pfSense is a firewall and load management product available through the open source pfSense Community Edition, as well as a the licensed edition, pfSense Plus (formerly known as pfSense Enterprise). The solution provides combined firewall, VPN, and router functionality, and can be deployed through the cloud (AWS or Azure), or on-premises with a Netgate appliance. It as scalable capacities, with functionality for SMBs. As a firewall, pfSense offers Stateful packet inspection, concurrent…
For fast-growing or SME companies, pfSense is quite suitable because pfSense already had many advanced features such as VPN and multiple WAN / LAN. As a result, we just need to pay for expensive router frequently to upgrade our infrastructure.
vSphere is well suited for multiple VMWare hosts and can be very useful in larger enterprises where vMotion is used to load balance and failover running virtual machines. In smaller businesses with one or two hosts then the features can be overkill. The addition of virtual TPM support is a very nice addition to provide vm security in a more Microsoft supported methodology.
pfSense is an excellent firewall - It logs all of your traffic. It has packages you can install to snort bad traffic.
pfSense has a tool called "p0f" which allows you to see what type of OS is trying to connect to you. You can filter these results and you can also block a specific OS from connecting to you.
pfSense is an excellent load-balancer: (Multi-WAN and Server Load Balancing) The fail-over/aggregation works very well. This is perfect if your business uses multiple ISP's to ensure your customers are always able to access their data. Also helps with bandwidth distribution as well.
VPN's - I am not entirely sure if this package was free with pfSense, but it does offer the ability to use OpenVPN which is what I am familiar with.
They also have IPsec in the settings as well, but I am not familiar with that enough to go into any detail with it.
As I mentioned I do use OpenVPN the only thing I don't care for with it is I can create OpenVPN configs for each user I want to be able to VPN into the network and I assumed each one would be "unique" but this does not seem to be the case. I could be doing it wrong, but if I create a config for a specific employee I would expect only that employee should be able to use that config, but I have been able to login to everyone that I made using my credentials.
I mentioned earlier that pfSense had a GUI.
I personally really think it is cool because it has a bunch of reporting graphs for monitoring your networks. I think when I become the full-time admin at the company I am going to try to talk them into getting me a TV I can mount on the wall and display all the graphs and real-time info pfSense shows so I can monitor what is going on with the network(s) at all times. Plus I think it would look rad.
There is no API for making changes. This can be a hindrance in environments where auto-deploying something needs firewall rules or HAProxy configs updated. Since all settings are stored in an XML file and then configs are generated from that, even manually updating config files cannot be done.
Beware that some network cards can have issues. pfSense is based on FreeBSD, so it's best to look on their compatibility list before deploying.
More detail in recent tasks. Instead of just showing a task called "Reconfigure virtual machine" also have a link to more detailed information as to what was reconfigured, changed or removed.
We are constantly looking for change that will benefit our company. We are not ones to stick with a product simply because it is what we know, but rather looking for what fits us best. We can't imagine another product on the market today doing a better job of handling our infrastructure than vSphere.
It is a highly documented suite. If you are unsure of how to do something, a simple search will yield hundreds of results showing you how to do it. Support is also available if you need to talk to an expert.
I rarely ever have to contact support and when I do need to resolve an issue, there is always an abundance of kb articles and research information available that can help quickly resolve the issue. Depending on the type of support contract you have, you may get support from some offshore group in another country and this could be a little challenging because of the language barrier.
Just make sure that when you implement, that the person implementing truly knows what they are doing and has a plan of action coming in. Since our initial implementation using a consulting service, I have implemented a few vSphere just from what I learned at the initial implementation and use over time, and the person implementing really needs to know what they are doing or you will miss out on features that may help you down the line
Before pfSense we were using consumer and small business rated network appliances from Linksys, Cisco, Buffalo and Netgear. We were replacing them on average of every 6-12 months because they'd fail or would offer poor wifi availability. Switching to pfSense allowed us to use professional grade switches and wifi access points, offloading all of the services that the consumer grade products took care of, onto pfSense (DHCP, DNS, routing, firewall, VPN, etc).
vSphere has a lot more feature sets than Hyper-V but at a much higher cost of entry versus MS Hyper-V. I have not been able to play with Hyper-V as much as I would have liked, but the setup and ongoing maintenance seems to be easier in vSphere than with Hyper-V
The contract terms are very clear and can be updated as per the project requirement. Customer support is also included in the contract which help us to troubleshoot critical issues very easily. Training included in contract will really help the client team to empower and hands-on on the latest updates and enhancements
As I said earlier, they're always ready to understand our issues and propose the best and most appropriate solution for issues all the time. The security patches solution is accordingly to the business needs. Another scenario is their Knowledge Base where they're many articles that help you in order to solve something which is wrong.
Moving to a FWaaS solution installed on a decent computer the initial investment was moderate to cover 50 to 250 users, but still being cheaper that a Fortinet, Cisco ASA, or a Sophos UTM.
Paying only for support can be a double edge knife, cause you need to identify what's the goal of the request, or your drown into a an endless list of requirements.
To stay in the top with the half of a regular investment pFSense gives a wide variety of plugins that will give you a deep knowledge of your security flaws and strong points.
Having vSphere helped my business quickly recover from a ransomware attack which would have crippled us for weeks if we were not virtualized. I think the ROI on something like that is immeasurable.
vSphere has allowed my company to purchase bigger server hardware to host 3 or 4 virtual servers, which was at a cost much lower than buying 3 or 4 server hardware boxes, saving us thousands each time we need to upgrade hardware.
