----- "Adam Thompson" <[email protected]> escribió: > You can't really compare them directly. Sure, on paper there are a > lot of common points, but the approach is so radically different, a > comparison point-by-point would merely be misleading. > > If I had to draw analogies, I'd say pfSense is roughly as capable as a > bare J2320 on equivalent hardware (Celeron 2.0GHz, 1GB RAM). > As soon as you move up the product family, you have to take into > account the ASICs in any commercial networking device, which pfSense > lacks. > So in terms of scalability, any software-only solution will always > fall short compared to h/w accelerated gear. > > Functionality-wise, pfSense probably has the edge. On the other hand, > you can do almost anything if you buy the Juniper SDK. > > This is kind of like comparing a hovercraft to a helicopter - they can > both be armed, military organizations use both of them, they both have > engines and fans... And they get used for different things. > > -Adam > > > Mehma Sarja <[email protected]> wrote: > > >I don't mean to start a comparison war here. However, we are a *BSD > shop > >looking to offer security services. The support part of the company > has > >lots of FreeBSD experience and not surprisingly, Juniper firewalls. > > > >My question is how similar and different are the two as far as > features > >and performance goes? Any experiences? > > > > > >Mehma
Hi guys, i have had experience working with OpenBSD, PFsense and Juniper. In summary, can I say, that the main strength of Juniper firewall it's her powerful hardware (ASIC), I think that into commercial solutions, Juniper it's one of most Flexible and robust; obviously the capacity of a BSD/pFsense firewall is limited by hardware used (cpu, memory, etc.) and necessary tunings. An interesting feature of Juniper it's NSRP (HA/Redundancy), but more specifically the tracking feature, that permit tracking by IP or link interface, in PfSense I have used CARP but I haven't see "how to" track by IP (or I dont know); although, obviously always exists the option "make your self" (by script+unix_tools) Now, the debug tools in bsd/pfsense are far better, tcpdump it's a very easy and flexible tool, compared to "GET DEBUG", a little bit tricky and limited (imho). Finally, the big difference it's into the economic aspect. An equipment like Juniper ISG 2000 - http://www.juniper.net/us/en/products-services/security/isg-series/isg2000/ - reaches a value of Us$60.000.- vs an dell server, with the necessary network interfaces (fiber, gbe, etc) about us$10.000/15.000 (max) hopefully I serve you... Regards. Victor Pasten Stgo. CL _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
