Lee H. Marzke on 5 Jul 2017 05:42:18 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall choices for a small software development business

Seems they support the last major release ,  so a few years support at least.


FYI - my pfSense is a VM and with no more than one openVPN connection , I see CPU typically
5% with short peaks to 15% , on one core of a older Xeon x5450 3Ghz   in the Hypervisor,  over the last

This is inexpensive enough you could just upgrade HW if the AES-NI is required in the future.


From: "K.S. Bhaskar" <bhaskar@bhaskars.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Tuesday, July 4, 2017 10:14:58 AM
Subject: Re: [PLUG] Firewall choices for a small software development        business
Thanks for the comments, advice, and (last but not least) reassurance! After reading the reviews of the box, the one concern I have is this comment from May 17, 2017:

I would have given this 5 stars, but pfsense just announced that "While we’re not revealing the extent of our plans, we do want to give early notice that, in order to support the increased cryptographic loads that we see as part of pfSense verison 2.5, pfSense Community Edition version 2.5 will include a requirement that the CPU supports AES-NI"

This little box has no aes ni capabilities.

Especially a firewall, it seems to me that fixes are important. I don't know what the pfSense track record is with patches, but when pfSense 2.5 comes out, will the older versions continue to receive patches?

-- Bhaskar

On Tue, Jul 4, 2017 at 7:30 AM, Rich Kulawiec <rsk@gsp.org> wrote:
On Mon, Jul 03, 2017 at 02:40:05PM -0400, K.S. Bhaskar wrote:
> This e-mail is to solicit opinions about a firewall.

You really can't do better than OpenBSD/pf.  Runs beautifully even
on minimal hardware, has every feature of relevance, quite resilient
even in the face of clueful attack, very customizable, open-source,
peer-reviewed, and exhaustively documented.

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

"Between subtle shading and the absence of light lies the nuance of iqlusion..."  - Kryptos

Lee Marzke,  lee@marzke.net     http://marzke.net/lee/
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM
+1 800-393-5217  office        +1 484-348-2230                       fax
+1 252 627-9531  sms  ( 252 MARZKE1 )
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug