Re: pfSense

[Jim Cheetham <jim.cheetham () OTAGO AC NZ>]

Excerpts from Kellogg, Brian D.'s message of Sat Oct 29 14:05:15 +1300 2011:
> Anyone out there running pfSense 2.0 for their firewall/VPN gateway?  We have simple needs; two site to site IPSEC 
> VPNs, SSL VPN clients.  Our connection will be upgraded to 300Mbps shortly as well.

I've got it deployed in much smaller non-education environments, running
OpenVPN but not IPSec. IPv4 only, on tiny hardware (single-board PC
Engines Alix). No experience with AD integration, sorry.

> Just wondering if anyone is using it in production in a similar setup and how stable/effective it has been?

In general, I've found v2.0 to be just as stable as the previous v1.2.3.

The only problems that I've had have been hardware related (a CF drive
died, and rendered the firewall unstable when the configuration was
updated; one machine cannot activate changes without a reboot -- but a
copy of the system works fine in a VM environment, therefore it's the
hardware not the software, but I don't know where yet).

Because pfSense is 'so cheap', you should take the time to implement
CARP redundancy as early as possible.

-jim
-- 
Jim Cheetham, Information Security, University of Otago, Dunedin, N.Z.
✉ jim.cheetham () otago ac nz          ☏ +64 3 470 4670 ☏ m +64 21 227 0015
⚷ OpenPGP: B50F BE3B D49B 3A8A 9CC3 8966 9374 82CD C982 0605
✔ NZ BeSTGRID RAO                   ✔ CAcert.org Assurer

Attachment: signature.asc
Description: