Commercial Use



  • So I read through several things and am still a bit confused I was hoping someone might be able to clear things up for me... I do a lot of small business IT work for companies that can’t afford to buy the latest and greatest or even hire their own internal IT support personnel. I just started using pfSense at home in a Hyper-V VM and can’t believe I have never used it before because it so amazing. What I would like to do is save my customers money by eliminating the expensive hardware firewalls of which none of my customers actually utilize other than basic VPN and firewall and move them to Hyper-V VMs. To give some background on the customers most are using generation 8 HP servers in a HA pair with a third server as a shared ISCSCI storage target with at most 15-20 end clients. I’m not looking to make any additional money from switching to pfSense VM firewalls only looking to help my customers save money because most of them are struggling as is. So I’m not actually charging them anything having to do with the firewall I would only be installing it and configuring it as a VM for them. Thoughts? Please and thank you!





  • @KOM has directed you to the relevant documentation for the legal side of resale, so I will not add anything to that.

    I would suggest you consider VMware instead of Hyper-V for the virtual machines, though. There seem to be many more posted issues around here from folks trying to run pfSense on Hyper-V as compared to those running it on VMware. In particular there are issues posted about CARP and throughput on Hyper-V installs. VMware seems to work better.



  • +1 for VMware ESXi. I've played with Hyper-V on Windows Server 2016 and it gave me all kinds of weird issues. I've never had any such problems with VMware going back 6 years now.



  • I'm curious as to the issues you guys are saying because I have had none whatsoever yet. Running 2016 Datacenter GUI and the latest pfSense in a HyperV VM 4 cores 2.6ghz, 8gb ram1866mhz, 50gb vhd sitting on an NVME SSD. Did you guys have LIS set up in the HyperV VMs? I have a 400x25mbps internet connection here at home which is 4 times faster than my average customers wan connection and I have had no throughput issues at all. If anything throughput is more stable than my Netgear Nighthawk R8000. The server I am using for hosting is a DL360p G8 and most of my customers use almost identical hardware. SR-IOV is enabled, as is vmqueue and ipsec offloading. Ive included SS's of the configuration below.

    I also read through that link that you posted before I made my initial post and the given examples were still quite confusing. The pfSense I would offer my customers would be the main distro and possibly have squid/snort so I am not really sure where it would fall. Are plugins technically modifications? My customers would never configure/fix/update the pfSense VM so they wouldn't be clogging up the community forums or anything. My customers will not ever be charged for the pfSense VM especially since it is so easy and quick to install/configure. The big reason for using HyperV over VMWare is cost. These are small businesses that need to be as cost-efficient as possible. They really cannot afford thousands and thousands of dollars in licensing and support fees each year. If I were out to get rich I would still be doing big-time consulting work @ $250 USD/hr but I just want the relaxing life of working with small businesses and helping them out as much as possible here in my local community.

    1.png
    b84575f0-c3fb-4d01-99f5-1e27488cc037-image.png
    e6db342e-1a08-49ee-954f-18ee2fefc778-image.png
    db613711-308e-439c-b30b-e76ef1173af8-image.png
    425a9f47-565d-4d5e-9a64-fefb3335d280-image.png
    fb240f28-9ccd-4c86-b400-38f1f8936425-image.png
    361c40a2-4022-4e49-9e18-950ac0db666d-image.png
    3b04c446-fdeb-4cb0-8f60-a7c7c24393e5-image.png

    EDITED FOR INCORRECT RAM SPEED



  • You can browse this sub-forum for a list of various issues on the different hypervisors out there: https://forum.netgate.com/category/33/virtualization. To be fair there are issues posted for all of the popular hypervisors, and it's not always clear what the particular skill level of a given poster is. That might skew the numbers a bit. I just seem to recall over the years more weirdness coming from Hyper-V users.

