1
General Discussion / Thinking of making a change...
« on: November 02, 2022, 07:37:40 pm »
Hi, I'm new here. I am a technical director for an MSP and Cloud Host in Pennsylvania, US. I built my own cloud in carrier-neutral datacenters on my own vmware servers, running zfs backend storage. I usually host Windows Terminal Servers for legacy applications that are not web-based. Mostly legal, accounting and EMR/EHR. I do some cloud hosted CAD with VDI.
I currently have over 100 virtual firewalls and another few hundred physical firewalls from the alternate m0n0wall fork. I have grown tired of them. In my opinion, the company that sells the hardware and owns the project to be a bit abrasive in both words and actions and a bit slow to release. I've spoken to both Jims on the phone over the years. Then there was an issue with a very buggy and year too late release that lacked its most major feature upgrades that were promised for a while. Even recently, their "fall release" is now delayed, again.
Realistically, I liked the project and the capabilities were unmatched. I always told people I could make the firewall turn on your espresso machine if I felt like it.
I tried OPNsense, once for a day or two as a VM in VirtualBox on Ubuntu at least more than 5 years ago, and I didn't take the plunge to change. However, I would like to start the new year shedding old dead weight. I feel like I am being held back.
I have done some unusual configs, like a super firewall with like 50 vlans and over 200 OpenVPN users all going to different vlans plus another 50 ipsec tunnels. I even do things like have an OpenVPN to one firewall that can also route to another firewall via ipsec and reach many different vlans on the other side. I use pfBlockerNG devel (another pain point), but I don't really use Snort/Suricata (too aggressive and too much to troubleshoot and set-up). I used to use that 3rd party central management solution for my firewalls, but new releases kept breaking it. And recently updates have been bricking firewalls where I no longer can update a firewall without being onsite with a replacement.
I have a newer protectli vault box kicking around, I may test at my home (which has 5 vlans). I am interested though, if any MSPs here that have run something similar, especially on the cloud level wanted to share experiences using OPN. I am also looking for some advice on apples to apples when doing configs, I'm assuming I can't just import the other guy's config into OPNSense.
I currently have over 100 virtual firewalls and another few hundred physical firewalls from the alternate m0n0wall fork. I have grown tired of them. In my opinion, the company that sells the hardware and owns the project to be a bit abrasive in both words and actions and a bit slow to release. I've spoken to both Jims on the phone over the years. Then there was an issue with a very buggy and year too late release that lacked its most major feature upgrades that were promised for a while. Even recently, their "fall release" is now delayed, again.
Realistically, I liked the project and the capabilities were unmatched. I always told people I could make the firewall turn on your espresso machine if I felt like it.
I tried OPNsense, once for a day or two as a VM in VirtualBox on Ubuntu at least more than 5 years ago, and I didn't take the plunge to change. However, I would like to start the new year shedding old dead weight. I feel like I am being held back.
I have done some unusual configs, like a super firewall with like 50 vlans and over 200 OpenVPN users all going to different vlans plus another 50 ipsec tunnels. I even do things like have an OpenVPN to one firewall that can also route to another firewall via ipsec and reach many different vlans on the other side. I use pfBlockerNG devel (another pain point), but I don't really use Snort/Suricata (too aggressive and too much to troubleshoot and set-up). I used to use that 3rd party central management solution for my firewalls, but new releases kept breaking it. And recently updates have been bricking firewalls where I no longer can update a firewall without being onsite with a replacement.
I have a newer protectli vault box kicking around, I may test at my home (which has 5 vlans). I am interested though, if any MSPs here that have run something similar, especially on the cloud level wanted to share experiences using OPN. I am also looking for some advice on apples to apples when doing configs, I'm assuming I can't just import the other guy's config into OPNSense.