Cisco Meraki SD-WAN is a software-defined WAN offering transport independence, application optimization, intelligent path control, and secure connectivity.
N/A
pfSense
Score 9.2 out of 10
N/A
pfSense is a firewall and load management product available through the open source pfSense Community Edition, as well as a the licensed edition, pfSense Plus (formerly known as pfSense Enterprise). The solution provides combined firewall, VPN, and router functionality, and can be deployed through the cloud (AWS or Azure), or on-premises with a Netgate appliance. It as scalable capacities, with functionality for SMBs. As a firewall, pfSense offers Stateful packet inspection, concurrent…
At our level, we had to optimize our 3 internet links (MPLS and LTE) with applications like O365, SAP, Microsoft CRM Dynamics and our collaborative work tools like Teams. We also had to ensure that both client workstations and servers could communicate with minimal latency with our Microsoft Intune infrastructure.
Because pfSense is built around open source software, it is very convenient to be able to deploy in the event of hardware failure. We once had a client with a proprietary router that failed. While the router was under warranty, the expected time for the new router to arrive was about 2 weeks. We decided to implement pfSense for the client as a stop gap and ultimately ended up deploying the full enterprise appliance. Being able to get up and running using commodity hardware was a huge win for the client. We've also had a great amount of success deploying pfSense hardware at apartment complexes. The DNS resolver works great and we've had no issues handling multiple VLANs with various DHCP scopes on it. Finally, we've had clients that require having a failover cluster. Utilizing the built in CARP capabilities, we've been able to provide a very robust failover system that requires little maintenance and no downtime in the event of equipment failure.
Meraki has been beautifully done for people who are actually very lean on the IT infrastructure as in resources wise. So Meraki is a very good solution to give them the simplicity on a single glass plan where they can actually have visibility over all their networks on a single glass plane by a click of button, they could actually see what's happening. They could actually do troubleshooting on the fly, including packet capture, which is such a smooth feature. Usually myself including I've been have an engineering background, all my ears packet capture, I've never seen that smooth and easy to operate that you can actually have a high level understanding or deep level depending on how much you want to go in with the click of a button. That's so beautiful. I mean everything for me Meraki is point of kind of a go ahead for everyone.
Easy to use. Good user interface design! Easy to understand and easy to set up.
Lower hardware requirement. 3 years ago, we used an old PC to run it. Now, we have changed to a router device with Celeron CPU and 8GB RAM. It runs smoothly with a 1000G commercial broadband.
The platform itself is very feature-rich. One of the difficulties we find is that to do things, for example, in terms of monitoring and obtaining data, it's not consistent. There are multiple interfaces to get them, but you can't get the same data through all interfaces. So you end up having to try to find either the least common denominator or we have to build our own code that then mines through all the interfaces and that becomes very problematic.
The other problem we've found is that there are issues where the same amount of expected software quality isn't really there in all releases. Cisco breaks things out by like shorter or long-lived release trains. And the long-lived release trains tend to have good quality by the time you get to the second or third release within it. But then those are skips. There are like 12, 18 months skips in between those. So if you start releasing features on versions in between there practically to be safe, you have to wait until you know much later. So to be able to see new future capabilities as they come out and deploy those readily needs to improve, it needs to be much faster.
I did kind of mention a Con in the Pro section with OpenVPN.
When I create a config for an employee other employees are able to login to that config.
I could be doing something wrong when I am making it - I am not afraid to admit that as I am pretty new to all of this, but it seems like it builds a key and I would think the key would be unique in some way to each employee, but I could be wrong.
I actually do not have a lot of Con's for this software - I did not get to set this up on our work network so I am not sure of any downfalls when installing.
I installed this on my personal machine in a Hyper-V environment to get a feel for it before I started working on it at work and it seemed pretty smooth. I didn't run into any issues.
Fast and efficient. The only issue currently is that the support is only overseas support and not in South Africa, which causes delays in resolution for some cases. Escalating issues is quite simple and the opening of new cases from the dashboard is easy. I have never had a support issue that could not be resolved.
The Sonic wall and Cisco ASA required a lot of trial and error to get up and running. Rules and configurations were difficult to setup and were not intuative. Meraki is very ituative.
While you can get the performance out of other products, pfSense offers the unique ability to put other services on the same device. Products such as Untagle's NG Firewall and SonicWall's TZ series offer cost effective options for firewall and VPN services, having incoming load balancing and connection proxies on the same device as the firewall offers extremely easy configuration and day to day management of network services
Once your template is set up Meraki is easy to scale. Even creating the template is easy and I was able to learn enough in 4 hours to build, test, and deploy templates for our locations. Best part is you can stage your deployment by adding a unit to a template even before taking it out of the box.
It was mostly around logs. I mean I understand because the aim is to provide the simplified solution to the people as an end user, be it an IT manager or the oil team. So I understand where you don't have lots of tools assigned where you can actually take help from the track. But in terms of having that logging information, I think that's where it's been a bit of a kind of journey where struggling, we have been struggling there.
Using pfSense has allowed us to build a professional network in our small office without needing a lot of proprietary hardware, saving thousands of dollars in IT infrastructure investment.
The cost for using pfSense is free, so it's a great option for those who don't have a large IT budget
pfSense utilizes all of the industry standard services to provide all of it's functionality, so support for service-level issues is readily available
Because of how much work has been put into pfSense to make it rock solid and reliable, we're able to support our network with minimal IT staffing, saving us thousands of dollars/year in personnel alone.
