PFSense vs UniFi Dream Machine - Whats the BEST ROUTER

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
pfSense versus UniFi what is right for you your business or your home lab and honestly this question has gotten harder and harder to answer especially in the last couple of years and then about a month ago it just got a lot more mudded because of some updates to what netgate has done with pfSense and so that's what today's video is going to be about which one is right for you they both are firewalls that are pretty solid and offer a lot of customization and support one of them is open source and can be installed on any hardware and the other is completely locked down to the specific Hardware but the answer is pretty complex and there's pros and cons to each of them and in a lot of ways there's not a wrong choice to make here and so this discussion is really going to focus on what is right for you and which company should you go with because a firewall is one of those things where you really do not want to be locked in and have to change out because there are so many things you need to make sure to carry over firewall rules DHCP reservation networks vlans all that configuration takes a very long time to migrate from one to the other and furthermore you really want to make sure that your firewall is in a lot of ways set and forget because you do not want your firewall to go down taking out the rest of your network all right so before we dive into this I do want to go over what a firewall is for those who of you who don't know when I say firewall in this video I'm going to be talking about specifically a router so a router and a firewall are in a lot of ways the exact same thing once you go massive Enterprise they can be different but for the most part both pfSense and UniFi produce a router that acts as a very good firewall so what this does is it's more than just applying Wi-Fi and actually neither one of these that I'm going to be talking about are really geared towards Wi-Fi though UniFi does make a router that also has a Wi-Fi access point built in but when I'm talking about a router today I'm not talking about your Wi-Fi router that's got the antennas on it and it's got four ethernet ports in the back and it has your Wi-Fi I'm actually talking about what a router really is and that is a device that sits between the internet and your local network and you can actually have multiple routers within one local network but that's not about this video basically it sits between your internet and your local router and it basically routes traffic between and it is the first stop in security for the entire network it routes traffic it takes traffic from the internet and sends it to the appropriate local clients and it can also Route traffic between multiple lands so you can have like a guest Network a network for your iot stuff and it can actually specify okay the guest Network can talk to the internet but it can't talk to the iot network the main Network can talk to the iot network but not the guest Network and essentially just enforce all those rules so when I'm talking about a router that is what it is and in this case I'm going to use router and firewall well synonymously which is not technically correct when you go massive but for the devices we're talking about today it's correct enough so first off what is pfSense and what is UniFi so pfSense is a open- source firewall based off of free BSD so technically you can install it on any old Hardware all you really need is two ethernet ports and so you can technically install on something like this and pretty much create a very powerful firewall that you can start doing so much customization it is owned by a company called netgate who also sell physical Hardware that's actually where I bought multiple firewalls from and they are a bit pricey for what they are compared to what you could just buy if you're just buying a server Standalone though it does come with support UniFi router lineup is really going to be focusing on the dream machine Series so you've got your dream machine pro and your dream machine they also do have a dedicated router as well though quite frankly it has basically the same specs for routing as the dream machine pro so we're not really going to talk about it too much here and you cannot load this on your own Hardware I'm sure technically since it's based off Linux you could probably request a source code and maybe get it to work but for the sake of this discussion we're not going to talk about trying to side load it on third party Hardware because it's just not supported or not something anybody really does UniFi is also something a lot of people will have heard of because they make really great Network equipment across the board they make great switches and they make great Wi-Fi access points and they're also moving into cameras and a lot of stuff like that really building out a full office Network for pretty much their entire it stack other than like a domain controller and a Nas that's pretty much the only thing they're not making right now anything to do with networking security logins coming into the network can almost be done by UniFi at this point they've made a ton of Headway here one of UniFi is really big things is also Hardware as a service not software as a service though they do also sell software as a service for some things such as VPN but they really set up these devices where there's no reoccurring license fees unless you want to do some specific things such as like a remote VPN connection and UniFi ID those do have monthly fees but for the most of the features to just use the actual firewall and set up a local VPN server