Anyone see pfSense vs SonicWall NGFW??
Is there an integrated NGFW feature or application level inspection offering later?
** Couple years old but relevant question **
Don't get me wrong, but I see exactly zero reasons to link "blogposts" that are basically advertisement for some product. What the hell is "next generation firewall" in the first place? Something like Web 2.0? ::)
I was looking up Fireeye, and saw the terms NGFW for their APT based products - ended up to this article. I use pfSense therefore the comparison got my interest on a different subject- NGFW portion. It's just a fancy term for firewalls that's capable of application level inspection including HTTPS. My question to this was road map of similar capability in pfSense. It was a question to pfSense team. FYI…I despise SonicWalls.
Certainly looks expensive and limited in option to me. Perhaps we should call it iWall in honour of other very pricey cute products with neat ads?
Seriously… most people do NOT want anything like that. Overly complex (and buggy), overly HW-demanding, overly overkill, ... I've been playing with Astaro (now Sophos UTM) for quite some time, and... uh. Certainly NOT for me. Not even close. Crazy. There seriously are much more simple and much less error-prone ways to get things secured than these "all-in-one" appliances. Jack of all trades, master of none? :P
Perhaps you could start a business:
FormOverFunction solutions Inc.
You could sell shiny metal boxes that go nowhere and do nothing but have very slick advertising.
They could include such features as NextIP, FutureOSaware, and exclusive TunnelClean technology.
Could make a lot of money?
Seriously… I never liked the security suites for Windows. Usually they have a good firewall, but piss-poor antivirus, or the other way round. And then they bundle a bunch of added bloatware that allegedly brings so called "added value" functionality - as usual, for each of those value-added functions a much better, smaller, and cheaper alternative exists. As for the application firewalls - these are so much better done on localhost, I seriously don't get why I'd want the functionality moved to some centralized megabox which does much worse job with much higher demand on resources and is much more difficult to maintain. Huh...