pfSense Alternatives: Firewall Solutions for your Network

Рет қаралды 20,217

VirtualizationHowto

Күн бұрын

Пікірлер: 59

@84Actionjack 7 ай бұрын

Working with both pfsense and Mikrotik now and still learning.

@BruceSeal 21 күн бұрын

Excellent video! For MSPs, dependable systems like strong cybersecurity, reliable backups, and effective monitoring are essential. Tools like the Thirdlane Multi Tenant PBX are vital for ensuring secure and seamless communication.

@kennethbudts105 7 ай бұрын

What about VyOS?

@johndroyson7921 7 ай бұрын

Would OpenWRT fall under the same category?

@MarkConstable 7 ай бұрын

100% yes, I was really surprised it wasn't included in this review. None of the presented alternatives was of any interest to me.

@SB-qm5wg 7 ай бұрын

I'm a big OpenWRT fan and use it but its firewall is pretty basic.

@nadtz 6 ай бұрын

Opnwrt is great but it's limited in what hardware you can install it on and is very basic as a firewall. I run it on my WAP but use Opnsense as my network wide firewall.

@HelloWorld5985 7 ай бұрын

Id like to know of any of the enterprise solutions like the PA 3020 can be reasonably power efficient or do they chew power (rated for 250w after all)

@RockTheCage55 7 ай бұрын

I wouldn’t include untangle. They stopped their home license & now a 12 month subscription in $572. Sophos is great but is really picky with newer hardware. I couldn’t get it working with my newish hardware (UEFI bios).Out of all of them my pick would be pfsense with something like NextDNS for filtering

@Darkk6969 6 ай бұрын

I use pfsense with pfblocker. Works really well. I was using PiHole but found pfblocker to be more configurable on what categories to allow or block.

@andrevangijsel957 7 ай бұрын

The Sophos is an interesting option to investigate, Pfsense lacks antivirus etc. Normally you always pay a heavy premium annually for this.

@tbard 7 ай бұрын

Sophos XG (he calls it Sophos UTM home, but it's XG, UTM is the old one) is much much more user friendly and feature complete than PFSense, been using it for years. Just an heads up tho, it doesn't support IPV4 PPPoE with DHCPv6 IPV6 that a lot of ISP providers use (at least in europe). It will work only for IPV4. Pf/opnsense do support that (but pppoe performance is really bad). Also the logic you use to configure it is closer to enterprise firewalls (mostly because it's one even if not one of the top ones) compared to something like pfsense that's vastly different.

@oliveirajmr 7 ай бұрын

Why do you want antivirus on your firewall ? 90 percent of traffic is encrypted anyway these days

@tbard 7 ай бұрын

@@oliveirajmr if you really really want it you can use SSL Inspection and the antivirus but that's a can of worm I wouldn't touch with a 30ft pole outside of an enterprise environment.

@BrentRWong242 7 ай бұрын

@@oliveirajmr Your question raises an increasingly valid point. I support (as part of a team) the Sophos Enterprise devices. I've demo'd the Sophos XG Home firewall (free for anyone, free + features for anyone that already has a Sophos Central login - usually a Sophos partner but can possibly include other people)

@Darkk6969 6 ай бұрын

@@oliveirajmr Yep. You're better off using DNS filtering with known lists of malware and virus websites. Pfsense with pfblocker works well.

@AX-fx7ng 7 ай бұрын

Lab units; finding, selection & keeping them updated without being made EOL? How?

@Proorook 7 ай бұрын

Hello Thank you. Now I'm looking for a good solution for the firewall in the home lab and at home. I try Sophos on HP T620 Plus, but the community version does not support M2 HDD, after registration Sophos restarts and the disk goes into corrupion state. Now I've been trying pfSense for a few days, and so far I have mixed feelings.

@BrentRWong242 7 ай бұрын

Thanks for sharing this caveat.

@A-Litte-Catnoreplay 6 ай бұрын

Packet fence is cool as well but more of NAC not sure ware you use that fore home tho XD

@Chris-mr8ef 7 ай бұрын

Sophos is nice but hw limits are a deal breaker. I run opnsense and used to run pfsense . Opnsense gets updates biweekly while with pfsense i remember not having a single update in 5 months. So stating that opnsense gets less updates than pfsense is not accurate. Also i d like to see ipfire in that list instead of unifi.

