Do people using pfsense all work in IT?
-
I used m0n0wall as a captive portal for guest wireless at a small convention/training space, worked great. It went in when a previous employee said we'd need to spend a bunch on a appliance like solution, I used a recently retired Dell PowerEdge 2850. I think I put it in around February of 2010. It ran for a while after I left, although I heard they migrated to pfSense due to state table issues. If I knew about pfSense at the time, I would have used it instead (I had been using m0n0wall at home for quite some time.)
I currently work with a -very- large LAN party group that hosts 400+ person LAN parties, often with dual 100Mb uplinks. We use pfSense on decent hardware ("white box" server) and it's perfectly stable.
-
I work in IT professionally, though we don't use pfsense at work, I have heard of pfsense being used in such circumstances.
Though it's not common, if a company has enough funding for budgets they tend to (if their network is relatively large), they tend to go for much more profound hardware, in the sense of companies like Cisco, at work we use a Netgear patch box (not sure what it actually is), since the gateway's an old server we used to use.
-
I'd estimate 90-95% of the people here are in IT. Not necessarily networking and security experts, though many have very impressive credentials, some are more entry level folks looking to grow their skillset. The last ~5-10% tend to be students with IT-related interests, and some people who are reasonably technical but not in IT by trade who are running it at home or some network they're managing somewhere being someone who knows something about computers.
I'm not sure what split our user base is between home use and business, but there are easily tens of thousands of boxes running in various business networks, big universities, state local and federal government in multiple countries, and more. Most of our business customers we get because the people in charge use it at home first, see it can do everything their <big name="" vendor="">box can do and then some in some areas, and when it comes time to upgrade firewalls or put in a new colocation or office, they go with pfSense instead of dropping an order of magnitude more money on commercial gear to provide the exact same end result or a lesser result in some cases. Other times their existing firewall starts flaking out and they need a replacement fast, and there's little faster than being able to install pfSense on about anything you have laying around and throw it in. It works out so well they don't bother going back to commercial alternatives.
Can you build on your experience running a small network like that to get into networking and security professionally? Sure, you'll have to dig in and learn more things than you'll pick up just running a small network though. Read general networking books, general security books, our book http://pfsense.org/book is good for having very solid firewalling and related theory in addition to specifics with pfSense. Lot of that knowledge transfers over to any firewall, so it's a good choice for learning firewall topics in general. You can definitely build upon what you've learned to get to a professional level in networking and/or security, but it'll require a good deal of work beyond just what you've picked up here and there running such a network. That's probably enough background to get started in a help desk type role, which is the common entry-level position in IT, and work your way up from there. The vast majority of IT people I know, and myself personally, started out in a help desk/desktop support type of position, worked on their own to grow their skillset, and got promoted up through the organization to positions in networking, security, or similar after proving their skills and determination to grow professionally. If you're established in some other career you may have to take a significant pay cut to start off in an entry level IT role, and be prepared to not make a whole lot of money for a couple years or so while working your way up the ladder.</big>
-
I'm a home user with no work history in the IT field. I taught myself to use computers in 1992, my first being an AppleII, and currently have a computer running OpenBSD 5.2 and a laptop running FreeBSD 9.0.
My first experience with firewalls was the Conseal PC Firewall, a rules-based packet filter, on my Windows98 box. Both of my computers run the OpenBSD pf firewall, but my first experience with a hardware firewall is my current pfSense box installation, which I utilize on my home Ethernet network. Having some prior experience with the pf firewall I'm comfortable with pfSense rules and operation and haven't had an ounce of trouble out of it since I first started using it earlier this year.
I've considered going with a straight OpenBSD or FreeBSD box as a firewall but I'm very happy with pfSense and have no plans to switch over from using it.
-
@cmb:
Most of our business customers we get because the people in charge use it at home first, see it can do everything their <big name="" vendor="">box can do and then some in some areas, and when it comes time to upgrade firewalls or put in a new colocation or office, they go with pfSense instead of dropping an order of magnitude more money on commercial gear to provide the exact same end result or a lesser result in some cases.</big>
<big name="" vendor="">I manage the IT infrastructure of a small NGO and that's exactly my case. Started using m0n0wall at home and then "upgraded" to pfSense because of upnp support ;) . When I realized the potential of pfSense I ditched Sonicwall at work. I have been running pfSense in two locations for few years without problems and I recommend it every time I have a chance.</big>
-
I've considered going with a straight OpenBSD or FreeBSD box as a firewall but I'm very happy with pfSense and have no plans to switch over from using it.
This has come up before, and for many real-life scenarios pfSense can probably save most "ordinary" network admins a huge amount of time (i.e. do in two hours what one would probably spend 20 hours to accomplish with OpenBSD or FreeBSD). If on the other hand you're looking to build a LNS box for 5k users for an ISP, you'd probably better with plain FreeBSD.
-
I work in IT and have 20+ years of experience. I am a dedicated "Windows" guy and know very little of FreeBSD "nerd" stuff. So the GUI of PFsense is what I need and I need a "walkthrough" when it comes to github asf. I have run firewalls like M0n0wall, IPcop and smoothwall. Always returning to PFSense. Currently running 1.2.3, since I have weird issues with 2.0.1 and generally think its not very intuitive compared to 1.2.3. I have been on the forum for quite some time and have learned a lot from the very nice people in here. I got the idea to make Countryblocker for 1.2.3, but dont have the knowledge to make it. Tommyboy180 did, and he did it quickly!
