Now those are impressive hardware you have to “play” with. I maintain a pair of 501E in HA, a 60F for lab tests and of course many pfSense appliances (PcEngine, SG3100, etc).
Thanks, but at this time I no longer work for the company so it’s now just what I have at home. I retired in May of 2019. Been doing some part time work but I no longer maintain the 1500D or 201E. I’m getting to the point where I don’t really see the value in these inspection type NGFW systems. I mean there’s no way a NGFW would have prevented the recent SolarWinds attack and after the hack had been running for over a year in wild they (the firewalls) didn’t even pick up on any of the outgoing traffic that might have been suspicious, like there goes all of our payroll data or worse. It’s getting to the point where you need to lock down all outgoing traffic to specific websites and only open your firewall up one URL/IP at a time.
Y-ASK
1 Like
At home (don’t work in IT).
I had a UDM for a while, but have switched to pfS and have not looked back. I’m running pfS on a Netgate 5100.
I currently have Pi-Hole on a Raspberry Pi, and will be looking to switch to pfBlocker-ng, with a Pi-Hole Docker container as a secondary DNS.
I know this reply is 4 years later. lol
I have tried numerous consumer-grade and even an Asus ROG GT-AC5300. None have stood up to the coverage and reliability of my Netgate router & UniFi WAPs.
IMO, you won’t regret spending the money (and time to properly configure).
1 Like
pfsense is my go to these days, either with netgate or custom hardware. Virtualized a few times but this isn’t my favorite.
I agree lol deploy this exact setup with all of my clients.
And I’m merely running this in my house. No business use.
I can’t believe this post is still going haha!
I’ve consulted with some fairly large businesses for pfsense work.
Good to know. I’m quite liking pfSense myself. I had a Unifi Dream Machine (not Pro), and have never looked back. Hell, I’m preferring the UI and how things are done over FortiGate.
I I’m taking a course that is teaching about NGFWs (specifically using FortiGate), and came across Zenarmor, which would turn *sense firewalls into an NGFW. Although it’s available for pfSense, apparently it’s only available as a package in OPNsense. Everywhere else (including pfSense), you have to install it through the CLI. Meaning there’s no support for it.
After the course is done, I’ll fire up GNS3 and try installing Zenarmor to try it out. Hopefully someone with a spare Netgate box is willing to test it out to see if there any compatibility issues.
I’m curious to know.
@LTS_Tom Just out of curiosity, have you ever setup Zenarmor on any pfSense (internal or client) routers to turn it into a NGFW?
Or would clients spec a specific vendor (Palo Alto, Fortinet, etc.) if they need/want a NGFW?
Never used Zenarmor and when there is a need we use a commercial firewall such as Untangle.
At Work i spend a lot of time with Sophos set ups for clients.
but started moving towards Fortinet as it did things a little better.
i HAD a USG at home till is started playing up, now im running OPNsence on an old XG and it great!