• Hi folks,

    We currently use a Sophos WS1000 appliance for web filtering within a school. The maximum load on the box is around 300 users, and we have a 100Mb/s synchronous Internet connection. The problem is that the WS1000 is 5 years old and showing its age in both performance and features.

    We have looked at alternatives, such as Smoothwall and Fortinet, but for install and 3 years of subs we are looking at around £8,000. We're looking at around a 5-year lifespan, much as per the WS1000, so that's probably another £3-4k on top of that as well.

    In terms of features we are not looking for much. It clearly needs to be able to provide web filtering, but also current and historical performance (throughput, peak usage etc.), and AD reporting. It also needs to be able to work via an upstream proxy, which is how our Internet is delivered.

    Is pfSense a viable alternative in this situation? We have a Hyper-V based set of servers, so theoretically could setup pfSense as a VM and use that.


  • Netgate Administrator

    Yes it can do that.
    However it's likely to to take a little playing around with the configuration to get it doing what you need. Still if you've got £12K to save that could be worthwhile!
    What exactly do you mean by 'AD reporting'?
    If you mean running a webproxy that each user has to login to authenticated against Active Directory then you may struggle to get exactly what you want. It can be done though, via captive portal and freeradius for example.

    In my opinion the one part of pfSense you are likely to find lacking is logging/reporting. pfSense can export all it's logs to external reporting software though.

    If you have VM servers setup then I suggest installing it and having a play around.