"Sounds really compelling until you have to use it" - this statement cannot be overstated for Unifi gateways
@LAWRENCESYSTEMS3 жыл бұрын
Yeah, that is true for so many products but especially the UnFi routers.
@databeestje3 жыл бұрын
So I tried to configure a USG in 2019 to a comparable state to the Draytek Vigor 2862 routers we used in shops at the time. Things that didn't work as expected. - WAN Failover didn't work as expected, failback never happened - IPSec tunnel can only be connected to one WAN, no failover. - DynDNS tied to single WAN, no failover - Firewall rules through Controller were interesting - Remote Provisioning often killed the box - Didn't work properply with PPPoE for DSL - No support for 4G modem (not even Pro) - Raspberry Pi 4G Bridge on WAN2 worked, however, see point 1 At that point I just gave up on it. The unifi controller worked fine for the APs and the Switches with provisioning for ~80 sites. The USG just wasn't complete enough.
@DATApush3r3 жыл бұрын
I found the same to be true with TP-Link Omada. Makes sense considering it's almost a clone of the Unifi system.
@edwinkm20162 жыл бұрын
@@DATApush3r clone, or did they just stole the codebase? So they have the same technical dependencies (deprecated mongo), the same (lack of) features. And now you are telling me they have the same bugs?
@Noodles.FreeUkraine3 жыл бұрын
I'd really love to see a side-by-side comparison with pfSense and OPNsense, still can't figure out why people choose one over the other (company politics aside, I mean technical reasons).
@southseapirate13 жыл бұрын
This please! Came here hoping to exactly this.
@rpsmith3 жыл бұрын
I support both however I really don't like OPNsense's GUI. For me, pfSense's GUI is much easier to navigate. You could make the argument that OPNsense is more secure but the user interface killed it for me. So I think it all boils down to which one you like best. They are both great firewalls and you can't go wrong with either one! One side note: You will find way more online help for pfSense!
@MichaelSmith-fg8xh3 жыл бұрын
The UI: they have largely the same functionality, just categorised differently in the menus (I prefer PF mildly but I’m less error prone in opnsense). OS major release: Opnsense is generally more up to date. Perf: can sometimes be up to 10% different. Driver support: slight difference e.g. needing to add a few config lines to support chelsio cards. DHCP WAN: more configurable in opnsense (to the point I couldn’t get pf to do ipv6 with my old isp). Site/Ad blocking: DNS based in Opnsense, firewall based in pf but both can use the same block lists. This is just what I saw but I’d be curious to see comments on the different base OSs
@Noodles.FreeUkraine3 жыл бұрын
Thanks guys, really appreciate the feedback! 👍
@Totototo-nr8dh3 жыл бұрын
Easy, OPNsense is base on HardenedBSD. So the OS is basically more secure than all the others. More frequently updated. End of the story.
@fourtwanky3 жыл бұрын
Regarding reviewing OPNsense, I know you don't plan too, you say that all the time. But, I really wish you would anyways.
@LAWRENCESYSTEMS3 жыл бұрын
Firewall Comparison Chart docs.google.com/spreadsheets/d/e/2PACX-1vRRy9MWXbh7gZIrMVFjRPOIitAku91yfndZIHU73gsgtdaUOdnpcxsN2FF8Jt3OCRFB2opQQw22D7C_/pubhtml List of our pfsense tutorials lawrence.technology/pfsense/ Untangle Firewall Web Filtering & SSL Inspection kzbin.info/www/bejne/h16tgn2mpMydh6s Untangle Firewall Review kzbin.info/www/bejne/jYrLgJqHba-sj6s pfSense Plus 21.02 and pfSense CE 2.5.0 Features, Updates, and Changes kzbin.info/www/bejne/e2GuiZRveaqtbtk ⏱️ Timestamps ⏱️ 0:00 Firewalls We Recomend 2:08 Firewall Comparison Chart 5:08 Central Firewall management 7:04 OpenVPN Support 9:52 IPSEC/LT2P VPN Support 10:40 Wireguard VPN 11:18 Policy Routing 11:54 IPS/IDS systems 13:25 DNS & GeoIP Filtering 14:04 Web Filtering & SSL inspection 16:12 QoS Traffic Shaping 16:34 WAN Failover / Load Balance 17:21 Active Directory 17:59 Captive Portal 18:40 Let's Encrypt & HA Proxy 19:24 Reporting
@salat3 жыл бұрын
There's a Wireguard addon for UBNT's ER - you just have it install it manually
@leonardogyn3 жыл бұрын
Hey Tom... haven't tried yet, but at least from UniFi Controller 6.2 release notes, it seems timestamps were finally added to the DPI stats. If it works as expected, DPI can finally be somehow useful and not just a beautiful report gimmick!
@Adrayven3 жыл бұрын
UDM Pro - GeoIP filtering is a Yes(no longer beta) with current release, works well. I selected most of Europe and Asia lol. Also, though not on the list, Multiple IPs are now supported as well.
@fonte9353 жыл бұрын
All in on Ubiquiti routing sucks. Love it! Hopefully you're the first person they send a new review unit to if they ever fix it one day.
@fourtwanky3 жыл бұрын
Wouldn't it be great if Ubiquiti just abandoned their router os and adopted opnsense as their os base instead
@paultruzzi9113 жыл бұрын
So, why isn't mikrotik mentioned?
@backupplan60583 жыл бұрын
Because he can’t go through every possible option, he is showing what he has personally had experience with as to not give a wrong impression. MikroTic gives plenty of features for the low price but you pay for it with stability.
@paultruzzi9113 жыл бұрын
@@backupplan6058 I wasn't asking for a review of MikroTik. But a mention that it exists would be helpful for those of us looking at our options.
@backupplan60583 жыл бұрын
@@paultruzzi911 you mean along with the dozens of other potential options as well. I say again, he only was covering those in which he has experience with. Mentioning it wouldn’t do anyone any good and from the sound of it you have already made up your mind on what you are after.
@joseroda58633 жыл бұрын
I understand your whole point about not looking at opnsense. But then this argument kind of loses weight for me when I see you taking the time to review tplink. Don't know... I am somehow looking forward to you looking at opnsense at some point. It does offer a lot of compelling facts, such as integration with Sensei, which pfsense doesn't have, and other things like wireguard today, search box, cleaner user interface, and so on.
@LAWRENCESYSTEMS3 жыл бұрын
Sensei is the only feature that makes Opnsense interesting, but we use Untangle for people that want that type of filtering. I reviewed TP-Link because they cloned UnFi to such a degree that it was interesting. Over all though me not making videos has not stopped people from using it and I don't tell people not to use it. I just don't find it that interesting.
@swagger12623 жыл бұрын
Mikrotik?
@LAWRENCESYSTEMS3 жыл бұрын
I don't use their firewalls
@swagger12623 жыл бұрын
@@LAWRENCESYSTEMS I was in pfsense, USG, and EdgeRouter. Steep learning curve in Mikrotik but when you do, it basically can do anything
@engrpiman3 жыл бұрын
I have run pfsense in a business and while it is affordable it's also had some reliability issues. Mainly it kept dropping it's ipsec vpn. This was 3 years ago. While 3 times more expensive the Cisco ASA had no such issues and just worked. It does take cisco knowledge to setup an ASA they are very reliable. When we got our first Cisco ASA and switch It took me forever to get it configured but the more I learn and use them the more I appreciate them. I was in the medium business segment and because of an acquisition I'm in the billion dollars a year enterprise segment now.
@EmilePolka3 жыл бұрын
Qotom now a days runs a mobile based 7th gen intel processor on it. its power efficient and powerful enough to handle gigabit PPPoE WAN connection.
@Huck90003 жыл бұрын
I think the way PFSense is moving to PFSense Plus, and PFSense CE tells the whole story. That really bothers me going forward. Plus will be in their Netgate products, and not be open to others until late 2021. I'm going to switch to OPNsense, just because it will be the safer way to go until maybe 2022. PFSense has been great for years, but Netgate is going to screw it all up. I'm not panicking or anything like Tom suggests, but I do believe it's the way to go.
@TheJoBlackos3 жыл бұрын
I tried Untangle for a year. I did not find it easier then pfsense, even if I was not familiar with both at the beginning. The deal break was when I tried to setup time based device management, I was unable to make it work properly on Untangle. I have no problem on pfsense.
@MrBobbybrady3 жыл бұрын
I found the break and inspect worked surprisingly good on Untanlge but it was always a pain in the butt to troubleshoot which module was blocking what. This year I will roll with Opnsense and Sensei until something better comes along.
@SuperChristopher1873 жыл бұрын
I really appreciate your videos, this gives me so much information to be able to make good decisions on what i should use and what ist the use case for each product. Love all of your content, best regards from Germany. :)
@LAWRENCESYSTEMS3 жыл бұрын
Glad I was able to help.🙂
@KaloyanDobrev6 ай бұрын
If you don't include Mikrotik solutions you should probably include Windows firewall :)
@DustinSCline3 жыл бұрын
Untangles firewall rule management, lack of firewall explicit deny rules and device pricing structure make it hard for me to get onboard.
@jdl34083 жыл бұрын
Anything with application based filtering? I know a PA-220 starts to get into the same price range as these platforms, but it would be nice to have a more SOHO friendly platform with L7 policies. Edit: It looks like Untangle supports this while pfSense does not, seems like a big omission from the video.
@MichaelSmith-fg8xh3 жыл бұрын
Opnsense has application specific/level rules
@tqnpersonal2 жыл бұрын
@@MichaelSmith-fg8xh wait, it does?
