Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Any experience of using pfsense in large commercial environment?

    General pfSense Questions
    3
    3
    1015
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sheepthief last edited by

      For some years I've been using pfsense in a non-critical situation - a guest wifi network across several sites, typically used by 200+ users daily. It's fairly complex as the networks are tunnelled to a single internet connection (guest traffic is not allowed on our usual LAN/WAN networks or internet gateways). This runs on mixed VM/physical hardware depending on the site. It's worked rather well, with only a few minor bugs, all of which I've managed to work around.

      However, I'm now considering switching to using pfsense for our primary LAN/WAN firewall/routers, which is rather more critical. I'll need physical hardware, likely Netgate, and official support. Again, it's for several sites, though with 1000+ users. I'm considering switching because I currently use Sophos UTMs, and I've not been too impressed with the quality or support. The current systems are due to become unsupprtable next year, and the new systems don't have an easy upgrade path - all of our configurations will have to be done from scratch, and if I'm going to have to do that then I may as well consider alternatives. The one advantage of UTMs is that they can be centrally managed, and firewall rules and definitions can be quickly deployed to all devices.

      So, although I'm reasonably comfortable with pfsense, I guess I'm looking for some assurance before using them in a more important role. Are you using pfsense in a commercial role for a large number of users? Do you use Netgate hardware? Do you have official support? What do you think?

      1 Reply Last reply Reply Quote 0
      • jahonix
        jahonix last edited by

        @sheepthief:

        The one advantage of UTMs is that they can be centrally managed, and firewall rules and definitions can be quickly deployed to all devices.

        Just wait.
        The team is working on something called NRDM which will be a central management platform/system/appliance/who_knows. But absolutely no ETA as of today. Future product.
        More info here: https://forum.pfsense.org/index.php?topic=136138.msg745269#msg745269

        Well, there was a thread started some time ago about scaled installs.
        It's more about horsepower than about users but a fun read anyways. Remember it was started about 10 years ago
        https://forum.pfsense.org/index.php?topic=7668.0

        I know that some schools and universities use it but I have no idea about user count. And schools are somewhat less critical than businesses might be. Or not. 100 teens in a school without internet might get you frightened pretty soon…  ;)

        1 Reply Last reply Reply Quote 0
        • ?
          Guest last edited by

          So, although I'm reasonably comfortable with pfsense, I guess I'm looking for some assurance before using them in a more important role. Are you using pfsense in a commercial role for a large number of users? Do you use Netgate hardware? Do you have official support? What do you think?

          You are talking here about many points that will be not able to merged into one question, there are
          many ways to solve out this point, needs and wishes by going any way you want and need it. But to
          being sure that all is also matching right this is purely not enough information you are providing to us.

          For sure they are companies from the lower bottom to the highest top, and they are also prefer using OpenSource
          based applications and firewalls to, in any kind of nature, I know a auto garage that is using that pfSense firewall
          and I personally know also a mid ranged data center that is using that pfSense firewall internally too, so not only
          and even at the WAN interface, but more in many directions and fields. This is not the problem as I see it right.

          In many countries, many companies are bounded to go and act by the following points;

          • Company rules (company and group rules)
          • Insurance rules (ICSA I, II or II certified)
          • Rules from supplier, customers and other partners
          • hidden, silent or secret market rules given form and by NASDAQ or stock exchange analysts
          • Country rules, laws and government rules or policies to all connected companies of a supply chain

          So if all is open to you and your company you should be waiting at this point or cantact them not only
          here in the forum, it is moderated but a user to user forum too! write to the Support

          I personally would wait a while based on the news that perhaps a new hardware line will be up in the next time
          based on the the Intel C3000 (Denverton) or Intel Xeon D-15xxN could be matching well and for sure you could
          also walk down the road with your own hardware and get qualified support from them if there is not all matching to
          your needs, criteria and/or willing.

          The last think would be also often forgotten or not spoken about, the pfSense Training that will be bringing
          you up to manage all the things better by your own! For a longer time period of usage it might be a great
          deal for both sides.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post