Given that I'm an open source junky, it should be no surprise that PFSense is without a doubt, my favorite firewall for both home and small business use. During the last three years of my business, instead of buying a Cisco SMB or a Sonicwall firewall, what I've done is buy a refurbished Dell Poweredge server with typically around 16 gb of memory and usually a RAID array that has the usable capacity of 500 gb for around $200-$300 and popping PFSense on it.
Aside from it being completely open source, some of the things that I love about it are:
- It being rock solid given its FreeBSD foundation
- It's bandwidth monitoring and rule-based policies
- VPN built in with both OpenVPN and IPSec
- Web caching built in with Squid
- Web content filtering to block people from visiting unwanted or inappropriate websites
- It's on-demand virus scanning, blocking viruses and malware before it reaches the client's computer
- Limit traffic by country
- A programmable intrusion detection system
- VLANs completely built in
I could go on and on and on. There are literally hundreds of available plugins that extend the core of PFSense’s functionality. Knock on wood but I've had some PFSense servers running for years without issue. I know that a Poweredge server is a bit overkill for a firewall for a small business, but at that price, why the hell not?