BSD does it first and Linux does it better. It's a shame that pfsense is only able to be compiled (by a normal user) for the x86_64 architecture. When something like OpenWRT (which is Linux-based) is able to be compiled for arm32, arm64, MIPS, MIPS64, PPC, x86, and x86_64. I mean, you can run OpenWRT on a Raspberry PI no problem. It sucks that overall platform + hardware support is so limited with pfsense. Hopefully, that will change in the future. OpenWRT could definitely use the competition. I'm a firm believer that "competition breeds innovation".

David and Tom, this was a very useful video. I think the title of the video is underwhelming, because when I first saw the title, and that the video was 56 minutes long, I thought that there was no way that there could be a 56 minute discussion about pfSense. But the second half of this video was highly valuable for everyone in IT, especially for people who want to broaden their role in it, or to change careers to IT.

Pfsense is great to work with, I set up a company a while back with a pre made box - but also for the cost of a network card built a back up machine that would plug and play if the pre made machine ever failed (they had an old PC they were not using - so for about an hour of my time I built the back up box) That is some very affordable redundency!

I was confused about firewall which one should I bay Cisco firepower or fortigate.. ets, This is a great conversation, Best video that I've seen, you've been answered a lot of questions, Thanks a lot.

Lawrence and David in the same vid This one is going to be good

At times it feels like supporting a video

First time hearing about PFSense and already plotting how to deploy this... Thank you David for the interview... and Tom is a true salesman, definitely going to build a sales skill as advised by Tom.

I would really like to see something fleshed out as well as pfsense with turnkey hardware solutions, but on linux. The big reasons for me would be #1: vastly better hardware support #2: In-kernel wireguard #3: more flexibility and performance, nf/ip/x tables better scaling, etc

Hello to the community! Take care everyone! Study hard, study well.

Are you sure it's actually open source? Did you try to build it from the sources?

Over my head like a fighter jet. Does anyone know if there's a cybertard's guide to DNS9 and PFSense for my router on the internet anywhere please? I'm interested in privacy, have made note's from different vid's e.t.c. but still feel i don't know enough and am reticent to try it as i don't want to eff my only machine up. Thanks in advance for any guides/advice.

I went from using Win ME(don't judge me it had a easy to do networking wizard) as a router/firewall to using openbsd to using pfsense after my distant cousin told me about it... although I feel a bit self disappointment for not keeping on with using OpenBSD to this day, PFSense has been nice:)

I've used OpenBSD as my firewall at home for years without any problems. The only problem is that it's not very good at Wi-Fi so the speeds would be low if I used it for that. Fortunately, I have an old router I can use for that. It works well for us.

brazilfw was awesome. could boot from a floppy on a pentium 100. it originated from coyote linux I think which was an even smaller linux router os. in more recent years I used to run pfsense on a firebox, but they discontinued the public arm builds. so now that hardware is useless. now I just run it in a vm.

In regards of people stupidity: Arthur C Clarke: "Any sufficiently advanced technology is indistinguishable from magic" Engineers version: "Any sufficiently advanced stupidity is indistinguishable from malice"

We use pfsense in our bussines since years, easy to set up and to maintain, need low resources, netgate products are good and cheap. Is fantastic when virtualized on modern and low power hardware (N95-N100) for small integate solution for mobility. VPN management is very good and quite fast if you have decent hardware.

I just spent half a day researching firewalls for my home network and I found Tom's channel and he's very informative. I was debating on purchasing a Netgate SG1100 with pfSense and now that I see Tom on your channel it made my decision even easier! Thanks guys!

Old video but... I need a home firewall that: 1) 1.4gb throughput after full security inspection (minimum), 2) runs in transparent mode (I do not want to re-IP the home and lab), 3) is SIMPLE to configure and use for a non-network knowledgeable person. I have used a Palo Alto PA-2xx in the past and they were amazingly simple to use, but did not have the throughput with inspection I wanted. I am not a network guy and do not want to be one. I just want something that is super simple to setup and forget about. Thoughts?

Opinion - Just get a forigate...pfsense is fine for home or to learn - but gates with a fortimanager are the only way to scale.

Can I install pfsense to my 1999 Intel Xeon (2CPU) Workstation, that has served as a firewall for our 200PC- network since 2003 and has ipcop still runnung? :D I remember thinking about switching to pfsense some 8 years ago, because I thought it might be time to retire the old hardware. I was thinking the PC would have to stop working at some point. But it refuses to die...

You should check out Untangle. It’s now under Arista.

You are both amazing people sharing your knowledge, I think that’s what it’s all about, lots of respect, have been watching Tom’s vids for years fantastic!

I went with OPNsense because, IIRC, pfSense doesn't support PC Engines' APUs anymore. There's an old image for the APU, but who wants to run old software without the new stuff?

I run 5 smaller casinos ($100m Rev) off pfsense, been bulletproof for the last 6 years. Run them on our VMware clusters. I know other casinos are paying over $15K a year in Forti subscriptions. We use ipsec, pfblocker, snort, and openvpn.

I habent found a software or hardware router that actually meets my needs. Pf is a legacy thing that works well, but it lacks features that a modern home/buisness needs. I should be able to QOS specific systems, specific traffic, specific protocols. Ive tried to subnet out things however having a wifi mesh..... Most of the things a home router needs to do ends up going back to seperate packages run on seperate VMs. I can make dhcp do what I want but you end up with pf not acutally routing the traffic and just telling it to dorect traffic to a different mac.

