16
General Discussion / OPNsense's Strategy/Vision: Lean firewall vs feature rich Unified Threat Mngmt.?
« on: March 23, 2016, 10:54:22 am »
Hi AdSchellevis!
I read the discussion in the link that you provided (thank you!) and have a general question about OPNsense.
Prior changing to pfSense, I was using Endian UTM (http://www.endian.com/). The "UTM" stands for "Unified Threat Management" and it means that Endian tries to include all sorts of threat fighting tools. They say of themselves: "The Endian UTM appliance provides total network security including web and email filtering, VPN, intrusion prevention, bandwidth management and much more."
Then, I changed to pfSense (for the reasons that I did not agree with Endian's understanding of "community" & "open source" (they turned it to "open core") and because I needed more than 4 network zones, which Endian does not support) and I had to learn, that pfSense did not support many of those features, since their opinion was, that most of those "threat management" tools have no place on a firewall but should be handled by dedicated servers AFTER the firewall, e.g. scanning email. So with other words: pfSense lacked some features that I got to love on Endian due to another strategic approach that pfSense had.
So, now I read the thread of the link that you provided and realized that you plan to a) integrate HTTPS proxy and b) are not planning yet - but seem not to be opposed at all - to integrate other features such as virus scanning of webtraffic, email, FTP, etc.
So my question is: What is the strategic stance of OPNsense? Is your vision to turn OPNsense to such a "Unified Threat Management" box, as Endian does, or will you rather stick to the "lean" approach of pfSense and keep everything out of OPNsense that is not 100% firewall/gateway related?
Speaking for me, I would love seeing those advanced firewall/gateway related security features integrated into OPNsense, as Endian does, but I would not like to see any features to be integrated that go beyond this gateway-security scope and that turn the firewall into a general network server with all sorts of network services on it as e.g. Samba file server, FTP server, BitTorrent, etc., as some other projects do, e.g. Clear OS, etc.
Thank you for your time!
Cheers
temporaryuser
https://github.com/opnsense/core/issues/460
I read the discussion in the link that you provided (thank you!) and have a general question about OPNsense.
Prior changing to pfSense, I was using Endian UTM (http://www.endian.com/). The "UTM" stands for "Unified Threat Management" and it means that Endian tries to include all sorts of threat fighting tools. They say of themselves: "The Endian UTM appliance provides total network security including web and email filtering, VPN, intrusion prevention, bandwidth management and much more."
Then, I changed to pfSense (for the reasons that I did not agree with Endian's understanding of "community" & "open source" (they turned it to "open core") and because I needed more than 4 network zones, which Endian does not support) and I had to learn, that pfSense did not support many of those features, since their opinion was, that most of those "threat management" tools have no place on a firewall but should be handled by dedicated servers AFTER the firewall, e.g. scanning email. So with other words: pfSense lacked some features that I got to love on Endian due to another strategic approach that pfSense had.
So, now I read the thread of the link that you provided and realized that you plan to a) integrate HTTPS proxy and b) are not planning yet - but seem not to be opposed at all - to integrate other features such as virus scanning of webtraffic, email, FTP, etc.
So my question is: What is the strategic stance of OPNsense? Is your vision to turn OPNsense to such a "Unified Threat Management" box, as Endian does, or will you rather stick to the "lean" approach of pfSense and keep everything out of OPNsense that is not 100% firewall/gateway related?
Speaking for me, I would love seeing those advanced firewall/gateway related security features integrated into OPNsense, as Endian does, but I would not like to see any features to be integrated that go beyond this gateway-security scope and that turn the firewall into a general network server with all sorts of network services on it as e.g. Samba file server, FTP server, BitTorrent, etc., as some other projects do, e.g. Clear OS, etc.
Thank you for your time!
Cheers
temporaryuser