sub $500-750 CPE firewall for voip-centric application

g at 1337.io g at 1337.io
Fri May 6 00:18:20 UTC 2016


If you are considering pfSense, I would urge you to look at OPNsense 
instead. The pfSense code is horrible!

On 5/5/16 11:11 AM, amuse wrote:
> What PFSense currently lacks in brand name recognition, they can make up
> with by the fact that they offer paid support at very affordable levels.
>
> I'd go with https://store.pfsense.org/SG-2440/ ($499 each) and a quote for
> professional services  (
> https://store.pfsense.org/Professional-Services.aspx ) to back that up.
>
> On Thu, May 5, 2016 at 10:53 AM, Ken Chase <math at sizone.org> wrote:
>
>> Looking around at different SMB firewalls to standardize on so we can start
>> training up our level 2/3 techs instead of dealing with a mess of
>> different vendors
>> at cust premises.
>>
>> I've run into a few firewalls that were not sip or 323 friendly however,
>> wondering
>> what your experiences are. Need something cheap enough (certainly <$1k,
>> <$500-750 better)
>> that we are comfortable telling endpoints to toss current gear/buy
>> additional gear.
>>
>> Basic firewalling of course is covered, but also need port range forwarding
>> (not available until later ASA versions for eg was an issue), QoS
>> (port/flow
>> based as well as possibly actually talking some real QoS protocols) and VPN
>> capabilities (not sure if many do without #seats licensing schemes which
>> get
>> irritating to clients).
>>
>> We'd like a bit of diagnostic capability (say tcpdump or the like, via
>> shell
>> preferred) - I realize a PFsense unit would be great, but might not have
>> enough brand name recognition to make the master client happy plopping
>> down as
>> a CPE at end client sites. (I know, "there's only one brand, Cisco."
>> ASA5506x is a
>> bit $$ and licensing acrobatics get irritating for end customers.)
>>
>> /kc
>> --
>> Ken Chase - Guelph Canada
>>



More information about the NANOG mailing list