@NiTeHaWKnz3 жыл бұрын
Honestly, just skimming your comparison list, it's easy to see why you don't recommend the ubiquity routers/firewalls.
@tuttocrafting3 жыл бұрын
Unfortunately finding a CPE for my needs is actually impossible. Here ISPs are migrating to IPV6 and are using Map-t and Map-t so far none support it. A firewall comparison without any mention on IPV6 in 2021 is a shame. In 2021 1/3 of the traffic is on IPV6.
@pepeshopping3 жыл бұрын
Missing at least 2 respectable offerings.
@luispagan15663 жыл бұрын
Firewalla
@tjhana3 жыл бұрын
No Mikrotik in the comparison?
@LAWRENCESYSTEMS3 жыл бұрын
I don't use their firewalls
@grillsandaxlegrease3578 Жыл бұрын
Can PFSence be run on Zyxel's products? I have a ATP100 that suddenly goes into reboot. Thinking maybe their software is causing the problem... Or should I try that Netgate and ditch Zywall forever?
@krisdphillips3 жыл бұрын
Excellent video! One correction: OPNSense offers both the WG Go and kernel implementation now. However, I think the Go version is currently default. There is an option to flip flop between them though. pfSense's support for WG will also be a package and not "built in" like IPSec and OpenVPN. It will be available in the Package Manager in 2.6.X and can be unofficially installed now on 2.5.1+.
@LAWRENCESYSTEMS3 жыл бұрын
Interesting, did not know they had a kernel module as well.
@krisdphillips3 жыл бұрын
@@LAWRENCESYSTEMS Its not default, but its in their repos/as an option. Its the same module for FreeBSD AFAIK that pfSense will use (which makes sense since they're both BSD-based). Sounds like they ported it to HardenedBSD and into the HardenedBSD repos. On OPNSense you just have to run "pkg install wireguard-kmod" and reboot. The web UI works exactly the same with the kernel module as the Go implementation. The only "gotcha" is the Wireguard service always shows as stopped because it is trying to monitor the Go implementation running in user space that no longer exists, so it always shows as off. Apparently that will be fixed in future releases, but is the only weird functionality difference.
@giveitallyougot98652 жыл бұрын
are you lip syncing? roflmao...
@rockking13793 жыл бұрын
Wow perfect timing as I’m looking to replace my ERX
@looseycanon3 жыл бұрын
Don't dispose of that ER-X in any way! Reconfigure it. The thing can work in switch mode.
@BrennonA3 жыл бұрын
Covered most of the ones I've been looking at - thanks for the overview 👍
@The0nionKnight3 жыл бұрын
Opnsense gang
@LAWRENCESYSTEMS3 жыл бұрын
Use what makes you happy 😀
@connclissmann65143 жыл бұрын
A most useful summary as we are in the market for replacements of our fast-ageing firewall at a couple of locations.
@wicked_observer3 жыл бұрын
Protectli has been great for me
@fourtwanky3 жыл бұрын
me too! love those guys
@sms91063 жыл бұрын
That was a nice little summary, thanks.
@IndianaDiy2 жыл бұрын
Are Protectli vaults just as good for running Pf Sense vs Netgate? Just curious since there’s a price difference and I do see some added security as far as hardware goes. I was looking at VP2410 with coreboot and I wondered if having TPM module is worth is or not?
@bparisi3 жыл бұрын
I haven't watched this video yet. But based on the title it doesn't seem to include any of the Sophos offerings ? I migrated from pf to Sophos UTM initially and now XG. Never looked back. Anyway, that's a shame because Sophos is a far more sophisticated all integrated package.
@Crazy--Clown3 жыл бұрын
Sophos = Syphillis
@bparisi3 жыл бұрын
@@Crazy--Clown Reasons ? Hasn't been my experience as I have used both for over a decade.
@kciwrc3 жыл бұрын
Can you substitute the built in firewall from ubiquity for the pfsense one ?
@LAWRENCESYSTEMS3 жыл бұрын
I don't understand the question? Unless you are asking if you can load pfsense on the Ubiquity then the answer is no.
@samsampier71473 жыл бұрын
You can run both if you setup the network and switches correctly. I use an Edgerouter lite behind my Pfsense.
@bradforrester24173 жыл бұрын
Great video, but you should add a line for comparing logging capabilities, because troubleshooting network issues and firewall rules is often complex, and that's where the Unifi gear fails hard.
@brockeldridge98773 жыл бұрын
You should review Firewalla Gold. Pretty nice product.
@LAWRENCESYSTEMS3 жыл бұрын
not something I plan on using or reviewing.
@mtheofy3 жыл бұрын
@@LAWRENCESYSTEMS just curious on your reasoning. thanks
@LAWRENCESYSTEMS3 жыл бұрын
@@mtheofy Does not have any compelling feature that makes me want to use it over other devices.
