Personally I went back to m0n0wall because I had too much difficulty with the traffic shaper and the queue graphs in pfSense. I have never been able to find adequate documentation about the dual target in/out that gets created and it's real ramifications. Also, having two internal interfaces it doesn't handle the Status/Queues very well and duplicates them for both interfaces and also appears extremely slow/not responsive which doesn't provide a great comfort level.
I have tried this on Wrap & on PC class boxen but it's still too slow from a management/admin standpoint. I agree that PIX is not customer friendly. At one of my customer sites their (reasonably) experienced admin has had some challenges with them. If anyone has some better explanations regarding the dual target rules in pfSense, please pass it on as otherwise I tend to like it. - dbc. -----Original Message----- From: Leif Madsen [mailto:[EMAIL PROTECTED] Sent: January-29-08 11:04 AM To: [email protected] Subject: Re: [on-asterisk] Survey: what are people's experience with various routers? On Jan 29, 2008 8:31 AM, Jim Van Meggelen <[EMAIL PROTECTED]> wrote: > Lately it seems that the GNU/Linux firewall, iptables, is emerging as one of > the best. Even many hardware products are based on it. > > If cost were no object, and you needed to buy a firewall (that of course had > to do a good job with VoIP), what would be on your wish list? What would you > avoid like a plague? (ask Leif about SonicWall) > > Any thoughts and opinions are most welcome. Oh don't get me started on Sonicwalls! (Seriously though... has anyone else had the nightmarish problems of Sonicwall w/ VoIP, or is it just my inability to configure the bloody thing correctly?) A couple people mentioned pfSense, and I was running at home for quite some time with good success. I've since switched out to DD-WRT on a Linksys WRT54GL because I needed to setup a VPN connection that I could route all my phones through (not just a single device) and it has worked marvelously for that. Some people might be concerned about running an appliance with pfSense and not having "someone to blame" though. We're all professionals here and don't seem to really have that problem, but I'm curious what kinds of commercial solutions you might use if you needed to recommend a firewall to a customer who then had to manage it themselves? Having pfSense interface to manage yourself is fine, but if something goes really wrong... well... there isn't anyone to blame but the consultant who recommended it :) For commercial, a lot of people seem to use Cisco's PIX for firewalls, but that is probably on the opposite end of being customer manageable (unless they've developed some web interface for it since I last used one). At least those are my thoughts on the matter. -- Leif Madsen. http://www.leifmadsen.com http://www.oreilly.com/catalog/asterisk --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
