Cisco Catalyst SD-WAN is a software-defined wide area network solution designed to simplify and optimize enterprise network connectivity in complex digital landscapes. It enables organizations to connect any user to any application, whether on-premises, in data centers, or across multiple clouds, with integrated capabilities for multicloud support, security, predictive automation, and enhanced network visibility—all built on a Secure Access Service Edge (SASE)-enabled…
N/A
pfSense
Score 8.7 out of 10
N/A
pfSense is a firewall and load management product available through the open source pfSense Community Edition, as well as a the licensed edition, pfSense Plus (formerly known as pfSense Enterprise). The solution provides combined firewall, VPN, and router functionality, and can be deployed through the cloud (AWS or Azure), or on-premises with a Netgate appliance. It as scalable capacities, with functionality for SMBs. As a firewall, pfSense offers Stateful packet inspection, concurrent…
The best case, what I recommend to others and to clients to use is Cisco Catalyst SD-WAN one for is the case when you have a huge number of branches or small offices or remote offices, you name it. Even home offices, you have a large number and you want this whole infrastructure to be extremely easy to set up and also to have everything almost the same, not to have deviations from the standard configuration. This is the sweet spot for introducing Cisco Catalyst SD-WAN.
I believe PFSense is well suited for both home lab environments as well as up to small to mid-size business environments on a tight budget. However, I would implore that anything in production requires the use of the authorized hardware that PFSense sells to receive support. However, in my experience, PFSense is a solid set-and-forget firewall solution.
We are able to use a multiple different circuits to go into the cloud, so we are not relying on just one particular private wireless. We're relying on wine circuits, ethernet, ethernet out. So it provides us that flexibility where we didn't have that before. Provides security that is very robust and flexible and scalable and it provides us with, the biggest thing is redundancy, where we have backup. For example, we have a Starlink for nuclear power plants. If our main circuits go down, we have that. And without Cisco Catalyst SD-WAN it would be very hard to actually achieve, to accomplish true redundancy. So we're happy with Cisco Catalyst SD-WAN in that regard.
Easy to use. Good user interface design! Easy to understand and easy to set up.
Lower hardware requirement. 3 years ago, we used an old PC to run it. Now, we have changed to a router device with Celeron CPU and 8GB RAM. It runs smoothly with a 1000G commercial broadband.
I will say the way we use it now, and I think what happened was the way it was deployed, it was fine, but unfortunately over the course of the years we've gotten a little out of hand with our device templates and feature templates. I think if there's any form of feedback that I would give to Cisco is how do we find ways to improve the environment as it stands so we get to a certain point with the environment and then we don't know how to undo it or fix it or optimize the environment. Because right now we're in a position where we're playing a lot of catch up and clean up and if there was a way or some tool or feature that we can take advantage of that would allow us to optimize that environment where we will kind of corner ourselves into a lot of problems in the future. There's some feature or something that we could take advantage of that will allow us to optimize that environment and not let it get out of control pretty easily. That would be my suggestion.
I did kind of mention a Con in the Pro section with OpenVPN.
When I create a config for an employee other employees are able to login to that config.
I could be doing something wrong when I am making it - I am not afraid to admit that as I am pretty new to all of this, but it seems like it builds a key and I would think the key would be unique in some way to each employee, but I could be wrong.
I actually do not have a lot of Con's for this software - I did not get to set this up on our work network so I am not sure of any downfalls when installing.
I installed this on my personal machine in a Hyper-V environment to get a feel for it before I started working on it at work and it seemed pretty smooth. I didn't run into any issues.
I would rate SD-WAN highly because it has significantly improved network performance, reliability, and cost-efficiency for my organization. Its ability to optimize traffic dynamically, enhance security, and simplify management across multiple locations has been invaluable. With SD-WAN, we’ve reduced dependency on costly MPLS, improved cloud application performance, and gained greater control over our network infrastructure.
The niche configurations are given equal focus as the standard use cases, which can make onboarding difficult in the beginning (ie why am I not using an entire tab of the portal), but aside from that part, the dashboard is relatively easy to navigate and apply the configuration. The metrics and analytics available are also nice to have in a single pane.
The pfSense UI is easy to navigate and pretty go look at. It is much better than some high dollar firewalls that just throw menus you you. The pfSense UI is quick and responsive and makes sense 99% of the time. Changes are committed quickly and the hardware rarely requires a reboot. It just runs.
Al ser soluciones integradas del portafolio de soluciones de Cisco, el soporte es transversal a cada uno de los componentes implementados, teniendo el cliente la capacidad de resolver sus inconvenientes bajo una misma infraestructura que está totalmente homologada, satisfacciendo de esta manera, las necesidades del cliente asi como permitiendo, que este se concentre en su negocio. Since the Cisco SD-WAN tools are a part of Cisco’s broader portfolio of solutions, support cross-cuts to each of our deployed components, with our company as the customer having the ability to solve our problems through the same, approved infrastructure. Their support team easily satisfies the customer’s needs so that they continue to focus on business functions.
We've used the old Cisco SD-WAN, which no longer exists. It was a lot more complex to configure what is now called Cisco Catalyst SD-WAN. So they've definitely come a long way in that it is a lot less complicated to set up and template based.
Meraki has a unified management login for all devices, which is nice. It also has decent content filtering, both areas where pfSense is weaker. Where pfSense far ouclasses Meraki is in the ease of use and the other width of features. These include features such as better VPN interoperability, non-subscription based pricing, auditability, not relying on the infrastructure of a third party, more transparency of what's actually going on, easier to deploy replacements if hardware fails. Additionally, the NAT management for pfSense seems to be a bit better, as you can NAT between any network segment and not just the LAN segments out the WAN interfaces.
Our branch offices can connect to our enterprise network and the internet quickly and securely, which has helped to increase productivity and reduce downtime.
We have been able to reduce our dependence on expensive MPLS connections, and instead utilize a combination of broadband and LTE connections, which are more cost-effective
The centralized location improves network visibility and troubleshooting process
pfSense can be installed on commodity hardware with no licensing fees. With a simple less than 10 minute restore time, on most hardware, it's an extremely inexpensive way to achieve the same results that some of the more expensive vendors provide.
The easy to use interface has allowed configuration management to be preformed by lower level technicians with quick and easy training.
