Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Juniper vs Pfsense

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 6 Posters 7.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q Offline
      quinox
      last edited by

      Hi there,

      I'm starting to a new job soon. I don't know all the details about their setup yet, but I know they're "Open Source minded" and already running some Open Source software/application in their infrastructure like OpenVPN, Libre-office and Zarafa.

      Because I want to prepare my best for this new job, I'm digging around in their network security. The company i'm talking about has +/- 20 branche offices around the world. i know they're using Juniper for routing. I don't know which type of Juniper device.

      I've read some Juniper documentation (Junos for dummmies and Junos cookbook), but find it hard to apply firewall setting on juniper devices. I also missing some essential items in Juniper. Maybe that is because I do not have worked with Juniper devices before.

      I can immagine this company used BGP to connect to their branch-offices.

      So here my question.
      Will it be a bennefit or simply just logical, to put a pfsense box after (or before, just how you see the flow ;-)) a juniper box?

      Pfsense it much easier to maintaine then a juniper box in my perspective.

      any thoughts?

      Kind regards,

      Niek

      1 Reply Last reply Reply Quote 0
      • D Offline
        dzeanah
        last edited by

        Well, Juniper makes a number of devices that do switching and routing, and they have another line of devices that compete more directly with pfSense that are designed to be border devices.

        Will it be a bennefit or simply just logical, to put a pfsense box after (or before, just how you see the flow ;-)) a juniper box?

        I'd think it would make the most sense to have a pfSense or a Juniper box in the same place, personally.

        With that said, "if it ain't broke, don't fix it."  I wouldn't be impressed if I was interviewing someone for a job and they recommended pulling out infrastructure that's currently working fine (and paid for) in order to replace it with an open-source solution they like better but costs more (because you'd need to buy the hardware to run pfSense on it.)

        1 Reply Last reply Reply Quote 0
        • Q Offline
          quinox
          last edited by

          Thanks for your answer.

          It was just a thought. As I said…I don't know all details about their infrastructure yet, but was just wondering if it would make sense.

          Kind regards,

          Niek

          1 Reply Last reply Reply Quote 0
          • M Offline
            Metu69salemi
            last edited by

            I would like to know more detail before doing changes. All the firewall rules at least and what services need to through what device etc

            1 Reply Last reply Reply Quote 0
            • ? This user is from outside of this forum
              Guest
              last edited by

              If a company already has a significant investment in Juniper gear, they're going to be fairly skeptical of some candidate who wants to strip it all out for another solution.  Its better to learn the gear they have, be proficient with it and then after you've proved yourself to your employer, make appropriate recommendations for how to make improvements.  You'll also find that this approach tends to help you plan your pfSense deployments a little better since you already know how the network is configured and can keep an eye out for the little gotchas that any large network retooling project has.

              1 Reply Last reply Reply Quote 0
              • A Offline
                anoopch
                last edited by

                @submicron:

                If a company already has a significant investment in Juniper gear, they're going to be fairly skeptical of some candidate who wants to strip it all out for another solution.  Its better to learn the gear they have, be proficient with it and then after you've proved yourself to your employer, make appropriate recommendations for how to make improvements.  You'll also find that this approach tends to help you plan your pfSense deployments a little better since you already know how the network is configured and can keep an eye out for the little gotchas that any large network retooling project has.

                That helped a lot.. Thanks… and saved me a 2 yr contract job...

                1 Reply Last reply Reply Quote 0
                • J Offline
                  jikjik101
                  last edited by

                  @submicron:

                  If a company already has a significant investment in Juniper gear, they're going to be fairly skeptical of some candidate who wants to strip it all out for another solution.  Its better to learn the gear they have, be proficient with it and then after you've proved yourself to your employer, make appropriate recommendations for how to make improvements.  You'll also find that this approach tends to help you plan your pfSense deployments a little better since you already know how the network is configured and can keep an eye out for the little gotchas that any large network retooling project has.

                  This is a very honest advice. Two thumbs up for this.

                  @Derek:

                  "if it ain't broke, don't fix it."

                  This one I learned in a hard way. ::)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.