Lee H. Marzke on 5 Jul 2017 05:42:18 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall choices for a small software development business


Seems they support the last major release ,  so a few years support at least.

https://doc.pfsense.org/index.php/Versions_of_pfSense_and_FreeBSD

FYI - my pfSense is a VM and with no more than one openVPN connection , I see CPU typically
5% with short peaks to 15% , on one core of a older Xeon x5450 3Ghz   in the Hypervisor,  over the last
month.       

This is inexpensive enough you could just upgrade HW if the AES-NI is required in the future.

Lee


From: "K.S. Bhaskar" <bhaskar@bhaskars.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Tuesday, July 4, 2017 10:14:58 AM
Subject: Re: [PLUG] Firewall choices for a small software development        business
Thanks for the comments, advice, and (last but not least) reassurance! After reading the reviews of the box, the one concern I have is this comment from May 17, 2017:

I would have given this 5 stars, but pfsense just announced that "While we’re not revealing the extent of our plans, we do want to give early notice that, in order to support the increased cryptographic loads that we see as part of pfSense verison 2.5, pfSense Community Edition version 2.5 will include a requirement that the CPU supports AES-NI"

This little box has no aes ni capabilities.

Especially a firewall, it seems to me that fixes are important. I don't know what the pfSense track record is with patches, but when pfSense 2.5 comes out, will the older versions continue to receive patches?

-- Bhaskar


On Tue, Jul 4, 2017 at 7:30 AM, Rich Kulawiec <rsk@gsp.org> wrote:
On Mon, Jul 03, 2017 at 02:40:05PM -0400, K.S. Bhaskar wrote:
> This e-mail is to solicit opinions about a firewall.

You really can't do better than OpenBSD/pf.  Runs beautifully even
on minimal hardware, has every feature of relevance, quite resilient
even in the face of clueful attack, very customizable, open-source,
peer-reviewed, and exhaustively documented.

---rsk
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

--
"Between subtle shading and the absence of light lies the nuance of iqlusion..."  - Kryptos

Lee Marzke,  lee@marzke.net     http://marzke.net/lee/
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM
+1 800-393-5217  office        +1 484-348-2230                       fax
+1 252 627-9531  sms  ( 252 MARZKE1 )
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug