Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Was wondering if pfsense might ever…

    Scheduled Pinned Locked Moved General pfSense Questions
    10 Posts 5 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sharaz
      last edited by

      i was thinking about the outward differences between the checkpoint firewalls we use in our enterprise at my job, and pfsense.  from my intermediate eye, the list if quite a short one.  honestly, i do see scott getting to his goal of a producing a product that can compete with the big boys.  definatly more than "well on your way" scott…  kudos to you!

      as i was pondering the differences, i was wondering what it would take to create an admin panel, that could control multiple pfsense boxes at one time.  for instance, when we make a change to "the checkpoints" at work, a firewall rule can be applied to 1 or more (selectable which ones), and then they all update and restart their rules.  wouldnt that be awesome to be able to control multiple pfsnense boxes in the same way?

      Jonathan

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        This already works when you have a carp cluster and sync the configuration.

        Multiple slaves can be added and it will automatically sync host a -> host b -> host c, etc.

        1 Reply Last reply Reply Quote 0
        • S
          Sharaz
          last edited by

          what about individual firewalls, say at different sites?  say i had 10 cities each with an office in my company, and i needed to add a rule for each pfsense box.  possibly, vpns between each allowing each office to connect to another (you know, your typical WAN setup).

          supposing, i had a locked down outbound policy at each site, but i wanted to open port 22 outbound on each of the 10 pfsens boxes.  would carp still be the tool to use to open port 22 all at once on each one?

          i wish i had programming skills.  sometimes i get ideas in my head that i wish a computer to do, but i have no way of expressing myself in the form of code :)

          Jonathan

          1 Reply Last reply Reply Quote 0
          • Y
            yoda715
            last edited by

            What you are looking for is a management system capable of monitoring and administering multiple pfSense boxes at different locations?

            1 Reply Last reply Reply Quote 0
            • S
              Sharaz
              last edited by

              yes, i think something like that would be an truly valuable add-on.

              Jonathan

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by

                This would be an addon project. pfSense already offers remote control capabilities due to the clustersynccode.

                1 Reply Last reply Reply Quote 0
                • S
                  Sharaz
                  last edited by

                  @hoba:

                  This would be an addon project. pfSense already offers remote control capabilities due to the clustersynccode.

                  hoba, does this feature still work when the pfsense boxes are located at opposite ends of a vpn tunnel?

                  Jonathan

                  1 Reply Last reply Reply Quote 0
                  • H
                    hoba
                    last edited by

                    Yes, it would. It happens on layer3 and is completely routable therefore.

                    1 Reply Last reply Reply Quote 0
                    • J
                      Juve
                      last edited by

                      I started working on that type of addon few month ago, it is not yet "usable" but I hope I will finish it asap and release it to our great pfsense community. It's a windows service with a frontend GUI that stores all information about multiple boxes (securely stores password for automatic logons), makes full backup of every box everyday (with tunable history list), detects whether or not a node of a cluster has fail over (triggers mail alert). I would like to add some other features as well….like managing a whole box through the GUI (I'm looking at the xmlrpc interface instead of building my own HTTP requests and parsing the replies (that's what I do now for box backup for example)...). At the moment I have not enough time to go through it quickly...this may change soon.
                      ;-)

                      Nothing else roxxx as pfsense do!

                      1 Reply Last reply Reply Quote 0
                      • H
                        hoba
                        last edited by

                        @Juve:

                        I started working on that type of addon few month ago, it is not yet "usable" but I hope I will finish it asap and release it to our great pfsense community. It's a windows service with a frontend GUI that stores all information about multiple boxes (securely stores password for automatic logons), makes full backup of every box everyday (with tunable history list), detects whether or not a node of a cluster has fail over (triggers mail alert). I would like to add some other features as well….like managing a whole box through the GUI (I'm looking at the xmlrpc interface instead of building my own HTTP requests and parsing the replies (that's what I do now for box backup for example)...). At the moment I have not enough time to go through it quickly...this may change soon.
                        ;-)

                        Nothing else roxxx as pfsense do!

                        Nice! Can't wait to see this  ;D

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.