Nice sales pitch. Pfsense is crap. Netgate does not produce hardware....Plenty of bugs (e.g. wireguard) and the GUI-centric design is a no go for deployment at scale (i.e. data centers). The "open source" appeal is not worth it for any descent sized company since the cost of maintenance plans that you will need makes it more expensive than other OEM devices with robust software and support. No, banks don't deploy this shit.

29:29 Thank you for asking that!!

I really like your talking sessions videos David 👍👍👍

David please make a video on how to find windows password in pc

That intro was fun. I was always told not to trust an IT guy in a suit and tie, never anything about young guys or those with long hair... like off the top of my head George Hotz, Richard Stallman, Dennis Ritchie, Ken Thompson, etc... Fuckin shill skids

Being new to this, I have some silly questions. What is a lab environment? What is a real Virtual installation? What is BGP & FRR? I will google it all, but you kids kill me with all of your acronyms and the oxymoron of "real virtual" is a riot, but I guess authentic is what you meant to say.

Can pfsence capable of NATing traffic as a single source IP via the tunnel? Example I have a /24 LAN and need to NAT overload it as a single source IP for a vendor.

nice video !

100% right. Ubuntu Pro extended support for $300, why would you not. At some point if you want them to stick around the choice to pay people will come up

Tom forgot KVM that runs easily in any linux distribution. Ubuntu, Rocky, Arch ..

Pfsense, load balance vs like 3xISP to LAN vs using PepLink or some other LB hardweare ?

When you run into scalability problems with pfsense due to hardware limitations, why not set up a cluster of pfsenses behind a load balancer? It's done with almost any other service that is publicly available.

David you always have the best content related to cyber on KZbin. If you accept ideas about content I would like to learn about how attribution and how it is done. Thx for the content

Pfsense in armis just a can full of worms awaiting for issues. - usb, yes tgis is going to be a big issue. Not a single usb ethernet adapter works reliable under freebsd. - the headache to maintain a lot of variations of arm devices out therr, the amount of dtb to track is just going to be a big mess. So yeah arm... I dont think its gonna work with pfsense.

well i watched some videos about pfsense, but sadly not even yours were able to solve my simple problem. i had 2 game servers in my network, the rules/firewall was configured like the old one, but pfsense did not allow any connect through it. i tried for 1 week, got some support from someone, who had it in his network without any success too. as i said we tried by re-installing, reconfiguring etc. pfsense was the first firewall, which blocked my 2 servers. the servers were visible in the outside world, but that was it, noone was able to connect to it. a cheap linksys router / firewall, i set the port forwardings, save, everything was fine and worked without a problem. so i sent back the hardware and removed the firewall from my network. the hardware was not the issue, it was pfsense. so from my point of view, pfsense is not what you and many others proclaimed in their videos. it did not work for me, sorry.

Can pfsense be implemented in a dual-hub-spoke / d-vti config and be managed from a single pane of glass like Cisco FTD?

Can David or Tom help me? I was compromised and no matter how much I have tried to secure my networks I have failed and I've been under stress for so long because I can't find someone who can help me.

Hi David , i hope you are doing well, i would like to ask you about something , it's possible that we put a pfsense firewall in a docker thene we run it with a network in a GNS3 thnk :)

Great insights, especially on community involvement :)

I loved the Firepower question… I worked for a company that just pushed everything Cisco and Firepower is such hot garbage.. the amount of companies that paid me to install it.. then paid me to rip it out (EVEN THOUGH I TOLD THEM NOT TO USE IT MULTIPLE TIMES!!!) is mind blowing…

So as opposed to CCNA, what kind of certifications would you recommend? Where do I start? I wish he was more concise in his advice.

I trust Tom. He's reputable and he knows what he's doing.

Eng.David Could you help me about i wann simulator interface T1/E1 in eve-ng

26:15 without offloading* if you're running cheap cards that rely on the CPUs to do everything then yes, i would agree (generally)

Great conversation. Thank you for this opportunity where I did learn a lot. I'm looking to install a home pf-sense my self. Lets see how it goes. 😃

We've abandoned negate and pfsense after major reliability issues. HA is not reliable and upgrades have caused serious issues including required reflashes

I used to use pfsense. But was pushed away sometime ago by the opensense web page debacle and the wireguard issues. Did not like to see this kind of thing in the opensource community.

For the BGP issue and other similar issues, you should have an out of band private network connected to terminal servers with secure bastion hosts connected to the private network and internet from one or more 3rd party carriers so you can reach the network devices in major outage situations or something equivalent to this kind of setup. This is the problem with products like Unify for enterprise as they have no console, no out of band options, etc. Regardless of what you use, you should have a sensible disaster recovery plan appropriately designed for what you have deployed and should be prepared to execute that plan.

10:58 would it work with virt-manager? I got linux mint OS running few home VM, want to test out pfsense to get familier with it

Pfsense is a great open source solution but does not have the breadth of security services required for modern day security requirements. Mainstream ngfw vendors do not charge per feature, per user, per function. Unfortunately Cisco have not changed their model to match the industry leaders and I don't regard them as a major player in that area any more.