CMI - Central Managment Interface for pfSense devices - {Now $4,000}
-
This is a new post based on http://forum.pfsense.org/index.php/topic,7949.0.html
1. Manage all aspects of each pfSense firewall from central location (Like m0n0wall CMI).
2. A heads up of all pfsense systems with green light if able to communicate/Red if not with central management device.
Possibly in a tree like format where the icon would turn red or a list format.
Red would be based on rules..ie connection from CMI down, CPU high, low memory, point to point tunnel down, unusually high traffic for entended period of time based on rules.
3. Email notification (SMS notification if possible) when a rule has either a threshold passed or unable to perform the task requested in the rule..ie Ping
Email notification….via smtp local or external
4.Connection from CMI to remote systems must be secure (Probably doesn't need to be mentioned but....)
5. Ability to schedule automatic backups and perform manual backups. Possibly better than automatic is have the system check the file and if it is newer to back it up.
6. Logging of systems to a web based log like in pfSense with ability to filter based on firewall and type of events and export. (I really like the idea of going to one location for all information rather than having to constantly switch)
7. Ability to send log info to syslog for further diagnosis.
8. Should really act as an appliance and not as a package....unless it just means using pfSense with just that package.
9. I really think a one stop shop solution would be best (All services provided within the same box) since this unit will not be acting as a firewall. Prefered but not required.
10. Would be great but not required is mobileweb..ie Iphone or PocketPC or WAP web like interface for remote management via Phone.11. If possible to use an open type technology which would allow people to create new bounties allowing the integration of other devices like switches routers using snmp...etc
12. If possible...option to push rules out to multiple devices at the same time...IE...
Allow Outbound DNS from ALIAS
Block all outbound DNS requestsI could then standardize my alias names for Mail, DNS, etc and push the same rules out to multiple locations.
-
As i told in a previous post, I need three functions: backup, monitor & distribution. What Kapara said covers these requirements, but puts distribution ahead of the first two. So, as I agree with the scope of this thread, I put 500$ if backup & monitoring are covered, and 250$ if i have distribution also.
As for architecture, I agree on a dedicaded sistem.Fridaynoon
-
500 dollars if you included an over view of RRD Graphs.
-
I can still get $200 put toward this.
I'll go with kapara's requirements with the clarification that it will not require an agent on the firewalls (I have many embedded boxes that I want to manage).
I'd be happy if it was basically an extension of m0n0wall-CMI. -
Please update the topic value and add my $1000 bounty.
Also, Kapara:
8. Should really act as an appliance and not as a package….unless it just means using pfSense with just that package.
- Could it become a "fork" à-la pfDns ?
- I still wouldn't mind being able to plug IN my existing intranet / whatever management interface .. thus running it on an admin dedicated LAMP..
- Having a package on the pfsense 'client' firewall seems required to permit setup & communication with the CMI, but maybe some framework (xml-rpc over vpn ?) could be (is already planned to be ?) added to pfsense's code, since if i understand correctly, pfsense is now meant to evolves as a general purpose appliance framework.. ?
9. I really think a one stop shop solution would be best (All services provided within the same box) since this unit will not be acting as a firewall. Prefered but not required.
- We need the ability to easily sync (CARP if working à la pfDns ? or simple db & docroot rsync to slave) to another 'backup-CMI' box
10. Would be great but not required is mobileweb..ie Iphone or PocketPC or WAP web like interface for remote management via Phone.
- Roughly a mater of template engine .. once the function are there .. it shouldn't be hard to generate aproriate html and css
I really hope (dream?) to see this bounty produce some result
Please show support and identify yourselves as possible coders / sponsors (?)
Best regards to the pfs family
-
I will donate $200 for a centralized management tool with these conditions:
1. Clean, documented/commented PHP code (pfsense devs could approve this)
2. Support for DNS based remote pfsense (ie. using dyndns versus ip)These are option, since it may be the purview of an NMS (snmp) software:
3. Visibility of failover from carp or wan
4. Visibility of power conditions based on NUT package messages
5. Visibility of cpu, memory, hdd, network statistics (snmp, rrd)
6. Visibility of users logged in, or state of ipsec connections -
So far based on each persons request this is the breakdown of the bounty:
Kapara - $750
fridaynoon - $750
hdejongh - $500
dotdash - $200
df - $1000
strafelife - $200 (Now $500) If started soon.
geewhz01 - $300
Total: $4,000 - 3 months later
-
Is this bounty going somewhere? Just as I kill the bounty people show interest so I reopen. Now no response for a long time. Is someone truly interested? I can gauruntee the funds I have alocated for only so long. If there is no concrete sign of interest then I will either pull my $$$ from the bounty or request that it be closed unless someone would like to keep it open.
Thanks,
Mark
-
Recommend that this bounty be closed at this time.
-
I'd be willing to through another $300 in the pot if this happens.
-
Great! Lets give it another week and see what happens.
- 8 days later
-
Going once…...
-
Going Twice…...
-
What does m0n0 CMI offer from your requests?
As i never seen it would be interesting to know what it covers and what needs to be added apart the customization for pfSense. Furthermore, this might take some time and with that will it be acceptable to have it only for 2.0+ releases? -
Not too sure about CMI as I am not running m0n0 to know how it works. As to time….I have waited this long...maybe close to a year or more. ;D Waiting for this in 2.0 would not make much of a difference to me. I could wait 8-12 months!
-
I can just imagine having a site with 6 remote sites and being able to push out lan to lan tunnels between firewalls from a single interface. That is not what I am looking for but once a package is available like that I am sure there will be even more features that people would want. Maybe I am wrong but after hearing that some people have upwards of over 100 pfsense firewalls running I cannot imagine how they would not want a central location for managing them.
-
OK i will give m0n0 CMI a look to what it offers and how extensible it is and report back.
Then if you collect the money i can start on giving you functionality to manage rules and get stats and logs from the configured machines. -
I've started coding something similar for my own use. I'd be interested in finishing it if this bounty is still up for grabs. PLMKWYT
-
xanthra, if you are serious about taking this bounty, I would encourage you to contact the individuals in this thread who bid on it, make sure they're still willing to donate and get a complete list of features they want. I would hate for you to go to the herculean effort this bounty is going to require and end up shorted because people aren't willing to pay you for your time.
-
@ Submicron…Good Point!
Can you please tell us more about your project which you have already begun coding? Is it using all BSD type licensed technologies? How far along are you and what capabilities does it currently have if any. Will your project be able to acheive all of the items which were laid out by the people who added to this bounty?
Thanks,
Mark