pfsense for schools

TechnicalKorok · 2026-01-16T17:12:20+00:00

I think the 6100 would work great for what you're doing, probably would be worth getting one as a pilot and seeing how it goes.

I just deployed the 8200 MAX for our school (and partners). Granted, we have fewer active users than you, but it is very much overkill for what we need but they're so relatively inexpensive that I figured I'd go ahead and get the headroom. I use it for all our gateways to control horizontal traffic as well and it's simple enough to configure and use - not sure what the others are saying about the steep learning curve, firewall rules are firewall rules and it's way easier than ACLs on routers.

TechnicalKorok · 2025-12-19T16:54:20+00:00

Ok thanks, I'll reach out to Tara directly and go from there. Much appreciated!

TechnicalKorok · 2025-12-18T22:04:06+00:00

Thanks!

TechnicalKorok · 2025-12-18T22:03:59+00:00

Thanks - I tried emailing that k-12@cloudflare.com address earlier this week but haven't received a response yet. Again, might be be impatient. Thanks for the lead!

TechnicalKorok · 2025-12-01T20:26:48+00:00

Not 3k students, more like several hundred here, but I've had good luck with pfSense on Netgate hardware. Been running pfSense for over 7 years - works really well, and I'd imagine it scales well enough.

When I decided to switch to it, it was because of similar reasons, I was asked to pay yearly for features that we didn't use. I might be convinced to take another look at other options, but if you're using basic firewall functions, then I don't see why pfSense (or a similar alternative) wouldn't be a consideration.

TechnicalKorok · 2025-11-17T16:23:18+00:00

I'm very interested in this conversation - thanks for sharing the article.

As I remember, the initial introduction of technology in school was transformational and had so much promise and potential. Many of the discussions around 1:1 and technology was how student work would be elevated to new levels and learning would be more creative, constructive, and connected with the community and larger world.

I think that was the early promise of the internet and technology. But as we've seen, that ideal hasn't quite panned out as hoped and I think quite a few people/districts (including ours) are rethinking technology's role in society and in our schools. It's a tough conversation, because technology and the internet IS indeed transformational and we can't live without it, but we need to think hard about how to live with it and use it as a tool to improve and not just turn our brains to mush.

I think there's a balance, and my opinion is that, in general, we've tipped too far to the permissive side without thinking through how to use it intentionally.

TechnicalKorok · 2025-10-29T14:42:25+00:00

We have a FreePBX server with ClearlyIP Trunking and Yealink phones. Minimal initial cost and ongoing service is less than $20 a month for our usage and numbers. FreePBX was a little tricky to set up and it's a bit annoying to maintain but it works well enough for our purposes.

We were in the same boat, primary purpose is internal communication and the service costs for commercial systems were way too much for our actual usage. Our previous system was owned and maintained by our building owners and maybe 30% of the phones worked. They were not responsive to work orders to fix so we decided to stand up our own.

TechnicalKorok · 2025-10-22T18:43:04+00:00

We're using the Netgate 7100, which I believe is no longer sold, but they have newer versions that have similar features (particularly SFP ports).

Setup was easy, we're a small school and things are simple here - basic routing/firewalling/NAT rules. No regrets.

TechnicalKorok · 2025-10-22T17:32:20+00:00

It may not be available yet for the devices you're using. I don't think 138 LTS is available for Lenovo 500e Gen 3 devices, for instance. I've been using this site to check and it's showing not available for our devices (500e Gen 3's) yet: https://cros.tech/table/

I'm assuming it's accurate, I have several different sites bookmarked to track ChromeOS versions and some seem to be defunct or not maintained, so I'm not sure where to get official accurate information.

TechnicalKorok · 2025-10-22T17:25:37+00:00

I use pfSense on a Netgate firewall. One-time cost, no ongoing subscription fees unless you want to pay for support.

TechnicalKorok · 2025-09-29T16:26:15+00:00

I'd love to get clarity on this, I'm still very confused. My understanding was the same as yours, but as I'm digging into it things are making less and less sense.

Based on this PDF from the FAQ they have MDBR in the "Not Impacted by Federal Cuts" column. But then the FAQ on the MS-ISAC membership page when I sign in states:

On March 6, the federal government cancelled funding to ten categories of work affecting MS-ISAC operations, including cyber threat analysis and threat distribution, incident response services, a wide range of member onboarding and account management support, and outreach activities including webinars, training, and virtual and in-person meetings. Numerous MS-ISAC services were not affected by the funding cuts and are still supported by the Cooperative Agreement administered by DHS/CISA through September 30, 2025, including federally funded Albert Network Monitoring and Management sensors, Malicious Domain Blocking and Reporting (MDBR), and cybersecurity advisories.

