CMI - Central Managment Interface for pfSense devices - {Now $4,000}



  • This is a new post based on http://forum.pfsense.org/index.php/topic,7949.0.html

    1. Manage all aspects of each pfSense firewall from central location (Like m0n0wall CMI).
    2. A heads up of all pfsense systems with green light if able to communicate/Red if not with central management device.
        Possibly in a tree like format where the icon would turn red or a list format.
        Red would be based on rules..ie connection from CMI down, CPU high, low memory, point to point tunnel down, unusually high traffic for entended    period of time based on rules.
    3. Email notification (SMS notification if possible) when a rule has either a threshold passed or unable to perform the task requested in the rule..ie Ping
        Email notification….via smtp local or external
    4.Connection from CMI to remote systems must be secure (Probably doesn't need to be mentioned but....)
    5. Ability to schedule automatic backups and perform manual backups.  Possibly better than automatic is have the system check the file and if it is newer to back it up.
    6.  Logging of systems to a web based log like in pfSense with ability to filter based on firewall and type of events and export.  (I really like the idea of going to one location for all information rather than having to constantly switch)
    7. Ability to send log info to syslog for further diagnosis.
    8. Should really act as an appliance and not as a package....unless it just means using pfSense with just that package.
    9.  I really think a one stop shop solution would be best (All services provided within the same box) since this unit will not be acting as a firewall. Prefered but not required.
    10.  Would be great but not required is mobileweb..ie Iphone or PocketPC or WAP web like interface for remote management via Phone.

    11. If possible to use an open type technology which would allow people to create new bounties allowing the integration of other devices like switches routers using snmp...etc

    12. If possible...option to push rules out to multiple devices at the same time...IE...

    Allow Outbound DNS from ALIAS
    Block all outbound DNS requests

    I could then standardize my alias names for Mail, DNS, etc and push the same rules out to multiple locations.



  • As i told in a previous post, I need three functions: backup, monitor & distribution. What Kapara said covers these requirements, but puts distribution ahead of the first two. So, as I agree with the scope of this thread, I put 500$ if backup & monitoring are covered, and 250$ if i have distribution also.
    As for architecture, I agree on a dedicaded sistem.

    Fridaynoon



  • 500 dollars if you included an over view of RRD Graphs.



  • I can still get $200 put toward this.
    I'll go with kapara's requirements with the clarification that it will not require an agent on the firewalls (I have many embedded boxes that I want to manage).
    I'd be happy if it was basically an extension of m0n0wall-CMI.



  • Please update the topic value and add my $1000 bounty.

    Also, Kapara:

    8. Should really act as an appliance and not as a package….unless it just means using pfSense with just that package.

    • Could it become a "fork" à-la pfDns ?
    • I still wouldn't mind being able to plug IN my existing intranet / whatever management interface .. thus running it on an admin dedicated LAMP..
    • Having a package on the pfsense 'client' firewall seems required to permit setup & communication with the CMI, but maybe some framework (xml-rpc over vpn ?) could be (is already planned to be ?) added to pfsense's code, since if i understand correctly, pfsense is now meant to evolves as a general purpose appliance framework.. ?

    9.  I really think a one stop shop solution would be best (All services provided within the same box) since this unit will not be acting as a firewall. Prefered but not required.

    • We need the ability to easily sync (CARP if working à la pfDns ? or simple db & docroot rsync to slave) to another 'backup-CMI' box

    10.  Would be great but not required is mobileweb..ie Iphone or PocketPC or WAP web like interface for remote management via Phone.

    • Roughly a mater of template engine .. once the function are there .. it shouldn't be hard to generate aproriate html and css

    I really hope (dream?) to see this bounty produce some result

    Please show support and identify yourselves as possible coders / sponsors (?)

    Best regards to the pfs family



  • I will donate $200 for a centralized management tool with these conditions:

    1. Clean, documented/commented PHP code (pfsense devs could approve this)
    2. Support for DNS based remote pfsense (ie. using dyndns versus ip)

    These are option, since it may be the purview of an NMS (snmp) software:
    3. Visibility of failover from carp or wan
    4. Visibility of power conditions based on NUT package messages
    5. Visibility of cpu, memory, hdd, network statistics (snmp, rrd)
    6. Visibility of users logged in, or state of ipsec connections



  • So far based on each persons request this is the breakdown of the bounty:

    Kapara - $750
    fridaynoon - $750
    hdejongh - $500
    dotdash - $200
    df  - $1000
    strafelife - $200 (Now $500) If started soon.
    geewhz01  - $300
    Total:  $4,000



  • Is this bounty going somewhere?  Just as I kill the bounty people show interest so I reopen.  Now no response for a long time.  Is someone truly interested?  I can gauruntee the funds I have alocated for only so long.  If there is no concrete sign of interest then I will either pull my $$$ from the bounty or request that it be closed unless someone would like to keep it open.

