On Sun, Jul 01, 2012 at 01:14:12PM +0200, Adam Thompson wrote: > > Are there any JunOS features you consider killer that are not in > > pfSense 2.1? What would be these features? > > Hardware offload: you can scale vertically with JunOS platforms with the > simple addition of more money, whereas an x86-style software-only system > like pfSense will always hit bottlenecks much earlier on, no matter how > much money you throw at it. IRQ Polling helps a bit, but not enough to > scale into the 10GB range IMHO.
I was thinking about packet engine offloading when I wrote that. However, JunOS is also olive, and hence one could imagine using an ASIC or FPGA board to offload packet manipulation in pfSense. Presumably, such capabilities are yet rudimentary in FreeBSD, if available at all? > Also, "commit confirmed" is a REALLY, REALLY nice feature. A similar > concept could theoretically be implemented in pfSense, but that would > probably be 3.0-timeframe at best based on my knowledge of how the > webconfigurator works. (Many firewalls have similar stage/commit/rollback > functions, there are multiple ways to gain equivalent functionality.) Right, that's a very valuable feature. > Other than that... I can't think of any 'killer' features that pfSense > lacks. Depending on your environment, certification (e.g. ICSA) and tech > support may be very important. You can get tech support for pfSense, but > not with the resources of a JTAC behind it. Good luck certifying it - > it's uncertifiable by design because of the shell access and the ability > to add arbitrary packages. Certification is probably a major issue for enterprise netwonks. I've never used support for proprietary firewalls, so I don't know how pfSense's support contracts compare. I personally found them very adequate. _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
