using wildcards is really bad security practice. and at age of ACME absolutely unnecessary.
TheHolm
joined 2 years ago
No HA. Classic HA is evil, shared control plane is good way to loose both FWs. Need redundancy use 2 independent FW + routing protocols. Losing session states during fail-over is not a big problem these days. I did in-place upgrades, but I'm running LTS and not yet done any major version upgrades. So far no problems.
Sorry, what do yo want to know? IT just a linux based router pretended to be a juniper FW. NAT/IPv6/PPPoE/VRFs are working as expected.
Look to FIIO. They have million models for all budgets. I'm using E10K for last 5? years. Best 100$ I ever spent. I would add physical volume knob on it is extremely convenient. Love it.
Can you promise a near 100% uptime? Otherwise, some email might not reach you. Just lol. Mail get queued just fine by everyone. If you really concern , setup second MX.
VyOS: Debian based router + firewall. Linux makes it easier for people to pick up the CLI but I’ve heard complaints about it being difficult to follow. Currently CLI only, at least without third-party solutions, but is powerful and competes directly with OPNsense for features for the most part. Seems to be just as stable. my mistake, FOSS version is not LTS but a rolling release and needs to be compiled.
Very misleading statement. Both rolling and LTS are FOSS, they just do not provide LTS binaries for free. Want LTS? build it yourself , all tools and guides(bit outdated) is out there. It will took 30 min you your time to setup.
Stable is not "pay only" . Just build it yourself, all tools are available. it will take 30 minutes of your time if you have docker environment ready.
Are you running it natively as "jail" ?
Nothing can beat bhyve for PFSence.
If you still use HTTP for cert verification on ACME, you are doing it wrong. Use DNS-01 only, there is no need to allow any inbound traffic to your servers. and HTTP will not give you wildcard anyway.