Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense vs commercial firewalls

    Firewalling
    3
    5
    3.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fireix
      last edited by

      Hi!

      I have a Fortigate 200B today and it has never failed me. However, having just IPS requires an expensive maintains contract on the unit + a IPS-subscription. In addition, they stop supporting/deliver upgrades to these units, so you would need to buy a new one every 2-3 year. This makes me look for other solutions and I came over pfSense.

      My requirements:

      • 1 Gbps WAN speed (FG200B supports 5, but I don't have that traffic/link from my ISP).
      • 4 Ports (two of them in redundant mode, so that I can have two paths to two switches and then two servers bounded to both both swtiches).
      • Transparent mode (important)
      • Public-IP on BOTH Wan and LAN side (by this, I mean that we only have public static assigned IP-addresses)
      • A well laid out and nice looking rule manager - here is where 70% of the solutions fall off - FortiGate has an excellent method to group dest-ip, dest-ports and group them in each their interfaces.

      I have been talking to other fw-vendors (Kerio for instance), but they look at me like I'm an alien when I say I want public-ips on the LAN-side. We don't run a office with private-ips, so a transparent fw is easy instead of having to do NAT-rules and lot of work to get traffic through.

      I have found small view of v2.3 on youtube and it looks like they are having a bootstrap-interface and that is very positive start. If I had only seen the older version only (before 2.3), I would have walked away. It doesn't show the rule-management in any details (just very quick), but it looked promising.

      Will pfSense meet my demands with little trouble, at least from a technical side? I only need fw rules + IPS. I have looked at buying the same hw-unit that pfSense sells, it looks affordable at about $1000 and then I don't have any more expenses and IPS.

      1 Reply Last reply Reply Quote 0
      • chpalmerC
        chpalmer
        last edited by

        Hello:

        Start here.  https://doc.pfsense.org/index.php/Comparison_to_Commercial_Alternatives

        :)

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • F
          fireix
          last edited by

          Thank you.

          I have not yet found out if I can group port like I can in FortiGate. Is that possible? It saves a LOT of rules when you run it for many servers. Similar to group single hosts with IPs (that I hope is available under Alias).

          1 Reply Last reply Reply Quote 0
          • pttP
            ptt Rebel Alliance
            last edited by

            https://doc.pfsense.org/index.php/Aliases#Examples

            1 Reply Last reply Reply Quote 0
            • F
              fireix
              last edited by

              Thank you, I just managed to get access to admin area and I see it works perfectly :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.