-
I'm a tier II tech who works for the government in the US (Department of Energy) and have the advantage of a large team. I can take what I learn from messing around with the pfsense setup at home, and have a fuller grasp of what our netops team is talking about.
More recently I purchased a tp-link smart-switch that supports VLANs. I've since converted my pfsense box to ESXI, virtualized my pfsense and setup 5 vlans. Talk about being thrown into the deep end, coming from no working knowledge of vlans other than their purpose.
Helps greatly when trying to discuss issues at length with netops. I can also go spend the day with them, and see their day-to-day work.
So just by toying around with pfSense I've exposed myself to basic routing, packet-filtering, squid, VLANs, BGP, ESXI, and a handful of other neat things.
In summary to answer the OP's question, I would say depending on your devotion and expanding your experimenting, you could easily get an entry level job in the networking field. You'd quickly want to get some cisco training as you without question will run into cisco devices.
-
I'm too working in IT, but more on business IT side like SAP, Oracle DB or new stuff like iPad as single device.
For those topics is always good to know how the bits travel between end points. I use pfSense on ESXi 5.1 mainly at home; but with the goal to prototype/showcase some solutions for business and to continue learning. Playing around is it too. A bit. A lot bit ;D -
should of run a poll! IT isn't my profession, but I like to tinker with things like pfsense and computer gear.
-
Solid state electronics student for me. Tangentially IT, but not really at the same scale.
Love pfsense at home though undoubtedly running on an overkill machine. -
Retired IT type here, started out with MonoWall, moved to SmoothWall for more features but got tired of the lack of direction, progress, bug fixing and the horrible additional tools process there.
Spent a lot of time reading about small firewalls, both the performance and as important the community and decided pfSense looked like the best spot for me.
-
Police
first job was in IT as technician but it was rather dull so I did not go back to it after doing my time in army. Computers&networks are more or less just hobby..
-
I work in IT but only use pfSense personally. I did have it as a guest-wireless firewall in a previous job, but that's about it. While it is the best of the cheap or free options out there, it fails on useful logging, packages (too many beta packages), timely bug fixes and updates compared to the big boys.
-
While it is the best of the cheap or free options out there, it fails on useful logging, packages (too many beta packages), timely bug fixes and updates compared to the big boys.
What kind of logging are you missing ? Considering that not only does pf allow very detailed logging, you can use tcpdump on pflog or the physical interface(s) either from CLI or webGUI, and you can export netflow data.
Regarding timely bugfixes and updates, I'd be inclined to agree, but I'd think with the significant increase in installed base to 170+k live pfsense systems, it will eventually be possible to improve pace through crowd-funding.
Anyway pfSense does still miss some "big boy" features (e.g. L2TP/IPsec, GRE NAT proxy, TCP multipath, IPsec IKEv2, IPsec redundancy with multiple Phase-1, IPsec VTI, DMVPN, L7 filtering etc), most of which however are not relevant to probably 95% of the SMB installations. And in return pfsense offers ISC dhcpd, ntpd, unbound, openvpn and so much more.
-
packages (too many beta packages), timely bug fixes and updates compared to the big boys.
Re: Package versions, that's mostly the fault of the various maintainers just never updating the status. Most all of them are probably at least "stable" but that field is mostly ignored.
We fix bugs very fast in most situations. We may not have very frequent releases, but the bug fixes are public in the source repos and they can be applied as needed in many cases. And there are always snapshots if one needs certain fixes/features before an official release.
-
While it is the best of the cheap or free options out there, it fails on useful logging
What kind of logging are you missing ? Considering that not only does pf allow very detailed logging, you can use tcpdump on pflog or the physical interface(s) either from CLI or webGUI, and you can export netflow data.
valnar, when you have a moment, please elaborate on what you meant by "useful logging" and pfsense limitations vs other platforms.
TIA.
-
It's not the logging per se, but the user interface for it, hence "useful logging". If you are familiar with the Checkpoint and Cisco ASDM GUI's, you'd know what I mean - especially for troubleshooting problems.
Geez, sorry if I offended anyone. ;)
-
It's not the logging per se, but the user interface for it, hence "useful logging". If you are familiar with the Checkpoint and Cisco ASDM GUI's, you'd know what I mean - especially for troubleshooting problems.
Geez, sorry if I offended anyone. ;)
No offence whatsoever taken :-) I was just trying to understand where you were coming from, because "logging" might mean different things to different people.
Anyway, as I wrote above, while the webGUI doesn't expose too all available functionality to the user, a knowledgeable networking professional can always drop to the CLI and do all sorts of troubleshooting.
-
It's not the logging per se, but the user interface for it, hence "useful logging". If you are familiar with the Checkpoint and Cisco ASDM GUI's, you'd know what I mean - especially for troubleshooting problems.
Geez, sorry if I offended anyone. ;)
Well it's not really offensive per se, it's just extremely vague and unhelpful. If you can explain what "useful" means specifically, to you, it would help more than a vague complaint.
Also try 2.1, the firewall log filtering was expanded quite a lot.