First post, so be gentle
I am investigating a firewall solution that would enable me to have a large number of interfaces / VLANs behind a firewall. My current go-to solution is pFSense, however due to some limitations of how the pfsense was written the system is mostly unable to deal with more than 128 interfaces. Configuring more results in high CPU load and weird problems with services.
I have checked with their support and they acknowledge the issues, however they currently don't have plans to fix it, even tough they market it as "supporting high number of interfaces(thousands)".
I'm using Ruckus kit for WiFi, which relies on Dynamic-PSK(Cisco has a different abbreviation for the same technology). This results in a VLAN for each user. Changing the network design is not really an option.
Some requirements:
- DNS / DHCP v4/6 / NTP
- IPSec capability
- NAT for IPv4
- IPv6 capable
- Working in either Active/Passive or Active/Active mode
- GU (preferably)
Things I am considering:
- Pure FreeBSD
- Linux with keepalived (No states synchronization)
- Some Cisco devices
- Some Brocade device
I'll be testing the first two options in my lab, however I am somewhat clueless about which part of the portfolio of the two companies I can target.
Suggestions are appreciated.
I am investigating a firewall solution that would enable me to have a large number of interfaces / VLANs behind a firewall. My current go-to solution is pFSense, however due to some limitations of how the pfsense was written the system is mostly unable to deal with more than 128 interfaces. Configuring more results in high CPU load and weird problems with services.
I have checked with their support and they acknowledge the issues, however they currently don't have plans to fix it, even tough they market it as "supporting high number of interfaces(thousands)".
I'm using Ruckus kit for WiFi, which relies on Dynamic-PSK(Cisco has a different abbreviation for the same technology). This results in a VLAN for each user. Changing the network design is not really an option.
Some requirements:
- DNS / DHCP v4/6 / NTP
- IPSec capability
- NAT for IPv4
- IPv6 capable
- Working in either Active/Passive or Active/Active mode
- GU (preferably)
Things I am considering:
- Pure FreeBSD
- Linux with keepalived (No states synchronization)
- Some Cisco devices
- Some Brocade device
I'll be testing the first two options in my lab, however I am somewhat clueless about which part of the portfolio of the two companies I can target.
Suggestions are appreciated.