pfSense Plus Multi-Instance Management Q&A - SNEAK PEEK
-
We're thrilled to share an in-depth Q&A session featuring our Lead Engineer, Leon, and our VP of Marketing, Glen. In this engaging conversation, they discuss the innovative Multi-Instance Management feature in pfSense and what it means for network administrators and businesses.
Watch now: https://youtu.be/41gqqgA9zeM
-
M mwatch pinned this topic on
-
@mwatch Very interesting.. Seems the MIM is a much more ambitious project than I thought. 300+ rest API commands from the getgo and templating functions… I Thought it would “just” be a automatic Mesh VPN setup and monitoring UI.
Hope tp see the preview soon
-
This is great news. The one thing I really care about: can firewall aliases sync between devices? That would be a HUGE productivity gain.
-
S stephenw10 referenced this topic on
-
S stephenw10 referenced this topic on
-
@aaronssh said in pfSense Plus Multi-Instance Management Q&A - SNEAK PEEK:
This is great news. The one thing I really care about: can firewall aliases sync between devices? That would be a HUGE productivity gain.
Exactly this and a lot of other “small” things must be improved **BEFORE pfSense DevTeam start to spending a lot of resources (that already limited) to a significantly new product’s features!
-
Hi,
I am trying to find out what are the features supported by Multi-Instance Management.
Can anyone advise where I can get the list of these features ?Thanks
Regards
Kwang Mien -
https://www.netgate.com/multi-instance-management-pfsense-plus
-
@michmoor Thanks for the info.
-
@mwatch Will you be providing a video on how it looks and what functions are avail?
Right now, I must remote into a local PC then log into the PfSense local dashboard... very cumbersome when managing 17 pfSense appliances.
-
@aaronssh said in pfSense Plus Multi-Instance Management Q&A - SNEAK PEEK:
This is great news. The one thing I really care about: can firewall aliases sync between devices? That would be a HUGE productivity gain.
With an API and 300 commands, I don't think they skipped one to push aliases to the devices.
Certainly a very exciting development and improvement. However, like pfSense in general these days, it seems to be heavily inspired by developers' and marketing ideas and less by practical needs of network security professionals.
Some parts of the video call sound a bit far fetched, to be honest:
I never actually heard a complaint about a central management platform being too slow. Anyway, let's assume that a product out there is sluggish. Would it imply that you can move your enterprise firewalling from product x to pfSense, because Netgate's MIM is so much more responsive?
API vs. CLI: Outside of (mostly: cloud) environments that have a really mature, custom control plane, APIs of firewall appliances are rarely used, even on platforms that had them for years. CLIs are being used all the time, athough they are orders of magnitude slower than the slowest API, because they allow efficient manual changes as well as interfacing with a variety of third-party configuration managers with minimal adaptation. Whether a configuration change takes .4 or 78 seconds to apply is hardly relevant in a production environment. How many third-party vendors will support the pfSense API?
Scale: So far, it would have been very tedious to build infrastructures with thousands of pfSense instances. Hence, was it a real world need to support scaling into the tens of thousands, because so many clients with 15,000 instances each are urgently waiting for that feature? Or is it more about the many SMBs and SMB "MSPs" that maybe reach a two- or low three-digit number? The latter would have profited substantially from a CLI. With an API, they either do some very limited improvsation on the side, or have to use the Netgate platform right away.
