Amazon Affiliate Store
https://www.amazon.com/shop/lawrencesystemspcpickup
Protectli Firewall Micro Appliance: 6x Gigabit LAN, AES-NI, Intel 3865U 1.8GHz
You Can Buy it on Amazon Here
https://amzn.to/2UtegCW
My Protectli Firewall Micro Appliance: 6x Gigabit review
https://youtu.be/MQ3tdkiaAno
Netgate SG-3100 Teardown / Speedtest / Review of this powerful pfsense packet pusher!
https://youtu.be/dbSUdDyfW0M
Untangle Review
https://youtu.be/dmCAePgVSUY
USG Review
https://youtu.be/L117QGGtvDo
You can purchase the USG Here
https://amzn.to/2L6Y5Hh
Edge Router Review
https://youtu.be/7tGT_dyNqnM
You can purchase the Edge Router Here
https://amzn.to/2Qo5SGk
Things we love including computers, software, services, gadgets, and of course hot sauces.
https://www.lawrencesystems.com/things-we-love/
Our Web Site
https://www.lawrencesystems.com/
Patreon
https://www.patreon.com/lawrencesystems
Twitter
https://twitter.com/TomLawrenceTech
Our Forums
https://forums.lawrencesystems.com/
Price:
Ubiquiti Unifi Security Gateway (USG)
3 Gigabit Ethernet ports, CLI management for advanced users 1 million packets per second for 64-byte packets 3 Gbps total line rate for packets 512 bytes or larger Integrated and managed with UniFi Controller v4.x Secure off-site management and monit... (as of May 19, 2020 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Price: $59.99
TP-Link Safestream Multi WAN VPN Router | 1 Gigabit WAN+3 Gigabit WAN/LAN+1 Gigabit LAN Port | IPsec/L2TP/PPTP VPN Supported| SPI Firewall | DoS Defense | Lightning Protection(TL-R600VPN)
(13894)
Price: $169.97
ZyXEL Next Generation VPN Firewall with 1 WAN, 1 SFP, 4 LAN/DMZ Gigabit Ports [USG20-VPN]
High Performance Gigabit Ports 1x Internet (WAN) Port, 4x Local Network (LAN) Ports, 1x SFP Gigabit Fiber (SFP WAN) Port for Uplink to Fiber Internet Services Up to 90Mbps Encrypted VPN throughput (IPsec/L2TP: 10 Concurrent, SSL: 5 Concurrent Upgrada... (as of May 19, 2020 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Price: $5.99
I don’t think it makes sense, outside of maybe a home environment, to run any IDS or other resources extensive tool on your router in the first place. I’ve also felt separation of roles should dictated it be a separate machine. Leaving the router to handle far less and be design to do what it’s meant to do (route).
Is it possible to have pfsense to block the incoming traffic or probe from specific countries by applying certain firewall rules? I got random pings and ssh login attempts from Russia.
Very useful. Thanks!
For the price and features.. you really can’t beat Fortinet. Small office, do a FortiGate 60E full UTM, SSL inspection ect.. everything. comes with 10 FortiClient for client AV and UTM controlled by the FortiGate. FortiGate controllers the FortiWiFi also. No license for VPN. Can also control FortiSwitch. Can’t beat there entire package and price with a stick all controlled by the FortiGate.
What do you think about OPNSENSE vs PFSENSE? I read OPNSENSE has a better GUI. I’m thinking of converting an HP T620 Plus thinclient into a firewall. Currently I’m using the edgerouter X.
No vpn on USG???
My first pfsense update broke the vlan tagging required by Centurylink. I had to switch back to my Asus router until pfsense fixed it. Also, the box started rebooting ever few days after I installes pgBlockerng on it. So the netgate 3100g not always a smooth experience.
