Juniper vs Pfsense



  • Hi there,

    I'm starting to a new job soon. I don't know all the details about their setup yet, but I know they're "Open Source minded" and already running some Open Source software/application in their infrastructure like OpenVPN, Libre-office and Zarafa.

    Because I want to prepare my best for this new job, I'm digging around in their network security. The company i'm talking about has +/- 20 branche offices around the world. i know they're using Juniper for routing. I don't know which type of Juniper device.

    I've read some Juniper documentation (Junos for dummmies and Junos cookbook), but find it hard to apply firewall setting on juniper devices. I also missing some essential items in Juniper. Maybe that is because I do not have worked with Juniper devices before.

    I can immagine this company used BGP to connect to their branch-offices.

    So here my question.
    Will it be a bennefit or simply just logical, to put a pfsense box after (or before, just how you see the flow ;-)) a juniper box?

    Pfsense it much easier to maintaine then a juniper box in my perspective.

    any thoughts?

    Kind regards,

    Niek



  • Well, Juniper makes a number of devices that do switching and routing, and they have another line of devices that compete more directly with pfSense that are designed to be border devices.

    Will it be a bennefit or simply just logical, to put a pfsense box after (or before, just how you see the flow ;-)) a juniper box?

    I'd think it would make the most sense to have a pfSense or a Juniper box in the same place, personally.

    With that said, "if it ain't broke, don't fix it."  I wouldn't be impressed if I was interviewing someone for a job and they recommended pulling out infrastructure that's currently working fine (and paid for) in order to replace it with an open-source solution they like better but costs more (because you'd need to buy the hardware to run pfSense on it.)



  • Thanks for your answer.

    It was just a thought. As I said…I don't know all details about their infrastructure yet, but was just wondering if it would make sense.

    Kind regards,

    Niek



  • I would like to know more detail before doing changes. All the firewall rules at least and what services need to through what device etc



  • If a company already has a significant investment in Juniper gear, they're going to be fairly skeptical of some candidate who wants to strip it all out for another solution.  Its better to learn the gear they have, be proficient with it and then after you've proved yourself to your employer, make appropriate recommendations for how to make improvements.  You'll also find that this approach tends to help you plan your pfSense deployments a little better since you already know how the network is configured and can keep an eye out for the little gotchas that any large network retooling project has.



  • @submicron:

    If a company already has a significant investment in Juniper gear, they're going to be fairly skeptical of some candidate who wants to strip it all out for another solution.  Its better to learn the gear they have, be proficient with it and then after you've proved yourself to your employer, make appropriate recommendations for how to make improvements.  You'll also find that this approach tends to help you plan your pfSense deployments a little better since you already know how the network is configured and can keep an eye out for the little gotchas that any large network retooling project has.

    That helped a lot.. Thanks… and saved me a 2 yr contract job...



  • @submicron:

    If a company already has a significant investment in Juniper gear, they're going to be fairly skeptical of some candidate who wants to strip it all out for another solution.  Its better to learn the gear they have, be proficient with it and then after you've proved yourself to your employer, make appropriate recommendations for how to make improvements.  You'll also find that this approach tends to help you plan your pfSense deployments a little better since you already know how the network is configured and can keep an eye out for the little gotchas that any large network retooling project has.

    This is a very honest advice. Two thumbs up for this.

    @Derek:

    "if it ain't broke, don't fix it."

    This one I learned in a hard way. ::)


Locked