Firewall Comparison: Untangle VS pfsense

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
tom here from lawrence systems we're going to talk about pf sense versus untangle and which one you might want to get now i've done comparisons before i've done videos on both of these products these are both products we've used and no i don't have the time necessarily to review your favorite firewall so i know this question is going to come up and people always ask right away can you review insert name of firewall and talk about that one i'm talking about the ones that we actively deploy and use because well it's better than a review of i opened it i tested it it worked this is we actually deployed these the clients and i can tell you how they performed type of review and type of information i'm going to give here before we dive into which one you should choose let's first if you'd like to learn more about me or my company head over to lawrences.com if you'd like to hire sharp project there's a hires button right at the top if you'd like to help keep this channel sponsor free and thank you to everyone who already has there is a join button here for youtube and a patreon page your support is greatly appreciated if you're looking for deals or discounts on products and services we offer on this channel check out the affiliate links down below they're in the description of all of our videos including a link to our shirt store we have a wide variety of shirts that we sell and new designs come out well randomly so check back frequently and finally our forums forums.laurensystems.com is where you can have a more in-depth discussion about this video and other tech topics you've seen on this channel now back to our content and i want to start with my features chart that i made earlier this year comparing a handful of different firewalls and yes corrections have been made because there was a policy about the l2tp vpn um and i didn't realize it had support i had got that wrong and i updated it the chart matches the video has me saying a one of these firewalls doesn't support it i don't know which one it was but i'll leave a link to that video anyways the operating system that each of these is based on and we're only going to focus on the neck 8pf sensor on tangle unfortunately i've done videos on this we just don't use anymore really any of the usgs udms for people who need anything more than basic routing watch that video and watch i'll leave a link to the video where i discuss some of the shortcomings of the usg including the lack of ability to put multiple lan ips on there that still exists right now in october of 2020. they still have not gotten around to updating that request from i don't know four or five years ago so we're going to focus on nut gate versus untangle or pf sense versus angle and i bring up netgate because the interesting way this works so pf sense is 100 open source that's at least the very first thing that's going to be different despite someone in the comments that'll get their caps locked on it told me that pf doesn't feel open source even though they give you the source code they are legit and open source project no matter what your misgivings are about the company netgate and netgate is the hardware provider and the support team for the pf sense system so even though it's open source the business model is selling some hardware and offering support and that for the pf sense product via the netgate company so they do give away 100 of the source code you can have all of it and that's this product right here this is uh specifically for wondering which one this is they had a review of it this is the sg 2100 now untangle is also based on open source but you can't have 100 of every feature open source and free untangle has licensing fees attached to it and that sometimes is enough difference where people have stopped watching and going all right that's it i don't want something that has any recurring license fees but untangle look i'll leave a link to my recent review of it they do have a free version which does not have every feature that untangle offers and i break that down and they have links on their website where they tell you what you get for free and what you get for subscription and they also have hardware appliances and i'm going to be reviewing this one soon which is one of the untangle e series firewalls that has the wi-fi built in so they both offer if you're not interested in trying to roll your own hardware because they both support that or you can just load this on your own hardware and you want to just buy something turnkey from either company you can do that or you can load the software on either company and license fees still apply over at untangle and dwell the netgate's open source netgate slash pf sense psense project specifically is fully open source therefore you can just download and load it now let's run down the features freebsd versus linux that means that you're going to have a difference in hardware support so that's something to think about freebsd is a really really secure and solid operating system and so is linux but there is definitely a difference in hardware support now it's not that hard to find network card to support freebsd but it's worth noting that there's probably a broader range of hardware support you'll find in linux and bsd is still really solid but it's just of note and anytime you're building a firewall it's not that hard i've talked about before finding these especially if you're going used finding these intel cards that are well supported in bsd and obviously in linux like i said it's a little bit more flexible centralized management no there's not a centralized management offering from pfsense or netgate untangle yes they have an entire dashboard that this can tie into but that's part of you know the services you can get from untangle and you're tying into their dashboard it's not like something you can host yourself but it does have that ability to do that for management and for reselling purposes and for license management it ties into the dashboard because obviously it's got to contact a licensing server for the extra features they both have open vpn servers and client options ipsec l2 tp vpn policy routing and this is where the nuances start coming in while i can run down and say yes to the features let's do a little bit of explaining when it comes to the policy routing it is a little bit more complex this is why i have so many videos on pfsense it is