Common Deployments

pfSense can meet the needs of nearly any type and size of network environment, from a SOHO to datacenter environments. This section outlines the most common deployments.

Perimeter Firewall

The most common deployment of pfSense is a perimeter firewall. pfSense accommodates networks requiring multiple Internet connections, multiple LAN networks, and multiple DMZ networks. BGP (Border Gateway Protocol), connection redundancy, and load balancing capabilities are configurable as well.

See also

These advanced features are further described in Routing and Multiple WAN Connections.

LAN or WAN Router

pfSense configured as a LAN or WAN router and perimeter firewall is a common deployment in small networks. LAN and WAN routing are separate roles in larger networks.

LAN Router

pfSense is a proven solution for connecting multiple internal network segments. This is most commonly deployed with VLANs configured with 802.1Q trunking, described more in Virtual LANs (VLANs). Multiple Ethernet interfaces are also used in some environments. High-volume LAN traffic environments with fewer filtering requirements may need layer 3 switches or ASIC-based routers instead.

WAN Router

pfSense is a great solution for Internet Service Providers. It offers all the functionality required by most networks at a much lower price point than other commercial offerings.

Special Purpose Appliances

pfSense can be utilized for less common deployment scenarios as a stand-alone appliance. Examples include: VPN appliance, Sniffer appliance, and DHCP server appliance.

VPN Appliance

pfSense software installed as a separate Virtual Private Network appliance adds VPN capabilities without disrupting the existing firewall infrastructure, and includes multiple VPN protocols.

Sniffer Appliance

pfSense offers a web interface for the tcpdump packet analyzer. The captured .cap files are downloaded and analyzed in Wireshark.

See also

For more information on using the packet capture features of pfSense, see Packet Capturing.

DHCP Server Appliance

pfSense can be deployed strictly as a Dynamic Host Configuration Protocol server, however, there are limitations of the pfSense GUI for advanced configuration of the ISC DHCP daemon.

See also

For more information on configuring the DHCP service on pfSense, see IPv4 DHCP Server and IPv6 DHCP Server and Router Advertisements