2012/7/1 Eugen Leitl <[email protected]> > > Are there any JunOS features you consider killer that > are not in pfSense 2.1? What would be these features? > > Thanks. > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list >
Hi Eugen, Hi @List, my ideas/wishes aren't related to JunOS. :-) No killer features found in JunOS. May be the Box itself? How heavy is that thing? if i would throw it after one or smash it against the wall? :-) = iirc we have the common deployment(XML-RPC) inklusive and exclusive for nearly any setting. Since R1.0 or so. Perfect for different Locations with same settings or just slightly different rules/settings. Now over the time i stumbled over the fact that i need sometimes all slightly different firewalls to manage at the same time. At this time i work either with different browser tabs or windows or even with different browsers. The time goes on and everything seems to get into a "grid mode" or "cloud mode". So i would find it very practical if we can get a layer on top in the WebConfigurator to say: Hey thats my master firewall and from there i like to manage all the different locations that i have put in the game. (p.e.) __________________________________________________________________________ [your preferred webbrowser] __________________________________________________________________________ | [link]pfsense.org[/link] | [link]gate.huston.rescueme.com[/link] | gate.idaho.rescueme.com | gate.utah.rescueme.com | |___________________________________________ | | configuration page rules for gate,huston.rescueme.com | (just like the well known and proved Webconfigurator) Means i add the XML-RPC-Data to one or two boxes and add the "slave/descendent/dependent" Host to that boxes as "configurator" for the added ones. Than i can easily remember which boxes have different rules and can manage them from the same boxes from that i spread the common stuff. Also a very nice feature if you use the pfSense with Carp as redundant Firewalls. Both Master and Slave on one pane/in one frame. no idea if this is a great idea, just i know it would help me, cannot speak in common sense here. :-) = Can we combine UDP-speaking and TCP-speaking Apps in the Aliases as Ports? Means alias: common-web: 21(tcp),22(tcp),(25)tcp)(53(udp),110(tcp),500(udp).... so we will end up in one single alias + rule for this? i have to admit its a bit time gone as i would use such a combination. it ended up in 1:n aliases and 1:n corresponding rules. 1:n -> TCP (1), UDP (n=1;n+1), AH(n=2;n+1); ESP(n=3;n+1) -> in this expample at least 4 aliases and 4 rules = On the end of the package extensions i would warmly welcome a package that delivers features like dropbox. User management should already be functional - afaik. ( not sure if it would already exist such a package, i have not seen it or it is still unknown to me) even if i say, such a "shit" ( imho in context of firewall and security; dropbox itself: great) has nothing to search on a firewall, customers cy for it for easy exchange of data. = some thoughts: All that are just ideas. i love pfSense and i can just get together with others and say: pfSense is (one of) the greatest/best firewalls that you can get for free witjh a full commercial support. So what you need more? i do not see any point, different to performance, why customers or imself should spend just one cent to commercial firewalls like nokia, junos or how they all are called. Spent the money to pfsense. They will make it better if they have the same scope of action. -- if one has no idea about TCP/IP, Firewalling, Protocols, DMZ and so on... he should learn it or (learn to) keep the fingers off the knobs. I wouldn't made a surgery at my neighboors hand even if i own a sterile Scalpell. :-) Also in regard to the shell access (ICAS). if one isn't able to secure up the shell access of any system he shouldn't manage a firewall. :-) If one loves roasted chickens: much fun by KFC. Just my Opinion. if the admin is experienced and knows his shit, he can do what he likes with it or he surely knows how to do that with this or that he has to get something else to get made what he wants to be done. So we speak at that point about personal prefers or about time consuming things. if two firewalls are at the same speed and have nearly the same features so the personal taste will made the choice. -- pfSense a very good choice. ;-) greetings michael -- = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = =
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