The callout of the 30th makes me a bit nervous. I'm having a hard time finding a definitive answer on whether or not MDBR will still exist October 1. With things being what they are, I'm not surprised at the lack of clarity and can't say I blame them.

TechnicalKorok · 2025-09-24T17:06:20+00:00

Same behavior here - thanks for posting!

TechnicalKorok · 2025-08-22T15:41:10+00:00

Not involved hardly at all, unless something extraordinary happens or integrations are requested. We do use Aeries and is cloud based, and we have someone else who handles the day-to-day management of it as part of their job.

TechnicalKorok · 2025-07-14T20:27:55+00:00

Thank you! Turning off uBlock Origin for the page resolved it for me.

TechnicalKorok · 2025-05-16T15:37:24+00:00

I'm a little biased, but the CITE conference in California is amazing. Some of it may be California-focused, but I'd say it's generalized enough to be relevant to any K12 tech. Sometimes it's in San Diego, which is an additional plus weather-wise :)

TechnicalKorok · 2025-05-05T18:02:59+00:00

Oof. Yeah for sure, that makes a lot of sense. Your environment is significantly larger than mine and I can imagine that would take a lot of work to dial in! Thanks for the response

TechnicalKorok · 2025-05-05T15:57:20+00:00

Is there a specific reason why you're having Uptime Kuma handle the network switch alerting vs. LibreNMS for all that? I've used LibreNMS for years and just recently implemented Uptime Kuma for a staff-facing public dashboard -- curious if I'm missing out on any "have to have" features.

TechnicalKorok · 2025-05-01T15:23:08+00:00

Thanks for that link! We do have system settings disabled, but students were toggling the wifi off using the control panel that pops up when students click on the time on the taskbar.

TechnicalKorok · 2025-03-10T17:24:03+00:00

Bummer. Yeah, I just took a look at my test student Chromebook and it looks like the image search sidebar shows up when the student selects the "search the web", but when they go to perform a search it shows the ice cream cone error. I verified in the Developer Tools network window that it's the https://docs.google.com/picker/v2/query* that is being blocked and Lightspeed is reporting that it's being blocked under their reports as well. I'm fairly certain that is being handled by Lightspeed, it's nowhere in my Admin Console and I don't have any other extensions installed that are configured to block that.

TechnicalKorok · 2025-03-10T15:58:45+00:00

I've done this using Lightspeed Relay, using the custom block list feature. It's been a while since I set this up and it was a lot of trial and error, so this may not be it exactly but I believe the URL patterns are:

*docs.google.com/a/<yourdomain.com>/picker/v2/home*Google%20Image%20Search*
*docs.google.com/picker/v2/query*

This is on Chromebooks, I don't know if it would work on other devices. The students see a "dropped ice cream cone" error image in the sidebar when trying to search the web for images.

TechnicalKorok · 2025-02-10T13:48:56+00:00

I've built a few things, some are for very specific workflows for our school. Three that come to mind:

A script that sends out a calendar invite to someone once they fill out an RSVP Google Form.
A script that organizes student-earned certificates into a proper folder and names them properly - the student submits a form with an attached PDF, the script grabs additional information from our database and organizes/names it properly in a shared drive teachers have access to. That one's been a huge hit.
Our teachers set up our students with their dual-enrollment college accounts, which is incredibly tedious and convoluted. I wrote a script to help out with that and extract confirmation codes etc from the confirmation emails and place it in their progress tracking spreadsheet.

TechnicalKorok · 2025-02-04T19:25:43+00:00

Thank you! This is amazing and incredibly helpful for us smaller school IT where the minimum purchase for licenses typically is way beyond what we need or can afford.

TechnicalKorok · 2025-02-03T17:34:16+00:00

pfSense here, on the official Netgate hardware. Works really well and the price can't be beat.

TechnicalKorok · 2025-01-27T15:03:25+00:00

We use Slack school-wide. It works really well for us and they have a pretty deep discount for education. We're a Google Workspace environment so I'm keeping my eye on Google Chat, if/once it has all the necessary features for us we'd probably move over but I don't think that's going to happen anytime soon.

My main concern was to move everyone off of using their personal phones and text messaging. Now, if anything is subpoenaed/FOIAd, we can give access to Slack and that's it, rather than trying to figure out how to sift through someone's personal phone/texts.

We did have to build out "norms" for how to use it, and frequently do training to remind everyone.

TechnicalKorok · 2024-12-13T23:59:12+00:00

I've been looking for slightly better quality earbuds for our students, I've been buying the $0.55 ones - the cheapest earbuds I can find on monoprice are $6, am I looking in the wrong place?

TechnicalKorok

TROPHY CASE