I've spent the day today truly giving this firewall a chance and I'm pretty disappointed in the time I have wasted. I have attempted to run this on 2 different machines, 1 Intel P4 machine and 1 AMD machine, using a total of 6 different nics (3Com and Intel) in different scenarios in ruling out quirks.
The package manager needs quite a bit of work. Lot's of bugs, especially with Snort. I've configured the firewall in several different ways and have found it to be a resource hog with an unacceptable level of packet loss in multiple forms.
The web interface structure also seems kind of backwards as well; not organized as best as it could be. My advice to the developers is to focus on simplicity of function rather than features.
I'll happily see my way out the door now as I'm headed back home to OpenBSD PF, since its reliability is its eye candy 8)
Well… you're not forced to use pfsense...
Most of us tried a lot of other firewalls and came to pfsense because of it's features and not simplicity...
and there are just a few new features in the pipeline such as a new dashboard coming in the next version 1.3 ... (available as a packet by now)
the freature tree is frozen because the next version 1.2 is going to be released soon...
so... with snort, ok... with some points you're right... but: help if you can... have a look in the forums for others having problems with snort and see, what happened so far...
Perhaps someday you'll be back to pfsense ;)
you never know 8)
…Snort... ...I've configured the firewall in several different ways and have found it to be a resource hog...
Maybe you mixed things up here!
pfSense itself is not a resource hog. It even runs on scaled down embedded hardware pretty well - limited to not using packages.
Snort on the other hand IS a resource hog. You can't blame pfSense for that - just don't install Snort.
You cannot argue with die hard command line folks. I've used the command line since Amiga days but I am not 100% tied to it.
Good luck staring at PF rulesets on a monochrome terminal! Oh, and don't forget to play some good ol' Hummpa musc while you are adjusting your rulesets by hand :)
I'm impressed! I've used several commercial firewalls and pfSense is the most intuitive advanced interface I've seen.