Watchguard to pfSense
-
It could help if you sketch out your current WG setup and let's see if that's doable with pfSense!
The more precise a question is the better are the results you get, right?
Sorry if you had a bad start in this forum. -
It could help if you sketch out your current WG setup and let's see if that's doable with pfSense!
The more precise a question is the better are the results you get, right?
Sorry if you had a bad start in this forum.Thanks jahonix and no worries about the bad start.
I've been testing pfSense and pretty sure it'll be doable. There are a few things missing like web and smtp proxies but I can handle their chores with something like Untangle, or use the Squid package for the web?
-
… use the Squid package for the web?
Why '?'
Use the Squid package for the web!There are threads in this forum where people seem to have a decreased line speed when using squid. Preferably read those.
Personally I can say my installs run fine and fast with squid so I didn't monitor that thread. Don't know if it's found and solved or still mystery.However, if you plan to use pfSense in production it is recommended to install, configure and test it beforehand, including packages, of course. I have the impression that you did that already.
-
OP:
Well, I've used (and still manage) countless firewalls so I'll give my opinion. In my organization I have Sonicwalls, m0n0wall, pfsense, Checkpoint, Juniper Netscreen, Cisco PIX/ASA, various SOHO models (Linksys, Netgear, etc) and probably some others I forgot. I removed the Watchguards we had (only three, from an acquisition). Without a doubt, Watchguard was the worst piece of crap I ever had the displeasure of using. All the firewalls I mentioned I like better.
How's that for an opinion?
Robert
-
Hi, my company has replaced a few older watchguard and sonic wall boxes with pfsense. I also tested untangle for a while and was not impressed with it's performance, which to me lacked a lot of functionality that pfsense addresses. the pfsense on our older pc's provided us with an affordable system that was easy to use and functioned far better than the equipment it replaced. We have a guest network at our office which makes use of the captive portal feature, which was not something our other routers had. Next week I'll try getting pfsense to run on an older Firebox 1000 we're replacing. It should be a fun project.
Al H.
-
Watchguard has a feature where you can have secondary networks on the same LAN side. You add an IP from the subnet that won't be used and it's used to route traffic between the networks. Can this just be done the same way on pfSense by just adding a static route?
Thanks
-
I'm not really sure if I understand what you mean but if I get you right you could either fake this by using a second nic to the same switch or by creating 2 vlans on the same nic to a vlan capable switch. However in 1.3 we'll introduce a a new type of virtual IP that will be able to do that without additional nic or vlans.
-
In Untangle, the method is to bind another IP address to the same LAN nic. And some create static routes to route traffic from 192.168.1.xxx to 192.168.2.yyy and vice versa.
-
I told you this will be doable in 1.3 but you won't need stupid static routes for that :P
-
Yes, except I'm trying to do a drop in replacement for my current configuration and 1.3 won't be available for at least 3 months?
Thanks
-
No.
You would have to hack ifconfig aliases from the command line
–> not supported.