I have been using pfSense since 2005. One setup has been for myself running on a PC Engines WRAP (embedded) setup. The other setup has been salvaged Pentium II Dell PC hardware to replace a malfunctioning Linksys Router for one of my clients.

The WRAP hardware is now replaced by AMDs ALIX board, which should provide a little more horse power, however, for any average SOHO setup, the WRAP has and does provide plenty of omph (although I have seen my WRAP pfSense setup max out on CPU with large file transfers over 802.11g wifi). I purchased this hardware in Canada from Xagyl Communications .

The first point to make, is that this is rock solid. It is the one bit of hardware that never needs to be restarted what so ever. Secondly, this is a great (and much cheaper) alternative to Cisco, and Sonicwall firewalls. No VPN licenses to worry about, there is an active community driving the opensource project forward with new features and releases approximately once or twice a year. Lastly, there is even a commercial support option.

pfSense - use whitebox PC hardware, just add network cards for as many interfaces as you needAnother client recently has been having flaky performance from their Sonicwall - we suspect faulty hardware. So I took this as an opportunity to pitch an opensource solution, that will bring more features/option/flexibility and a lower cost. The other great feature, as you can see from the photo here, you can load pfSense up with as many interfaces as you need, including PCI wifi adapters.

With this 5 interface setup for this client, we have implemented Linksys WRT54GL routers, flashed with the Tomato firmware, as we didn't have any PCI wifi cards lying around (but we did have a bunch of 3Com ethernet cards!). We have DHCP enabled on the WIFI interface, setup a static IP on the Linksys that has a gateway address pointing to the WIFI interface IP address. DHCP is passed through to the clients connecting to the Linksys. Then we have a rule on the firewall (via an alias) for a NOT allow traffic from WIFI subnet to the alias subnets (the LAN for example) so that we can isolate WIFI traffic from the LAN.

Setting up firewall rules and port forwards (with port translation) is fricking basic to setup - compared to Sonicwall's Advanced OS for example. All done via web based gui. The next best thing is setting up PPTP VPN takes minutes - try setting it up on Windows Server, opening up the firewall and start accepting connections in less than 5 mins!