One of the reasons for pfSense popularity is its ability to be expanded with third party packages. The package system keeps the base pfSense installation small, but gives users the freedom to install only the packages they need for their use cases.
In this article, you will find a list of the 5 essential pfSense packages that you will absolutely need to set up your corporate network VPN gateway. Along with each package is a brief description of what the package does and how it works on your network.
To be able to install packages, you must have the full version of pfSense. Package manager is currently not supported in embedded or liveCD versions.
Squid is the most popular pfSense package. Squid is a caching proxy server that can drastically improve the overall performance of your internet connection.
Squid builds a cache of frequently used web pages, images, or other files that clients request from the Internet. If the requested item is found in the cache, Squid delivers it directly to the requesting computer, rather than grabs it from the internet, hence reduce the overhead.
The Squid package can be configured to run transparently, which means that traffic on your network will be automatically routed through the proxy without the need to change any configuration on the connected computers.
Another benefit of installing this package is that when combined with LightSquid, you can view reports of the websites visited by computers on your network.
pfBlockerNG is the perfect package to block inbound and outbound traffic based on IP address or domain name. This package contains a wide range of features to protect your network from unwanted traffic, including country blocking, IP/DNS blacklisting, and IP reputation-based blocking.
The DNS Blocklist feature allows you to add multiple external blacklists to block traffic such as ads, threats and malware.
This is a great package if there is a mail server on the network. By adding an spam IP blacklist such as Spamhaus, you can block spam even before it reaches your mail server.
Another very useful package for pfSense - SquidGuard is a high speed URL filter and url router.
By uploading your own blacklist or using one of the freely available lists, you can configure which sites users on your network are permitted to access the internet at what time. The package can also be configured with schedules to provide time-based network access.
SquidGuard can also enforce domain names that prevent users from bypassing the blacklist simply by entering an IP address. Blocked URLs can be redirected to an external website or internal information page.
It is important to analyze network traffic usage to optimize performance and find potential problems in your company. Darkstat is a network traffic monitor that runs in the background and displays statistics on your network usage.
It's really easy to watch the data collected by this package using the web interface. An easy-to-use HTML interface lets you see who uses the most bandwidth and where does that traffic comes to. Additionally, you can find out which protocol and ports are consuming the large portion of the bandwidth
This package provides a quick way to identify traffic, so you can decide to block or prioritize a specific kind of data transfer on the network.
Snort is a very popular open source intrusion detection and prevention system (IDS/IPS).
It allows you to carefully analyze network traffic to detect port scans, attacks, buffer overflow software attacks, and many more.
The Snort engine works by comparing packets with signatures provided and updated by the community. If there's an intrusion attempt detected, you can configure it to automatically block, alert or just simply log it for further analysis.
If you are someone who deeply concerned about the security of your network, installing Snort is a must.
How to install packages in pfSense
Installing packages in pfSense is quick and easy.
First, you need to open the package manager, which can be found by clicking on the system menu in the web interface.
Click the Available Packages tab for a complete list of all available applications.
When you find the package you want to install, simply click on the plus sign on the right side of the package description.
PfSense will automatically install the package and create a new menu entry.
Most packages create an entry in the services menu, but some put their settings in a different category.
How to update packages in pfSense
PfSense will automatically check for updates for installed packages.
To manually check for updates, go to the Installed Packages tab in Package Manager.
If an update is available for a package, the package version section will be displayed in red indicating an outdated package.
To automatically install the updated version of the package, click the PKG button displayed on the right screen. PfSense will then uninstall the outdated version and install the update.
PfSense has a huge ecosystem, there are many great packages besides the ones we have listed in this article.
Since pfSense is an open source application, you can also develop your own packages and release it to the community.
Almost any normal FreeBSD package can be converted to work with pfSense. If you are interested in learning more about package development, please visit doc.pfsense.org to find more information.