@mtheofy3 жыл бұрын
@@LAWRENCESYSTEMS fair enough. thanks
@Noodles.FreeUkraine3 жыл бұрын
Yikes, they don't even offer a web portal to configure things. I'd rather deal with a terminal than fumble around with an app all day. No idea what led to that idea, but I wouldn't touch it with a ten-foot pole for that reason alone.
@shanelord16663 жыл бұрын
You really need to check the Firewalla Gold out. No ongoing license fees but extremely capable device. My go to over any of these - just as secure but dramatically easier to use.
@LAWRENCESYSTEMS3 жыл бұрын
really not interested at this time.
@shanelord16663 жыл бұрын
@@LAWRENCESYSTEMS That’s a real shame. I’ve tried all of the products you’ve tested out and it’s not my day job. Takes 5-10mins to read about a product rather than dismissing it out of hand.
@LAWRENCESYSTEMS3 жыл бұрын
@@shanelord1666 I did not say that I did not read about it, I said I was not interested in using it, which is because I have read about it.
@mimimj99522 жыл бұрын
What is he saying I'm not tech savvy at all as he explains I'm more confused for future reference people do know the abbreviation lpt, to stf to jol I don't know anything like most simplify then get complicated. But simplify for like half a hour on what abbreviation prevent what in the internet.
@lightingman117 Жыл бұрын
Can you look into firewalla?
@wiseguy3k3 жыл бұрын
Thanks Tom!
@theparadigm3203 жыл бұрын
Hi Tom, have you had a look at the Sophos XG series, they also have a Free Home version with all the bells and whistles one could desire
@LAWRENCESYSTEMS3 жыл бұрын
Took a quick look, nothing compelling about it to make me want to learn it or use it.
@Bobtb3 жыл бұрын
@@LAWRENCESYSTEMS that's just silly. It checks all boxes, except Wireguard (for now) and it is completely free for home users. It is a solid firewall with Enterprise grade features.
@LAWRENCESYSTEMS3 жыл бұрын
@Bob ten Berge I am not telling people not to use it, there is just nothing compelling about it to make me want to learn it or use it.
@Bobtb3 жыл бұрын
@@LAWRENCESYSTEMS but if you're going to compare free firewall solutions, why not include it? I'm sure there are plenty of viewers who would be interested.
@LAWRENCESYSTEMS3 жыл бұрын
@@Bobtb doubt it, but I do have plenty to say about Fortinet kzbin.info/www/bejne/o2W7kHZ7n6iLe8U
@KristianKirilov3 жыл бұрын
MikroTik can act as firewall, router and switch very well. The devices and the license are cheap. Unfortunately many of the advanced topics such WAF, SDN are missing.
@KristianKirilov3 жыл бұрын
@S K Actually MikroTik is Linux based, so if you know how to do the things in Linux you will know how to do them in MikroTik as well
@KristianKirilov3 жыл бұрын
@S K yeah, you are right about the cli learning curve. If you are familiar with Cisco, you can try VyOS - Debian based routing platform with Cisco cli interface
@mattschoular88443 жыл бұрын
Thanks Tom...Always interesting...
@fabianbence52893 жыл бұрын
Next time could you please add some mikrotik routers too?
@LAWRENCESYSTEMS3 жыл бұрын
Nope, I don't have a use case for learning them at this time.
@kiwiscanwifi3 жыл бұрын
Was surprised mikrotik routeros was not included. Ticks almost all the boxes
@DanielAwesomesauce3 жыл бұрын
I really wish you gave OPNSense some more attention. I know you prefer to talk about products that your company uses daily on customers networks but OPNSense is just much better than PFSense. PFSense is a bad steward for open source and OPNSense fixes that. Also, there is a lot of features and usability missing from PFSense (such as wireguard) which has been in OPNSense for very long.
@DanielAwesomesauce3 жыл бұрын
I just finished the video and saw your reasoning that OPNSense is just not that different. Well how do you know when you haven't tried it recently? Just try it and review it, not as "This isn't like pfsense" but as it's own standalone product. Seriously, just drop PFSense.
@LAWRENCESYSTEMS3 жыл бұрын
use what makes you happy.
@rob212 жыл бұрын
This post didnt age well
@MrFester2 жыл бұрын
These are all very old pieces of hardware and none of them have had a hardware refresh in years. Also like they just stopped making them all together in the small forms.
@Totototo-nr8dh3 жыл бұрын
And OPNsense? Really? Maybe because it's better than all the rest ahah.
@LAWRENCESYSTEMS3 жыл бұрын
I discuss it at the end of the video, use what makes you happy. 😀
@Totototo-nr8dh3 жыл бұрын
@@LAWRENCESYSTEMS ahah. ;) Good video btw.
@DJaquithFL2 жыл бұрын
Maybe a dumb question but why not just lockout / block the entire internet and just whitelist the sites that are needed for your business?
