The Desktop
Firewall
7:00 AM. State testing day. Firewall dead. 2,000 students. Vendor says 48 hours. We had 53 minutes. This is what we did.
53 minutes to save testing day.
State testing in California isn't flexible. The dates are set months in advance. The testing windows are specific. If students can't test during their window, the consequences ripple through the entire year.
So when this school's SonicWall firewall died at 6:47 AM—power supply failure, completely unresponsive—we weren't looking at an inconvenience. We were looking at potential disaster.
Testing started at 8:00 AM. The vendor couldn't get replacement hardware for 48 hours. The clock was running.
53 minutes, start to finish
The Call
School's IT coordinator calls. Internet is completely down. State testing starts at 8:00 AM. 2,000 students. No connectivity means no testing.
On-Site Assessment
We arrive to find the SonicWall firewall dead. Power supply failed. No lights, no response. The device is done.
Vendor Call
Called SonicWall and the school's reseller. Earliest replacement: 48 hours. Testing can't wait 48 hours.
The Idea
There's a spare desktop in the storage room. Intel NIC, decent specs. We've done this before. Time to build a firewall.
PFSense Install
USB boot drive ready. PFSense installing on the desktop. While it installs, we're configuring VLANs and documenting the old firewall's rules from memory and notes.
Configuration
Basic routing done. Content filtering configured with CIPA-compliant settings. DHCP scopes recreated. Testing VLANs isolated.
Go Live
Desktop firewall connected. Internet restored. Four minutes before the first bell.
Testing Begins
2,000 students start state testing. No one knows how close it was.
How we actually did it
The Hardware
Dell OptiPlex 7050 with an Intel i5, 8GB RAM, and an onboard Intel NIC. Added a spare Intel dual-port NIC for proper WAN/LAN separation.
The Software
PFSense Community Edition. We keep bootable USB drives with the latest version in our service vehicles. That preparation paid off.
Content Filtering
pfBlockerNG with CIPA-compliant blocklists. Schools require content filtering—this wasn't optional. Configured in under 10 minutes.
The VLANs
Recreated the testing VLAN isolation to ensure student traffic was properly segmented. Critical for both security and bandwidth management during testing.
Why this worked
Preparation beats panic
Having PFSense on a USB drive, knowing the network layout, having spare NICs—none of this was accidental. We prepare for these moments.
Know your alternatives
Enterprise hardware fails. Knowing how to build equivalent functionality from commodity hardware is a real skill.
Documentation saves time
We had notes on the firewall rules from previous work. Without them, recreating the config would have taken an hour longer.
Vendors have limits
48-hour replacement is reasonable for a vendor. It's not reasonable for 2,000 students on testing day. Sometimes you need a different solution.
What happened after
The desktop firewall ran flawlessly for three days until the replacement SonicWall arrived. Not a single dropped connection. Not a single complaint. Testing completed successfully.
When we installed the new SonicWall, we implemented a few changes: proper backup configuration exports, documented firewall rules, and a spare firewall appliance on standby.
The school now has redundancy built into their design. But more importantly, they know that when things go wrong, their IT partner won't just say "the vendor needs 48 hours." We'll find a way.
Need IT support for your school?
CIPA compliance. E-Rate expertise. And the creativity to solve problems when vendors can't. Let's talk about your school's IT.