Enterprise style Central Management Interface - {Now $1900}
-
I would like to see a solution for pfsense similar to what is available for m0n0wall. See: http://m0n0wall-cmi.sourceforge.net/. I would like to be able to securely maybe via SSH to manage all of my pfsense firewalls from one central device. I hoping it will be easy to port over to pfsense since there are similarities between the 2 products. I would also like the ability in the product to automatically have the device perform a backup of the remote firewalls config automatically if it checks and can see a change was made to the config. Ability to automtically ping and email if a firewall is not available for some reason. IMHO This type of solution would really be an incredible addition.
So to be exact I would like the following features:
1. Manage all aspects of each pfsense firewall from central location (Like m0n0wall).
2. A heads up of all pfsense with green light if able to communicate with central management device. and system health. (Version running not necessary but would be nice) If unable to communicate send email alert via smtp.
(This might be done by pinging the interface either internally or externally. (See 3 for options)
3. Secured access via VPN or SSH.
4. Ability to automatically create backups of each firewall automatically or when a change is noticed by the device. With ability to limit number of backups to a specific amount so they start to drop off to conserve space.
5. Web Log file with snmp capability.Hope others will find this to be a great addition and jump on board and add more to the bounty.
Thanks,
Mark
-
I would also love to see something like this for pfSense. I can add $200 to the bounty. If there is sufficient interest here, someone should get in contact with the author of m0n0wall-cmi to see if it is something he would be interested in undertaking.
-
Hi,
I'm the author of m0n0wall-cmi.
m0n0wall-CMI was first developped inside the firm I was working for. Now I've left this firm to start freelance activities and I will just have some time to update and maintain the original project…
Although, this bounty should not take that much work IMOH.. I don't know that much about pfsense but AFAIK, it is managed also with a XML system. m0n0wall-CMI is developped in an object way and could be easily used to manage some pfsense boxes. In another hands, it has taken 3 month of active development (almost full-time job) and is not yet completed. I got a huge TODOLIST for this project also...
I can't say yet if I could manage to get this port done in a near future, even if while starting developing this project, making it compatible with pfsense was in my mind. What I could say is that if someone is willing to help me in this development and know well PHP5 OO, I'm willing to provide base work, help and even integrate the work into m0n0wall-cmi itself to have it managing multiple firewall :)
I will check this forum for update of this bounty and see if it has a lot of interest... then I'll maybe reconsider the time I have to give to this :)
Anyway, thanks to Mark for having forwarded me this post..
Cheers!
Gouverneur Thomas
thomas@gouverneur.name
http://thomas.gouverneur.name -
I am adding another $300 to the bounty.
-
I'm also interested in the Central Management Interface for PFSense. I will add another $100.00 to the bounty perhaps more in the future.
I would like to offer help as well. First thing I'm interested in is to add support for PHP PDO. This would make it easy to offer other database support such as SQLite, PostgreSQL, ODBC, and more.
-
I'am nothing contribute to this bounty, because for me it is not earnest
Best Regards
Heiko -
I'am nothing contribute to this bounty, because for me it is not earnest
Best Regards
HeikoI have great respect for heiko you have sponsored some great features for PFSense. I don't understand your comment?
The Central Management in my mind is to create one place that centralizes the backup and restore, and can monitor the devices being managed. This looks like it can do more than that with m0n0wall right now. My goal in supporting this would not be in any way to replace the local interface in anyway but rather to ease the management of larger deployments.
Please take no offense I hold you in high regard as well as all those that are helping with the PFSense project.
Best Regards
-
I think perhaps it is a language issue. I think he may have meant 'interest' (as in he has no interest in this bounty) and not that the bounty was not earnest.
earnest
- serious in intention, purpose, or effort; sincerely zealous: an earnest worker.
- showing depth and sincerity of feeling: earnest words; an earnest entreaty.
- seriously important; demanding or receiving serious attention.
- full seriousness, as of intention or purpose: to speak in earnest.
-
Maybe he meant it is not something needs at this moment. He is responding to a message I sent him to see if he might be interested in joining in on the bounty. I tend to agree that it is just a language thing.
Mar
-
He is responding to a message I sent him to see if he might be interested in joining in on the bounty.
Now it makes more sense. Thanks for clarifying.
-
Heiko is a great supporter of the project, this was really just some translation problem here. I already know him for a long time.
-
Sorry, Sorry, for misunderstanding my posting , it is not an offense from me. I have great respect to all of the folks here that supports pfsense.
As a matter of course i wish that this bounty will do successfully…....But for me, at the moment i will not contribute money to this bounty so for this Thread I´m sitting on the sidelines.....
Once more, sorry for misunderstanding.
Good luck, I wish you success!
Greetings
Heiko -
I had started something like this in .NET, windows based interface. With failover notification, automatic backups with SQL storage, SSO to every pfsense.
My wish was to rebuild the object model of pfsense configuration into .NET and then manage to build configuration files (rules, alias…) then send them to each box.
The best (I suppose) would be to use XML-RPC calls to every box but I have not yet tested it.SSO was easy to make with form based developpement, do not know how to handle it with web development...forged POST as link perhaps...
Was also thinking about using mod_proxy/mod_rewrite of Apache to "reverse proxyfie" acces to each box, using some wget scripts to centralize graphs....many ideas... who wants to talk about it :-p IRC ?I going to (re)work on this soon, I will think about it for real ;-)
-
Has also thinking about using mod_proxy/mod_rewrite of Apache to "reverse proxyfie" acces to each box, using some wget scripts to centralize graphs….many ideas... who wants to talk about it :-p IRC ?
take a look at syweb/symon/symux it does that for you.
-
Any solution which would be used should only use open source software. Going to a proprietory paid solution ie..SQL would turn away many people from using and or joining into this solution. If you are talking about an open source for of SQL like mySql then I stand corrected.
Thanks,
Mark
-
I am also scratching my head at why there has not been more interest in this bounty. I would think there are more than just one or two people who have pfsense deployed in multiple locations or use them as a managed service to multiple customers. Maybe people are using other third party solutions which allow them to do this. In any case I think this would be very beneficial and open this product up to a more enterprise type enviroment because having to manage each one seperately or getting detailed status information or reporting from each one would be time consuming. Just me 2 cents…......
Mark
-
I'm adding a requirement to the amount I committed to in this bounty.
Requirement:
Central Management needs to be developed in PHP.Why:
1. PFSense's web interface is written in PHP.
2. PHP is Multi-platform capable on nearly every OS imaginable.
3. It would require a smaller learning curve for development if it did not require knowledge of two languages to handle modifications to PFSense and the Central Mangement.
4. I want to reduce my dependency on Microsoft.I'm not opposed to there being a .Net option. I also applaud your effort in building it. I just don't want it to be the only option.
P.S. I know several languages including both PHP and C#.
-
I had started something like this in .NET, windows based interface….
Alright Juve, time to take down that BSD avatar :)
-
Like I said "I had started"… which means I stopped it (more than one year ago).
;D
I was thinking about MySQL + PHP/and/or Mono (I like C#). I see two sides, the frontend wich would be in PHP (easy to code and fast), and the backend which would be more sophisticated with multithreading capabilities, plugin (monitoring sensors/actions) interface with hot loading/unloading using relfexion, storage using MySQL, configuration using XML.Link between front and back using webservice (SOAP) in order to split roles...
Scott, I was asked to do it windows based ;-)
;) -
Anyway all that staff for such thing is overkill/overengineer. Using mysql/SOAP/and all that staff seems too much for a thing that has already been done in php.