Any business class firewall/router solution that has per device data caps/quotas like 1GB/day or 10GB/month? Gargoyle does the job for home use.
as always informative.. Thanks for the comparison, adds to decisive prams
Untangle makes no sense for 90% of the situations I need to use a firewall in. Their licensing is absolutely boneheaded once you start getting to scale, and they either make you pay for every feature they provide or charge you ridiculous prices for a la carte features. And if you go even one user over your license amount, well, someone is going to be wondering why their device randomly won’t connect to the internet.
And if your a MSP get all your clients on FortiGate. Use a FortiManager for central management and FortiAnalyser to collect the logs. Again I can’t imagine not using them.
The protectli is way better than any netgate, runs everything under the sun including OpenBSD. I’ve run VyOS, OPNsense, PFsense, OpenBSD without any issues. I have the SG-1100 and it is very fast but it appears like you are stuck with PFsense only, please correct me if I am wrong here on this. BTW installing firmware on the protectli FW2 J1800 is very straightforward and simple. Super happy with it.
Sorry but this is not a firewall comparison. pfSense is a firewall with routing capabilities, an Edgerouter is a router with some firewall capabilities. 2 different things.
What is your obsession with being scared of a commandline ? Without the commandline, the internet backbone wouldn’t work.
Review watchguard
What is your opinion on the usg pro vs the smaller usg?
My ISP has a Modem/router all in one. Right now i have an apple router set as follows:
*ISP modem/router ——> DHCP range set to 192.168.10——256
*Static IP set for apple router —— outside dhcp range
* placed apple router in ISP router settings DMZ so my router can do its own routing
My question is can i do this same set up with the USG with ease or will i need to have more advanced skills to change these settings?
Stateless > Stateful > NGFW. In this day and age go for a NGFW thats has AV/IPS/App-Control/Web-Filter/Cloud based Sandboxing etc. //Felix “Cyber-Security Consultant!
Thank you for the great video. I just took the plunge into the world of pfSense. Prior to this I was running ZeroShell (zeroshell.net – nice product and it served me well for about 6 years, but not the caliber of pfSense). For the router/firewall I went with the Ali Express/MiniSys version of the Protectli. This way I was able to get the i5-7200U for cheep – https://www.aliexpress.com/item/Minisys-Newest-Pfsense-Box-7th-Gen-Kaby-Lake-Intel-i5-7200u-2-5GHz-Dual-Core-fanless/32854681562.html?spm=a2g0s.9042311.0.0.698d4c4deEQC8l). I loaded pfSense, Suricata, pfBlocker and added the Pi-Hole and other lists from your other videos. This little box works great!!! I loaded it with 32G RAM and 500G M2 drive – total over kill, I know, but I’m very pleased and that is what matters. I have Spectrum Cable 400M and my fist speedtest through the box ran at 479Mbps. The CPU toped at 12% and RAM is only around 6%. Love it. Thank you very much. I’ve subscribed to your channel and will keep watching.
IPFire is a great one too!
The “edge router X” is surprise surprise a ROUTER not a firewall. Nat functionality does NOT constitute a firewall, routers have been able to do most forms of NAT for a long time. In my view you dont have a firewall unless you have a box with SPI,DPI, web proxy, ips/ids, decryption, malware and AV scanning built in, otherwise you just have a router with SPI & access lists.
Never again will I buy an EdgeRouter. It has the worst GUI-CLI interaction, any configurations that are slightly advanced requires daunting CLI and config file changes. We experienced this router delete it’s own Eth0 WAN port after a reboot over the weekend (IT DELETED ITS OWN WAN PORT FOR FUCKS SAKES). Oh and once you start doing anything in CLI DO NOT TOUCH THE GUI, it will over ride changes.
Some shilling going on here for sure
The question is UNIX vs Linux. PF Firewall vs IPtables firewall. And yes … there is nothing better than PF in the open source world. PFsense makes it easy for many people to manage a PF firewall with tons of addons instead of installing BSD and feeling the pain.
