RE: [pfSense Support] PFSense advocacy
Commercial support is top notch. We had an obscure issue with Xenserver, but it was only affecting a subset of our users who had a VPN connection. I thought it was a VPN issue, so the pfsense guys worked with me all the way down to a detailed packet analysis. They gave me great information that led back to the server and helped me diagnose this tricky issue that had nothing to do with pfsense. Thank you! -Original Message- From: Scott Ullrich [mailto:sullr...@gmail.com] Sent: Wednesday, December 02, 2009 4:54 PM To: support@pfsense.com Subject: Re: [pfSense Support] PFSense advocacy On Wed, Dec 2, 2009 at 4:26 PM, Ron García-Vidal r...@millburncorp.com wrote: I realize this is a support forum, so if there is a better place to post this, I will take it there. So, I'm trying to get a pfsense box in the shop because I've enjoyed working with it on my own setup. The boss is fairly open-minded and open to a healthy discussion on the topic, but in the end, he wants to know why this would be preferable to a Cisco solution. Since I've never worked extensively with Cisco, can someone give me a few salient points to throw at him. I already used the cost argument, he wants more. Commercial support should help put Boss's worries at bay: https://portal.pfsense.org/ Between this, the mailing list and forum you are covered. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
I also can vouch for the commercial support. The team understands that you most likely have others who are waiting for you to fix this... and its not just you.. but its many that need the support... and your just the gateway. Much much better than the sonic boom i got when I found out the poor level of service I got with the competition. On Dec 3, 2009, at 5:01 PM, Borowicz, Paul wrote: Commercial support is top notch. We had an obscure issue with Xenserver, but it was only affecting a subset of our users who had a VPN connection. I thought it was a VPN issue, so the pfsense guys worked with me all the way down to a detailed packet analysis. They gave me great information that led back to the server and helped me diagnose this tricky issue that had nothing to do with pfsense. Thank you! -Original Message- From: Scott Ullrich [mailto:sullr...@gmail.com] Sent: Wednesday, December 02, 2009 4:54 PM To: support@pfsense.com Subject: Re: [pfSense Support] PFSense advocacy On Wed, Dec 2, 2009 at 4:26 PM, Ron García-Vidal r...@millburncorp.com wrote: I realize this is a support forum, so if there is a better place to post this, I will take it there. So, I'm trying to get a pfsense box in the shop because I've enjoyed working with it on my own setup. The boss is fairly open-minded and open to a healthy discussion on the topic, but in the end, he wants to know why this would be preferable to a Cisco solution. Since I've never worked extensively with Cisco, can someone give me a few salient points to throw at him. I already used the cost argument, he wants more. Commercial support should help put Boss's worries at bay: https://portal.pfsense.org/ Between this, the mailing list and forum you are covered. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] PFSense advocacy
I realize this is a support forum, so if there is a better place to post this, I will take it there. So, I'm trying to get a pfsense box in the shop because I've enjoyed working with it on my own setup. The boss is fairly open-minded and open to a healthy discussion on the topic, but in the end, he wants to know why this would be preferable to a Cisco solution. Since I've never worked extensively with Cisco, can someone give me a few salient points to throw at him. I already used the cost argument, he wants more. Thanks. -- ## This email is confidential, does not constitute investment advice, is only for the use of the intended recipient and should not be redistributed, except with the sender's consent. If you received this email in error, please notify us immediately by telephone; receipt by anyone other than the intended recipient is not a waiver of any work-product or attorney-client privilege. All email to and from Millburn Ridgefield Corporation and its affiliates is monitored, stored and made available to regulators if requested. ## - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
Ron García-Vidal wrote: I realize this is a support forum, so if there is a better place to post this, I will take it there. So, I'm trying to get a pfsense box in the shop because I've enjoyed working with it on my own setup. The boss is fairly open-minded and open to a healthy discussion on the topic, but in the end, he wants to know why this would be preferable to a Cisco solution. Since I've never worked extensively with Cisco, can someone give me a few salient points to throw at him. I already used the cost argument, he wants more. Thanks. I think it's better to start with providing of what you expect from 'firewall in shop'. In what way are you going to use this firewall? what functionality/bandwidth do you need? Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
On Wed, Dec 2, 2009 at 2:26 PM, Ron García-Vidal r...@millburncorp.com wrote: Since I've never worked extensively with Cisco, can someone give me a few salient points to throw at him. I already used the cost argument, he wants more. The support for PFSense is top notch. Between the mailing list and the forums I can't recall a single question gone unanswered, or a bug unaddressed. I've also seen Cisco equipment die, at which point you are dependant on Cisco to ship a replacement part. With PFSense's ability to run on a variety of hardware, you can choose your components and have a variety on hand in case of failure. Incidentally, this feature also makes it easy to upgrade. That's what I like about it. Oh, and the fact that it's open source is big with me, although that may or may not resonate with your boss. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