@LAWRENCESYSTEMS2 жыл бұрын
It's just not a practical usable solution.
@Phitur12 жыл бұрын
This is a great approach if you're using web filtering to allow specific domains and have the resources to have someone manage that on a daily basis. However, it does require quite a bit of management to implement properly and ensure that you aren't inadvertently blocking valid business needs. His comment that it's not a practical solution is because it requires quite a bit of overhead to manage properly. But, based on your use case and business needs, this could be a good option for portions of your users or network segments. Would require a lot of work on the front end and should get easier over time.
@DJaquithFL2 жыл бұрын
@@Phitur1 .. I didn't want to argue with him, but it's a hell of a lot easier than he thinks or believes apparently. Most businesses only need to be involved with a very small number of companies via the internet from outside their office. This becomes even more apparent from a larger company when you have to look at the small cost of hiring a good network administrator or paying ransomware demands. The proverbial drop in the bucket in comparison. We did something like this nearly 30 years ago. There was no reason for staff to use 99.9999999% of the websites and frankly, most businesses outside of their email have little to no need whatsoever for outside access. The text-only emails would be allowed but the links and attachments would be blocked in most cases.
@blgari0n3 жыл бұрын
Do you feel that OPNSense can’t match pfSense/Untangle feature wise or did you leave it out because it felt redundant given the firewalls you’re comparing? Just curious because I’m not happy with the direction pfSense is heading towards and OPNSense looked fine on the VM I setup for it on my test environment.
@joevining26033 жыл бұрын
He doesn't recommend OPNSense because it's a fork of pfSense
@blgari0n3 жыл бұрын
@@joevining2603 I’ll have to watch the video again, I totally missed that comment. Thanks Joe!
@joevining26033 жыл бұрын
@@blgari0n It's towards the end. He's also made this same opinion known in several other videos throughout the past couple years.
@freebs35453 жыл бұрын
@@joevining2603 to me he's biased about that
@joevining26033 жыл бұрын
@@freebs3545 It's just his opinion and as he plainly states - it's just not compelling enough for him to switch/add to his hardware offerings. It's not like he's only dealing with a test lab and a handful of clients. He's using what he knows works well for a large client base. Nothing to stop you from using what you want in whatever context suits you.
@myonen4402 Жыл бұрын
The only home brew firewall/router I've worked with is ipfire and I've been incredibly happy with it. I would love to see a comparison that included it.
@jeffm27872 жыл бұрын
Gave up on my SG-3100 for my primary firewall, It just couldn't handle gigabit at all well. Used a USG which did handle gigabit at full speed. Running a UDM Pro now and yes I'll admit that PFSense has some serious advantages. For PFSense just don't be sold on the third party add-ons as a reason to buy (or use). Been using PFSense for about 10 years now and what I found is the third party add-ons often break with 'updates'. PFSense on good hardware works great, just don't count on the add-ons long term (or never update).
@techdigitalgroup2 жыл бұрын
Do you recommend watchGuard?
@LAWRENCESYSTEMS2 жыл бұрын
Not really.
@looseycanon3 жыл бұрын
I for one always thought that vendor should be selected in accordance to expected deployment. PfSense? HQ and data center. Untangle? Why pay a fee, when you can have something very similar for free? EdgeRouter? Anywhere you have need for decent router with decent features. UniFi? Well, hotels, motels and places, where you can't have a tech on the count of their smallness. Not UDM lineup! Mikrotik? If your staff like's to suffer or you have some very niche use case, like LTE connection, that actually need's site-to-site VPN support TP-Link? If you need a breach. There is no shame in going multi-vendor. As long as it gets the job done within the budget
@MrAwesomeGamer993 жыл бұрын
Do some real NGFWs: Palo Alto, Fortinet, Cisco Firepower, etc
@LAWRENCESYSTEMS3 жыл бұрын
What makes Fortinet better than Untangle?
@jediking20003 жыл бұрын
@@LAWRENCESYSTEMS Hardware acceleration, built in WAP controller, built in switch controller, enhanced threat intelligence, SSL VPN, etc....
@MrAwesomeGamer993 жыл бұрын
@@LAWRENCESYSTEMS I have a list of reasons but here are some of them. The immediate difference between Fortinet FortiGate and any other major FW vendor is that they have purpose built ASICs that handle multiple security functions of the FW. Which is why FortiGates are one of the fastest FWs on the market (protected throughput). With this and their high rating on 3rd party reviews from companies such as Gartner, NSSLabs (when they were around) and others you will immediately see the benefit to Fortinets firewall and why they are leading in the market. With their intuitive GUI, plethora of FW features, their security fabric**, leading protected throughout speed in the industry, they come to the lowest overall TCO for the features they come with. Which is why they are not only further ahead than Untangle but leading in the market overall. I highly recommend looking up the latest Gartner Magic Quadrant
@LAWRENCESYSTEMS3 жыл бұрын
@@MrAwesomeGamer99 Sounds like lots of marketing speak to me. Also, since Gartner is reviewing them, don't see a need for me to do so.
