We currently run pfSense with no problems, however we are looking at TMG as it is included in our partner subscription to MS and allows Windows 7 DirectConnect features to our domain for off-site users.
I have had a google, but there don't seem to be any comparisons of TMG to pfSense.
Anyone have experience/knowledge of this?
Our infrastructure is Windows Server 2008 R2 behind pfSense at the moment.
Best Answer
There's no comparison because they're really two totally seperate products that are aimed at two different markets. Kind of how you'll probably never see a comparison of a Ferrari 599 against a Bugatti Veryon. Both crazy fast expensive cars, but aimed at two different markets.
I've used both. In fact our internal office uses TMG, and our remote site uses PFSense, and it really comes down to what you're after in a firewall appliance and your ability to maintain.
I find PFSense a breeze to maintain. Setting up failover links, IPSec tunnels, VPNs, etc very very simple. All of this is much more complicated in TMG, but that's because TMG is very tightly integrated into your Active Directory environment.
TMG can also do host-based HTTP routing, whereas PFSense can't, so you can use one IP address across multiple internal web servers without needing a specific reverse proxy.
One of the best things about TMG is that you can effectively turn off just one person's internet access by disabling their AD account in the firewall. No need to set up any Squid authentication with RADIUS against your AD and then setting up ACLs.
I'd say the TMG is more difficult to learn then PFSense if you're starting from a blank plate.