Was wondering if pfsense might ever…



  • i was thinking about the outward differences between the checkpoint firewalls we use in our enterprise at my job, and pfsense.  from my intermediate eye, the list if quite a short one.  honestly, i do see scott getting to his goal of a producing a product that can compete with the big boys.  definatly more than "well on your way" scott…  kudos to you!

    as i was pondering the differences, i was wondering what it would take to create an admin panel, that could control multiple pfsense boxes at one time.  for instance, when we make a change to "the checkpoints" at work, a firewall rule can be applied to 1 or more (selectable which ones), and then they all update and restart their rules.  wouldnt that be awesome to be able to control multiple pfsnense boxes in the same way?



  • This already works when you have a carp cluster and sync the configuration.

    Multiple slaves can be added and it will automatically sync host a -> host b -> host c, etc.



  • what about individual firewalls, say at different sites?  say i had 10 cities each with an office in my company, and i needed to add a rule for each pfsense box.  possibly, vpns between each allowing each office to connect to another (you know, your typical WAN setup).

    supposing, i had a locked down outbound policy at each site, but i wanted to open port 22 outbound on each of the 10 pfsens boxes.  would carp still be the tool to use to open port 22 all at once on each one?

    i wish i had programming skills.  sometimes i get ideas in my head that i wish a computer to do, but i have no way of expressing myself in the form of code :)



  • What you are looking for is a management system capable of monitoring and administering multiple pfSense boxes at different locations?



  • yes, i think something like that would be an truly valuable add-on.



  • This would be an addon project. pfSense already offers remote control capabilities due to the clustersynccode.



  • @hoba:

    This would be an addon project. pfSense already offers remote control capabilities due to the clustersynccode.

    hoba, does this feature still work when the pfsense boxes are located at opposite ends of a vpn tunnel?



  • Yes, it would. It happens on layer3 and is completely routable therefore.



  • I started working on that type of addon few month ago, it is not yet "usable" but I hope I will finish it asap and release it to our great pfsense community. It's a windows service with a frontend GUI that stores all information about multiple boxes (securely stores password for automatic logons), makes full backup of every box everyday (with tunable history list), detects whether or not a node of a cluster has fail over (triggers mail alert). I would like to add some other features as well….like managing a whole box through the GUI (I'm looking at the xmlrpc interface instead of building my own HTTP requests and parsing the replies (that's what I do now for box backup for example)...). At the moment I have not enough time to go through it quickly...this may change soon.
    ;-)

    Nothing else roxxx as pfsense do!



  • @Juve:

    I started working on that type of addon few month ago, it is not yet "usable" but I hope I will finish it asap and release it to our great pfsense community. It's a windows service with a frontend GUI that stores all information about multiple boxes (securely stores password for automatic logons), makes full backup of every box everyday (with tunable history list), detects whether or not a node of a cluster has fail over (triggers mail alert). I would like to add some other features as well….like managing a whole box through the GUI (I'm looking at the xmlrpc interface instead of building my own HTTP requests and parsing the replies (that's what I do now for box backup for example)...). At the moment I have not enough time to go through it quickly...this may change soon.
    ;-)

    Nothing else roxxx as pfsense do!

    Nice! Can't wait to see this  ;D


Log in to reply