@guyboisvert662 жыл бұрын
For 69$, you can get a Mikrotik hEX-S you get enough horsepower and a professional OS that supports anything you can imagine: OSPF, Wireguard, MPLS, Mangle, etc As a 30 years Network Engineer, for me it's the best management interface: CLI / WEB / Winbox
@guyboisvert662 жыл бұрын
... and for 219$, you get the RB4011igs_rm that has 10 x 1 Gbps ports + 1 x SFP+ and a beefier cpu + more RAM!
@sandman87003 жыл бұрын
After 2:25 into your review, looking at the table I knew where this was going as there was only one recommend.
@johnburger67743 жыл бұрын
Nice Ch. I need a suggestion on firewall slash router like the usg . It will be used in a small restaurant. Thanks for any help.
@Joshv9183 жыл бұрын
Edge router does have wireguard btw. I use it alot..
@LAWRENCESYSTEMS3 жыл бұрын
yes, but not officially supported by Ubiquity
@garybowers57243 жыл бұрын
@@LAWRENCESYSTEMS Indeed I run it on Edge Routers (x2 ER4 + x1 ERLite) and upgrading the firmware is always a fun time.... I have to make sure I have a backup VPN (IPSec etc) just to remote in to be able to re-install the package. Having said that, it's been bulletproof : I have x3 Wireguard interfaces WG0 - Site to Site interfaces with CIDR's routed between 3 sites WG1 - Remote Access from client devices WG2 - Site to Site to Google Cloud with WG running on a GCE Instance. Once WG is fully supported on pfSense I am looking to start migrating over from EdgeMax (I expect EdgeMax line to disappear at some point given their focus on Unifi)
@manuelthallinger72973 жыл бұрын
Not having every feature others have, isnt necesary a bad thing. The thing which sucks with the USGs is, there so no development, no new features
@soldermecold74563 жыл бұрын
UDM Pro ... I was hoping to hear Betty things about VPN reliability to A USG
@easy19652 жыл бұрын
how will the new UXG-PRO hold up with this comparison? thank you for your videos.
@LAWRENCESYSTEMS2 жыл бұрын
Still a very basic firewall kzbin.info/www/bejne/eaWzcpqgbaqbfbc
@mervstar3 жыл бұрын
I wonder how these compare to ClearOS. I'm using ClearOS right now for a school and for the most part it works well but I'm looking to simplify my life (without losing functionality) and trying to find a suitable replacement.
@lebeyes3 жыл бұрын
The OpenVPN implementation on USG is crippled. I got a site-to-site VPN from a USG to a pfSense working only with cipher BF-CBC and auth SHA1. The USG does not support AES-256-CBC and SHA256.
@gtwannabe23 жыл бұрын
The base USG is crippled by its slow, crappy MIPS processor. Ubiquiti really needs to retire the product; it can only manage 85Mbps of throughput with IDS/IPS enabled.
@avvidme3 жыл бұрын
Also, great review but also with you included Firewalla since it's popular in this segment as well.
@LAWRENCESYSTEMS3 жыл бұрын
It's a homeuser device that I am not really interested in.
@avvidme3 жыл бұрын
@@LAWRENCESYSTEMS The Gold is a 4-port 1Gb w/content filtering, VPN (w/WireGuard), App blocking, QoS w/rate limiting, Multi-WAN w/failover, policy routing and VPN. Certainly more usable 'business' features than Ubiquity which you're covering
@LAWRENCESYSTEMS3 жыл бұрын
@@avvidme So you are saying I should have it in my list of firewalls we don't recommend like the Ubiquity ones?
@avvidme3 жыл бұрын
@@LAWRENCESYSTEMS Hahaha exactly!! ;)
@zackbog3 жыл бұрын
how is the edge router gear towards ISPa but doesn't have IDS/IPS or any of the other filtering protocols
@LAWRENCESYSTEMS3 жыл бұрын
ISP are generally not into filtering content and cheaper gear fits the budget better.
@Fearnight3 жыл бұрын
What was that Advanced Client Settings in pfSense OpenVPN Client config at 8:20? Is that a package that adds that? My config doesn't show it (2.5.1) and I've been looking for a way to specify DNS servers just for my VPN client.
@LAWRENCESYSTEMS3 жыл бұрын
It's towards the bottom under the client can fix settings
@Techtips2003 жыл бұрын
Please also review Allot dpi products
@michaeluray2 жыл бұрын
Did you actally ever look at the Endian Firewall?
@LAWRENCESYSTEMS2 жыл бұрын
Not in recent years. It does not have anything that makes it compelling vs pfsense or Untangle.
