I and one other in my team have been working on getting BGP in FRR to work in our new data center for a bit. We know when to quit and we are willing to seek knowledge from someone wiser than us. Any takers?
You asked the one question that can be answered by yourself in 5 minutes ;)
pfSense has something Cisco can't offer :
If you have an older (thus non used) desktop PC somewhere, snap in a second (third etc) extra NIC, and you're to discover it for yourself.
The initial set-up will have a WAN and LAN interface, and perfectly working initial firewall rules.
Which means 'none' on WAN so nothing enters.
And a single "pas all" rule on LAN so everybody can do what she/he wants on the net.
At this moment, you'll face just one issue : your firewall will be as good as the admin guy handling it.
Typically, it could be a close to "set it and forget it installation". Just update it ones in a while.
If you want to,play with the many 'whistles and bells' : please, do understand that they work for you as long as you understand how they work.
Could it be true that some sites do 'break' ones in a while ? It happens to all of them.
Router/firewall do not block randomly some sites. If that happens, go for the door that says 'admin' and ask the guy behind it some questions.
@billjcarlos #1 I don't think there are many Canadians here so you probably won't get many replies. #2 it's going to die in the Senate anyway so forget about it. I'm really surprised at the lengths the Libs, NDP and Greens went to ramrod this through despite all the pushback, and the Cons were the voice of reason for once in their lives.
7 access points connected to switches (no-smart or managable switch)
Well that is a problem.. For you to segment your network you either need vlan capable devices switches and AP. Or you need to do it full physical where each network is on its own hardware.
Pfsense is capable of doing vlans - but you need the rest of your infrastructure to support it. So you need at min a vlan capable switch to use as core switch, downstream switches can be dumb as long as you plan on all devices connected to these dumb switches to be in the same network/vlan.
Same goes for your AP.. if they are dumb then you would plug them into different switch port that is only on the vlan you want all wireless devices to be on that connect to that AP.
I would really suggest you invest in some vlan capable switches and AP. Doesn't have to break the bank.. This can really be done on a shoestring budget if need be..
@bingo600 I don't know but suspect, one (#pfsense) was claimed in an attempt to reserve it for Netgate or the project and the second one (##pfsense) is - per liberas guidelines - a community channel and created/maintained by users/community (it also has an apropriate channel message that says it's not official/netgate driven). So that's OK but doesn't make much sense. :)
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.