I can't remember now what exactly it was that it couldn't do--but it was something that seemed fairly basic that either CC couldn't do or it made exceptionally painful to do. It also couldn't handle advanced outbound NAT features I needed or multiple WAN IPs (in anything other than a 1:1 mapping and then with the commercial product only) very well. It didn't support aliases for hosts, networks, or ports. It wouldn't pass IPSec traffic when it was also an IPSec VPN endpoint. The interface was painfully slow as well.
pfSense certainly isn't perfect for every usage, but I needed things it had that CC didn't offer, and have been exceptionally happy with it. I do believe it would be a good substitute in many places with a PIX and looking to update or in places considering something akin to the ASA. > -----Original Message----- > From: [email protected] [mailto:hardware- > [email protected]] On Behalf Of CW > Sent: Wednesday, November 04, 2009 7:47 AM > To: [email protected] > Subject: Re: [H] Unusual Active Directory Q > > What is it you are trying to do with the rules that you can't/couldn't? > PFSense is a great product, I like it too.. then again, you can't get a > monitoring complaince notice from them for your CC Company's/Banks who > require it, so it's not an option for several.. (and if Clark is > anemic, try Watchguard Firewalls which, IMHO, are worthless) > > Surprisingly, I've found most of the rules I need to implement and > content management pretty easy. Clark5 is a significant improvement, > but even 4.3 addressed most of the needs I had. >
