Custom pfSense Firewall Deployment

pfsense
Open Source Firewall

Open-Source Network Gateway Upgrade & Multi-Site VPN Integration

Company: Gold Business Technologies Ltd.

The company's networking infrastructure relied on outdated gateways and Cisco equipment, which incurred high costs due to complex licensing models, limited scalability, and expensive maintenance. With multiple remote offices, there was a pressing need for a cheaper, more effective replacement that could securely segregate traffic, connect all sites seamlessly, and integrate with cloud resources in Azure—particularly for the legacy ERP system, which remained a traditional client-server application not natively designed for cloud environments.

To achieve this, I designed and implemented a custom open-source firewall solution based on pfSense (an enterprise-grade, FreeBSD-derived platform; see project site: https://www.pfsense.org). Starting with repurposed hardware, the rollout evolved into a full upgrade across all networking gateways, ultimately standardizing on Netgate appliances for production use.

Challenges Encountered

  • Legacy Hardware & Cost Issues — Aging Cisco gateways were inefficient, with convoluted licensing that drove up expenses and complicated renewals.
  • Network Segregation Needs — Required isolation of internal devices, guest networks, and IoT endpoints to mitigate risks from "good, bad, and ugly" traffic sources.
  • Multi-Site Connectivity — Remote offices needed secure, reliable inter-site communication without performance bottlenecks.
  • Hybrid Cloud Integration — The non-cloud-native ERP system demanded seamless VPN access to Azure-hosted resources (e.g., virtual networks, storage, and compute) while maintaining on-premise client-server functionality.
  • Scalability & Reliability — Ensure zero-downtime upgrades and future-proofing for growing bandwidth demands.

Solution Design & Implementation

I began prototyping on repurposed PCs to validate the concept, then scaled to dedicated Netgate appliances for all sites:

  • Hardware Repurposing & Initial Setup — Converted old PCs into pfSense firewalls by adding multi-port network interface cards (NICs) and configuring VLANs for traffic segmentation: dedicated subnets for internal corporate devices, guest Wi-Fi, and IoT (e.g., smart devices) to enforce security policies and prevent cross-contamination.
  • Core pfSense Features Utilized:
    • Advanced firewall rules, NAT, and traffic shaping for optimized performance.
    • Built-in VPN (OpenVPN/IPsec) to interconnect remote offices into a unified mesh network.
  • Cloud Seamlessness — Extended VPN tunnels from on-premise Netgate appliances to Azure Virtual Network Gateways, enabling secure, low-latency access to ERP servers hosted in Azure VMs. This bridged the legacy client-server ERP with cloud scalability without requiring a full rewrite.
  • Full Gateway Upgrade — Replaced all Cisco gateways with pfSense/Netgate solutions, ensuring centralized management via pfSense's web GUI
  • Testing & Rollout — Conducted phased deployments with failover testing to minimize disruptions, incorporating monitoring tools (e.g., SNMP, pfSense's built-in dashboard) for ongoing health checks.

Business Impact

This upgrade delivered a cost-effective alternative to Cisco, slashing licensing and hardware expenses by 50-70% while enhancing security, performance, and manageability. Remote offices achieved seamless inter-connectivity, and Azure integration allowed the ERP system to leverage cloud benefits (e.g., elastic resources, backups) without architectural overhauls—improving overall operational efficiency, reducing downtime risks, and supporting remote work scalability.

The project demonstrated strong skills in:

  • Open-source network engineering and firewall customization (pfSense deployment on custom/Netgate hardware)
  • Network segmentation and VLAN design for secure, multi-tier environments
  • VPN and hybrid cloud integration (on-prem to Azure for legacy applications)
  • Cost-optimized infrastructure upgrades, replacing proprietary solutions like Cisco
  • End-to-end project management from prototyping to enterprise-wide rollout