Jump to content
RESET Forums (homeservershow.com)
scottbakertemp

pfsense packages?

Recommended Posts

scottbakertemp

Another vote for Sophos. Drashna turned me on to it also. Transition from pfsense to it and haven't turned back. More turnkey, stable and definitely a more polished UI.

 

Is there a free version?  Where are on the website can you download it?

Share this post


Link to post
Share on other sites
Big Worm

Okay now you guys have me thinking of switching to Sophos.   :unsure:  Sophos sounds like I can combine my pfsense and Untanlge onto just one box. 

Share this post


Link to post
Share on other sites
Drashna Jaelre

I have somewhere between 40 and 50 IPs now so I guess I'm sticking with pfsense.

If you're pushing the edge of 50, then it may be a good idea to stick with pfsense. 

Though, if you're really interested it at least checking Sophos UTM out, it does have good VM support.

 

Okay now you guys have me thinking of switching to Sophos.   :unsure:  Sophos sounds like I can combine my pfsense and Untanlge onto just one box. 

It handles the firewall stuff and the web filtering stuff very "turn key". Even supports HTTPS inspection. Either passively (inspects the URL) or actively (decrypts, inspects, and re-encrypts). Fairly simple to setup, fairly simple to manage. Though, it's not a cake-walk. But simplier than pfsense in most cases.

Share this post


Link to post
Share on other sites
ikon

Drashna, how would you compare it to Untangle?

Share this post


Link to post
Share on other sites
Jason

Drashna, what has your experience been with active HTTPS inspection in the latest version? I've disabled that feature since it was interfering with my Cisco Anyconnect VPN client connectivity. Would like to take advantage of it given higher power hardware in my Sophos box. Just curious what your experience has been.

Share this post


Link to post
Share on other sites
Drashna Jaelre

Drashna, how would you compare it to Untangle?

Depends on what you mean here, and what you need.

 

IIRC, it does most, if not all the same stuff. 

TBH, the best option is to try it yourself. Sophos is "VM ready", so it should work on ESX or HyperV without doing anything (I mean other than installing). So testing should be dead simple.

 

Drashna, what has your experience been with active HTTPS inspection in the latest version? I've disabled that feature since it was interfering with my Cisco Anyconnect VPN client connectivity. Would like to take advantage of it given higher power hardware in my Sophos box. Just curious what your experience has been.

 

It takes a "bit" to reign in everything with HTTPS inspection/web protection. 

Also, are you using the "inspect URL" or the "decrypt and scan" option. The inspect option is much simpler, and should be plenty for home use.  The decrypt is much more "invasive" and may case problems with programs, unless the proper exclusions have been set up.

 

I have .... a huge list of exclusions, not counting the default ones for it. Just to make sure everything works.

 

Also, on the profile options section, the last tab ("Misc" I think), you can completely exclude URLs and hosts. 

Share this post


Link to post
Share on other sites
revengineer

In trying to explore the benefits of pfSense, I just spent a few frustrating hours with this software. Yes there is definitely potential, but if you need anything beyond the preinstalled packages, be prepared for an adventure.I tried to get essential packages like HAVP and Dansguardian to run, with only limited success. I had to do a lot of command line magic to get HAVP to work at all, but trying to start over in a second VM I cannot recreate how I got this to work in the first VM. Dansguardian blacklist update is a nightmare. Apparently one needs to replace the update script, but the latest version provided does not work either. 

 

Before you go down a frustrating path and possibly wreck this perfectly nice weekend, I would like to remind people of SMOOTHWALL EXPRESS, which is completely free and has lots of frustration free packages. I have used this for close to 10 years now and it works great. As frustrating as the past few hours have been, it is gratifying to see I made a good choice many years ago.

 

Out of curiosity I will give Sophos a shot next. Because of the 50 devices limit I am unlikely to run this in production though.

Share this post


Link to post
Share on other sites
ikon

Smoothwall?? Haven't heard anything about that in years. Does that mean IP Cop is still around as well?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...