How to build your own enterprise grade Firewall/Router with less than $20

We are taking Pfsense as a firewall version. Through out this article all the requirements and calculations are based on pfsense.

List of things needed to build an enterprise firewall:

  • CPU with Multi core processor
  • Memory
  • Storage
  • Firewall Software
  • Multiple network cords

Assembling:

Hardware:

Hardware can be any PC's motherboard which is residing in your gars which is having minimum 512GB RAM with 1 Core CPU. We can assume that even systems in gars will also have 2Gigs of memory with dual core. Go through the picture below to check official pfsense requirements. pfsense_hardware.png This hardware is the key part to build a pfsense firewall because we will definitely have old systems in our gars. We are not going to buy the motherboards, RAMs and HDDs but instead we will use our own old hardware.

NIC's:

Basically any router or gateway should have 2 NIC's. One for Intranet and the other for Internet. For every motherboard in a computer we mostly have only single NIC. To add more NIC's we can use the PCI/PICE slots on a motherboard. 220px-Supermicro_AOC-SGP-I2_Gigabit_Ethernet_NIC,_PCI-Express_x4_card.jpg

1200px-PCI_Slots_Digon3.jpg A Peripheral Component Interconnect (PCI) slot is an open portion on a motherboard where we can use it to install additional hardware like NIC, RAID, Graphic cards etc. The only hardware we are purchasing which costs around $10 is a Gigabit Ethernet card. We will buy 2 numbers to create enterprise fail over which will be discussed later in the article.

Pfsense:

Pfsense is an opensource firewall/gateway operating system developed on top of FreeBSD. We can install pfsense into our hardware as a regular operating system. Follow the documentation from pfsense to know the process of installation. https://www.netgate.com/docs/pfsense/book/preface/index.html

Advantages:

  • Opensource(Free)
  • Firewall
  • Router
  • VPN
  • Load Balancer and much more!

Enterprise Ready:

For regular needs installing a pfsense with two NIC's is enough. But, for an enterprise we need things like fail-over, load balancing, High availability etc.. Fail-over is a concept used in computers which states that if one service is failed then there will be other service serving the same content. Here we had three NIC's in which one is used for LAN and the other two are used for WAN. Follow the link for pfsense configuration instructions https://www.netgate.com/docs/pfsense/routing/multi-wan.html .

I accept that there will be difference between commercial firewalls and opensource firewalls. This article is for the organizations/personals who doesn't have enough budget to spend for commercial solutions or for the personals who have the capability to customize opensource and would make their own commercial firewall.


Last update: June 3, 2020