@pierrepaniagua2 жыл бұрын
What about firewalla?
@matth90403 жыл бұрын
Tom, can you do a untangle setup tutorial?
@LAWRENCESYSTEMS3 жыл бұрын
I have a review video here kzbin.info/www/bejne/jYrLgJqHba-sj6s what exactly did you want to know?
@matth90403 жыл бұрын
Thanks for the reply, I'll check it out. I was trying get some basic network segmentation with web filtering on one of the VLANs.
@FunkyELF3 жыл бұрын
How about a TailScale vs WireGuard video ;-) I'm currently running WireGuard on my UnRaid server. Apparently WireGuard can be ran on a USG but not officially supported. I'm curious about TailScale though.
@2622benttrailok2 жыл бұрын
TailScale vs Wireguard is not really a comparison because TailScale is in basic terms a pretty Authentication and ACL wrapper around WireGuard.
@rsgurubr2 жыл бұрын
Do you recommend FIREWALLA?
@LAWRENCESYSTEMS2 жыл бұрын
It's a interesting consumer product, but I don't really have the time to test it now.
@303topgun3 жыл бұрын
We just deployed Cisco Meraki MX100 firewall. Roughly, 5k to 10k. Not Cheap
@soldermecold74563 жыл бұрын
Dang... sorry to hear. We switched from Meraki to Fortinet and it’s so much better
@jasonlauzer3 жыл бұрын
Edgerouter has Wireguard and Geo Filtering. They are command line installs but works perfect!
@LAWRENCESYSTEMS3 жыл бұрын
My point is neither are officially supported by Ubiquiti
@ricardomarques7482 жыл бұрын
Thank you for you videos. Could you review the firewalla gold? That firewall is getting very famous
@LAWRENCESYSTEMS2 жыл бұрын
It's a consumer firewall and I don't use it
@Phitur12 жыл бұрын
@@LAWRENCESYSTEMS I'm not sure that's a true statement at this point. Their management interface could certainly be better for business needs, but as their software matures, they are getting much better. They're also coming out with a hardware upgrade on the gold with faster links and faster throughput. Their hardware was already superior in terms of throughput to the untangle appliances you've been reviewing before the upgrade at slightly higher price point and all the functionality with no subscription fees and a CI/CD process that takes user input and acts on them in a reasonable timeframe, as opposed to some other vendors.
@onthespottech52562 жыл бұрын
really liked UNtangle right up until i read their pricing is per device. paying a license to plug a new device into my network. That's a dark future I want no part of. No thanks
@LAWRENCESYSTEMS2 жыл бұрын
Per device for the added features such as web filtering.
@onthespottech52562 жыл бұрын
@@LAWRENCESYSTEMS I see what you're saying but why use Untangle if you don't want more than basic routing. Plus I was looking at it from an MSP perspective. Untangle device licensing seems like a management hassle and NG Firewall Complete gets expensive fast. --- Thanks for taking the time to respond to a comment on a 10 month old vid. Your hard work is appreciated .
@shannon18723 жыл бұрын
I was looking at untangle but noticed the home went from 50 a year to 50 for normal and 150 for pro. Would pfs still be a good option for home use ?
@LAWRENCESYSTEMS3 жыл бұрын
If you like the filtering features and threat intelligence systems, then yes.
@chai_reddy3 жыл бұрын
Why do you never include Sophos in these comparisons?
@LAWRENCESYSTEMS3 жыл бұрын
Because I don't use it
@TylerCordaro3 жыл бұрын
I would love to know which preforms the best for people with 1gig internet.
@MichaelSmith-fg8xh3 жыл бұрын
Two of the options are available on multiple hardware levels so you could up your hardware to get the required performance. It’s not really expensive/hard to put enough hardware under PF to route at even 10gb (assuming just routing, not packet inspection or anything too strenuous). If you choose a good network card with pf the resource usage is very low…
@_MattyP3 жыл бұрын
Great video! Awesome team! Video suggestion: ISP failover setup with recommended routers Untangle and Netgate (i.e. wired-wired and wired-cellular).
@fourtwanky3 жыл бұрын
if he does that, he should included peplink as a solution provider too! Their whole product line is developed around multi-wan and failover support.
@mariotubelecce3 жыл бұрын
I have both openvpn and wireguard setup on my edgeos(edgerouter 3 lite). Not something impossible to achieve, at least for someone who "needs" an advanced router.
@faisalalotaibi10983 жыл бұрын
how did you install wireguard on edgerouter ??
@-Good4Y0u3 жыл бұрын
The video I have been waiting for.
@BlackHawk13353 жыл бұрын
We should add Mikrotik to this list, It can cover most of the things here
@LAWRENCESYSTEMS3 жыл бұрын
Between their convoluted interface making them more difficult to configure and lack of any amazing features over something like pfsense besides being low cost means I don’t really have a compelling reason to learn their platform.