    I have only toyed with Hyper-V very, very briefly. I am much more familar with ESXi, so I will admit potential bias in that direction. If Hyper-V is working for you without issues and it fits the budget of your customers, then go for it ... ☺ .



  • Yeah I was pretty much raised on VMWare so there will always be a soft spot in my heart for it. Learning HyperV was no easy task but for cost-effectiveness it's well worth it for my clientele. I think understanding the skill level of people using opensource/community-based software is always more difficult. I know my knowledgebase as a senior systems and networking engineer is quite different than the guy next door who just builds home desktops for people.

    Back to the original topic... Sorry for getting a little distracted.

    With this use case above do you think I would be running into issues license-wise? Partnership would not make very much sense as I would not be using pfSense to make money for anyone only to save money for my customers. I wouldn't mind building into each install package a small $100 pfSense donation fee to support the pfSense project.



  • @cpjet64 said in Commercial Use:

    Back to the original topic... Sorry for getting a little distracted.

    With this use case above do you think I would be running into issues license-wise? Partnership would not make very much sense as I would not be using pfSense to make money for anyone only to save money for my customers. I wouldn't mind building into each install package a small $100 pfSense donation fee to support the pfSense project.

    With the usual "I am not a lawyer" disclaimer, I think you are fine selling a firewall and installing pfSense on it for the customer. Where you would run into trouble would be if you sell the firewall and advertised it as a "pfSense" firewall. The pfSense trademark is the sensitive spot according to my limited understanding. If in doubt, by all means call the Netgate folks and talk to them. They are friendly and won't bite ... 😀 . They will guide you on the proper steps.

    With a virtual machine setup, I would think that so long as all you did was install the Community Edition of pfSense on the customer's hypervisor and charge only for your labor, you would be okay. You just can't use the name or logo "pfSense" without explicit permission and you couldn't make money off the pfSense trademark. I'm sure they would appreciate any donation to the project, but I would talk to them about all this first one-on-one by phone or email.

    There is a little bit of lawyer talk about trademarks here: https://www.netgate.com/company/legal/trademarks.html.



  • I wasn't even planning on advertising it for sale. I was literally going to just bundle it in with network setup as a free firewall/vpn/isa. Because I can get it set up for in about 30 minutes for most configurations now I wasn't even going to charge labor for it either. It's a good idea though I will have to find their number and call and ask them. I will report back in here once I have gotten the word from them just in case anyone else who is like me does not understand the lawyer talk.



  • @cpjet64 :
    Reading through the link that @KOM posted, I think what you are wanting to do would fall within the "Example 1" write-up near the top of that document. All of their contact info is in a link at the bottom of every forum page. Here it is: https://www.netgate.com/company/contact-us.html.



  • As an aside, Hyper-V is free with Windows, ESXi is free by itself. You would need to pay for vCenter if you need to manage several hosts from one view, or if you needed advanced features or something that requires a higher license level. Most SOHO's can get away with just the one host which can be managed from its web gui.



  • So I just had quite the eyeopening call with Bob and I honestly had no idea how pfSense was setup. I would highly recommend anyone who is looking to switch to pfSense for customers or work to call him. He will tell you how it is and if you're like me then you will most likely end up buying an actual appliance from them. I still have to do a bit of research on TNSR for this application but I have a strong feeling the SG-1100 will fit my customers much better and make my life easier as well. Thanks for the comments!



  • @cpjet64 said in Commercial Use:

    So I just had quite the eyeopening call with Bob and I honestly had no idea how pfSense was setup. I would highly recommend anyone who is looking to switch to pfSense for customers or work to call him. He will tell you how it is and if you're like me then you will most likely end up buying an actual appliance from them. I still have to do a bit of research on TNSR for this application but I have a strong feeling the SG-1100 will fit my customers much better and make my life easier as well. Thanks for the comments!

    You're welcome. And buying actual Netgate hardware is the best way to support the project. pfSense itself is free, and they make their living selling hardware and support.


Log in to reply