capable of doing some really advanced tinkering and policy routing but that means it's also a little bit more complex to do and if you're into network engineering it's generally a more favorable thing because people who like myself have been doing network engineering for a long time really love all the options and bells and whistles and don't mind the complexity because well we've been doing it for a long time for policy routing on an untangled they've got some really simple one-click options for like tunneling a vpn out a certain tunnel traffic there's really some simple things you can do and untangle with a couple check boxes and not having to understand everything and it does it behind the scenes so while they both support it i won't lie it's going to be way easier on tangle intrusion detection sierra cotter or snort they kind of blend this in and entangle you just get cerakata but it's also kind of pretty interface on top versus very detailed all the buttons are able to be clicked and very fine-tuned you can still do that a lot and untangle um and but some people like the fact that they've simplified it versus it is going to be more complicated that's why i have a much longer video on how to do it on pf sense versus untangle guip filtering um this is an add-on inside of pfsense for goip and dns filtering with pf blocker and yes they have it and untangle as part of just built-in modules web content filtering another ad on squid versus yes they have entire web filtering part of their license package advanced traffic shaping yes they have that when failover um not part of the free version which i find kind of odd but if you want wan failover that is an option that they have over on a tango load balancing yes back to the paid integration also active directory well i said no but i know someone's going to hammer out that well you can have a talk ldap they can talk to x directory or some of the other ways like loading a radius server on a windows machine that can then bridge the gap so no direct integration is why i said no right here on tango yes direct integration with their directory integrator tool once again part of the paid services but hey it's a feature that they have and they both have captive portal let's encrypt certificates is something unique to not unique to only but definitely a feature that's welcome over at pf sense and ha proxy i've done videos on combining these two because well while you can run a separate proxy server having an all-in-one box is really convenient because then you can put your dns entries and make everything matching you can do a one-stop shop for having all your reverse proxies manage your authentication against it and everything else now one other thing it's really not on this list but this comes down to some nuance that matters a lot to people who are into network engineering and that's aliases and aliases or objects as you want to build them is going to be vary from company to company i should say on how they may use that nomenclature and what that means is let's take how we create an object in some of the other firewalls and you know i've done this i've worked with cisco i've worked with fortigate i've worked with a lot of different companies and they'll have you create an object for ports so let's say i have a server that has a group of part ports that need to be opened up i can create an object that object has those ports in it uh that's referred to as aliasing inside of pf sense now in pf sense though you can also group you know ips you can group ports you can have those ports be pulled from external urls which is actually really neat and how pf blocker works so it's basically alias and objects is a little bit interchangeable if you're using some of the other firewalls that use the object language and it's the same concept i can group reports together i can group the you know urls together so i can actually have actively updated feeds so those are really cool features that are just kind of missing from untangle and it's not that there's not questions about them and there's an entire forum post i can leave a link to where people discuss that they've requested aliases and it does have some policies that allow you to group things together but it's not quite the same and i'll leave that link to discussion because they talk about the nuanced differences that kind of go out of scope in this video but that is kind of a you know a big thing now the overall which one should you choose though is comes down to i really like pf sense here at our office why we're using hp proxy we're using let's encrypt i love all the advanced features i love the fact that i can load the radius server right into one device to handle the authentication to handle everything and someone's probably pulling their hair out screaming going no those all have to be 100 separate servers for security purposes and no they don't they don't have to be if you set them up properly and configure things properly you can have one device because if they crack one device they usually have access to the other device because if you have authentication to your radio server built into your firewall and someone gets into your firewall it doesn't matter if they have access to the acer they have the authentication to get into it but i'm not going to get too out of scope on that debate they have local directory a local user database you can have so you can still mostly do a lot of the same things here at untangle um but they also have their directory connector which then allows you to connect to radio server and active directory and things like that so maybe that's easier so while i love all the features that are here i won't lie untangle for a lot of small businesses and especially the home users who are going tom just give me the answer for a turnkey easy inexpensive solution untangle's kind of a little bit easier for home users the web filtering comes up quite a bit and i'm going to do a deep dive soon into untangle and their home user edition and review some of their hardware and i wanted to do this because for people that seem daunted and a little bit scared of loading up apf sense i mean i've done all these tutorials but yes my tutorials are fairly in-depth on it because it is a more complex firewall to deploy versus untangles kind of a next yes next yes cool i got the firewall i bought a turnkey piece of hardware and i checked that box for web filtering i bought my license fee to enable all of that and yes it does have a