Pfsense - replacing kerio
Hey guys, a quick question: currently using some kerio firewalls. They are serving us well but unfortunately suffer in terms of configuration management and keeping them synced, and their API. I am looking at pfsense as a solution along with squid and some paid subscription options for web categorization. I am not yet sure though if it can do some of the things kerio can
->users authenticate against active directory before getting access to the network (with the exception of some white listed IPs)
-> once authenticated accesses are given access to internal resources based on active directory security group membership. Depending on the groups they r in they get access to sets of internal IPs or IP ranges or dns names, more groups == more resources
-> access to external resources (dns names / IPs / web categories) is given based on group memberships as well. More groups == more categories.
Thank you for your feedback