pfSense in company environment

bigdunc

bigdunc

bigdunc

Associate
Joined
30 May 2004
Posts
668
Location
Uk
Hi

Sorry if this is in the wrong forum but I was wondering what peoples thoughts are on putting pfSense in a corporate production environment. I have approached the powers that to replace the current Draytek firewalls and would look at putting pfSense as a replacement. They are aware that it is Open Source and have reservations.

Would you be happy putting pfSense in a production environment or would it be better to use an official Netgate appliance or would you recommend something different like a Fortinet Fortigate or similar?

Cheers
 
bigdunc said:
Would you be happy putting pfSense in a production environment or would it be better to use an official Netgate appliance or would you recommend something different like a Fortinet Fortigate or similar?
Click to expand...
I'm more than happy, as we run it at work, having needed something a little more powerful and with a few more options than our previous Drayteks.

We currently run the Community edition of PFSense on a HP DL360G7, but at some point I will be looking to move across to OPNSense on a newer slightly more energy efficient platform.

Personally I wouldn't consider a Netgate appliance (or the paid for support of PFSense), as I'm more than happy to address any issues we have myself. (And arguably we have better "support" in place, as have cold spare hardware - and parts that are standardised)
 
bigdunc said:
I have approached the powers that to replace the current Draytek firewalls and would look at putting pfSense as a replacement.
Click to expand...

How are the Draytek firewalls failing? Or, what can pfSense do better? And how big a company or site is this?
 
Armageus said:
I'm more than happy, as we run it at work, having needed something a little more powerful and with a few more options than our previous Drayteks.

We currently run the Community edition of PFSense on a HP DL360G7, but at some point I will be looking to move across to OPNSense on a newer slightly more energy efficient platform.

Personally I wouldn't consider a Netgate appliance (or the paid for support of PFSense), as I'm more than happy to address any issues we have myself. (And arguably we have better "support" in place, as have cold spare hardware - and parts that are standardised)
Click to expand...
Can I ask why you would be looking to move to OPNSense and away from pfSense?
 
Quartz said:
How are the Draytek firewalls failing? Or, what can pfSense do better? And how big a company or site is this?
Click to expand...
We have had issues where they can constantly reboot for no reason that we can fathom and neither can Draytek support. They don't seem particularly stable with IPSEC VPN's, they can drop and not rebuild, status showing as being connected and traffic not passing, RDP connections dropping for all users. All things which are a problem for end users and Draytek support although helpful can't find a reason why
 
bigdunc said:
Can I ask why you would be looking to move to OPNSense and away from pfSense?
Click to expand...
Not a particular fan of Netgate based on some of their past actions both political (Smear campaign against OPNSense, AES-NI "requirement") and technical (wireguard implementation issues).

The future of the community version of PFSense is also of a concern given the PFSense Plus announcement (and also Netgate's other product TNSR)
 
bigdunc said:
We have had issues where they can constantly reboot for no reason that we can fathom and neither can Draytek support. They don't seem particularly stable with IPSEC VPN's, they can drop and not rebuild, status showing as being connected and traffic not passing, RDP connections dropping for all users. All things which are a problem for end users and Draytek support although helpful can't find a reason why
Click to expand...
Sounds like less of a want to move to a new firewall and more of a need to move.

Your bosses concerns on it being open source are probably from the wrong angle - if everyone can see the code, it just means that it’s got far more eyes on it and bugs are fixed way faster.

The number of companies with proprietary apps who won’t do the proper testing/patching and then get hacked is insane.

Why don’t you highlight how much a hacker could cost your company if they got in through the current failing firewalls to your managers?
 
A very large proportion of IT products will make use of open source code in one way or another.

I used pfsense in the past and found it to be reliable. The organisation only stopped using it because my replacement wasn't up to supporting it.
 
Whilst I'll add it really depends upon your own needs but I've personally found VyOS to be a lot more friendly with hardware not just from compatibility but also to performance. FreeBSD driver support can mean you need to choose hardware wisely - its not quite as plug and play as some folks tend to imply. I'm not suggesting its a massive drama - but stick to the known working solutions and it'll be fine.
 
I was speaking to a large engineering company yesterday whose primary firewall is virtual pf sense.
Very tempted to move my home router over just for some graphing.
 
Cyber-Mav said:
does anyone actually use it in a production environment? i know NHS doesnt use it and nor does the accountancy down the road from me.
Click to expand...

Friend of mine is head of infra for a big ISP/MSP and they use pfSense in a lot of their deployments. I guess it is very much dependant on which companies choose to deploy it.
 
Personally, on a Dell Optiplex 5050 SFF, i5-7500, 16GB Ram. It's on ESXi and runs a VM for OPNsense, Home Assistant and Pihole. Sits up in my airing cupboard running the essential services while I use another machine as my Unraid server.
 
Routing between 2 lan segments, and load balancing an internet connection provided by our MPLS, as well as 2 pppoe VDSL connections
 
You must log in or register to reply here.
Back
Top Bottom