pfSense Gold Subscription

Author Topic: was wondering if pfsense might ever...  (Read 2349 times)

0 Members and 1 Guest are viewing this topic.

Offline Sharaz

  • Jr. Member
  • **
  • Posts: 49
    • View Profile
was wondering if pfsense might ever...
« on: April 11, 2007, 07:16:13 am »
i was thinking about the outward differences between the checkpoint firewalls we use in our enterprise at my job, and pfsense.  from my intermediate eye, the list if quite a short one.  honestly, i *do* see scott getting to his goal of a producing a product that can compete with the big boys.  definatly more than "well on your way" scott...  kudos to you!

as i was pondering the differences, i was wondering what it would take to create an admin panel, that could control multiple pfsense boxes at one time.  for instance, when we make a change to "the checkpoints" at work, a firewall rule can be applied to 1 or more (selectable which ones), and then they all update and restart their rules.  wouldnt that be awesome to be able to control multiple pfsnense boxes in the same way?
Jonathan

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5111
    • View Profile
    • pfSense
Re: was wondering if pfsense might ever...
« Reply #1 on: April 11, 2007, 02:00:09 pm »
This already works when you have a carp cluster and sync the configuration.

Multiple slaves can be added and it will automatically sync host a -> host b -> host c, etc.

Offline Sharaz

  • Jr. Member
  • **
  • Posts: 49
    • View Profile
Re: was wondering if pfsense might ever...
« Reply #2 on: April 11, 2007, 08:48:23 pm »
what about individual firewalls, say at different sites?  say i had 10 cities each with an office in my company, and i needed to add a rule for each pfsense box.  possibly, vpns between each allowing each office to connect to another (you know, your typical WAN setup).

supposing, i had a locked down outbound policy at each site, but i wanted to open port 22 outbound on each of the 10 pfsens boxes.  would carp still be the tool to use to open port 22 all at once on each one?

i wish i had programming skills.  sometimes i get ideas in my head that i wish a computer to do, but i have no way of expressing myself in the form of code :)
Jonathan

Offline sdale

  • Sr. Member
  • ****
  • Posts: 377
    • View Profile
    • pfSense
Re: was wondering if pfsense might ever...
« Reply #3 on: April 11, 2007, 09:06:33 pm »
What you are looking for is a management system capable of monitoring and administering multiple pfSense boxes at different locations?

Offline Sharaz

  • Jr. Member
  • **
  • Posts: 49
    • View Profile
Re: was wondering if pfsense might ever...
« Reply #4 on: April 14, 2007, 10:29:04 am »
yes, i think something like that would be an truly valuable add-on.
Jonathan

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: was wondering if pfsense might ever...
« Reply #5 on: April 14, 2007, 03:17:52 pm »
This would be an addon project. pfSense already offers remote control capabilities due to the clustersynccode.

Offline Sharaz

  • Jr. Member
  • **
  • Posts: 49
    • View Profile
Re: was wondering if pfsense might ever...
« Reply #6 on: April 15, 2007, 09:08:06 am »
This would be an addon project. pfSense already offers remote control capabilities due to the clustersynccode.

hoba, does this feature still work when the pfsense boxes are located at opposite ends of a vpn tunnel?
Jonathan

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: was wondering if pfsense might ever...
« Reply #7 on: April 15, 2007, 02:05:17 pm »
Yes, it would. It happens on layer3 and is completely routable therefore.

Offline Juve

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 914
  • --=(BSD)=--
    • View Profile
Re: was wondering if pfsense might ever...
« Reply #8 on: April 16, 2007, 02:05:45 am »
I started working on that type of addon few month ago, it is not yet "usable" but I hope I will finish it asap and release it to our great pfsense community. It's a windows service with a frontend GUI that stores all information about multiple boxes (securely stores password for automatic logons), makes full backup of every box everyday (with tunable history list), detects whether or not a node of a cluster has fail over (triggers mail alert). I would like to add some other features as well....like managing a whole box through the GUI (I'm looking at the xmlrpc interface instead of building my own HTTP requests and parsing the replies (that's what I do now for box backup for example)...). At the moment I have not enough time to go through it quickly...this may change soon.
;-)


Nothing else roxxx as pfsense do!

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: was wondering if pfsense might ever...
« Reply #9 on: April 16, 2007, 03:32:23 am »
I started working on that type of addon few month ago, it is not yet "usable" but I hope I will finish it asap and release it to our great pfsense community. It's a windows service with a frontend GUI that stores all information about multiple boxes (securely stores password for automatic logons), makes full backup of every box everyday (with tunable history list), detects whether or not a node of a cluster has fail over (triggers mail alert). I would like to add some other features as well....like managing a whole box through the GUI (I'm looking at the xmlrpc interface instead of building my own HTTP requests and parsing the replies (that's what I do now for box backup for example)...). At the moment I have not enough time to go through it quickly...this may change soon.
;-)


Nothing else roxxx as pfsense do!

Nice! Can't wait to see this  ;D