Pfsense plus vs Pfsense free version

mer

@jack4167 I think this has been answered a few times on this forum, a quick search could lead you to them.

jack4167

@mer Sorry mer, can you please provide me the link or any key word I can search for? A lot of post pop out when I key in pfsense plus or pfsense free

Gertjan

@jack4167

Announcing pfSense Plus

pfSense Plus and pfSense CE: Dev Insights and Direction

See also here : Home pfSense Software Messages from the pfSense Team : the first few forum posts..

jack4167

@gertjan Question. The Pfsense CE has content filtering or only a Web filtering function? Both functions are different, right? Please correct me if I'm wrong

Gertjan

@jack4167

pfSense is a router firewall.
This means : it uses the 'headers' of the packet and acts upon them. It never looks at the "content". Like : the postal office. they looks what on the envelop. Not what in it, as that is considered these days as "not done".
Isn't your content not encrypted (TLS -remember : it's all "https' these days) and totally inaccessible ??

Ok, true, people still dream of "just checking what's in it" so, yes, packages, pfSense extensions, exists that permit you to do the IDS/IPS/MITM thing.
They come for free. Knowing how to use them will cost you a max of your time.

jack4167

@gertjan Appreciate for the clear explanations and helps. Sorry, I still have my last few question.

1. It is tough to setup the HA of pfsense from 2 different buildings?
2. Do Pfsense have the SD-WAN function?
3. Pfsense plus SSL encryption vs Pfsense CE SSL packages installed. Any different between those 2?
4. It is important to have a AV on Firewall? Understand that the CE don't have any AV installed, but the plus does.
5. Pfsense CE or plus got sandbox features?

Gertjan

@jack4167 said in Pfsense plus vs Pfsense free version:

it is tough to setup the HA of pfsense from 2 different buildings?

You'll need longer cables and some good shoes.

SD-WAN

I was about to answer, but discovered that this 'thing' has been dealt with already.

Pfsense plus SSL encryption vs Pfsense CE SSL packages installed. Any different between those 2?

Dono.
The question is wrong. pfSense is a firewall router.
Out of the box, It handles Ethernet packets and doesn't 'look' at the content.
It use TLS traffic itself when it calls home for upgrade checks etc. It can use TLS for DNS if needed.
For the moment, pfSense Plus is reserved for Netgate devices.

It is important to have a AV on Firewall? Understand that the CE don't have any AV installed, but the plus does

AV ? Anti Virus ?
See this info.
CE and Plus have - out of the box - no AV capabilities.

I just answered the same type of question (I guess ?) 10 minutes ago. Look here what I said (think about it)
So, yes, it can. The real question is : can you ?
Let me use the words of former president Kennedy : "Yes, we can, and yes, it will be hard".
Rocket silence is hard. It still is. IDS/IPS is the same.

Pfsense CE or plus got sandbox features?

It's a firewall router. Not a VM host (or something equivalent).
pfSense uses, or, more precise : is based on FreebSD.

jack4167

This post is deleted!

jack4167

@gertjan Thank you. That all my question. Once again, appreciate you help. Have a good day :)

stephenw10

An HA pfSense setup would usually be between two devices in the same location, often in the same rack. It's intended to mitigate a failing node or connection to/from that node.
There is no reason it could not be between nodes in different buildings as long as they can be on the same layer 2 segments but there's not really much advantage in doing so.

Steve