Enterprise style Central Management Interface - {Now $1900}

Guest · Jul 28, 2008, 4:08 PM

It's really not. A number of the pfSense developers have looked at the m0n0wall-cmi code and have judged it to be a major mess. I think that the direction currently under consideration in this thread is a better one.

cmb · Aug 12, 2008, 3:53 AM

@submicron:

A number of the pfSense developers have looked at the m0n0wall-cmi code and have judged it to be a major mess.

I don't think that's accurate, I don't know that any of us have looked at the code, at least not that I recall.

We are looking to go a different direction with this though.

kapara · Aug 12, 2008, 4:03 AM

Well if there is any info that anyone has about the direction it is going I would really appreciate hearing about it since there has not been an update in a very long time about whether this is going in any direction at all. Hope I am wrong but this bounty seems to not be going anywhere.

Guest · Aug 18, 2008, 3:02 PM

@cmb:

@submicron:

A number of the pfSense developers have looked at the m0n0wall-cmi code and have judged it to be a major mess.

I don't think that's accurate, I don't know that any of us have looked at the code, at least not that I recall.

We are looking to go a different direction with this though.

I distinctly remember being on a conference call with both you and sullrich where exactly this statement was made, I believe by sullrich.

cmb · Aug 20, 2008, 2:12 AM

@submicron:

I distinctly remember being on a conference call with both you and sullrich where exactly this statement was made, I believe by sullrich.

I remember that call, but what I recall is we were talking about functionality we wanted just not being there. Oh well, moot point. :)

@kapara:

Well if there is any info that anyone has about the direction it is going I would really appreciate hearing about it since there has not been an update in a very long time about whether this is going in any direction at all. Hope I am wrong but this bounty seems to not be going anywhere.

We will have more info on our plans as things progress. We aren't in a position yet to discuss any further.

kapara · Aug 25, 2008, 8:28 PM

@ cmb

We will have more info on our plans as things progress. We aren't in a position yet to discuss any further.

I don't understand what you mean by "our plans". Do you mean the developers only or also the people who have created and or added money to the bounty. I would hope that as a contributor to the bounty that myself and anyone else who is offering to contribute to this bounty would be informed of any updates, progress, or direction this bounty is taking unless the devs have decided to take this in a different direction. My main concern is I have allocated funds to this bounty and it has been about 4 months since the last time a dev has shown any interest in this bounty. That dev did not say they would take the bounty. I will need to start looking for an alternative solution which means pulling my money from the bounty.

kapara · Aug 28, 2008, 7:03 AM

Was reading bout limitations with VPN and sending snmp and syslog data across the vpn. Was wondering because most MSP apps which do this central management type thing do so via VPN tunnels to each client. Will this still be a problem or will it be fixed in 1.3?

kapara · Aug 28, 2008, 7:15 AM

What is stalling this bounty? Is it the amount of money? If so, how much more will it take to get things moving. Giving me a realistic figure will enable me to try and get others to jump in. Ex. Lets say 3,000 will get a dev accept the bounty. Then I know that if I get 3 people to pony up $250 each we can get started and they know that by adding to the bounty it will begin developement.

Thanks

AudiAddict · Aug 28, 2008, 8:39 AM

I still think using another server to monitor services, management and polling devices is not ment for a firewall.

There are already great packages like zabbix and nagios which offer plenty of management abilities.

Monitoring a great deal of servers and services also take up plenty of cpu power/memory (10 sensors for each server with 20 servers..)

Just my 2 cents, why reinvent something which is already invented ?

kapara · Aug 28, 2008, 8:58 AM

Not for monitoring devices. More for maging and being able to configure all of your pfSense firewalls from one location. There is no product out which does this for pfSense. Also 1.3 can operate with 1 NIC, meaning this would become an appliance rather than your firewall slash everything else under the sun. I have been looking at a different solution for monitoring devices. ManageEngine has an MSP solution which for 2500 per/year aloows you to monitor 100 devices. I do agree that for monitoring pfSense would probably not make much sense since the cost of developing a solution would cost much more.

simoncpu · Sep 15, 2008, 2:56 PM

Very interesting! I can see a solution in my mind, but I don't know how long this will take. I think I need to research this or something….

