New to pfSense: replacement for FortiGate?
-
I've read here on the forums and searched online to gain more knowledge of pfSense. It sounds like, with the right hardware, this can be a solid replacement for FortiGate units for some of my clients. I'm at the point where I need to standardize on one NGFW and would like your thoughts specific to my questions, please.
-
With Fortinet I have quick ticket response and phone support, but at a pretty high cost. I see pfSense offers a similar service, albeit with a NBD turnaround. In practice have most of you found that support to be good? Can I buy one block of hours and use it between my clients?
-
I've seen info on Squidguard and Dansgaurdian as content filtering tools. It looks like SG is a url tool and DG is content. In practice are these reliable, long-term solutions? I need both url/domain and content filtering, including images if possible.
I know I'll have a lot to learn, but appreciate any help you all can give.
-
-
Hi,
I've found the support really helpful over the past 10 months or so. I've had numerous smaller issues that I either would have had to research on my own or live with that were resolved more quickly as a result of the support.
I use Dansguardian in our environment, and it works well - I've never used Squidguard, and I don't use Squid/DG to cache content, only to restrict certain content. That said, you should go into this with the understanding that DG is a package, and as such isn't considered core functionality. An update always has the possibility to cause issues, so if you rely on 3rd party software/packages, please keep that in mind.
I doubt you will find a more capable solution at a better price. Just make sure whatever hardware you plan to use is up to scratch, and you should be A-OK!
– Phob
-
Hi,
I've found the support really helpful over the past 10 months or so. I've had numerous smaller issues that I either would have had to research on my own or live with that were resolved more quickly as a result of the support.
I use Dansguardian in our environment, and it works well - I've never used Squidguard, and I don't use Squid/DG to cache content, only to restrict certain content. That said, you should go into this with the understanding that DG is a package, and as such isn't considered core functionality. An update always has the possibility to cause issues, so if you rely on 3rd party software/packages, please keep that in mind.
I doubt you will find a more capable solution at a better price. Just make sure whatever hardware you plan to use is up to scratch, and you should be A-OK!
– Phob
Very helpful. From the research I've done it looks like DansGuardian is ~$100 for commercial depolyment and free for home and non-profit. I think that's a one-time fee, right? So, if I've put this all together correctly, the only costs to get a firewall, multi-interface, content filtering, domain filtering box is the cost of the hardware plus DG if I need a paid version, plus any donation to pfSense, right? So, in most cases I'll be out about $250-450 depending on hardware.
Am I on the right track?
Now, for support. Can I purchase one block of hours as my business and use it for pfSense deployments at more than one customer or do I have to purchase for each customer?
Thanks for your help.
-
Now, for support. Can I purchase one block of hours as my business and use it for pfSense deployments at more than one customer or do I have to purchase for each customer?
There was, up until a few months ago I think, a Reseller subscription that was geared towards this type of customer. Try reaching out to ESF for a list of your options.
-
Very helpful. From the research I've done it looks like DansGuardian is ~$100 for commercial depolyment and free for home and non-profit. I think that's a one-time fee, right? So, if I've put this all together correctly, the only costs to get a firewall, multi-interface, content filtering, domain filtering box is the cost of the hardware plus DG if I need a paid version, plus any donation to pfSense, right? So, in most cases I'll be out about $250-450 depending on hardware.
Am I on the right track?
Now, for support. Can I purchase one block of hours as my business and use it for pfSense deployments at more than one customer or do I have to purchase for each customer?
Thanks for your help.
We're a registered charity, so as you say there was no cost for DG. The base charge for pfSense support is $600/year. That includes 5 hours of support, extra 5 hour buckets @ $500 per, and if the support relationship is between you and pfSense, I don't see an issue with using that bucket of time for multiple sites - but as the other poster suggested, you can always connect with them for further clarification.
I think if you want the end-user/company to be able to contact pfSense directly, then a separate agreement may be required per company. If you are always the one initiating the support case, I imagine there isn't an issue. The automated backup is supported for multiple sites/firewalls, but be aware that each site can see the other's backup file(s) from within the GUI, so if the client has access to manage the firewall, you might want/need separate accounts.
P