[ previous ] [ next ] [ threads ]
 
 From:  Odette <odette dot nsaka at libero dot it>
 To:  discussion at pfsense dot com, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [pfSense-discussion] Known PFsense Limits?
 Date:  Tue, 6 Jun 2006 19:38:03 +0200
Sure. I posted on both the mailing lists because M0n0wall and PFsense are the 
two projects I'm mainly interested in.

I've been playing successfully with both M0n0wall end PFsense:

I'm using m0n0 where all the features added in PFsense are not needed, because 
I feel (note that this is my personal feeling) M0n0 should be more stable, 
and because a firewall should be as light and small as possible.

Sometimes the features available in PFSense have been the added value of the 
solution.

About the substitution I'm planning: I would benefit of the PFSense added 
features, but I also need a very stable platform. This is why I'm 
investigating both the solutions.

The third and last opportunity I'm keeping in my mind as an alternative (in 
case I'll see M0n0 and/or PFsense will not be the right solution to my 
problems) is to build a copule of Gentoo boxes with FWBuilder on iptables 
http://sourceforge.net/projects/fwbuilder

This third solution gives me more flexibility, but requires more and more time 
to be ready and a bigger maintenance effort.

Odette

P.S.: I did not post the message on other places ;-)
And I hope neither I will. If I will means that I spent much time on not 
suitable targets... and that my boss is going to be a  :-)





> Dejavu.  I just saw this exact message on the m0n0wall with
> s/pfSense/m0n0wall/.
>
> On 6/6/06, Odette <odette dot nsaka at libero dot it> wrote:
> > Hi all,
> >
> >  I need to substitute our production firewall, and I'd like to use
> > PFsense which I've already successfully used for home or small office
> > environments.
> >
> > The solution I'm going to substitute is based on Linux-iptables which
> > requires more than 1000 rules. I need more than 25 static routes, and 5
> > VPNs.
> >
> > Furthermore, in the next future we are migrating 2 of 3 network branches
> > on Gbit.
> >
> > I'd like to try with PFsense, but my boss (I'm sure) will kill me in the
> > event I spend half a week in setting up the new PFsense and writing down
> > all the rules to see that PFsense is not the right solution.
> >
> > Is there a rules number limit or a session number limit implemented in
> > PFsense?
> >
> > Does somebody have some expertize in similar situations?
> >
> > Anybody able to supply info or suggenstions?
> >
> > Tanks in advance
> >
> >  Odette