Firewalls - Ease of Use and Maintenance?

Seth Mos seth.mos at
Wed Nov 9 02:13:30 CST 2011

On 9-11-2011 0:06, Jones, Barry wrote:
> Hello all.
> I am potentially looking at firewall products and wanted suggestions as to the easiest firewalls to install, configure and maintain? I have a few small networks ( 50 nodes at one site, 50 odd at another, and maybe 20 at another. I have worked with Cisco Pix, ASA, Netscreen, and Checkpoint (Nokia), and each have strong and not as strong features for ease of use. Like everyone, I'm resource challenged and need an easy solution to stand up and operate.

I am biased because I am a pfSense developer.

pfSense is a free open source FreeBSD based firewall with the pf packet

It supports various features and installable packages that might fill
your needs. Commercial support is also available.

One of the reasons I use it at work is because it is by far the cheapest
solution to gigabit redundant (Active/Passive) firewalls. It runs on x86
machines from the low end Alix 2D3 to something like a dual
core Intel Atom for or the higher end on a "normal" server.

It is administered entirely via the webUI, saves the config in a XML
file you can backup and then restore on pretty much any other hardware
you have around should it need to be replaced.

The (readable) XML file was also really easy to provision things like
hundreds of VPN tunnels instead of clicking through the UI.

The PHP command interface allows you to perform scripting operations on
the XML as well which comes in handy on mass mutations.

Kind regards,


More information about the NANOG mailing list