I’m not married to the idea of using any product over another. It’s not the branding, how nice it looks or how much it costs (although those things may have an impact) that sways me one way or another. It’s the use of technology. It’s the principle and philosophy of the project that backs the product. In the case of pfSense, it’s a community of security specialists and systems engineers that discuss, argue, implement and test their contributions. If a contribution ultimately makes the product better while remaining true to the scope, it makes it to the final cut. If not, it’s discarded making way for a better solution.
I’ve just described the opensource philosophy.
A friend of mine said years ago “If you understand the technology, the product shouldn’t matter.” and i still believe that to be true. At least, it “should” be true. I don’t know that a firewall product is standards compliant, i only know that it should be. Take IPSec, a wide standard with lots of interpretations that not all vendors implement the same way. Let’s face it, it’s usually the implementation of security standards like IPSec that introduce the security vulnerabilities, not the technology. But if my friend’s statement is true, i should be able to take any firewall appliance and configure it to achieve the results I need. I should be able to configure an IPSec VPN between two different products and expect it to work. It mostly does but sometimes not. Sometimes the product even says that the same firewall products needs to be at both ends. I won’t name names here. It would seem my friend was both right and wrong.
pfSense is essentially the result of one of the most secure operating systems, combined with all the basic features of a firewall “out of the box”, the ability to install add-on’s to expand it’s functions, and a nice user interface (GUI and CLI). There’s more. The same software is installed on all product models, no feature limitations dictated by costs or any other factor, and finally it’s all opensource.
If another product came along that was superior in all of most of these (above) aspects of a firewall appliance, i would probably lean that way. There is one other factor that would potentially keep me with a product that i’m already knowledgeable with, and that’s exactly that – i’m already knowledgeable with it. I often hear that statement that “Linux is more secure than Windows” but what if the person who configure the Windows box was an expert and the Linux guru wasn’t. What then? Is Linux still more secure? Being familiar with a product that is, in ever way, an excellent solution is a valid reason to use it even when there is something better that one hasn’t yet learnt.