MRNilsson · Nov 19, 2008, 6:10 PM

It would be a dream come tru if someone developed a management client for pfsense like Firewallbuilder with log viewing capabilities…

Today I manage 20+ pfsense boxes for VPN/firewalls etc, just imagine if it would be possible to manage these from one gui
Wishlist:
object oriented firewall/VPN configuration, +only create the objects one time (drag/drop the object rules to the firewall and apply/upload)

WE CAN ALWAYS DREAM ;)

/MRNilsson

kapara · Nov 19, 2008, 6:17 PM

@ MRNilsson

One does not have to just dream. One can also donate! Hint Hint.. ;D

kapara · Dec 10, 2008, 7:41 AM

Curious….Is someone developing a commercial solution for this? I noticed Centipede now has an automatic backup plugin for configs..... That is not a full solution but I get the feeling something like that is happening. This bounty gathered much interest in the beginning and then P :o :oF. The concept is a very good one (At least I think so) and am hoping that someone is still interested. I will up the bounty by $500. I would appreciate it if someone would tell me (Devs) if the lack of interest is due to wanting to make a commercial solution...add-on or if it is the bounty total. If it is the bounty total then if someone could tell me what it would cost to "interest" a dev to create this. I have added a significant amount of my own money and might be able to convince others to join in but with the bounty sitting stagnant it is difficult to convince people to pony up some cash when no one is negotiating.

eri-- · Dec 10, 2008, 3:47 PM

I read this whole thing and can the requirements reconciled in a post and what is the last offer for this?

kapara · Dec 10, 2008, 7:54 PM

Hi ermal,

I will work on an updated list based on my reqs. I hope others who added to the bounty are still interested and can respond in kind.

A side note: I have been trying to reach you about the traffic shaper with no luck. Can you PM me the info as I have yet to receive it.

Thanks

fridaynoon · Dec 14, 2008, 10:50 AM

I am interested in joining the discussion, as I operate a network of PFsense. I anticipate that my config is the classic central site connected via VPN to some remore sites. I have 40 wrap/alix remote units.
For me, the interest in a central management system is broken in three functions.

Backup. I want a system that can store all my configs in a safe place. Now i have a script that timely, from a central place, downloads all the config scripts.
Distribution. I'd like a sytem to distribute config changes to all of my systems (things like admin password changes, filters, vpn configs,…) with a result feedback.
Monitoring. Id' like to know the summary state of all of my remote systems. The info that I need are very basic, system up/down, VPN up/down, lan/wan usage. A central logging system is not a requirement for me, as it can be done in other ways.
A fourth function, Alerting, can be done for the bare activity of the system in other ways, so for now is not crucial for me.

As for the architecture, I' m dubious.
I think this system in interest of people who control a data center, so a dedicate machine I think is not a problem. For the operating system, every data center has different skills, and a specific architecture could be a problem.

For the funding, I already put 300$.
Now, if the system covers the first 2 points I can put 600$ total, and other 400$ for the third.
I truly want a central system, so i'd really want to participate in developing something useful.

Fridaynoon

svetoslav · Dec 17, 2008, 8:19 AM

Hi all, this is my post.
http://forum.pfsense.org/index.php/topic,13107.0.html

Where can i invest 200 $ for this project? But how long take this progect ??
And how match is it.

kapara · Dec 16, 2008, 3:18 AM

How much can you contribute. ;D The more you can…the more likely someone is going to show interest........ Specify an amount that this would be worth to you and a mod or myself will add it to the amount listed.

df · Dec 28, 2008, 9:28 AM

I can add 1000€, but need an invoice (company here :)