pfSense Alternatives: Firewall Solutions for your Network

Рет қаралды 9,382

Күн бұрын

pfSense is a great open source firewall solution that many use in the home lab, SMB, and even enterprise environments. However, you may be looking for something different. What are good pfSense alternatives that you should try? We look at 5 pfSense alternatives that are worth looking at.
Check out the written post covering the 5 solutions we talk about: www.virtualizationhowto.com/2...
★ Subscribe to the channel: / @virtualizationhowto
★ My blog: www.virtualizationhowto.com
★ Twitter: / vspinmaster
★ LinkedIn: / brandon-lee-vht
★ Github: github.com/brandonleegit
★ Facebook: / 100092747277326
★ Discord: / discord
★ Pinterest: / brandonleevht
Introduction - 0:00
Overview of pfSense - 0:42
Reasons to consider an alternative - 0:58
1. OPNsense - 1:17
OPNsense pros - 2:07
OPNsense cons - 2:26
2. Untangle - 2:48
Untangle Pros - 3:54
Untangle Cons - 4:15
3. Unifi Security Devices - 4:28
Unifi Security Devices Pros - 5:47
Unifi Security Devices Cons - 6:10
4. Sophos UTM Home Edition - 6:40
Sophos UTM Pros - 7:22
Sophos UTM Cons - 7:55
5. MikroTik RouterOS - 8:17
MikroTik RouterOS Pros - 9:19
MicroTik RouterOS Cons - 9:43
Be aware of enterprise firewall lab units - 10:24
Next-generation features are subject to argument - 11:00
Wrapping up 5 alternatives to pfSense open-source firewall - 11:36

Пікірлер: 44

@Chris-mr8ef 17 күн бұрын

Sophos is nice but hw limits are a deal breaker. I run opnsense and used to run pfsense . Opnsense gets updates biweekly while with pfsense i remember not having a single update in 5 months. So stating that opnsense gets less updates than pfsense is not accurate. Also i d like to see ipfire in that list instead of unifi.

@kennethbudts105 19 күн бұрын

What about VyOS?

@troyBORG 20 күн бұрын

How come you said okay let's talk about the cons and then listed a bunch of pros about it....

@84Actionjack 19 күн бұрын

Working with both pfsense and Mikrotik now and still learning.

@HelloWorld5985 19 күн бұрын

Id like to know of any of the enterprise solutions like the PA 3020 can be reasonably power efficient or do they chew power (rated for 250w after all)

@ronm6585 20 күн бұрын

Thank you.

@Proorook 20 күн бұрын

Hello Thank you. Now I'm looking for a good solution for the firewall in the home lab and at home. I try Sophos on HP T620 Plus, but the community version does not support M2 HDD, after registration Sophos restarts and the disk goes into corrupion state. Now I've been trying pfSense for a few days, and so far I have mixed feelings.

@BrentRWong242 18 күн бұрын

Thanks for sharing this caveat.

@tbard 20 күн бұрын

Palo Alto lab units are awesome... if you have ""bad"" internet speeds. The only affodable lab units like the PA 4** series only have gigabit ports unfortunately so if you have multi-gig internet you will lose speed. If you have the cash to get the lab version of a 14** series or even the older 850, that's basically the best firewall you can have at home, bar none. Probably also the best firewall you can have in a business too, except that in that case the price will go way up :D Also it's notoriously hard to get lab licenses (at least in europe) if you don't work in IT either in networking or management ideally. Fortigate used to give you free lab units if you went to their events (small ones, but could do gigabit speeds with only firewall and decent enough speeds with all security enabled and vpn), unfortunately they don't do that anymore :(

@abdullahX001 17 күн бұрын

When you say affordable… how much is affordable?

@tbard 16 күн бұрын

@@abdullahX001 varies wildly. Not sure about the new PA-4** series as I never asked, but the pervious PA-2**, specifically the 220 got quoted to me (as a independent contract consultant and certified PA guy) at 450€ for the first year and 100€ for each renewal. Then going thru a company that spends high 7 figures yearly on PA hardware it got quoted as "sure, w'll just give them to you for your engineers, how many do you want?". It's also left to the reseller discretion, some are more generous with it than others. I expect the 410/415 to be at the same price and the 440+ to start costing a bit more. Some will even sell it to you without any requisite (I heard, but personally never found one that didn't at the very least expect you to be a working network engineer or consultant, but again, I had relations with... 4 total :D)

@abdullahX001 16 күн бұрын

@@tbard hmm thank you very much for that intel. I will see what our security MSP can do…

@KCYT2010 20 күн бұрын

OPNsense is a bit slower to release security updates ? You mean sometimes weeks slower. If security doesn't matter then sure that UI is nice.