recurring license fee annually but the home user edition is only 50 bucks a year and people go i just needed my kids you know not to wander the internet in places or i needed good reporting and this is one of those things that's kind of nuanced as well the reporting and untangle is definitely really really good and there are third-party ways to export or playing with n-top where you can get some reporting out of pf sense but no it's not as good watch my recent review of untangle or play with any of the demos yourself and untangles reporting is definitely superior to pf senses there's no argument about that but like being able to play with pf top and dive into sessions i still kind of like the way pfsense does it and to me you know forwarding packets and all the little advanced videos that i have on pfsense still make it to me something better for network engineering but untangle still makes it easier for the majority of end users now the one last thing i'll comment on is things like transparent bridging in some of the weird one-off cases that's something that you can really customize and i've done videos on with pfsense and untangle well less or so but then again who's doing that well it's an edge case it's not that common and what about the web filtering with it not being in pf sense it's someone's going to hammer out that i love squid and i don't like squid on pf sense i don't find it to be the smoothest of integrations i have my reservations about anytime you get a load ssl search and do inspections because it just causes issues with many applications that don't like having extra certs installed and it does open yourself up to potential more threats because now you've got something added to the trust of that particular system and they both have support for doing this it's just not my favorite way to implement it the basic web filtering that comes with untangle actually works quite well without doing any type of certificate install which is you know like i said something i do like in end users and home users so hopefully this either made your decision a little bit easier and not too much harder but obviously if you're you know more into learning the network engineering you're probably leaning over here to the pf side of the world whether you load it yourself or buy the hardware whichever works for you and if you're going i'm just a home user tom and um my focus is on you know software development things like that but i don't want the kids wandering internet i'd like to separate my networks and have a solid firewall that's not some junk consumer thing and i don't mind 50 bucks a year for a home user or even their reasonable prices for small businesses or if you're an i.t provider and you're looking for that you know central dashboard management which everyone seems upset pfsense doesn't have then you can look over here and the final because someone's going to ask this question well tom if you deploy netgate and pf sense at your clients how do you handle any web filtering and i'll answer that question once again we use the solarwinds stack and load endpoint management because firewalls are not substitutes for endpoint control and endpoint management for things like web filtering so that is right now what we're doing in october of 2020 we're still using solarwinds with our clients that we deploy netgate appliances on for the firewall so just going to clarify that question because i don't think i've posted a video about firewalls where that question doesn't get asked so i'll leave links to videos i've done on both of these products and you can check them out for yourselves full disclosure we are in untangled reseller and part of their partner program just fyi but all this was just me doing the video there's neither company gave me any input about this video i could have disclosed at the beginning but there's not really anything to disclose about that all right thanks and thank you for making it to the end of the video if you like this video please give it a thumbs up if you'd like to see more content from the channel hit the subscribe button and hit the bell icon if you like youtube to notify you when new videos come out if you'd like to hire us head over to lawrences.com fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on if you want to carry on the discussion head over to forums.lawrences.com where we can carry on the discussion about this video other videos or other tech topics in general even suggestions for new videos they're accepted right there on our forums which are free also if you'd like to help the channel in other ways head over to our affiliate page we have a lot of great tech offers for you and once again thanks for watching and see you next time
Info
Channel: Lawrence Systems
Views: 44,532
Rating: 4.9596901 out of 5
Keywords: lawrencesystems, pfsense untangle comparison, pfsense, firewall, router, pfsense router, untangle, unifi, pfsense tutorial, network security, pfsense (software), networking, next generation firewall comparison, pfsense appliane, firewall comparison, firewalls built like a tank
Id: G8Kw7E1tuc8
Channel Id: undefined
Length: 15min 47sec (947 seconds)
Published: Thu Oct 01 2020
Related Videos
pfsense VS OPNSense
Lawrence Systems
77K
Untangle Firewall Review
Lawrence Systems
82K
2021 Firewall Review, Feature Comparison and Recommendations
Lawrence Systems
53K
TrueNAS SCALE Beta vs TrueNAS CORE Performance Comparison
Lawrence Systems
9.4K
DO NOT design your network like this!! // FREE CCNA // EP 6
NetworkChuck
1.2M
DIY Home Rack Build
Lawrence Systems
330K
Untangle Firewall Full Review and Tutorial 2021
syncbricks
1.2K
Review: Ubiquiti UniFi Dream Machine Pro (UDM-Pro)
Lawrence Systems
210K
Suricata Network IDS/IPS Installation, Setup, and How To Tune The Rules & Alerts on pfSense 2020
Lawrence Systems
70K
Why We use Synology and Some of the Solutions They Offer
Lawrence Systems
68K
Firewall Comparison, Which Ones We Use and Why We Use Them: Untangle / pfsense / Ubiquiti
Lawrence Systems
514K
Untangle Firewall Review
Lawrence Systems
32K
pfSense vs OPNsense
Gateway IT Tutorials
36K
Inexpensive Budget Switch: TP Link TL-SG108E HW Rev. 3.0 With VLANS & pfsense Review
Lawrence Systems
309K
Netgate SG-2100 pfsense Firewall Hardware Review
Lawrence Systems
89K
Testing Synology and TrueNAS NFS VS iSCSI
Lawrence Systems
17K
Tutorial: pfsense and pfBlockerNG Version 3
Lawrence Systems
69K
pfsense OR OPNsense? YOU DECIDE!
Willie Howe
50K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.