@aaronssh said in pfSense Plus Multi-Instance Management Q&A - SNEAK PEEK:
This is great news. The one thing I really care about: can firewall aliases sync between devices? That would be a HUGE productivity gain.
With an API and 300 commands, I don't think they skipped one to push aliases to the devices.
Certainly a very exciting development and improvement. However, like pfSense in general these days, it seems to be heavily inspired by developers' and marketing ideas and less by practical needs of network security professionals.
Some parts of the video call sound a bit far fetched, to be honest:
I never actually heard a complaint about a central management platform being too slow. Anyway, let's assume that a product out there is sluggish. Would it imply that you can move your enterprise firewalling from product x to pfSense, because Netgate's MIM is so much more responsive?
API vs. CLI: Outside of (mostly: cloud) environments that have a really mature, custom control plane, APIs of firewall appliances are rarely used, even on platforms that had them for years. CLIs are being used all the time, athough they are orders of magnitude slower than the slowest API, because they allow efficient manual changes as well as interfacing with a variety of third-party configuration managers with minimal adaptation. Whether a configuration change takes .4 or 78 seconds to apply is hardly relevant in a production environment. How many third-party vendors will support the pfSense API?
Scale: So far, it would have been very tedious to build infrastructures with thousands of pfSense instances. Hence, was it a real world need to support scaling into the tens of thousands, because so many clients with 15,000 instances each are urgently waiting for that feature? Or is it more about the many SMBs and SMB "MSPs" that maybe reach a two- or low three-digit number? The latter would have profited substantially from a CLI. With an API, they either do some very limited improvsation on the side, or have to use the Netgate platform right away.