    Thanks,

    Mark



  • Recommend that this bounty be closed at this time.



  • I'd be willing to through another $300 in the pot if this happens.



  • Great!  Lets give it another week and see what happens.



  • Going once…...



  • Going Twice…...



  • What does m0n0 CMI offer from your requests?
    As i never seen it would be interesting to know what it covers and what needs to be added apart the customization for pfSense. Furthermore, this might take some time and with that will it be acceptable to have it only for 2.0+ releases?



  • Not too sure about CMI as I am not running m0n0 to know how it works.  As to time….I have waited this long...maybe close to a year or more.  ;D  Waiting for this in 2.0 would not make much of a difference to me.  I could wait 8-12 months!



  • I can just imagine having a site with 6 remote sites and being able to push out lan to lan tunnels between firewalls from a single interface.  That is not what I am looking for but once a package is available like that I am sure there will be even more features that people would want.  Maybe I am wrong but after hearing that some people have upwards of over 100 pfsense firewalls running I cannot imagine how they would not want a central location for managing them.



  • OK i will give m0n0 CMI a look to what it offers and how extensible it is and report back.
    Then if you collect the money i can start on giving you functionality to manage rules and get stats and logs from the configured machines.



  • I've started coding something similar for my own use.  I'd be interested in finishing it if this bounty is still up for grabs.  PLMKWYT



  • xanthra, if you are serious about taking this bounty, I would encourage you to contact the individuals in this thread who bid on it, make sure they're still willing to donate and get a complete list of features they want.  I would hate for you to go to the herculean effort this bounty is going to require and end up shorted because people aren't willing to pay you for your time.



  • @ Submicron…Good Point!

    @Xanthra:

    Can you please tell us more about your project which you have already begun coding?  Is it using all BSD type licensed technologies?  How far along are you and what capabilities does it currently have if any.  Will your project be able to acheive all of the items which were laid out by the people who added to this bounty?

    Thanks,

    Mark



  • I initially committed $200, which is still up for grabs.  I will raise it to $500, if we can get this project going, but the requirements must be met (as listed by those who posted bounties).



  • @kapara:

    Can you please tell us more about your project which you have already begun coding?  Is it using all BSD type licensed technologies?  How far along are you and what capabilities does it currently have if any.  Will your project be able to acheive all of the items which were laid out by the people who added to this bounty?

    Right now it just pings a list of machines and shows a green or red light on a web page.  It's kinda like smoke ping light : ) Edit: After re-reading the list in the first post of this thread, I think it basically covers #2
    I'm working on pushing rules out to pfsense clusters because I will have a few to maintain in the near future.
    I think I get backups for free because I'm fetching config.xml to update the rules in the <filter>section.

    Maybe instead of one huge bounty and big project we can make a list of individual requests and chip away at them ?</filter>



  • Hmmm.. It might be difficult to breakdown the items and add a monetary value to them.  Leaving one item out could kill a majority of the bounty leaving only crumbs to be earned.  Maybe you could tell us what you see as realistically possible based on your ability, time frame, cost of your time, etc….  As I mentioned before, I am willing to wait upwards of 8-12 months to be completed if it is broken down on a timeline of sorts.  Also I am sure if done using the recommended technology..bsd license tech...other devs would be more than happy to chip in and help with certain parts as I have seen comments like this in the past on the previous thread for this project.

    Thanks,

    Mark



  • Has anybody seen this?  Pretty nifty and seems to cover some of the items listed

    http://www.observernms.org/



  • Well let's just start with #2 then.  I guess I need to figure out how to create a package for what I've got so far.



  • The problem is seeing if others are willing to pony up for just feature # 2 and putting a $$ value to it.  That might be tough.  I hope some others will chime in with their thoughts on the matter.

    Also you have yet to give any details on what you have already created…

    Cheers,

    Mark



  • ???

    Wish there was an icon showing someone sleeping/snoring!



  • Recommending that this bounty be retired.



  • I have no problem with it getting the smack down!  :o


Log in to reply