Thanks. This has been really helpful. I have a Sonicwall but refuse to pay Dell’s annual fees after the initial 3 years ran out. I’ve played around with pfsense but Untangle might be even easier and I can handle $50 a year. Your videos are some of the best of their kind on the web.
No review on Watchguard Firebox Models? I have the T70 and I think its great.
unify wifi plus untangle UTM?
here is one of my setups intel e6400 core 2 duo 4gb ram 80 gb hdd 2x intel 10/100/1000 running clearos cost me less than the unifi box. $15 for used hdd $30×2 for nic. $0 for clear os home use. no issues upto 30 users simultaneously
The Ubiquiti also supports BGP, ipsec, and VTI. I use all these to establish tunnels between branches, AWS, and other datacenters as the BGP advertisements make things simple.
That said, the low end devices have a lot of features but they lack processing power. The Lite and ER-8 are used in branches while PFSense runs as a VM in the datacenter.
Someone farts at 1:24
Helpful video, thanks! Bottom line…scale your router to your requirements and personal needs.
Mine is the $50 deal!
Untangle…. $50 ….per *year*….?? LOL! I’ll pass
Looking to get one of these for the house. Idea is to stick it between the cable modem and WiFi router. Then everything/one is safer… Like what I hear about PfSense, so I think that’s where I’m going…
For Business use: The Ubiquiti line + Cloud Key and Cloud management as an entry point. Chances are, you already (should be) using their AP’s anyway. CISCO Meraki MX with Advanced Malware Protection for most use cases, simply due to 0-day AMP and Sonicwall TZ series for more nerdy setups would be my starting points. First and foremost is support availability and not looping to a single tech guy who set it up through some “command line”
What about the USG-PRO series devices e.g. USG-PRO-4?
IF YOU DON’T KNOW HOW TO CHOOSE A FIREWALL FOR A CLIENT, YOU SHOULDN’T HAVE THAT JOB! ASKING A YOUTUBER IS EVEN WORSE! THE ANSWER IS, IT DEPENDS, FIND SOMEONE WHO KNOWS HOW TO FIGURE THAT OUT, AND GO BACK TO THE HELPDESK YOU POS.
how about encrypted DNS, VPN, VLAN and SQM! all at the same time @ 500mbps to 1gbs symmetric?
You say… “Editing Config Files” as if it’s a bad thing… I personally like knowing exactly how the software that runs my network works. That’s why I always turn of DHCP on my routers and implement it on my home server with dnsmasq. Knowing things, and how to do things, and not having to rely on some company to provide you with an idiot proof gui interface is not a bad thing. If more people had these abilities, we wouldn’t have an industry full of solely M$ Server based Corporate IT guys who really don’t know how to do anything other than point and click who literally throw away countless hundreds of thousands of dollars a year in IT budges on Corporate Licensing fees when there are much more reliable and stable options that are totally free to implement with the only problem being the Typical Corporate IT guys is simply too stupid to understand how to use the software because his “IT Education” only taught him to be a M$ administrator.
what about openwrt on the x86?
Great video, what are your thoughts about fortigate and checkpoint ?
some benchmarks or story about nothing
Thanks for the clarification – the doubt I had regarding the EdgeRouter has been confirmed – great show.
BTW : What is your view on OpenSense ?
Im running into An issue with people looking for cheap home FW that can handle 1gig internet
That’s one step up from what they give you from the internet provider
Great video! I’d love to hear your thoughts on the UniFi USG Pro 4 – especially with the ram increased from 2gb to 8gb (for large environments with ~500 users)
Hey guys! I deployed the netgate for a client that needed several vlans, one is a public wireless network. The venue is a performing arts theater and it has to handle a thousand connections both wired and wirelessly. It works great even running Surricata and other modules. It was super easy to configure, runs stable, but a little warm. I’d recommend it to anyone!
Would love to hear your thoughts on some other options as well like Sophos XG/UTM Home, ClearOS, etc.
I’ using a PIA vpn on a packet squirrel. I just need a fire wall router 🙂