[pfSense] pf versus Juniper

Discussion:

Mehma Sarja

2012-04-24 03:48:35 UTC

I don't mean to start a comparison war here. However, we are a *BSD shop
looking to offer security services. The support part of the company has
lots of FreeBSD experience and not surprisingly, Juniper firewalls.

My question is how similar and different are the two as far as features
and performance goes? Any experiences?

Mehma

Glenn Kelley

2012-04-24 03:53:37 UTC

Permalink

Depending upon what calls of Juniper - the main difference IMHO is cost.
Are you talking gigabits of transfer ? or ?

I hate answering a question with a question - but knowing your usage
scenario - would help us answer the question much easier.

Both offer Intrusion Detection / Prevention.
Both will act as a high performance integrated gateway - we use PFSense
in our datacenter and have many running as a virtual solution for
clients as a firewall. - Simply put - blows the competition away at a
cost of $0.00

Both offer remote network access via VPN -

Hope that helps

April 23, 2012 11:48 PM
I don't mean to start a comparison war here. However, we are a *BSD
shop looking to offer security services. The support part of the
company has lots of FreeBSD experience and not surprisingly, Juniper
firewalls.
My question is how similar and different are the two as far as
features and performance goes? Any experiences?
Mehma
_______________________________________________
List mailing list
http://lists.pfsense.org/mailman/listinfo/list

Adam Thompson

2012-04-24 05:05:11 UTC

Permalink

You can't really compare them directly. Sure, on paper there are a lot of common points, but the approach is so radically different, a comparison point-by-point would merely be misleading.

If I had to draw analogies, I'd say pfSense is roughly as capable as a bare J2320 on equivalent hardware (Celeron 2.0GHz, 1GB RAM).
As soon as you move up the product family, you have to take into account the ASICs in any commercial networking device, which pfSense lacks.
So in terms of scalability, any software-only solution will always fall short compared to h/w accelerated gear.

Functionality-wise, pfSense probably has the edge. On the other hand, you can do almost anything if you buy the Juniper SDK.

This is kind of like comparing a hovercraft to a helicopter - they can both be armed, military organizations use both of them, they both have engines and fans... And they get used for different things.

-Adam

Post by Mehma Sarja
I don't mean to start a comparison war here. However, we are a *BSD shop
looking to offer security services. The support part of the company has
lots of FreeBSD experience and not surprisingly, Juniper firewalls.
My question is how similar and different are the two as far as features
and performance goes? Any experiences?
Mehma
_______________________________________________
List mailing list
http://lists.pfsense.org/mail

Victor Pasten

2012-04-24 11:05:08 UTC

Permalink

Post by Adam Thompson
You can't really compare them directly. Sure, on paper there are a
lot of common points, but the approach is so radically different, a
comparison point-by-point would merely be misleading.
If I had to draw analogies, I'd say pfSense is roughly as capable as a
bare J2320 on equivalent hardware (Celeron 2.0GHz, 1GB RAM).
As soon as you move up the product family, you have to take into
account the ASICs in any commercial networking device, which pfSense
lacks.
So in terms of scalability, any software-only solution will always
fall short compared to h/w accelerated gear.
Functionality-wise, pfSense probably has the edge. On the other hand,
you can do almost anything if you buy the Juniper SDK.
This is kind of like comparing a hovercraft to a helicopter - they can
both be armed, military organizations use both of them, they both have
engines and fans... And they get used for different things.
-Adam

Post by Mehma Sarja
I don't mean to start a comparison war here. However, we are a *BSD

shop

Post by Mehma Sarja
looking to offer security services. The support part of the company

has

Post by Mehma Sarja
lots of FreeBSD experience and not surprisingly, Juniper firewalls.
My question is how similar and different are the two as far as

features

Post by Mehma Sarja
and performance goes? Any experiences?
Mehma

Hi guys, i have had experience working with OpenBSD, PFsense and Juniper. In summary, can I say, that the main strength of Juniper firewall it's her powerful hardware (ASIC), I think that into commercial solutions, Juniper it's one of most Flexible and robust; obviously the capacity of a BSD/pFsense firewall is limited by hardware used (cpu, memory, etc.) and necessary tunings.

An interesting feature of Juniper it's NSRP (HA/Redundancy), but more specifically the tracking feature, that permit tracking by IP or link interface, in PfSense I have used CARP but I haven't see "how to" track by IP (or I dont know); although, obviously always exists the option "make your self" (by script+unix_tools)

Now, the debug tools in bsd/pfsense are far better, tcpdump it's a very easy and flexible tool, compared to "GET DEBUG", a little bit tricky and limited (imho).

Finally, the big difference it's into the economic aspect. An equipment like Juniper ISG 2000 - http://www.juniper.net/us/en/products-services/security/isg-series/isg2000/ - reaches a value of Us$60.000.-

vs an dell server, with the necessary network interfaces (fiber, gbe, etc) about us$10.000/15.000 (max)

hopefully I serve you...

Regards.
Victor Pasten
Stgo. CL