@tld81022 жыл бұрын
OpenWRT rasperberry pi?
@thbadmin77513 жыл бұрын
Firewalls again?
@peterg73423 жыл бұрын
UDM PRO supports only 1 VPN L2TP user concurrent session. When I tried to connect two L2TP VPN users I would get disconnected.
@LAWRENCESYSTEMS3 жыл бұрын
More likely A limitation of L2TP. You can not have two users behind the same IP address.
@peterg73423 жыл бұрын
@@LAWRENCESYSTEMS What VPN should I use if I need multiple users behind the same IP address?
@LAWRENCESYSTEMS3 жыл бұрын
@@peterg7342 OpenVPN with either pfsense or Untangle.
@slip0n0fall3 жыл бұрын
I understand you can't cover them all but surprised Zyxel Zywall/USG line never gets a mention.
@looseycanon3 жыл бұрын
I recall, that Tom once talked smack about Zyxel in errata... And there was a major breach over at Zyxel a while back... So, I'd say, that they're really not usable...
@LAWRENCESYSTEMS3 жыл бұрын
Zywall has had multiple back doors found arstechnica.com/information-technology/2021/01/hackers-are-exploiting-a-backdoor-built-into-zyxel-devices-are-you-patched/
@Acxtcx2 жыл бұрын
please include openwrt
@LAWRENCESYSTEMS2 жыл бұрын
I don't use it
@avvidme3 жыл бұрын
As a Ubiquity reseller, do you have any insights into a) do they realize what a PoS their firewall is? and b) do they plan on ever releasing something usable?
@LAWRENCESYSTEMS3 жыл бұрын
We are not a reseller and I have no insights into why their firewalls are so bad or if they will fix them.
@ojarana3 жыл бұрын
OPNSense?
@gonace3 жыл бұрын
If you take a look at the video to the end, he answer your question ;)
@ericb95112 жыл бұрын
Nothing about Linksys?
@LAWRENCESYSTEMS2 жыл бұрын
I don't really test the low end firewalls.
@ericb95112 жыл бұрын
@@LAWRENCESYSTEMS Matter of opinion whats low or high When you have to pay subscription fees for a firewall it's not a good thing
@rashie2 жыл бұрын
👍👍
@Jazz30062 жыл бұрын
Where would Sophos XG come into play here?
@LAWRENCESYSTEMS2 жыл бұрын
Dunno, I don't use it.
@Jazz30062 жыл бұрын
@@LAWRENCESYSTEMS any particular reason?
@LAWRENCESYSTEMS2 жыл бұрын
@@Jazz3006 nothing compelling about it.
@Jazz30062 жыл бұрын
@@LAWRENCESYSTEMS huh, for some reason my roommate slanders pfsense, but pushes Sophos. I don't really understand why.
@LAWRENCESYSTEMS2 жыл бұрын
@@Jazz3006 ¯\_(ツ)_/¯
@arubial12293 жыл бұрын
Whenever people ask me why they should use pfSense, I always just point them to Tom's comparison videos. Company issues aside, pfSense is the best firewall I've ever used. It's so easy to setup and very powerful at the same time. Unifi makes excellent switches and WAPs, but you literally couldn't pay me to use their firewalls.
@goofables49493 жыл бұрын
Nice video!
@LAWRENCESYSTEMS3 жыл бұрын
Thanks!
@Salad3603 жыл бұрын
You technically can do "web filtering" on the Edgerouter...sort of... So long as a website or service is recognized by it's traffic analysis engine, you can create firewall rules which block packets based on traffic analysis categories. That being said, there are A LOT of services that it doesn't detect, in which case you're SOL. It works for blocking Facebook, Twitter and other "Top 500" websites but beyond that it's pretty limited.
@Joshv9183 жыл бұрын
Edge Router is still my favorite.. UNMS/UISP.. has me stuck with them. Plus they are pretty powerful for the price
@Joshv9183 жыл бұрын
Hurts to not see the edge router there.. still my favorite..
@Joshv9183 жыл бұрын
Ouch just saw the edge router in the spread sheet. sorry..
@SpookyLurker3 жыл бұрын
@@Joshv918 Apparently your eyes decided to try and save you from the embarrassment it secretly is? I tried routing stuff on one once a certain way. The way I understood it, it was suppose to work.
@earthling_parth3 жыл бұрын
Do you have a beginner's guide to homelab setup? I really liked this, but am a beginner on setting up my homelab with a decent old laptop 😅
@keyboard_g3 жыл бұрын
He has a home lab podcast with @LearnLinuxTV
@earthling_parth3 жыл бұрын
@@keyboard_g yup, saw it now. Going through that
@MichaelSmith-fg8xh3 жыл бұрын
You can run pfsense/opnsense in a vm if you want to learn before using hardware