Let's take a look at some use cases where pfSense can prove to be instrumental.

pfSense can act as a LAN or WAN router. LAN, as you know, is basically a group of computers and associated devices that share a common communication line or wireless link to a server. A LAN usually consists of devices connected within a closed area, such as an office or a commercial establishment. A WAN is a geographically distributed private telecommunications network that interconnects multiple LANs. For example, in an organization, a WAN might connect multiple branch offices. A router is used to connect a LAN to a WAN.

pfSense can work as a wireless hotspot. The pfSense appliance has significantly more functionality and configurability than a typical SOHO security appliance. It is also slightly more involved to set up. pfSense offers some great features, such as being able to host a Wi-Fi network for guests outside of the main firewall, even using a different public IP to NAT behind.

You can also configure pfSense as a VPN router. A VPN is used to add security and privacy to private and public networks, such as Wi-Fi hotspots and the internet. VPNs are most often used by corporations to protect sensitive data.

You can configure pfSense as a firewall to put rules and other security settings over the private network. A firewall is a network security system that uses rules to control incoming and outgoing network traffic. It acts as a barrier between a trusted and untrusted network. A firewall controls access to the resources of a network through a positive control model. This means that the only traffic allowed onto the network is defined in the firewall policy. All other traffic is denied.

pfSense can act as a DNS server or DHCP server. DHCP is a communications protocol that network administrators use to centrally manage and automate the network configuration of devices attaching to an IP network. It removes the need to manually configure IP addresses and automatically assigns an IP address to a device, even when moving to different locations. DHCP is supported for both IPv4 and IPv6, that is, the Internet Protocol version. With the use of DHCP and domain name resolution all on the firewall, it makes life easier for configuring the network traffic precisely the way you need it.

This support for multiple WAN connections enables pfSense to load balance or failover traffic from a LAN to multiple internet connections. With load balancing, traffic from the LAN is shared out on a connection-based, round-robin basis across the available WANs. With failover, traffic will go out to the highest-priority WAN, until it goes down. Then, the next one is used. pfSense monitors each WAN connection using either the gateway IP or an alternate monitor IP address, and if the monitor fails, it will remove that WAN from use. This also reduces latency to users. Load balancing can be implemented with hardware, software, or a combination of both.

You can also use pfSense to forward ports or Network Address Translation (NAT). NAT is the process where a network device, usually a firewall, assigns a public address to a computer or group of computers inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use for both economy and security purposes. NAT helps improve security and decrease the number of IP addresses an organization needs. NAT gateways sit between the two networks—the inside network and the outside network. Systems on the inside network are typically assigned IP addresses that cannot be routed to external networks.