F5 BIG-IP software from Seattle-based F5 Networks is a load balancing and application protection solution suite available on cloud or via virtual editions, on a subscription or perpetual licensing basis.
N/A
pfSense
Score 8.8 out of 10
N/A
pfSense is a firewall and load management product available through the open source pfSense Community Edition, as well as a the licensed edition, pfSense Plus (formerly known as pfSense Enterprise). The solution provides combined firewall, VPN, and router functionality, and can be deployed through the cloud (AWS or Azure), or on-premises with a Netgate appliance. It as scalable capacities, with functionality for SMBs. As a firewall, pfSense offers Stateful packet inspection, concurrent…
I've used a number of routers like Cisco, Sonicwall, Juniper, Home based routers, etc. pfSense is like most routers but with the benefit of load balancing and multi-wan. Well many support multi-wan but load balancing is usually a separate device like an BIGiP F5 or Cisco CSS.
Definitely in larger environments, more mature organizations that obviously have the budget to spend and want best in class. Where it struggles is those organizations that don't have the funding and money to spend on it and need more basic functionality. So I'd say that's smaller customers we've worked with and kind of mid-market. They tend to get scared when they get the quotes. Also we've had some struggles with account team consistency. So for the sales team, just a lot of turnover and a lot of missteps on customer calls.
I believe PFSense is well suited for both home lab environments as well as up to small to mid-size business environments on a tight budget. However, I would implore that anything in production requires the use of the authorized hardware that PFSense sells to receive support. However, in my experience, PFSense is a solid set-and-forget firewall solution.
I mean from a basic level, it actually satisfies all the use cases we have, which is basically to have multiple web servers for the front end and then you want that to be equally split across. The traffic comes in from all over the world. We use DRA protection and everything, but then we also internally want to make sure all the servers are being utilized and we provide much more availability across all servers. We just make sure BIG-IP sits in between and handles the traffic accordingly. And it's pretty basic and it comes to drawing traffic. It's pretty easy to configure and set it up and then forget.
Easy to use. Good user interface design! Easy to understand and easy to set up.
Lower hardware requirement. 3 years ago, we used an old PC to run it. Now, we have changed to a router device with Celeron CPU and 8GB RAM. It runs smoothly with a 1000G commercial broadband.
Recently we have been deploying F5 web application firewall and we have started the deployment. We have already moved applications out there, but we are not yet to the point wherein I could comment any positive feedback or any negative feedback because we are still going through it, right. But as far as I'm concerned, I don't see any drawbacks or any shortcomings on the F5 product lineup.
I did kind of mention a Con in the Pro section with OpenVPN.
When I create a config for an employee other employees are able to login to that config.
I could be doing something wrong when I am making it - I am not afraid to admit that as I am pretty new to all of this, but it seems like it builds a key and I would think the key would be unique in some way to each employee, but I could be wrong.
I actually do not have a lot of Con's for this software - I did not get to set this up on our work network so I am not sure of any downfalls when installing.
I installed this on my personal machine in a Hyper-V environment to get a feel for it before I started working on it at work and it seemed pretty smooth. I didn't run into any issues.
It's not difficult to understand the parts of application configurations and features. Setting up new virtual servers with multiple profiles, certificates, and nodes is easy for new users through the web interface, which also translates to programability in scripts, DevOps, or other configuration management use-cases. Users from different backgrounds such as networking and infrastructure can use F5 BIG-IP, while users who are familiar with API calls can easily configure objects without needing to understand the platform at all.
The pfSense UI is easy to navigate and pretty go look at. It is much better than some high dollar firewalls that just throw menus you you. The pfSense UI is quick and responsive and makes sense 99% of the time. Changes are committed quickly and the hardware rarely requires a reboot. It just runs.
On the occasions when we've had to engage f5 support, they have been great. They have always resolved our issues quickly and been easy to work with and professional. The reason I give them a 10 out of 10, however, is because when we've had issues that have crossed over between the f5 BIG-IP, our Cisco switches, and our Microsoft IIS server the f5 support representatives have been extremely knowledgeable about every product and device involved and have been able to troubleshoot end-to-end without having to engage other vendors.
That's the one thing that really stood out. It was a lot easier to use from an administrator standpoint, so I think that's the one thing that really made our team decide to go with this product versus another competitor. Just ease of use.
Meraki has a unified management login for all devices, which is nice. It also has decent content filtering, both areas where pfSense is weaker. Where pfSense far ouclasses Meraki is in the ease of use and the other width of features. These include features such as better VPN interoperability, non-subscription based pricing, auditability, not relying on the infrastructure of a third party, more transparency of what's actually going on, easier to deploy replacements if hardware fails. Additionally, the NAT management for pfSense seems to be a bit better, as you can NAT between any network segment and not just the LAN segments out the WAN interfaces.
pfSense can be installed on commodity hardware with no licensing fees. With a simple less than 10 minute restore time, on most hardware, it's an extremely inexpensive way to achieve the same results that some of the more expensive vendors provide.
The easy to use interface has allowed configuration management to be preformed by lower level technicians with quick and easy training.
