PfSense vs commercial firewalls

  • Hi!

    I have a Fortigate 200B today and it has never failed me. However, having just IPS requires an expensive maintains contract on the unit + a IPS-subscription. In addition, they stop supporting/deliver upgrades to these units, so you would need to buy a new one every 2-3 year. This makes me look for other solutions and I came over pfSense.

    My requirements:

    • 1 Gbps WAN speed (FG200B supports 5, but I don't have that traffic/link from my ISP).
    • 4 Ports (two of them in redundant mode, so that I can have two paths to two switches and then two servers bounded to both both swtiches).
    • Transparent mode (important)
    • Public-IP on BOTH Wan and LAN side (by this, I mean that we only have public static assigned IP-addresses)
    • A well laid out and nice looking rule manager - here is where 70% of the solutions fall off - FortiGate has an excellent method to group dest-ip, dest-ports and group them in each their interfaces.

    I have been talking to other fw-vendors (Kerio for instance), but they look at me like I'm an alien when I say I want public-ips on the LAN-side. We don't run a office with private-ips, so a transparent fw is easy instead of having to do NAT-rules and lot of work to get traffic through.

    I have found small view of v2.3 on youtube and it looks like they are having a bootstrap-interface and that is very positive start. If I had only seen the older version only (before 2.3), I would have walked away. It doesn't show the rule-management in any details (just very quick), but it looked promising.

    Will pfSense meet my demands with little trouble, at least from a technical side? I only need fw rules + IPS. I have looked at buying the same hw-unit that pfSense sells, it looks affordable at about $1000 and then I don't have any more expenses and IPS.

  • Thank you.

    I have not yet found out if I can group port like I can in FortiGate. Is that possible? It saves a LOT of rules when you run it for many servers. Similar to group single hosts with IPs (that I hope is available under Alias).

  • Rebel Alliance

  • Thank you, I just managed to get access to admin area and I see it works perfectly :)