• Hey guys, a quick question: currently using some kerio firewalls. They are serving us well but unfortunately suffer in terms of configuration management and keeping them synced, and their API. I am looking at pfsense as a solution along with squid and some paid subscription options for web categorization. I am not yet sure though if it can do some of the things kerio can
    ->users authenticate against active directory before getting access to the network (with the exception of some white listed IPs)
    -> once authenticated accesses are given access to internal resources based on active directory security group membership. Depending on the groups they r in they get access to sets of internal IPs or IP ranges or dns names, more groups == more resources
    -> access to external resources (dns names / IPs / web categories) is given based on group memberships as well. More groups == more categories.

    Any opinions?
    Thank you for your feedback

  • Anyone? :)