@LordApophis100 19 күн бұрын

Yep, considering you typically set it up once and then only access it quite rarely, I prefer better security over the better UI.

@johndroyson7921 20 күн бұрын

Would OpenWRT fall under the same category?

@MarkConstable 20 күн бұрын

100% yes, I was really surprised it wasn't included in this review. None of the presented alternatives was of any interest to me.

@SB-qm5wg 19 күн бұрын

I'm a big OpenWRT fan and use it but its firewall is pretty basic.

@nadtz 10 сағат бұрын

Opnwrt is great but it's limited in what hardware you can install it on and is very basic as a firewall. I run it on my WAP but use Opnsense as my network wide firewall.

@api984 19 күн бұрын

thinking to migrate from opnsense to sophos home.

@user-rf9nm8xd6e 12 күн бұрын

Packet fence is cool as well but more of NAC not sure ware you use that fore home tho XD

@andrevangijsel957 20 күн бұрын

The Sophos is an interesting option to investigate, Pfsense lacks antivirus etc. Normally you always pay a heavy premium annually for this.

@tbard 20 күн бұрын

Sophos XG (he calls it Sophos UTM home, but it's XG, UTM is the old one) is much much more user friendly and feature complete than PFSense, been using it for years. Just an heads up tho, it doesn't support IPV4 PPPoE with DHCPv6 IPV6 that a lot of ISP providers use (at least in europe). It will work only for IPV4. Pf/opnsense do support that (but pppoe performance is really bad). Also the logic you use to configure it is closer to enterprise firewalls (mostly because it's one even if not one of the top ones) compared to something like pfsense that's vastly different.

@ff34jmr 20 күн бұрын

Why do you want antivirus on your firewall ? 90 percent of traffic is encrypted anyway these days

@tbard 19 күн бұрын

@@ff34jmr if you really really want it you can use SSL Inspection and the antivirus but that's a can of worm I wouldn't touch with a 30ft pole outside of an enterprise environment.

@BrentRWong242 18 күн бұрын

@@ff34jmr Your question raises an increasingly valid point. I support (as part of a team) the Sophos Enterprise devices. I've demo'd the Sophos XG Home firewall (free for anyone, free + features for anyone that already has a Sophos Central login - usually a Sophos partner but can possibly include other people)

@AX-fx7ng 16 күн бұрын

Lab units; finding, selection & keeping them updated without being made EOL? How?

@RockTheCage55 16 күн бұрын

I wouldn’t include untangle. They stopped their home license & now a 12 month subscription in $572. Sophos is great but is really picky with newer hardware. I couldn’t get it working with my newish hardware (UEFI bios).Out of all of them my pick would be pfsense with something like NextDNS for filtering

@lkfng 17 күн бұрын

Sophos UTM came from a product called ASTARO Security Gateway

@stanislavtrifan96 17 күн бұрын

Never understood why half of the internet compare a firewall (like pfsense) to a freaking router (like mikrotik). Those are different things for different purposes, which may have a bit of overlap by accident, and are not replaceble (by category)

@RobertoMurillo 20 күн бұрын

I use Debian Linux as my Router/Firewall for my local network. GNU/Linux can be a great alternative for Firewall Solutions only if the SysAdmin or Network Administrator can handle it appropriately.

@DGao-zz5vq 17 күн бұрын

My home network runs on generic Linux distros as well. Started with OPNsense, went over to VyOS for some time and finally settled on Enterprise Linux. I find nftables much better to work with than pf. Having the ability to separately filter host destined/forwarding is awesome, and so is the ability to filter for inbound and outgoing interface in the same rule. Having a distro with less "assumptions" also makes some whacky setups possible (VRF for one). There are downsides however. Most notably it's more difficult to dump your configuration. VyOS can export its entire config as a series of commands, put a shebang on top and it's a recovery script. By comparison, using a generic Linux distro will require the configs to be collected from several locations (firewall, interface manager, DHCP server, DNS server…)