PfSense newbie, 1.2.3 or 2.0 beta?



  • Hi!

    I am a pfSense newbie that wants to (re-)try pfSense to replace my aging, essentially unmaintained, Linux based firewall.

    (I say re-try because I did try it in the past but it looks like I had some hardware (hard disk) problems and did not had time back then to look at the problem further).

    I am in IT (mostly a programmer but I have done some network administration in the past at work and still do at home) and have used beta programs in the past so I don't have much problem with using them as long as they don't have big gaping security holes in them. I have also modified some of these (beta) programs in the past to suit my needs.

    I am also quite familiar with general firewall configuration stuff (ports associated with at least the most commonly used apps/daemons), port forwarding, ACLs, etc…

    I am not however familiar with how this is implemented in FreeBSD/pfSense...

    Finally, the firewall I want to replace is the one I use at home not the one we use at work...

    I see that 2.0 is supposed to come out this year so I'm wondering if it's worth it to go with 1.x or better to go with 2.0.

    So, if you were in my situation, which version would you choose, 1.2.3 or 2.0?

    Thank you!

    Nick



  • For newcomers that will use it a home 2.0 would be my recommendation as a great deal has be added/changed



  • Thank you! I'm burning the most recent 2.0-beta as we speak..

    Have a nice day!

    Nick



  • I am using the 1.2.3 and I like it kind of a learning curve for me since this is the first time I have used anything like this.  I wanted to do the 2.0 but was a little bit held up on it as it is still in beta are my fears of beta products misguided with pfSense?



  • I have been using 2.0 for a couple of months and it has been solid for me.



  • i am a newbie here as well and i am planning to start with 1.2.1 at least let me get use to the working environment of PFsense then later i can upgrade



  • I assume you meant 1.2.3 not 1.2.1? :)  If this is a home setup, you are not doing yourself any favors by starting with the older release, if you are new to pfsense.  There have been a lot of GUI changes and such, so you will just need to unlearn the 1.2 stuff, etc…



  • I would say use the beta as well, the core is very solid and the few user interface "niggles" don't generally affect actual functionality (or security), especially of basic home functions. Keep in mind that if you try any of the addon packages (which can be installed from within the admin interface), many of these have not been fully tested with pfSense 2 beta, or haven't been tested with the most recent snapshots at least, so they may or may not work well. Many do work, just don't count on it :-) And keep a configuration file backup handy on your computer (easy to download from the UI), you can always reload and start fresh quickly if something goes too wrong.

    Also, you can use the link to the Google Spreadsheet from this post to verify whether the package has been tested and is working in 2.0 from others' perspectives: http://forum.pfsense.org/index.php/topic,22158.0.html



  • @danswartz:

    I assume you meant 1.2.3 not 1.2.1? :)  If this is a home setup, you are not doing yourself any favors by starting with the older release, if you are new to pfsense.  There have been a lot of GUI changes and such, so you will just need to unlearn the 1.2 stuff, etc…

    please where is the link i can download the 2. from?

    thanks for your concern and advice.



  • @collins465:

    please where is the link i can download the 2. from?

    http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_HEAD?C=M;O=D



  • @wallabybob:

    @collins465:

    please where is the link i can download the 2. from?

    http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_HEAD?C=M;O=D

    thanks for the link, i am downloading it already.



  • I have resisted replying to this post since I saw it..

    I am a newbie to pfsense, and not so much of a newbie to networks. I tried both 2.0 and 1.2.3, and in my experience, 2.0's traffic shaper (a must have for me) was not up to scratch yet. All other features seemed ok.

    Maybe I'm getting old, I needed something stable for day to day, and I am happy to mess around with a beta in a VM which I can bring up and down at will or nuke if something goes wrong.

    I don't agree with the other people either, aside from the traffic shaper, 2.0 seemed to be mostly the same as 1.2.3 in terms of options, yes there was more of everything, and a few things were "nice to have". It just was not as stable a platform (duh it's beta!, that's what betas are for, finding bugs and squashing them)

    As a newbie to a newbie, I recommend you start with 1.2.3.



  • Well said!  It bugs me every single time I see people recommending the betas to new users.  Yes, the pfSense betas are generally very stable and nice, but there are always areas that are still being heavily worked on; the traffic shaper is currently one of the two areas of the 2.0 beta undergoing heavy modification right now.  2.0 is intended to be a major enhancement to what has been done in the 1.2 series.  There are a lot of under-the-hood things which have changed quite a bit, but generally it should look and feel a lot like 1.2.x.



  • I think it depends on how many features newbies are going to use. If you're going to use the core features without a lot of fluff, the beta is likely stable enough and secure enough for general use IHMO. However, any new features that are still being tweaked/worked on/updated like the traffic shaper/shaper GUI and things like that, I'd recommend sticking with 1.2.3, or if you want/need a lot of packages since a lot of the 2.0 ones are either broken or break often with beta updates. So…I see both sides, and it depends. I'd still recommend the beta, but with reservations. Part of it depends on how critical it will be (a home router's probably fine on the beta), and learning the 2.0 interface is probably worthwhile vs. 1.x (although the book covers 1.x so there's a point in favor of sticking with the stable if you have the book).

    I've used 2.0 in production (slap me :-) because I needed the shaper to work over an IPSec tunnel and the 1.2.3 release only does shaping over WAN/LAN and nothing else.



  • @David:

    (a home router's probably fine on the beta)

    I'm sorry, I still don't agree with you. While I don't do much (if any) online gaming, and I don't use VPNs/VOIP at home, there were times when I was using the beta that it would suddenly crash for no known reason. The package system didn't work properly (uninstall a module and it still stayed there), the traffic shaper as mentioned was patchy at best and PPPoE was patchy (at best) also.

    These are core functionalities in my opinion and if you let a newbie loose with a beta that has those bugs, he/she is likely to think the problems are due to their hardware rather than the software.

    I really do not recommend the beta for production  :o or home use.



  • Very well. I have not used PPPoE and I've not seen the beta crash, and I mentioned that users who want packages are better off without the beta. What I have used of 2.0 has been overall pretty stable, for the core functions that I use. I'm willing to admit there are core parts I haven't used that are less stable. Again, it comes down to how critical it is. If you're comfortable keeping a recent config backup and are willing to reinstall/restore sometimes if there are issues, I think it's perfectly fine in many home environments. There's not much that a recent config history and a reinstall won't fix even with the beta. If you're not comfortable with a little downtime now and then and a reinstall, then no, the beta is probably not for you. But, that's the definition of beta. I think the argument is, there are less of those issues the closer to release–of course it's a crapshoot whether you get hit, the odds just get better that you won't, the better it gets :-) (Of course odds of a broken system go up with more changes being made as work is done, too...)

    And if you need traffic shaping on anything other than the WAN/LAN, or any other feature that's only in 2.0, well, you don't have much choice, unless you want a different firewall. 2.0 is close enough to release for me to be comfortable with it in specific, well-chosen scenarios. It's been promised before the end of the year I believe, which is fast approaching (seems like it to me anyway!).



  • I am a Newbie - I tried older versions before - but had to  go for Smoothwall. Version 2 works EASY!
    So finally I can use Pf Sense. ;D


Log in to reply