@Darkk6969 6 ай бұрын

Pfsense actually gets security updates and bug fixes via patches. Those get pushed out pretty quickly. Feature updates get added later after extensive testing.

@api984 7 ай бұрын

thinking to migrate from opnsense to sophos home.

@troyBORG 7 ай бұрын

How come you said okay let's talk about the cons and then listed a bunch of pros about it....

@seal-teeth 3 ай бұрын

😂

@tbard 7 ай бұрын

Palo Alto lab units are awesome... if you have ""bad"" internet speeds. The only affodable lab units like the PA 4** series only have gigabit ports unfortunately so if you have multi-gig internet you will lose speed. If you have the cash to get the lab version of a 14** series or even the older 850, that's basically the best firewall you can have at home, bar none. Probably also the best firewall you can have in a business too, except that in that case the price will go way up :D Also it's notoriously hard to get lab licenses (at least in europe) if you don't work in IT either in networking or management ideally. Fortigate used to give you free lab units if you went to their events (small ones, but could do gigabit speeds with only firewall and decent enough speeds with all security enabled and vpn), unfortunately they don't do that anymore :(

@abdullahX001 7 ай бұрын

When you say affordable… how much is affordable?

@tbard 7 ай бұрын

@@abdullahX001 varies wildly. Not sure about the new PA-4** series as I never asked, but the pervious PA-2**, specifically the 220 got quoted to me (as a independent contract consultant and certified PA guy) at 450€ for the first year and 100€ for each renewal. Then going thru a company that spends high 7 figures yearly on PA hardware it got quoted as "sure, w'll just give them to you for your engineers, how many do you want?". It's also left to the reseller discretion, some are more generous with it than others. I expect the 410/415 to be at the same price and the 440+ to start costing a bit more. Some will even sell it to you without any requisite (I heard, but personally never found one that didn't at the very least expect you to be a working network engineer or consultant, but again, I had relations with... 4 total :D)

@abdullahX001 7 ай бұрын

@@tbard hmm thank you very much for that intel. I will see what our security MSP can do…

@Darkk6969 6 ай бұрын

We use Fortigates at work and they're getting to be insanely expensive on their renewals to the point I've been looking into alternatives. For now for branches I've been buying Netgates with pfsense plus installed on them. They've been working great. But for our data center and corporate office I could replace the Fortigates with Netgates but like to check out Palo Alto. However, I don't want to get into the same expensive trap with the renewals for security suite like we do with the Fortigates.

@tbard 6 ай бұрын

@@Darkk6969 last time I got a compartive quotes between Fortigate and Palo Alto, Fortigate was like... 40% less at least. It's a shame that it went so up that even PA is preferrable.

@RobertoMurillo 7 ай бұрын

I use Debian Linux as my Router/Firewall for my local network. GNU/Linux can be a great alternative for Firewall Solutions only if the SysAdmin or Network Administrator can handle it appropriately.

@DGao-zz5vq 7 ай бұрын

My home network runs on generic Linux distros as well. Started with OPNsense, went over to VyOS for some time and finally settled on Enterprise Linux. I find nftables much better to work with than pf. Having the ability to separately filter host destined/forwarding is awesome, and so is the ability to filter for inbound and outgoing interface in the same rule. Having a distro with less "assumptions" also makes some whacky setups possible (VRF for one). There are downsides however. Most notably it's more difficult to dump your configuration. VyOS can export its entire config as a series of commands, put a shebang on top and it's a recovery script. By comparison, using a generic Linux distro will require the configs to be collected from several locations (firewall, interface manager, DHCP server, DNS server…)

@KCYT2010 7 ай бұрын

OPNsense is a bit slower to release security updates ? You mean sometimes weeks slower. If security doesn't matter then sure that UI is nice.

@LordApophis100 7 ай бұрын

Yep, considering you typically set it up once and then only access it quite rarely, I prefer better security over the better UI.

@Darkk6969 6 ай бұрын

@@LordApophis100 Tom Lawrence pointed out that pfsense actually provides security updates via downstream to FreeBSD community which opnsense benefits from.

@lkfng 7 ай бұрын

Sophos UTM came from a product called ASTARO Security Gateway

@stanislavtrifan96 7 ай бұрын

Never understood why half of the internet compare a firewall (like pfsense) to a freaking router (like mikrotik). Those are different things for different purposes, which may have a bit of overlap by accident, and are not replaceble (by category)