Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Love my pfsense..Needs more

    Scheduled Pinned Locked Moved
    Off-Topic & Non-Support Discussion
    2
    2
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michmoor LAYER 8 Rebel Alliance
      last edited by

      Hey everyone
      So I've been exposed to pfsense (opnsense for longer) recently and I love the software for its simplicity and security. Lately ive been failing on the "optimal" firewall to use in my conversations with fellow technologists.

      Depending on the use case, some vendors are better than others. That's the reality. Is it weird for me to say that for most SMB or even DataCenter environments, assuming you don't need L7 DPI inspection and all the bells and whistles, then a pfsense is all you really need at the edge, heck, maybe even within your DMZ?

      The way I see it, PFsense is like a Honda while other vendors(we know who they are) are like Bugattis. They both are cars but clearly one has more premium features than the other and for most folks, the Honda is what you need. As someone who works at an MSP, its hard getting customers to recognize that paying all that money for a Palo for example, is wasteful when you're not turning on 50% of its feature set. Then again they are paying money and my salary so can't complain at all. I will install those firewalls for days without issue.

      In a Covid kind of world, the security landscape has changed. I do see companies asking, demanding, for more which puts me being the pfsense evangelist in a spot where I have to tell them that Yes, the Palos are the way to go. The Fortinets (ugh) is the correct choice. I want those advanced features to be bolted into pfsense. I want fierce competition from my OSS community. I really like pfsense. Love? No thats too much. I think more advanced "NGFW" features are just needed to compete. Something way better than Squid would be nice. PFBlockerNG is such a great package so that's a step in the right direction. Better firewall rules that can incorporate usernames (integration with ldap/AD) along with URL filtering. Some form of DPI where we can tighten down the applications to the correct ports they should use. Before anyone chimes in, I have tried ZenArmor and that is very beta and doesnt work all the time. Just my thoughts.
      Again I love all my firewalls and yes some are better in certain areas than others but for the geek in me I want my open-source firewalls to kick it up a notch. Maybe 2022 is the year.

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      1 Reply Last reply Reply Quote 0
      • C
        ClaraGordon
        last edited by ClaraGordon

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • First post
          Last post