On Sun, Jul 1, 2012 at 7:14 AM, Adam Thompson <[email protected]> wrote: >> Are there any JunOS features you consider killer that are not in >> pfSense 2.1? What would be these features? > > Hardware offload: you can scale vertically with JunOS platforms with the > simple addition of more money, whereas an x86-style software-only system > like pfSense will always hit bottlenecks much earlier on, no matter how > much money you throw at it. IRQ Polling helps a bit, but not enough to > scale into the 10GB range IMHO. >
At the $150K+ USD firewall level, nothing can compare with commercial solutions at this time. Though finding any commercial firewall that does > 10 Gb is hard, the few that can don't go much beyond that. Generally at those traffic loads you're looking at a big router or L3 switch, which is an entirely different ball game. > Other than that... I can't think of any 'killer' features that pfSense > lacks. Depending on your environment, certification (e.g. ICSA) and tech > support may be very important. You can get tech support for pfSense, but > not with the resources of a JTAC behind it. The level of service we provide is on par or better than commercial vendors. For most of our customers, much better, because commercial vendors will rule out the firewall and tell you to have a nice day figuring out the problem yourself. Since we strictly do hourly support, we can gladly help determine the actual source of the issue, and do what we can to help resolve it. Whether that's talking to ISPs, private WAN circuit providers, other firewall vendors at times, and a wide range of other scenarios. > Good luck certifying it - > it's uncertifiable by design because of the shell access and the ability > to add arbitrary packages. > Last I looked at the ICSA specs, the ability to modify the system would have been irrelevant. Those certifications are testing for things like "Has X functionality, and it works" on a wide range of checklist items. Nowhere do they specify that the system is impossible to modify. Granted it's easy by design, but many certified commercial firewalls aren't all that hard to get into and modify for someone with the right skills, the many based on Linux or BSD at least. The few that aren't are generally modifiable as well, just not nearly as easily. The impediment to certification is cost, it's a lot of money for something that's basically useless. _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
