I'm a big fan of pfSense myself ... but in the feature set that CH was
describing, he mentioned port security, which I took to mean NAC,
which pfSense isn't currently doing (other than its captive portal
functionality).
Other folks talking about NAC here (including Josh the SpitwSpots guy;
is he on this list?) touch briefly on NAC (via PacketFence) on
Ubiquiti gear, but it doesn't say if it worked out or not:
But firewalls are usually a different use case from NAC, and in a
different part of the network topology.
Royce
On Thu, Jun 26, 2014 at 3:17 PM, JP <jp@jptechnical.com> wrote:
> +1 pfSense, I have used it and it's predecessor m0n0wall for over a decade!
>
> JP
> 748-2200 talk/text
>
> On 2014-06-26 3:12 AM, "Scott A. Johnson" <scott.a.johnson@gmail.com> wrote:
>>
>> Funny.... I left Vyatta for pfSense and I love it. Vyatta was great and
>> powerful, but there were a few things I was trying to do with source based
>> routing that I found pfSense more refined.
>>
>> Christopher - I bought some hardware from these guys, which came loaded
>> with pfSense.
>> http://www.logicsupply.com/computers/solutions/firewall-networking/
>>
>> Scott
>>
>>
>> On Tue, Jun 24, 2014 at 9:22 PM, Royce Williams <royce@tycho.org> wrote:
>>>
>>> On Tue, Jun 24, 2014 at 8:55 PM, Christopher Howard
>>> <christopher.howard@frigidcode.com> wrote:
>>> > On Tue, 24 Jun 2014 18:49:04 -0800
>>> > William McKinney <wdmckinney@me.com> wrote:
>>> >
>>> >> Mikrotik has been around for a long time, and is quite proprietary.
>>> >>
>>> >> a.
>>> >>
>>> >> http://askubuntu.com/questions/376717/how-to-set-up-a-linux-server-as-a-router
>>> >> b. http://www.lartc.org/ c.http://www.zeroshell.org/
>>> >> d. https://openwrt.org
>>> >> e. http://www.freesco.org/
>>> >
>>> > Forgive me a touch of frustration... it is all nice and wonderful to
>>> > be able to throw out a list of several of the dozen or two Linux
>>> > router distros out there... but it would be more helpful if we could
>>> > point to one or two of them that actually sold ready to go hardware,
>>> > with software pre-installed, and transceiver modules ready to be
>>> > plugged in, to meet your middle-sized business or enterprise needs.
>>> >
>>> > Say, I find out I am going to need 12 VLANs, with fiber trunks, and
>>> > router-on-stick, and OSPF, and radius authentication, and ACLs, and
>>> > port security, and config sharing, and neighbor discovery, etc.,
>>> > etc... Personally, I'd like to be able to look at Web page that lists
>>> > all the specs of the hardware, the prices, along with reassurances
>>> > that the software is preinstalled, with all necessary drivers
>>> > functioning, and the system has a straightforward and reasonably easy
>>> > to master interface.
>>>
>>> As much as I hate to say it ... if you need this level of
>>> functionality, performance, ease-of-use, and hardware support ... then
>>> I think that you're either better off going commercial, or you're
>>> going to have to tinker at least a little bit.
>>>
>>> Commercial doesn't have to be super-expensive. You might want to
>>> check out the Ubiquiti stuff:
>>>
>>> http://www.ubnt.com/edgemax
>>>
>>> They run a fork of Vyatta, and there appears to be some
>>> cross-pollination among the projects:
>>>
>>> http://dotbalm.org/leaving-pfsense-for-vyos/
>>>
>>> On the tinkering side, some of the stuff I know of (like pfSense) does
>>> a lot of what you list above, but not all of it out of the box -
>>> especially when you start looking for port security and neighbor
>>> discovery. Concerns from the dotbalm.org guy about pfSense hardware
>>> performance (because PF wasn't multi-threaded) will be addressed in
>>> the next major release of pfSense.
>>>
>>> > For a guy who is in the process of getting into the Net Tech field, it
>>> > seems like we are really falling short in this area. If I'm wrong, I'd
>>> > be glad to learn more about what's out there...
>>> >
>>> > (Somebody else mentioned VyOS... Again, if you can point me to the
>>> > vendor site with hardware specs and prices, I'd be grateful.)
>>>
>>>
>>> http://www.ubnt.com/edgemax#EdgeMAXhardware
>>>
>>> VyOS is intended for people who want to build their own routers. They
>>> could really use a 'supported hardware' wiki page or FAQ entry, but
>>> these appear to be lacking. But the Ubiquiti stuff above looks good.
>>>
>>> NB: I have no direct experience with any of the above other than
>>> pfSense. I just did a few minutes of GTFY. ;-)
>>>
>>> Royce
>>> ---------
>>> To unsubscribe, send email to <aklug-request@aklug.org>
>>> with 'unsubscribe' in the message body.
>>>
>>
>>
>>
>> --
>> Scott A. Johnson
>> scott.a.johnson@gmail.com
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Jun 26 18:57:07 2014
This archive was generated by hypermail 2.1.8 : Thu Jun 26 2014 - 18:57:07 AKDT