New to pfSense: replacement for FortiGate?



  • I've read here on the forums and searched online to gain more knowledge of pfSense. It sounds like, with the right hardware, this can be a solid replacement for FortiGate units for some of my clients. I'm at the point where I need to standardize on one NGFW and would like your thoughts specific to my questions, please.

    • With Fortinet I have quick ticket response and phone support, but at a pretty high cost. I see pfSense offers a similar service, albeit with a NBD turnaround. In practice have most of you found that support to be good? Can I buy one block of hours and use it between my clients?

    • I've seen info on Squidguard and Dansgaurdian as content filtering tools. It looks like SG is a url tool and DG is content. In practice are these reliable, long-term solutions? I need both url/domain and content filtering, including images if possible.

    I know I'll have a lot to learn, but appreciate any help you all can give.



  • Hi,

    I've found the support really helpful over the past 10 months or so.  I've had numerous smaller issues that I either would have had to research on my own or live with that were resolved more quickly as a result of the support.

    I use Dansguardian in our environment, and it works well - I've never used Squidguard, and I don't use Squid/DG to cache content, only to restrict certain content.  That said, you should go into this with the understanding that DG is a package, and as such isn't considered core functionality.  An update always has the possibility to cause issues, so if you rely on 3rd party software/packages, please keep that in mind.

    I doubt you will find a more capable solution at a better price.  Just make sure whatever hardware you plan to use is up to scratch, and you should be A-OK!

    – Phob



  • @Phobia:

    Hi,

    I've found the support really helpful over the past 10 months or so.  I've had numerous smaller issues that I either would have had to research on my own or live with that were resolved more quickly as a result of the support.

    I use Dansguardian in our environment, and it works well - I've never used Squidguard, and I don't use Squid/DG to cache content, only to restrict certain content.  That said, you should go into this with the understanding that DG is a package, and as such isn't considered core functionality.  An update always has the possibility to cause issues, so if you rely on 3rd party software/packages, please keep that in mind.

    I doubt you will find a more capable solution at a better price.  Just make sure whatever hardware you plan to use is up to scratch, and you should be A-OK!

    – Phob

    Very helpful. From the research I've done it looks like DansGuardian is ~$100 for commercial depolyment and free for home and non-profit. I think that's a one-time fee, right? So, if I've put this all together correctly, the only costs to get a firewall, multi-interface, content filtering, domain filtering box is the cost of the hardware plus DG if I need a paid version, plus any donation to pfSense, right? So, in most cases I'll be out about $250-450 depending on hardware.

    Am I on the right track?

    Now, for support. Can I purchase one block of hours as my business and use it for pfSense deployments at more than one customer or do I have to purchase for each customer?

    Thanks for your help.



  • @djoyce:

    Now, for support. Can I purchase one block of hours as my business and use it for pfSense deployments at more than one customer or do I have to purchase for each customer?

    There was, up until a few months ago I think, a Reseller subscription that was geared towards this type of customer.  Try reaching out to ESF for a list of your options.



  • @djoyce:

    Very helpful. From the research I've done it looks like DansGuardian is ~$100 for commercial depolyment and free for home and non-profit. I think that's a one-time fee, right? So, if I've put this all together correctly, the only costs to get a firewall, multi-interface, content filtering, domain filtering box is the cost of the hardware plus DG if I need a paid version, plus any donation to pfSense, right? So, in most cases I'll be out about $250-450 depending on hardware.

    Am I on the right track?

    Now, for support. Can I purchase one block of hours as my business and use it for pfSense deployments at more than one customer or do I have to purchase for each customer?

    Thanks for your help.

    We're a registered charity, so as you say there was no cost for DG.  The base charge for pfSense support is $600/year.  That includes 5 hours of support, extra 5 hour buckets @ $500 per, and if the support relationship is between you and pfSense, I don't see an issue with using that bucket of time for multiple sites - but as the other poster suggested, you can always connect with them for further clarification.

    I think if you want the end-user/company to be able to contact pfSense directly, then a separate agreement may be required per company.  If you are always the one initiating the support case, I imagine there isn't an issue.  The automated backup is supported for multiple sites/firewalls, but be aware that each site can see the other's backup file(s) from within the GUI, so if the client has access to manage the firewall, you might want/need separate accounts.

    P


Log in to reply