on it and everything like that there are no monthly fees whatsoever monthly yearly you just buy the hardware install it and you're up and running and in the Enterprise world of network equipment that's kind of unheard of and is why UniFi has grown so much in the past few years because if you look at Cisco some Cisco switches require a license to do things and so it's one of those things where it was incredibly expensive the switch itself might be fairly inexpensive but then they hit you with all these reoccurring annual fees just to keep the thing running and so that's why unii has been doing just so well is because they kind of flip that on its head and providing almost Enterprise grade Wi-Fi and other networking equipment with the reoccurring license fee and for quite frankly a lot cheaper now pfSense is only routers so netgate I don't even think they make Wi-Fi either really if you're buying pfSense you are just buying it for the routing capability and then you would use thirdparty Wi-Fi for your Wi-Fi network a ton of people will deploy a pfSense router and then have their Wi-Fi and switches be UniFi I've deployed that quite a few times as well so now the question of what's better UniFi or pfSense when it comes to a router it was a lot easier about 3 years ago probably UniFi had really just come out with the dream machine pro maybe even earlier than that but it still wasn't super feature Rich it had basic capabilities but it wasn't really a full Enterprise router and didn't have all the bells and whistles that you might need there were a lot of little things that it just did not have that many people who are used to deploying pretty major networks were would just expect and kind of rode off the dream machine pro as a kind of home router more than a a full-blown like business router however they have been making Leaps and Bounds in the past few years really adding on a ton of important features that has really made this a really difficult question to answer and to give a quick answer before diving into this deeper I actually think that now a unified dream machine or dream machine pro is actually the right answer for the majority of small businesses and home users quite frankly unless you have a couple of people on it staff full-time who really know what they're doing it's pretty unlikely that you're going to run into something that you can't do on your dream machine and from a configuration standpoint it is so much easier now there are still some major drawbacks to a dream machine and we're going to talk about that later but I really have been recommending Dream Machines to a a lot of small businesses just because it's not something that they need me to manage for them most business owners can very easily log into their UniFi portal or their router and configure the vast majority of their settings it makes it incredibly easy to on one pain of glass set everything up and understand what's going on without having to spend a ton of time diving into deep submenus and understanding the entire workflow and while they do have issues with the update sometimes I'm going to talk about that in a little bit I have found it a lot more stable from the perspective of you don't have to remember to enable X Y and Z when you're setting it up versus pfSense and in a lot of ways they are very different firewalls PF sense is an incredibly powerful and therefore complex firewall to deploy anything you need to do you can do it on PF sense you can figure out how to add it no matter what weird Network condition you've got you can make it work and if it's not available directly from within pfSense install there are massive amounts of add-on packages that can do pretty much whatever you need and that is where PF sense really gets its value at because while with UniFi you're stuck with whatever UniFi is going to give you with pfSense there is an entire Community who is adding on packages and adding in things that can make anything you need to happen happen for the most part and so the big question when determining these really comes down to do you need to do stuff on your router that your UniFi cannot do that a dream machine can't do and that is where we're really going to be determining what is right for you to deploy okay so now we've kind of gone over what UniFi firewall offering is as well as PF senses now we're going to go in and we're going to kind of do pros and cons list for each and every one of them with some specific categories and we're also actually going to dive into their parent companies for UniFi it's ubiquity and for pfSense it is managed by netgate though pfSense is a fully open-source operating system and we're going to talk about that because there are some really important things that have come up in the last couple of weeks that make this a much more gray area than it was even just about a month ago so I'm going to go ahead and pull that up and we're going to start diving into specific pros and cons for each all right and so the first place we've got to start is price and we are going to be looking at from UniFi the dream machine pro that's because it's really kind of the thing that I would say is the closest competitor if you're looking at just like a dream router then you're not going to be looking at a PF sense at all honestly so we're going to be looking at the dream machine pro we're not going to be looking at the dream machine SE because quite frankly the upgrades from the dream machine pro to the dream machine SE are things that pfSense doesn't do anyway it's Poe having extra onboard storage and a 2.5 gig when land in I guess that is something that a Netgear would have but for the most part we're really