Pete, add me to the list for group purchase.

Done and thank you for your interest.

Note that there is no time frame here and going baby steps.

Today you can purchase a non AES-NI 4 port micro PC for around $100 or an iSeries micro PC with 4 ports for $300.

Recently now we have the release of the Intel Denverton SOC chipset for microPCs. They are Atom CPUs.

SoC - S.ystem O.n a C.hip.

See here:

Products formerly Denverton

Relating to the use of PFSense you can install it on just about any PC with two network cards.

There is now an ARM based PFSense around along with an RPI2-3 BSD image such that you can practice using PFSense on a spare RPi2-3.

The issues here historically was running BSD on an ARM CPU.

You can also purchase an ARM based micro firewall for $149 right from the PFSense folks. (newer ARM based micro firewalls will have 4 ports).

[ATTACH]63075[/ATTACH]

Or a 6 port Arm based PFSense firewall for $349.

[ATTACH]63088[/ATTACH]

What you see coming from the Pacific Rim that you can purchase are boxes with 2,4, 6 on and on network ports with PFSense installed.

They are worth their price because PFSense is installed on them; not because of the hardware.

This is the same as all of my testing microrouters coming with OpenWRT, Android Kodi boxes...well and the list goes on and on.

Just about every SOHO off the shelf combo switch, AP and router today is using the same chip set today and its been like that for many years.

For many many years here utilized Smoothwall (Linux based) open source software for my firewall.

It was open source in the beginning.

As improvements were done it became both opensource limited and paid for with all of the bells and whistles.

Personally I wanted to have wan failover and could only get that purchasing the paid version of Smoothwall such that I switched over to PFSense.

Vera Home Automation started with an opensource OpenWRT based OS. The Almond + started with opensource OpenWRT base OS.

My OP started as:

PFSense Firewall Group purchase interest

I am retitling it to:

4 NIC port mini PC that can be used as a router-firewall

I've been working with the new mini PC based pfSense firewall. At one point I thought I was in pretty good shape config wise and it was almost working right. There were still things to do so I kept at it. Well, somehow I've gotten it into a state so that if I plug the WAN into my modem and my windows 10 laptop into the LAN port, I can never get to the internet. I've done a factory reset and started over multiple times and can never get LAN to be able to cross over to WAN. I can't get a response from a ping on the LAN side. I can go into pfSense diagnostics and it will ping. I've got a rule on the WAN side that allows all traffic. I'm out of ideas but will keep at it. I do like the GUI.

Make sure that you have a LAN rule that will pass all traffic to the WAN. Also, if you have the HDMI on the firewall connected to a monitor, you can verify that the WAN is actually connected.

Please NOTE: I had a similar problem when I changed the Web Interface from HTTPS: to HTTP. I had to start over with an new installation to correct the problem and I left the Web interface at HTTPS. I now backup my configuration prior to any major change.

It does take a while to get the firewall setup with all of the bells and whistles. I now have Squid proxy server and Squidguard configured to filter all traffic on my guest network. I also have pf_Blocker restricting all incoming
traffic from various sources. This is a great product that allows a home user to have an enterprise firewall for a fraction of the cost.

Bob

Note that the default configuration that you do via the comm,and line prompt when first configuring PFSense will default to standard firewall rules and should allow traffic from the LAN to the WAN.

The HTTP or HTTPS interface is just an option and only changes the GUI and not the base set of rules in the configuration of the firewall.

The command line GUI can be seen via SSH too if you want. Just do not change the LAN IP interface once it is configured.

Basically in the command line GUI you configure what interface is doing what. It will autosense the WAN or LAN links. I then marked the ports so I would remember them. I am using all Intel Gb NICs on my pFSense box here and did have an issue with the Modem to Intel Gb WAN port not recognizing Gb on the modem.

Note too in the firewall rules the top rule takes precedence over the bottom rules.

The following check boxes in the WAN interface automagically creates rules in the WAN firewall rules section.

[ATTACH]63123[/ATTACH]

These are the rules you see by default in the firewall WAN rules section.

[ATTACH]63125[/ATTACH]

The above is WAN #1 of two using a Motorola SB6141

Wan #2

Is different and the check boxes above are not checked.

IE: WAN #2 is a combo LAN, AP, Firewall box while is a cellular connection.
The LAN interface on this box is in a DMZ to allow all traffic to one port which is connected to the PFSense Wan port #2.

The default LAN configuration looks like this for me. (note here name my interfaces: WAN, WAN1, LAN, LAN1, LAN2, LAN3)
Failover of WAN to WAN2 is configured in the routing section and status is seen in the Gateway section.

[ATTACH]63126[/ATTACH]

At the point of a working configuration with no plugins configured personally I would back this configuration up such that you can retrieve it at any time.

The status in the web gui dashboard will show you all what you need to see. You can add widgets to the dashboard afterwards. Here initially added my GPS and UPS widget.