1) Cost is the biggest advantage. 2) Open Source is also huge, if Cisco goes bankrupt I'm out of luck for support, If pfsense stops, i just need the source code and some knowledge of how it works and i can support pfsense forever. 3) pfSense can be customized to the nth degree. Good luck trying to get a feature added to Cisco ASA. 4) As long as your hardware is good, pfSense can be pretty reliable. I just started deploying some Cisco ASA (I would have deployed pfsense, wasn't my choice). I had high hope for the Cisco ASA line-up, but after configuring them my love for pfsense just grew more and more. I have configured and used most firewalls. pfSense is #1 followed closely by m0n0wall.. :) Adam Ron García-Vidal wrote: I realize this is a support forum, so if there is a better place to post this, I will take it there. So, I'm trying to get a pfsense box in the shop because I've enjoyed working with it on my own setup. The boss is fairly open-minded and open to a healthy discussion on the topic, but in the end, he wants to know why this would be preferable to a Cisco solution. Since I've never worked extensively with Cisco, can someone give me a few salient points to throw at him. I already used the cost argument, he wants more. Thanks. No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.426 / Virus Database: 270.14.90/2540 - Release Date: 12/02/09 07:33:00 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
Start with cost. There is no cost per seat with pfsense. You don't have the up front cost of an expensive PIX or other Cisco Security product plus the license fees. You don't pay extra for extra features either. It will run quite nicely on a dual core atom based supermicro server from New Egg at about $350.00 bootable from a USB key vs having to pay gobs of money for RAM for a Cisco router if you're running lots of VPN tunnels. Ease of configuration. You still SSH in and get a command line if you want, but the GUI works very well and is very fast. If you can redirect users to an internal proxy server, if you wish. Its BSD, its secure (except for VPN password storage in plain text in the XML config file). You can edit the config file by hand and upload it if you wish. It has lots of nice features such as auto failover (CARP), etc. Tons of plugins available for the download. It even handles SIP proxy, etc. Its a very nice solution without all the added cost that you'd have to purchase from Cisco. You can get paid support if you need it. There's a large community of security conscious developers working on it so it has a lot of code review. Its very stable and has a small footprint. The one I use the most has been up for 114 days and was only down because the power company's last outage lasted longer than the battery. One of the last required updates I saw was due to an instability that occured when there were more than x thousand tunnels running sinultaneously. It supports VPN standards and standard clients rather than requiring CIisco's proprietary client. Hope this helps a little, Curtis Ron García-Vidal wrote: I realize this is a support forum, so if there is a better place to post this, I will take it there. So, I'm trying to get a pfsense box in the shop because I've enjoyed working with it on my own setup. The boss is fairly open-minded and open to a healthy discussion on the topic, but in the end, he wants to know why this would be preferable to a Cisco solution. Since I've never worked extensively with Cisco, can someone give me a few salient points to throw at him. I already used the cost argument, he wants more. Thanks. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
On Wed, Dec 2, 2009 at 4:26 PM, Ron García-Vidal r...@millburncorp.com wrote: I realize this is a support forum, so if there is a better place to post this, I will take it there. So, I'm trying to get a pfsense box in the shop because I've enjoyed working with it on my own setup. The boss is fairly open-minded and open to a healthy discussion on the topic, but in the end, he wants to know why this would be preferable to a Cisco solution. Since I've never worked extensively with Cisco, can someone give me a few salient points to throw at him. I already used the cost argument, he wants more. Commercial support should help put Boss's worries at bay: https://portal.pfsense.org/ Between this, the mailing list and forum you are covered. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
Commercial support should help put Boss's worries at bay: https://portal.pfsense.org/ Between this, the mailing list and forum you are covered. Scott The big selling points for my Boss' were 1) cost 2) features 3) ease of use Cost is a no brainer. The features of pfSense that we needed sold the solution very easily. Failover, Load Balancing, SNORT IDS, Proxy Filtering and an great web based configuration engine were the key ones. All but the proxy filtering was needed for our hosting environment and a huge selling point for our corporate firewall was the proxy filtering (with squidguard) to keep our users in check. Ease of use was huge because we didn't have to drop to CLI every time someone needed a non standard configuration. Cough, cough Cisco Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
The office just sent me to Cisco IPS training. Cisco ASA's have (linux) hardware modules that you can add for IPS -- basically the same thing that Snort does, but for additional cost, licensing, and maintenance on top of the equipment you already bought. Snort signature updates are cheap compared to Cisco's. And when you have two Cisco ASA's in active-passive, you still manage every config item on the two IPS modules separately, including signature updates. I'm still learning how to do in Cisco IPS what I can already do in Snort. Cisco training is expen$ive and not all that great -- usually covers the last ASA/IPS version before the one you're using. In our office, we're not allowed to use GUI tools to manage the ASAs, so I also need to learn Cisco syntax which isn't covered in-depth in training classes. The one thing we rely on in our office that I haven't done with pfSense are IPSec VPNs using Active Directory for authentication. Now that pfSense has a book, what else do you need? Larry On Wed, Dec 2, 2009 at 5:04 PM, Curtis LaMasters curtislamast...@gmail.com wrote: Commercial support should help put Boss's worries at bay: https://portal.pfsense.org/ Between this, the mailing list and forum you are covered. Scott The big selling points for my Boss' were 1) cost 2) features 3) ease of use Cost is a no brainer. The features of pfSense that we needed sold the solution very easily. Failover, Load Balancing, SNORT IDS, Proxy Filtering and an great web based configuration engine were the key ones. All but the proxy filtering was needed for our hosting environment and a huge selling point for our corporate firewall was the proxy filtering (with squidguard) to keep our users in check. Ease of use was huge because we didn't have to drop to CLI every time someone needed a non standard configuration. Cough, cough Cisco Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org