going to be looking at this which has two 10 GB connections to it so a Wan in and a lan in as well that are both SFP plus as well as a 1 gig Wan as well for copper then it's also got 8 1 GB ports that is really more of a switch than actual what the netgate would allow us and so that's going to be for about 380 all right so now let's look at the offering from netgate and it's going to be between the 4100 and the 6100 because it depends on how fast you need to go the dream machine with its actual like threat monitoring is able to do I think 3.4 gbit 3.5 GB routing though note that is probably measured with I perf so it's probably somewhere around the actual 4100 though this guy does not have an SFP plus connection to it so it's not really got that capability to really do those faster speeds so if you were looking for the probably equivalent it would be the 6100 but that's only if you've got a like 3 gig connection and you want to use that I'd say probably the easiest equivalent is going to be the 4100 and we'll we'll leave it at that though there is the 6100 if you need that upgrade and so we are looking at significantly cheaper for the dream machine and I will be honest with you the dream machine pro is one of the best value routers out there full stop it it is very hard to compete with that if you look at other options across the board for something that can route at those speeds now most people do not need to route at those speeds but if you're looking for something with a 10 gig connection on it there are very few things out there and generally you have to go very expensive to have them but one other huge advantage that netgate has is all of this so even if you're just looking at buying pents directly through netgate which is the company who really kind of runs the project you can see you've got options for everything I actually use these little net gates 1100s to deploy at like an off-site backup you can basically just set up a sight to sight VPN directly to this box and plug in another Nas or the owner's computer and then it's super easy they know they just plug into that and boom they're on their local network without anything like that and yeah the performance is not great but if you're just looking for a backup or something like that it is not a big deal then you also can go up to these massive rack units and really have an insanely powerful device that has like 25 gig Nick on it and being able to really run through anything you need I mean these get very very very powerful another huge thing that these have is really easy to set up high availability easy is a relative term but easy to use high availability where you can buy two identical units and within hour hour and a half actually have a fully High available system where you can unplug one of those units and instantaneously have everything switch over it is pretty awesome and that is just something that UniFi is not going to give you though they have talked about maybe adding that in the future and so here we've got pretty clear winners for the two different categories UniFi absolutely is going to win on price pretty much across the board and netgate is really going to win when it comes to flexibility of deployment by being able to do more than just the two offerings that UniFi has and so that is where there's a huge difference between these two and it really kind of depends on which one you need so now while we're also talking about cost in deployments I should also mention that you can deploy pfSense on your own hardware and that is a bit where the waters got murky because netgate added in a special version for home labs and people testing them out but about a month ago they said no more and they kind of killed off that market without really giving much notice and that is something that rubbed a lot of people the wrong way they kind of created this new ecosystem where hey you can have this pfSense version that is for home Labs it's great and then as soon as a lot of people upgraded to it they took it away and that is something that rubbed a ton of people the wrong way note that's only applicable if you're deploying on your own Hardware which UniFi never would have let you anyway but that is something that does not bode well and they've had a few other missteps as a company from also their early implementation of wire guard that was apparently insecure and the actual Creator wire guard had a very nasty article about it and some stuff like that but I'm not going to dive in super deep for that but just note there was that issue and in a lot of ways it makes it a little harder for me to recommend somebody build their own hardware and deploy a pfSense because you are kind of locked into making sure they don't do that in the future because who knows maybe they also might drop out pfSense CE and remove that as well it does seem a little sketchy that they did that which I'm not loving okay so now we have covered price and we have covered deployment flexibility the next most important thing that we need to talk about is ease of use and I think this is where UniFi is really going to take the crown ease of use is something that's critical for a firewall because if it's overly complex to set up and use people are going to take short cuts and not do the thing that's the most secure they're going to say okay just open up all traffic between these lands because I can't get the firewall rules to work and things like that and so if we just look at the firewall rule creation between PF sent and unify Dream Machines it is so much easier to set up and understand on the actual Dream Machines I think it makes sense to a lot of people who are getting started and can