Centralized pfSense Management Interest
-
Hello folks.
I was wondering about the community interest in a centralized management SaaS solution?
Of course in the beginning, until Netgate rolls out a native API it wouldn't be possible to offer a reliable real-time configuration editor, however, a configuration builder and manager with the ability to pull a config down and reboot the router should be possible.
Some other features that come to mind are;
- Real-time monitoring and alerts
- Easy VPN builder between managed routers
- Easy firewall rule building using firewall groups and inheritance (Similar to how Active Directory Group Policies work)
- Configuration importer for newly added routers?
Looking for some feedback and interest in such a product.
Thanks
-
@pfbarry I think this needs to be brought back up. I have seen many topics surrounding this searched in the past and would be a great solutions for myself and my team.
-
@allanlanier87 I've been reading/hearing about pfCenter for 8+ years. If it hasn't happened by now, it isn't going to happen.
-
@pfBarry VERY INTERESTED
Netgate already provides TAC Support. Centralized management and ZTP are the missing features I'd like to see that makes this firewall feasible for businesses.
-
This claims to allow centralized management of pfSense. I have not tried it myself...
https://dynfi.com/en/dynfi-manager/
https://www.youtube.com/watch?v=7Fsfir5ODLI
-
@pfBarry Sign me up - en centralized management console/config builder would make my life infinitely easier as having about 40 pfSense instances under the hood is rather cumbersome at times…
-
@occamsrazor So I've tried DynFi and seen that it has some great features, but the centralized management features are limited. I think it's better for Day N where you're monitoring and tweaking the devices after they're set up.
In a fleet of business owned firewalls, you would want to define configuration based on policies at a global level, site level and individual firewall level. The global and site level config is very minimal with what I think I can do with DynFi - what would be ideal is something like: Creating a firewall rule for a secure maintenance access via properly configured SSH over VPN. A site level config example may be configuring a CA and certs for 4 firewalls that an MSP is responsible for, an individual firewall config might be all the unique stuff like hostname, etc for that firewall.
With a centralized management platform offering, the firewall could have a script to check the central platform during boot for ownership of the serial number and then attach itself to the platform. This Zero Touch Provisioning feature means I don't have to travel all over the country setting up firewalls, I could have the option of using a contractor to rack and plug the box in and then hand it off to me to do the rest remotely. Those are some savings, efficiency and quality of life upgrades I know businesses would want to pay for.
I'm sure Netgate already knows this, but business customers are the type looking to purchase verified Netgate brand hardware with support contracts. I'm currently going through a POC to try out all the competition and I can say what I described here is hilariously hit or miss across all the big vendors. Very few are doing a great job with this or they make it difficult to POC those features. Meanwhile, the first setup to cross the finish line in lab was of course pfsense plus and DynFi so Kudos for the "ease of setup"!
