TAC support questions

ivica.glavocic

I am asking here because I can't seem to find a way to get answer without active TAC support plan, which we don't have yet.
We are migrating from current firewall solution to pfSense HA cluster, and we would like to get email or ticketing support for that cluster. Questions are:

• For HA cluster do we have to buy two pfSense TAC support packages, or one is enough?
• Can we get email / ticketing support for TAC lite or we have to buy TAC Pro?
• Do we have to install pfSense Plus on our devices or we can get support with community edition installed?
• Is it possible to install packages on Plus that are not on the list of Supported pfSense Plus Packages? For example, we would like to install Bind on both devices, but it is not available on Supported pfSense Plus Packages (we don't need support for it).

Thanks, with regards,
Ivica

johnpoz

@ivica.glavocic said in TAC support questions:

install Bind on both devices, but it is not available on Supported pfSense Plus Packages

Not sure where you got that idea?

ivica.glavocic

@johnpoz said in TAC support questions:

@ivica.glavocic said in TAC support questions:

install Bind on both devices, but it is not available on Supported pfSense Plus Packages

Not sure where you got that idea?

Here: https://www.netgate.com/supported-pfsense-plus-packages

johnpoz

@ivica.glavocic ah - you talking about if its a netgate supported package or 3rd party maintainer..

Not sure why bind was left off that list, you will notice quite a few packages marked as

Netgate TAC Support can only assist with the installation of this package.

But yeah bind is still available from my list available package on 25.07.1

ivica.glavocic

@johnpoz said in TAC support questions:

@ivica.glavocic ah - you talking about if its a netgate supported package or 3rd party maintainer..

Not sure why bind was left off that list, you will notice quite a few packages marked as

Netgate TAC Support can only assist with the installation of this package.

But yeah bind is still available from my list available package on 25.07.1

If Bind is available for installation in pfSense Plus, that solves last two questions, I don't have to install CE edition and I can install it on Plus. Not expecting support for it. Thanks.

Now, about first two questions:

• For HA cluster do we have to buy two pfSense TAC support packages, or one is enough?
• Can we get email / ticketing support for TAC lite or we have to buy TAC Pro?

Thanks, with regards
Ivica

tedquade

@johnpoz Near the top of the page (https://www.netgate.com/supported-pfsense-plus-packages) is a link as follows:

For a full list of packages see our documentation.

If you click on "our documentation" bind is listed.

Ted

johnpoz

@ivica.glavocic I have no idea about those questions.. Sure don't want to misspeak, but from as for as tac lite - my take is your always open a ticket.. Worse case is they say no.. My only real interaction with support for my sg4860 has been images before the move to the new installer.

And in those cases support was always johny on the spot and would get link to image in a few minutes normally.

patient0

@ivica.glavocic I would contact Netgate sales directly, that seems more efficient than waiting in the (technical) community forum for a Netgate employee to answer.

sales@netgate.com, https://www.netgate.com/contact-us

SteveITS

@ivica.glavocic said in TAC support questions:

For HA cluster do we have to buy two pfSense TAC support packages

Their TAC support packages are per-device so you would need two if you wanted the ability to contact Netgate for either (you provide the NDI ID number to them in the ticket).

SteveITS

@ivica.glavocic said in TAC support questions:

email / ticketing support for TAC lite or we have to buy TAC Pro

For this one, see the table at the bottom of https://shop.netgate.com/collections/tac-support/products/pfsense-software-subscription-tac-lite-support.

Lite is "zero to ping" meaning they will help get you online (install/reinstall) and ping works.

stephenw10

Installing a package that isn't on the supported-packages list wouldn't invalidate the support. It just means we are limited in what we can help with. So installing Bind is fine.

However that doesn't apply to packages from some 3rd party package repo which can cause all sorts of problems. TAC would likely ask you to reinstall to revert any changes that made.

Gertjan

@ivica.glavocic said in TAC support questions:

For HA cluster do we have to buy two pfSense TAC support packages, or one is enough?

Isn't "HA" always : "more then one" by default ?
Both entities must be identical, where one acting as a master, and the other(s) is (are) acting as slave(s), all following all the interactions of the master.
If the master detects a fail, a slave is elected and takes over.
So, for me, 2 (identical devices !) at least.

About bind : Have a look at this forum, there are pfSense users that use the pfSense bind package.
Afaik : the bind GUI implementation isn't ... perfect. Loads of options are missing. And the version bind version used isn't the latest.
I'm using bind myself as a autoritative domain name server, servings 10+ domain names, and have it synced to another (also mine) bind server, acting as the slave. It does DNSSEC, can do DDNS, and all kind of other nifty trick.
My option is : it's 'impossible' to use a GUI to maintain the config of bind. Maybe with one domain name, and minimal settings ? Anyway, imho, pfSense is a firewall/router, not an autoritative domain name server.

What about this solution : host your bind on another device with a real OS, like a rock solid Debian server, and set it up from there ? True, you have to edit the files (I actually rarely edit my bind's 20+ config files).

I short : you're opting for a "HA" setup, so your installation becomes somewhat mission critical. In that case, divide important task over separate devices/hosts. The firewall != the proxy server != the DNS server != the file server etc. (!= = 'in not').