easily say okay we're just going to go down one centralized list for all land traffic and the first one that matches is the one that's going to be done and so you can very easily start creating these things and really understanding all the different pieces to it and to continue the trend of this entire video while the UniFi is much easier set up the PF sense's firewall rules in this case allow for much greater flexibility because you don't just create firewall rules based off of IP addresses you actually create them off of interfaces and IP addresses so if somebody's on the wrong interface and trying to send traffic through a IP address it can actually get blocked with pfSense and actually have rules for all that within pfSense whereas UniFi just does not support that kind of stuff because they've just got one land rule for everything and then when we look at things other than just fire firewall rules I really think UniFi Takes the Cake when it comes to DHCP reservations when it comes to setting up networks when it comes to all of that it is so easy to create that stuff on UniFi it makes it quick and easy and it really allows you to kind of punch above your weight class in a lot of ways and not spend tons of time getting bogged down and I think for people who don't have a huge IT background I think that's one of the main reasons why I really end up recommending Dream Machines to people because while it can't do all the bells and whistles that something like a PF sense can do the features that it does have are so much easier to use that a lot of the important stuff that comes to Security will actually get done rather than just having it set up in a very basic Manner and not having those security features on there and that is one of the real advantages of unify in this case if something is too hard to do so you don't do it then it doesn't matter that it exists because because it's not getting used and so once again coming back to the theme this video it's pretty simple if unify can do everything you needed to do go with UniFi but if you need to do more pfSense is there and there are a ton of different deployment options all right so now the last major distinguisher between these two that we're going to talk about before going into features that just don't exist on one or the other is going to be their ability to update and how good we feel about that and this is where netgate is absolutely going to win with pfSense if there's an update to a pfSense router you don't think twice about updating you go all right I'm going to update and you just know there's not going to be any issues backing up the config is incredibly easy and it generally is Flawless you are never going to run into weird cases where oh you updated now all this stuff is broken it tends to just be update boom you're good to go everything's great and it also supports switching to different versions downloading your config exporting to another system really really really easily and now UniFi is getting there two years ago I would be bashing UniFi really hard right now saying do not update unless you really need to and then wait once a year or twice a year and then have an entire afternoon plan to fix what's broken cuz that's how UniFi was for a while there there would be really often times where you would update and now all of a sudden you get really bad performance with supp thing or an entire feature doesn't work and things like that and so I for the longest time and I still do to this day would leave my UniFi systems on not automatic updates at all because while they were pushing a lot of updates they in a lot of ways Ed the community even as their full official builds as kind of beta testers in a lot of senses and if you look at UniFi update notes it's pretty often they see something that was pushed to the official upgrade Channel and then later retracted because of an issue with an update with netgate you just don't have to worry about that you know that's just not going to happen because it is really designed to be Rock Solid steady and boring and everything is very well tested and so for that I do think PF sense is absolutely going to win when it comes to stability of updates and stability overall because these systems while they are kind of boring that's good they they really do what they do well and they're going to chug along into it all right so now I've talked about a lot of reasons to go unify to end this I want to talk about the reasons to go netgate because quite frankly pfSense can do a lot of stuff that UniFi simply cannot and while a lot of times that's not necessary there are a few key things here that really are crucial for me and throughout the years UniFi has made this list smaller and smaller and smaller so I got to give them props for that but things that a PF sense can do that UniFi simply cannot is high availability and true High availability where literally you unplug one of them and like three packets are lost and everything just keeps going that does not exist today on UniFi they've been talking about it for a while but that does not exist and that is a true Enterprise feature though in all honesty it's pretty rare to actually need High availability High availability of a router isn't necessarily crucial because routers tend not to just Hardware fail they tend to be pretty stable but you definitely do not want to be in a case where your firewall is down because when it's down the entirety of the inter is down for your entire company they both can do Wan load balancing so you can actually have a failover network though netgate allows you to do so much more you could have four different networks coming in on your netgate whereas