On Wed, Aug 6, 2008 at 8:59 AM, Johann Spies <[EMAIL PROTECTED]> wrote: > I am investigating the possibility to use pfsense as our next > enterprise-level firewall. I am new both to pfsense and openbsd > (coming from a Linux background). > > Our users pay for internet traffic per Mb. Some of them use a > pay-as-you-go system and others are billed afterwards. We have a > potential 25000 users of this system. For the pay-as-you-go users it > is necessary to stop their internet access as soon as they have used > up their funds. At the moment we are using a Radius server for the > authentication but with a new system it might be easier to > authenticate against an ldap-system. > > Once users are authenticated the present firewall allows them to use a > set of services grouped as 'paid_services' in Checkpoint. From what I > have read in the pf-documentation it would be easy to use a macro with > something similar in a rule once a user has been authenticated. > > At the moment our firewall (Checkpoint FW-1 NG) generates about 500 > loglines per second. We expect our internet traffic to increase by > about 300% in the next three years. > > Not all the accounting takes place against usernames. In some cases > (like webservers) the owner pay for all the traffic involving a > spesific IP address. > > Now my questions: > > 1. Is it possible to use pfsense for a situation like this? >
With captive portal and RADIUS authentication I don't see anything of the above that can't be done. > 2. If so, how would you handle the accounting part? > Externally with some other system, with the RADIUS accounting data. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
