Start with cost. There is no cost per seat with pfsense. You don't
have the up front cost of an expensive PIX or other Cisco Security
product plus the license fees. You don't pay extra for extra features
either.
It will run quite nicely on a dual core atom based supermicro server
from New Egg at about $350.00 bootable from a USB key vs having to pay
gobs of money for RAM for a Cisco router if you're running lots of VPN
tunnels.
Ease of configuration. You still SSH in and get a command line if you
want, but the GUI works very well and is very fast. If you can redirect
users to an internal proxy server, if you wish.
Its BSD, its secure (except for VPN password storage in plain text in
the XML config file). You can edit the config file by hand and upload
it if you wish.
It has lots of nice features such as auto failover (CARP), etc. Tons of
plugins available for the download. It even handles SIP proxy, etc.
Its a very nice solution without all the added cost that you'd have to
purchase from Cisco. You can get paid support if you need it. There's
a large community of security conscious developers working on it so it
has a lot of code review. Its very stable and has a small footprint.
The one I use the most has been up for 114 days and was only down
because the power company's last outage lasted longer than the battery.
One of the last required updates I saw was due to an instability that
occured when there were more than x thousand tunnels running sinultaneously.
It supports VPN standards and standard clients rather than requiring
CIisco's proprietary client.
Hope this helps a little,
Curtis
Ron García-Vidal wrote:
I realize this is a support forum, so if there is a better place to
post this, I will take it there.
So, I'm trying to get a pfsense box in the shop because I've enjoyed
working with it on my own setup. The boss is fairly open-minded and
open to a healthy discussion on the topic, but in the end, he wants to
know why this would be preferable to a Cisco solution.
Since I've never worked extensively with Cisco, can someone give me a
few salient points to throw at him. I already used the cost argument,
he wants more.
Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org