Features for Enterprise environment
-
I will likely be posting bounties on these features, but to be honest these features would just make pfsense more adoptable to users within Enterprise environments.
1. Enable TACACS authentication backend for the management console (http/https) and eventually TACACS accounting.
2. Fix LDAP authentication so that it does not require the memberOf overlay (make it OpenLDAP friendly, you shouldn't have to hack your LDAP infrastructure to fit one type of LDAP client)
3. Make pfsense "puppet friendly" (or just get the ball rolling - it doesn't have to be complete). Yeah, someone can post a bounty….then wait.....then get no response. Keep in mind that these changes are going to appeal to Enterprise environment admins who already have their commercial firewalls with dedicated change management systems - those people rarely post bounties.
4. In the absence of puppet, or in addition to, create a management API. Controlling these systems shouldn't be so reliant on the WebGui. -
3. Make pfsense "puppet friendly" (or just get the ball rolling - it doesn't have to be complete). Yeah, someone can post a bounty….then wait.....then get no response. Keep in mind that these changes are going to appeal to Enterprise environment admins who already have their commercial firewalls with dedicated change management systems - those people rarely post bounties.
Although this is a somewhat old post, the situation may change to match your needs… I've started adding puppet support to pfSense as a separate package:
https://forum.pfsense.org/index.php?topic=79397.0You're welcome to contribute to the pfSense puppet provider and the puppet modules:
https://github.com/fraenki/puppet-pfsense
https://github.com/fraenki/puppet-pfsense_rancid
https://github.com/fraenki/puppet-pfsense_autoupdateRegards
- Frank