with UniFi you're limiting to just two and the flexibility there is huge you can actually load balance three different internet connections coming in to get three times the speed which is awesome I which I've done before because pfsn just gives you that flexibility to load balance between all those and so when one fails nothing bad even happens everything just fails over seamlessly that is a edge case but if you need it that is what pfSense allows you to do another huge one is having DNS forwarders for specific domains and this is something that I really wish UniFi would add into the dream machine because it's one of the major features that I'm missing and what this is is basically the ability to say in anything that is on this domain don't forward to your regular DNS server forward to this local DNS server so if you had a local domain under space.co for me I would be able to say hey any queries that go to local network. space.co send to my local DNS resolver but anything else just go to the internet and the huge thing about this is you can make sure that all of your internet DNS queries go to the internet and only forwarding local DNS queries to a local DNS server meaning that that local DNS server if it goes down your internet also does not go down so that's a huge one then another really big one is their packages so for example there's your your threat monitoring you can have sakata and so many things like that as add-on packages that make this huge we could talk all day about the different features that you can add into a PF sense router that really bring it to the next level especially when you're doing web development and things like that you can grab a wild card certificate and you can go in and you can actually have a ha proxy and actually have the entire thing run as a web proxy there are so many things that these things can do that I can spend all day talking about it and there's a lot of things that you just cannot do on UniFi so now we've kind of gone over all the different offerings by both these companies and I think it it ends up being a big question on who you are if you're somebody who already has a ton of UniFi gear honestly UniFi is a great offering it's going to deploy right in and whenever you create a VLAN boom now all your switches are aware of that VLAN and it makes configuring and creating networks so easy you get truly the end to end screen being able to understand exactly what's going on another huge reason to go unify over pfSense is you need a simple configuration you don't want to spend hours trying to figure out how to use the software and set it up and you want something that's just kind of going to work you're going to be able to do basic settings and by basic I mean pretty complex compared to any other Home R you have but you want to be able to do your your security settings and not spend a ton of time figuring out and making sure that your DNS server is actually running you don't want to deal with that huge reason to go unify but there's also a ton of reasons to go pfSense one if you're trying to deploy this on your own Hardware pfSense is the only option you're not going to be deploying a unified dream machine on your own Hardware just don't go down that path another one is you need that real capability or you're a tinker and you want to be able to really customize everything out and add Sak cotta and threat monitoring and all these other great packages well that's where pfSense is huge I think for people who are setting something up in a data center I think pfSense is phenomenal because you can add so many other capabilities to it and things like that but for somebody who's pretty simple just trying to set up an office Network I think UniFi is the way to go all right well that's going to be it for this go and leave your thoughts and opinions down in the comments below you have any other questions for me you can s those down there too have a good one [Music] bye
Info
Channel: SpaceRex
Views: 30,608
Rating: undefined out of 5
Keywords:
Id: 10RRSe4JfAM
Channel Id: undefined
Length: 26min 50sec (1610 seconds)
Published: Wed Dec 06 2023
Related Videos
FINALLY! A New UniFi Dream Machine! - UDM Pro Max
Techno Tim
36K
I hope you don't need internet.... - PfSense Router Update
Linus Tech Tips
2.4M
10 Tips to get Faster Speeds from Synology NAS
SpaceRex
17K
The ULTRA Lineup: Which is Best for You?
Crosstalk Solutions
159K
DO NOT design your network like this!! // FREE CCNA // EP 6
NetworkChuck
3.1M
How To Fix Bufferbloat in pfSense For Better Network Performance
Lawrence Systems
29K
Massive Botnet Attacking Synology - how to protect your NAS
SpaceRex
89K
pfsense VS OPNSense
Lawrence Systems
294K
Future-Proof Your Network: Upgrade to 10G with UniFi Fiber Gear
KTZ Systems
125K
UniFi Dream Machine - the BEST WiFi router (Review and Advanced Setup)
NetworkChuck
732K
Is Unifi actually any good??? - UDM Pro Upgrade
Raid Owl
79K
Virtualizing OPNsense on Proxmox as Your Primary Router
Home Network Guy
35K
Top 13 Unifi Network Setup Tips - Planning and Optimization
Ethernet Blueprint
36K
Ransomware Protection: The Complete Guide for Synology NAS
SpaceRex
79K
Best Practice pfSense Initial Setup w/Netgate 4100
Crosstalk Solutions
100K
Get FASTER Internet: Ubiquiti UniFi Setup and Cost at Home
Michael Leen
16K
Should You Build Your Own Router?
Wolfgang's Channel
296K
DREAM MACHINE PRO MAX OUT NOW - UniFi's FASTEST router
SpaceRex
6.4K
Unifi Express Review: Insights From Testing the New Network Controller, Firewall, and Mesh Unit
Lawrence Systems
181K
How to Setup Ubiquiti UniFi Network for a Small Business Office 🛜
Bogdan | Apex One IT
3.8K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.