Pfsense instead SonicWall ?
-
@iroal said:
Hi.
Again this year I'm going to try replace our SonicWall NSA 2400, 6-7 years old.
After look many options I'd like Pfsense but i'm not sure if it's the best option.
Now we use Sonicwall for Vpn (10 people), Firewall and Content Filter for about 50 people and 5 networks connections.
I don't think I have a big budget if they approve buy a new one Firewall.
What are best options instead SonicWall ?
Thanks.
I think that pfSense is a viable option if you don't have a big budget. You can get the VPN stuff built in (it uses OpenVPN for this, IIRC), as well as the content filtering. The firewall works pretty good for me in my lab environment.
-
pfSense is better than SonicWall, IMHO, but why not just use Ubiquiti? At $95, you really can't beat it.
-
@scottalanmiller said:
pfSense is better than SonicWall, IMHO, but why not just use Ubiquiti? At $95, you really can't beat it.
Content Filtering & SSL VPN are what Ubiquiti currently lacks. (unless they have a box which does it)
@iroal said:
I don't think I have a big budget if they approve buy a new one Firewall.
Surely in the proposal for a new firewall, you tell them what budget is required as part of the proposal? Otherwise they'll feel misled.
-
@Breffni-Potter said:
@scottalanmiller said:
pfSense is better than SonicWall, IMHO, but why not just use Ubiquiti? At $95, you really can't beat it.
Content Filtering & SSL VPN are what Ubiquiti currently lacks. (unless they have a box which does it)
It lacks SSL VPN? Could have sworn that was in there.
-
Confirmed, Ubiquiti definitely does SSL VPN.
-
@scottalanmiller said:
Confirmed, Ubiquiti definitely does SSL VPN.
Link for reference
Mine are saying they don'thttps://community.ubnt.com/t5/EdgeMAX/Possibility-of-adding-web-based-SSL-VPN/td-p/342495
-
@Breffni-Potter said:
@scottalanmiller said:
Confirmed, Ubiquiti definitely does SSL VPN.
Link for reference
Mine are saying they don'thttps://community.ubnt.com/t5/EdgeMAX/Possibility-of-adding-web-based-SSL-VPN/td-p/342495
I thought they had OpenVPN included in the recent version?
-
Here are some links of people providing configuration info for it...
https://blog.laslabs.com/2013/06/configure-openvpn-with-x-509-ubiquiti-edgerouter-lite/
http://mediarealm.com.au/articles/2014/03/ubiquiti-edgemax-router-openvpn-client-setup/
https://blog.laslabs.com/2013/08/openvpn-server-configuration-script-ubiquiti-edgerouter-lite/
ANd here are the official docs...
https://help.ubnt.com/hc/en-us/articles/204949694-EdgeMAX-OpenVPN-Site-to-Site
-
@coliver said:
@Breffni-Potter said:
@scottalanmiller said:
Confirmed, Ubiquiti definitely does SSL VPN.
Link for reference
Mine are saying they don'thttps://community.ubnt.com/t5/EdgeMAX/Possibility-of-adding-web-based-SSL-VPN/td-p/342495
I thought they had OpenVPN included in the recent version?
Last many versions. Since 2013 at least.
-
@Breffni-Potter said:
@scottalanmiller said:
Confirmed, Ubiquiti definitely does SSL VPN.
Link for reference
Mine are saying they don'thttps://community.ubnt.com/t5/EdgeMAX/Possibility-of-adding-web-based-SSL-VPN/td-p/342495
That link actually points out that they DO have it. That's why people are carefully saying words like "web based" and "clientless". They have non-web, cliented SSL VPN, which is by far the more common. This is asking for something above and beyond SSL VPN.
OpenVPN is the most common SSL VPN on the market and is easily 80% of it.
-
I stand corrected then
Might end up playing with these boxes at some point.
So VPN is fine, the OP is just missing content filtering.
-
Content Filtering Example with Ubiquiti:
-
@scottalanmiller
To most, OpenVPN is a VPN type of its own.SSL VPN means a VPN accessed by WebGUI to almost all SMB out there.
http://searchsecurity.techtarget.com/definition/SSL-VPN -
It's pretty rare to find something that the Ubiquiti VyOS doesn't handle. It's the most advanced router software on the market for a reason.
-
@JaredBusch said:
@scottalanmiller
To most, OpenVPN is a VPN type of its own.SSL VPN means a VPN accessed by WebGUI to almost all SMB out there.
http://searchsecurity.techtarget.com/definition/SSL-VPNThat's a problem when the main product in the category and most uses of it are different than people define it. Very confusing. OpenVPN is just as much SSL VPN as any other type. And even the term clientless isn't correct, it's just a client that is downloaded on demand.
-
https://www.ubnt.com/edgemax/edgerouter-pro/
Watch the video, skip ahead to 30 seconds in to watch "Cysco" sales reps being beat up...
-
-
@scottalanmiller said:
@JaredBusch said:
@scottalanmiller
To most, OpenVPN is a VPN type of its own.SSL VPN means a VPN accessed by WebGUI to almost all SMB out there.
http://searchsecurity.techtarget.com/definition/SSL-VPNThat's a problem when the main product in the category and most uses of it are different than people define it. Very confusing. OpenVPN is just as much SSL VPN as any other type. And even the term clientless isn't correct, it's just a client that is downloaded on demand.
All very true and all very much a method of VPN access I would never desire on my network.
If the person truly needs VPN access, then I will set up a client and make sure the connection is truly secure.
-
That was OpenVPN's take on it. They were like "we aren't making this because we are a security company and that's not secure."
-
Bit off topic.
But I wish Ubiquiti would make non POE managed switches
