On 14-05-24 06:33 PM, Kevin Tollison wrote:
On May 24, 2014 6:41 PM, "David Hicks" <[email protected]
<mailto:[email protected]>> wrote:
>
> Group.......
>
> I realize that I'm posting to a pfSense list, but figure it is still
worth posing the question. We are a school district with
approximately 2000 internal devices. We are looking at replacing our
aging Cisco pix firewalls and are trying to decide between going with
a Juniper SRX240 or moving to pfSense. Our expectation is to use for
simple firewall and NAT with an openVPN setup for a small number of
remote connections. We've been using pfSense in a very simple
configuration at one of our smaller school districts for a year with
no issues whatsoever. I'm wondering if it is time to make the leap to
pfSense for our larger operation and if there are any major cautions
people might have that would suggest it is a safer bet to go with a
standard name like Juniper.
>
> I apologize if this is too broad a question, but figured I'd see if
anyone has any feedback to provide.
I'd recommend talking to Chris directly. I'm sure he can generate a
support plan that is much more cost effective than anything Juniper
has to offer.
We have had a support contact for about a year now. Only used it
twice. Both issue ended up not being pfSense, but the support team was
on the issue almost immediately.
Not a direct answer, but a direction I would investigate first for a
site(s) of that size.
Kevin
I would also add that while NetScreen firewalls (aka Juniper SRX
devices) are slightly better than the equivalent Cisco PIX, they are
*NOT* a best-of-breed firewall by any stretch of the imagination. In
fact, since SRXs are (except for the monster units) 100% software
routers, pfSense gives you very similar technical capabilities at a much
lower price point.
If you want a unit you can buy at retail with a built-in warranty, look
to FortiGate, Palo Alto, or even Checkpoint. All three are available in
a VM if you want to run them on your own hardware, or FG and PA have
some hardware acceleration even in the mid-range units.
Juniper makes excellent routers, but I wouldn't buy their firewalls if I
had any choice in the matter.
Particularly since you want to use OpenVPN, pfSense does make sense.
For a head-to-head RFP/quote/etc. (potentially including pre-built
hardware), talk to Netgate or ESF; both hang out here (in fact, the two
entities are closely related).
--
-Adam Thompson
[email protected]
Cell: +1 204 291-7950
Fax: +1 204 489-6515
_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list
