VMware® Ready Virtual Firewall Appliance benefits

travis01

Hello,
I've been trying to find the benefits of VMware Ready Virtual Firewall Appliance over my normal VMware ESXi install using the .iso. I've only been using VMware for a few months and working with it for almost a year. Many companies that I have worked with through remote support use pfSense basic .iso in an ESXi setup.

I read the blog post here: https://www.netgate.com/blog/pfsense-vmware-ready-virtual-firewall-appliance.html
and some feedback here: https://forum.pfsense.org/index.php?topic=93967.0

What is VMware Ready?

VMware Ready is a certification from VMware that says our product works within VMware’s operational boundaries**("That's great but it appears the standard .iso does too")**. VMware Ready designates VMware’s highest level of endorsement for products created by established VMware partners. VMware Technology Alliance Partner members develop their products to meet VMware standards and submit them for rigorous qualification testing and review. Only products that meet VMware Ready requirements will display the VMware Ready logo.

What Makes a VMware Ready Product Better?

Each VMware Ready Product Category defines specific criteria that a qualifying product must meet. In many categories, these criteria include the proper use of VMware-supplied technology to allow partners to integrate their products with core VMware features and capabilities**("like what?"). This creates a complete product offering that provides functionality not otherwise available("like what?")**. VMware Ready products can do more ("like what?"), and they’re built to the standards for reliability that VMware customers expect ("like what?"). VMware Ready products should always be on the short list when evaluating technology.

As a user and independent IT contractor/consultant that has been encouraging businesses to start using pfSense, I'm still unclear on why anyone would bother with the "VMware Ready Virtual Firewall Appliance". I use VMware because they have proven over the years to be very reliable for deploying any standard .iso for Windows, Unix/Linux based installations. Deploying pfSense in ESXi hasn't been a problem. So the idea of using a "VMware Ready Virtual Firewall Appliance" over a standard .iso is confusing to me and I don't know what to tell clients who ask about it.

Is there a feature/benefit comparison of using a standard .iso vs "VMware Ready Virtual Firewall Appliance" posted anywhere?

travis01

I read through the new pfSense book with pfSense Gold and didn't find more details there either.

KOM

Appliances are usually faster to configure and get running since you don't have to fight with installation issues.

jimp

The appliance is running the Factory version of pfSense software, the same as the other devices we sell. This version includes some additional packages/features and is not the same as CE.

The appliance is also pre-configured to run as a VMWare VM with appropriate tuning.

You can install from the CE iso and it will work, but you'll have to manage all of the details yourself.

brucehowells

Maybe I'm being unusually dense today, but when I go looking for the Appliance (to get the Factory version), from the Gold portal page, I end up at https://portal.pfsense.org/firmware/vsg/pfSense-CE-2.3.4-RELEASE-amd64.ova, which appears to be the CE version.

What left turn am I taking?

Guest

@brucehowells:

Maybe I'm being unusually dense today, but when I go looking for the Appliance (to get the Factory version), from the Gold portal page, I end up at https://portal.pfsense.org/firmware/vsg/pfSense-CE-2.3.4-RELEASE-amd64.ova, which appears to be the CE version.

What left turn am I taking?

Yes it is CE, but with the VM tools package installed, and probably disk tuning and installation done beforehand. It's a turnkey solution vs. a install-it-yourself solution. That's what the difference is. The end result is the same, only how you start and configure it is different (faster).

brucehowells

Actually, I was looking for the additional VPN configuration wizard provided in Factory, which is not in CE (and thus not in the .ova).

According to jimp above, it's supposed to be Factory.

Guest

What additional VPN?

brucehowells

I'm specifically looking for the Apple IPSEC Profile tool.

trystan

Can confirm, it appeared that the EC2/Apple ipsec capabilities were offered. The 'official' vmware image that is behind a 100$ annual subscription is literally just the CE image.

I'm hoping this is a mistake.