The command line status top section will show you WAN and LAN status of all of your interfaces. Nothing else there. I have used it for a restore and backup and nothing else. If you make changes to the LAN section of this interface you will most likely lock yourself out of the box.

BTW first thing to do in the GUI is to update to most current release version of PFSense. Mine is currently this:

2.3.4-RELEASE-p1 (amd64)
built on Fri Jul 14 14:52:43 CDT 2017
FreeBSD 10.3-RELEASE-p19

The system is on the latest version.

Mostly go baby steps start slow with one WAN and one LAN interface configuring these two to work. Later then you can add WAN or LAN interfaces.

Don't let it overwhelm you.

As Bob mentions it is and can be used as a SOHO firewall and an Enterprise firewall.

@Robert, what satellite stuff do you have connected?

Homeseer peer here is using hughes net and just updated his hardware after many years.

Are you using an all in one combo box?

You can monitor your WAN port link ping times to provide an up or down status. By default the ping time settings are small. You may want to take those numbers up. IE: for Comcast I do not use first DNS servers or any Comcast servers and just go to Google typically. 8.8.8.8

Read this:

HughesNet Modem Not Assigning IPv4 address to WAN upon pfSense machine reboot.

Here is what I see monitoring the WAN2 IP4 cellular Internet back up WAN connection.

[ATTACH]63127[/ATTACH]

Thinking your numbers will be a bit higher with your satellite connection.

A bit more info. On the LAN side, from an attached win10 machine in CMD, I can ping an actual IP address such as 8.8.8.8 and it works fine. However, on the LAN side I can't use nslookup or ping with a domain name.

By default current versions of PFSense use DNS resolver. Check any ways to make sure it is enabled.

In the DNS resolver settings I have:

Enable DNSSEC Support enabled.

System Domain Local Zone type set to transparent.

Defaults on DNS Resolver advanced settings configured.

It used to use DNS Forwarder and it does not today. Make sure this is disabled.

If the WAN link is using DHCP then most likely it will default DNS to your HugesNet stuff.

Under General set up have 4 DNS servers configured. None are my ISP DNS servers. IE: Comcast, Verizon, et al.

Address
Enter IP addresses to be used by the system for DNS resolution. These are also used for the DHCP service, DNS Forwarder and DNS Resolver when it has DNS Query Forwarding enabled.

Do a google search here for best DNS servers if you want. Ping them to test then put them here. You can put a bunch of DNS servers here if you want.

Popular are 8.8.8.8, 8.8.4.4 (google).

Free and Public DNS Servers

Read this:

DNS hijacking

To tweak out the WAN connection stuff go to System Routing.

Pick you WAN interface and tweak the time out stuff with it.

Note for any device you have on the network only utilize your gateway address for DNS and nothing else.

Note too once you have PFBlocker enabled it will create a black list of DNS servers and will automatically update your DNS Resolver stuff with the list.

BTW if you are using a combo Hughsnet box you will need to either bridge the connection over to PFSense or maybe put the connection in a DMZ.

You want your PFSense to take precedence in managing your network; not the hughes stuff.

The below link is for a very comprehensive youtube series on pfSense configuration that you should find very informative.

https://www.youtube.com/playlist?lis...a2juUBxxFTH4Bk

Bob

I just started watching this as well
Very informative.

I've watched those. You are right, they are very well done. He knows his stuff. I just rewatched the one about Rules and NAT. Still can't see why my stuff is not working.

I'm pretty sure I had it working once. I probably mucked it up with subsequent configuration. I wish I had backed up at that time. At this point, I'm thinking I should reload everything from scratch. I downloaded the 2.3.4 image and have created a bootable USB. I've never loaded a system like this before so I am a bit apprehensive. Do I just put the USB into my miniPC and turn it on? Seems too simple.

Boot from the thumb drive - look for install option.

Here is my firewall/switch/wireless router. This thread has been very informative and made me realize that I needed better protection for my network.

Bob

Seems too simple.

It is simple.

Your dashboard should show that there is a revision. Download the revision by clicking on the link and run it from within the GUI. Simple and it does it automagically.

What version of PFSense do you have on there?

Please post the specific version you see on your dashboard.

Wondering now how old it is?

[ATTACH]63137[/ATTACH]

and

Default WAN and LAN settings do NOT need any adjustments.

DO not touch/change the firewall or NAT settings as they are all predone with the defaults.

PFSense will be protecting you by default.

Baby steps.

When the mini PC boots, the bios asks whether to boot from the new USB device. I say yes. It comes up with a menu for a few secs but there is never a question about the installer. It continues with the boot and then hangs while trying to mount root. I searched and on this page found this reference.

If the boot stops with a mountroot error while booting off the installation disc, usually with USB CD/DVD drives, escape to the loader prompt and run the following:
I did that but it still hangs at the same point. I never seem to be able to select Installer. I'm using this page as my guide. It says I should see this which I don't.

From the pfSense site I downloaded the memstick/serial/AMD64/2.3.4 version. I unzipped and then had the .img file. I then used rufus to create the bootable thumb drive.