If you are considering pfSense, I would urge you to look at OPNsense instead. The pfSense code is horrible! On 5/5/16 11:11 AM, amuse wrote:
What PFSense currently lacks in brand name recognition, they can make up with by the fact that they offer paid support at very affordable levels.
I'd go with https://store.pfsense.org/SG-2440/ ($499 each) and a quote for professional services ( https://store.pfsense.org/Professional-Services.aspx ) to back that up.
On Thu, May 5, 2016 at 10:53 AM, Ken Chase <math@sizone.org> wrote:
Looking around at different SMB firewalls to standardize on so we can start training up our level 2/3 techs instead of dealing with a mess of different vendors at cust premises.
I've run into a few firewalls that were not sip or 323 friendly however, wondering what your experiences are. Need something cheap enough (certainly <$1k, <$500-750 better) that we are comfortable telling endpoints to toss current gear/buy additional gear.
Basic firewalling of course is covered, but also need port range forwarding (not available until later ASA versions for eg was an issue), QoS (port/flow based as well as possibly actually talking some real QoS protocols) and VPN capabilities (not sure if many do without #seats licensing schemes which get irritating to clients).
We'd like a bit of diagnostic capability (say tcpdump or the like, via shell preferred) - I realize a PFsense unit would be great, but might not have enough brand name recognition to make the master client happy plopping down as a CPE at end client sites. (I know, "there's only one brand, Cisco." ASA5506x is a bit $$ and licensing acrobatics get irritating for end customers.)
/kc -- Ken Chase - Guelph Canada