Jump to content
RESET Forums (homeservershow.com)

pfsense packages?


scottbakertemp

Recommended Posts

scottbakertemp

Another vote for Sophos. Drashna turned me on to it also. Transition from pfsense to it and haven't turned back. More turnkey, stable and definitely a more polished UI.

 

Is there a free version?  Where are on the website can you download it?

Link to post
Share on other sites
  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

  • revengineer

    11

  • ikon

    9

  • Drashna Jaelre

    8

  • scottbakertemp

    7

Top Posters In This Topic

Popular Posts

I'm not sure that there's anything wrong with Smoothwall. The biggest difference, I guess, is that Sophos is a commercial product (formerly Astaro before being bought out). The version being used by f

Drashna Jaelre

I have somewhere between 40 and 50 IPs now so I guess I'm sticking with pfsense.

If you're pushing the edge of 50, then it may be a good idea to stick with pfsense. 

Though, if you're really interested it at least checking Sophos UTM out, it does have good VM support.

 

Okay now you guys have me thinking of switching to Sophos.   :unsure:  Sophos sounds like I can combine my pfsense and Untanlge onto just one box. 

It handles the firewall stuff and the web filtering stuff very "turn key". Even supports HTTPS inspection. Either passively (inspects the URL) or actively (decrypts, inspects, and re-encrypts). Fairly simple to setup, fairly simple to manage. Though, it's not a cake-walk. But simplier than pfsense in most cases.

Link to post
Share on other sites

Drashna, what has your experience been with active HTTPS inspection in the latest version? I've disabled that feature since it was interfering with my Cisco Anyconnect VPN client connectivity. Would like to take advantage of it given higher power hardware in my Sophos box. Just curious what your experience has been.

Link to post
Share on other sites
Drashna Jaelre

Drashna, how would you compare it to Untangle?

Depends on what you mean here, and what you need.

 

IIRC, it does most, if not all the same stuff. 

TBH, the best option is to try it yourself. Sophos is "VM ready", so it should work on ESX or HyperV without doing anything (I mean other than installing). So testing should be dead simple.

 

Drashna, what has your experience been with active HTTPS inspection in the latest version? I've disabled that feature since it was interfering with my Cisco Anyconnect VPN client connectivity. Would like to take advantage of it given higher power hardware in my Sophos box. Just curious what your experience has been.

 

It takes a "bit" to reign in everything with HTTPS inspection/web protection. 

Also, are you using the "inspect URL" or the "decrypt and scan" option. The inspect option is much simpler, and should be plenty for home use.  The decrypt is much more "invasive" and may case problems with programs, unless the proper exclusions have been set up.

 

I have .... a huge list of exclusions, not counting the default ones for it. Just to make sure everything works.

 

Also, on the profile options section, the last tab ("Misc" I think), you can completely exclude URLs and hosts. 

Link to post
Share on other sites
revengineer

In trying to explore the benefits of pfSense, I just spent a few frustrating hours with this software. Yes there is definitely potential, but if you need anything beyond the preinstalled packages, be prepared for an adventure.I tried to get essential packages like HAVP and Dansguardian to run, with only limited success. I had to do a lot of command line magic to get HAVP to work at all, but trying to start over in a second VM I cannot recreate how I got this to work in the first VM. Dansguardian blacklist update is a nightmare. Apparently one needs to replace the update script, but the latest version provided does not work either. 

 

Before you go down a frustrating path and possibly wreck this perfectly nice weekend, I would like to remind people of SMOOTHWALL EXPRESS, which is completely free and has lots of frustration free packages. I have used this for close to 10 years now and it works great. As frustrating as the past few hours have been, it is gratifying to see I made a good choice many years ago.

 

Out of curiosity I will give Sophos a shot next. Because of the 50 devices limit I am unlikely to run this in production though.

Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×
×
  • Create New...