Watchguard to pfSense



  • Can someone who made the switch from Watchguard to pfSense provide some feedback on the process and success here?

    Thanks



  • I'm kind of surprised, I figured there would be many that moved from Watchguard to pfSense.



  • Search the forum.



  • @sullrich:

    Search the forum.

    Thanks.  I did and found nothing.





  • @GruensFroeschli:

    Your search skill needs improvement…

    http://forum.pfsense.org/index.php?action=search
    keyword. "watchguard"

    http://forum.pfsense.org/index.php/topic,5621.0.html
    http://forum.pfsense.org/index.php/topic,8470.0.html
    http://forum.pfsense.org/index.php/topic,7458.0.html
    http://forum.pfsense.org/index.php/topic,1687.0.html
    etc....

    None of you listings have anything to do with my original question - so I think your search skills need improvement.  Just because the result includes "watchguard" doesn't answer my posting.  You think I wouldn't have already searched on that?

    Thanks



  • Actually, your original question is vague enough that several of those posts apply- one is about re-using WG hardware and another is about configuring pfSense to replace a WG. I have replaced a few WGs and SonicWalls with pfSense, but I don't know exactly what you are looking for. They have some features that are harder to replicate, but you can generally find another solution that is cheaper than the additional licensing you need…



  • Well then what are you looking for?
    You asked in your original post about people that changed from watchguard to pfSense.

    If you didnt find a thread in your initial search like: "i changed from watchguard to pfSense and had no problem" then there probably wont be one.

    None of you listings have anything to do with my original question - so I think your search skills need improvement.  Just because the result includes "watchguard" doesn't answer my posting.  You think I wouldn't have already searched on that?

    These threads that show up on the search with the keyword watchguard are from people that changed from watchguard to pfSense and had problems.
    Maybe if you read these threads you might find some infos about what kind of problems you might run into.

    If someone changed from watchguard to pfSense and had no problems at all, then i assume they will never ever look into the forum and see your thread, so it's kind of pointless ;)

    Maybe you would have better luck if you rephrase your original question.
    Tell us what your needs are, what you're trying to set up, and we might be able to help you :)

    PS: no offense but yes i assumed that you didnt search, and/or didnt search properly… It happens just often enough that people come to this forum and ask stuff which has been answered countless times.



  • I did see all the threads regarding Watchguard, but was hoping to hear from someone new that actually changed from Watchguard to pfSense in order to gauge how well it worked out, and how it's going for them since.  I've been using Watchguard for several years now, but happen to like the management interface and certain features of pfSense.

    Thanks



  • It could help if you sketch out your current WG setup and let's see if that's doable with pfSense!

    The more precise a question is the better are the results you get, right?
    Sorry if you had a bad start in this forum.



  • @jahonix:

    It could help if you sketch out your current WG setup and let's see if that's doable with pfSense!

    The more precise a question is the better are the results you get, right?
    Sorry if you had a bad start in this forum.

    Thanks jahonix and no worries about the bad start.

    I've been testing pfSense and pretty sure it'll be doable. There are a few things missing like web and smtp proxies but I can handle their chores with something like Untangle, or use the Squid package for the web?



  • @cirrusflyer:

    … use the Squid package for the web?

    Why '?'
    Use the Squid package for the web!

    There are threads in this forum where people seem to have a decreased line speed when using squid. Preferably read those.
    Personally I can say my installs run fine and fast with squid so I didn't monitor that thread. Don't know if it's found and solved or still mystery.

    However, if you plan to use pfSense in production it is recommended to install, configure and test it beforehand, including packages, of course. I have the impression that you did that already.



  • OP:

    Well, I've used (and still manage) countless firewalls so I'll give my opinion.  In my organization I have Sonicwalls, m0n0wall, pfsense, Checkpoint, Juniper Netscreen, Cisco PIX/ASA, various SOHO models (Linksys, Netgear, etc) and probably some others I forgot.  I removed the Watchguards we had (only three, from an acquisition).  Without a doubt, Watchguard was the worst piece of crap I ever had the displeasure of using.  All the firewalls I mentioned I like better.

    How's that for an opinion?

    Robert



  • Hi, my company has replaced a few older watchguard and sonic wall boxes with pfsense. I also tested untangle for a while and was not impressed with it's performance, which to me lacked a lot of functionality that pfsense addresses. the pfsense on our older pc's provided us with an affordable system that was easy to use and functioned far better than the equipment it replaced. We have a guest network at our office which makes use of the captive portal feature, which was not something our other routers had. Next week I'll try getting pfsense to run on an older Firebox 1000 we're replacing. It should be a fun project.

    Al H.



  • Watchguard has a feature where you can have secondary networks on the same LAN side.  You add an IP from the subnet that won't be used and it's used to route traffic between the networks.  Can this just be done the same way on pfSense by just adding a static route?

    Thanks



  • I'm not really sure if I understand what you mean but if I get you right you could either fake this by using a second nic to the same switch or by creating 2 vlans on the same nic to a vlan capable switch. However in 1.3 we'll introduce a a new type of virtual IP that will be able to do that without additional nic or vlans.



  • In Untangle, the method is to bind another IP address to the same LAN nic.  And some create static routes to route traffic from 192.168.1.xxx to 192.168.2.yyy and vice versa.



  • I told you this will be doable in 1.3 but you won't need stupid static routes for that  :P



  • Yes, except I'm trying to do a drop in replacement for my current configuration and 1.3 won't be available for at least 3 months?

    Thanks



  • No.
    You would have to hack ifconfig aliases from the command line
    –> not supported.


Locked