On 10/31/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > If you want to look at Jupiter solutions take a look at Netscreen. > The M40 is Router platform (which has some firewalling functions) > this is not the product which would be functionally compared to > pfSense. NetScreen, SonicWall, Watchguard - these would. Oh well > even Linksys at lower end. > > Take a look at NetScreen 25. > > http://www.juniper.net/products/glance/nscn_25_50.html > > We have 32.000 of sessions advertised.
And it's a piece of shit. It's also not a product Juniper developed, they acquired it when they bought NetScreen (the company). > I do not remember which CPU it has but it is some few hundreds Mhz. > On my box I can get some 100.000 of sessions with simple firewall > and traffic shaping. It's ASIC based. They developed their own CPU. I'd be willing to bet it's in the dozens of Mhz, not hundreds. Being a special purpose CPU, not a general purpose CPU it's geared towards filtering packets and ONLY filtering packets. > What do you have against ab ? Just curious ? Does it represent the > real load - no, but it is good stress test. I would move one quickly > if this one would work. Wrong tool. It doesn't correctly close out TCP flows (as you can see with your state table sizes). > Knowing what the bugs exist is not the same as knowing what the bugs > are. You probably would not argue most of the bugs are reported are > real - well you may judge it as silly actions from me - probably but > you're targeting SOHO market - do you guys expect to have Certified > Cisco engineers to use it ? I'd pay to NOT have CCNE's use the product. We'd end up with some sort of hacked up Cisco like shell (*poke* to the devs actually working on this). > I mentioned that but I repeat it for you specially - I reported the bugs > only because there was positive feedback from developers. If everyone > would be as helpful as you I would probably used other solution or found > workarounds to have it work for my case. Call me curious, what other solution would have worked? I'd like to download it so I can figure out what they're doing right. And why didn't you use the other solution, what did we do right (for a change)? > I see you point. Even if this is your goal I hope you make it work well > for wider set of cases - SOHO market has already number of tools > developed (requirements in Most cases are simple) and hardware firewall > solutions are cheap. 1.0 is geared towards SOHO and advanced SOHO configs, it's the easiest place to start. We'll start working more seriously on Enterprise configs later (frankly, if it wasn't for the shaper some of them would be done, but then you'd be stuck with the shaper before I touched it - ask Scott how his voice calls were). > My only hope is you express your own position here (I would guess so > because you're not replying to other pfsense users a lot as well). > pfSense is OpenSource project, which needs community in order to reach > success - you need people to test things and report their findings, you > need people with various backgrounds and experience to try different use > cases - otherwise you hardly can build solid product. Sure we can. We'll just eliminate the features _we_ can't test. All the stuff you're complaining about (except for straight up shaper) we don't use but was requested. > Of course everyone likes perfect "community members" which only submit > but free patches, but that is not going to happen. Bashing people > contributing at their will and abilities does you no good. > > You try to save mail list traffic ? Well go ahead and visit mailing > list for wide known successful projects, or their forums. Using your > formula their developers would only be reading lists :) Or they don't read very often, or choose which messages to read. Look at how many messages actually get an answer from a dev on most of those lists. Ours are usually low enough volume that we try and read them all - it's getting to be heavy enough that I tend to only respond to shaper related ones. I think after the move I'll try a new approach and let the community reply to anything that's not an honest to goodness bug report. > Anyway. I have good news for you. I had a week or so to make pfsense up > and running for my needs or find other solution. I'm comfortable enough > with results and now have shipped the box with data center. It may > be trouble less or I may regret my move - we'll see. Anyway I'll not > have it in my lab any more so I guess I'll not provide feedback that > actively any more. Honestly, that's a good thing. You had a deadline to meet and expected help getting there. We provide a ton of FREE support (including bug fixes) so YOU can get PAID for your project and all you can do is complain about more stuff, never acknowledging that the people that told you to do it a different way actually had a clue that what you wanted might not actually work well. Gee, surprise surprise. Some people like knobs, the sad fact is that the more knobs you add, the more you discover stuff that doesn't work well together. As you've already noticed, one of those knobs was removed, it broke shit, I expect more to be removed (I've already pulled some stuff). That's all I have to say on this subject, I consider the matter closed. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
