pfsense is open source firewall for linux
Can be run on any x86 machine with 2 (preferably intel) NICs
It can be of interest to business because the company https://www.netgate.com/ creates hardware and can also provide support.
It can also be virtualised in VMware etc.
Sample business 7000 users
Used pair of Netgate 7100 in HA
Each 7100 costs like $1200 so $2400 for the pair
Put that price up against similar setup from Cisco/Palo/Sonicwall
pfsense is the project
pfsense+ is a product a few hundred bucks a year for a support, can be increase for lower SLA
tnsr is a netgate product for faster routing at datacentre level. pfsense is all GUI, tnsr is all CLI.
Limitations
The main thing its missing the full SSL traffic inspection. It can do it but it doesn't work well. Not many firewalls can do the SSL inspection on
You need to put bypass in for cert pinning like google / paypal etc
How many customers running cisco/palo are actually doing full SSL decryption ?
Can't go bigger than 10gig interface but probably not an issue for the target SME's.
80-100 concurrent VPN users.
No comments:
Post a Comment