Johann Spies wrote:
I am investigating the possibility to use pfsense as our next
enterprise-level firewall. I am new both to pfsense and openbsd
(coming from a Linux background).
Our users pay for internet traffic per Mb. Some of them use a
pay-as-you-go system and others are billed afterwards. We have a
potential 25000 users of this system. For the pay-as-you-go users it
is necessary to stop their internet access as soon as they have used
up their funds. At the moment we are using a Radius server for the
authentication but with a new system it might be easier to
authenticate against an ldap-system.
Once users are authenticated the present firewall allows them to use a
set of services grouped as 'paid_services' in Checkpoint. From what I
have read in the pf-documentation it would be easy to use a macro with
something similar in a rule once a user has been authenticated.
At the moment our firewall (Checkpoint FW-1 NG) generates about 500
loglines per second. We expect our internet traffic to increase by
about 300% in the next three years.
Not all the accounting takes place against usernames. In some cases
(like webservers) the owner pay for all the traffic involving a
spesific IP address.
Now my questions:
1. Is it possible to use pfsense for a situation like this?
2. If so, how would you handle the accounting part?
Regards
Johann
pfSense does not currently offer this functionality.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
