Firewall Comparison, Which Ones We Use and Why We Use Them: Untangle / pfsense / Ubiquiti

Amazon Affiliate Store
https://www.amazon.com/shop/lawrencesystemspcpickup

Protectli Firewall Micro Appliance: 6x Gigabit LAN, AES-NI, Intel 3865U 1.8GHz
You Can Buy it on Amazon Here
https://amzn.to/2UtegCW

My Protectli Firewall Micro Appliance: 6x Gigabit review
https://youtu.be/MQ3tdkiaAno

Netgate SG-3100 Teardown / Speedtest / Review of this powerful pfsense packet pusher!
https://youtu.be/dbSUdDyfW0M

Untangle Review
https://youtu.be/dmCAePgVSUY

USG Review
https://youtu.be/L117QGGtvDo

You can purchase the USG Here
https://amzn.to/2L6Y5Hh

Edge Router Review
https://youtu.be/7tGT_dyNqnM

You can purchase the Edge Router Here
https://amzn.to/2Qo5SGk

Things we love including computers, software, services, gadgets, and of course hot sauces.
https://www.lawrencesystems.com/things-we-love/

Our Web Site
https://www.lawrencesystems.com/

Patreon
https://www.patreon.com/lawrencesystems

Twitter
https://twitter.com/TomLawrenceTech

Our Forums
https://forums.lawrencesystems.com/

Comments

jgould30 says:

I don’t think it makes sense, outside of maybe a home environment, to run any IDS or other resources extensive tool on your router in the first place. I’ve also felt separation of roles should dictated it be a separate machine. Leaving the router to handle far less and be design to do what it’s meant to do (route).

jcgoobee says:

Is it possible to have pfsense to block the incoming traffic or probe from specific countries by applying certain firewall rules? I got random pings and ssh login attempts from Russia.

Big Wave_Dave says:

Very useful. Thanks!

Bart says:

For the price and features.. you really can’t beat Fortinet. Small office, do a FortiGate 60E full UTM, SSL inspection ect.. everything. comes with 10 FortiClient for client AV and UTM controlled by the FortiGate. FortiGate controllers the FortiWiFi also. No license for VPN. Can also control FortiSwitch. Can’t beat there entire package and price with a stick all controlled by the FortiGate.

B_Bone says:

What do you think about OPNSENSE vs PFSENSE? I read OPNSENSE has a better GUI. I’m thinking of converting an HP T620 Plus thinclient into a firewall. Currently I’m using the edgerouter X.

vono360 says:

No vpn on USG???

John Gooch says:

My first pfsense update broke the vlan tagging required by Centurylink. I had to switch back to my Asus router until pfsense fixed it. Also, the box started rebooting ever few days after I installes pgBlockerng on it. So the netgate 3100g not always a smooth experience.

OhFreeGames says:

Any business class firewall/router solution that has per device data caps/quotas like 1GB/day or 10GB/month? Gargoyle does the job for home use.

vamsi krishna says:

as always informative.. Thanks for the comparison, adds to decisive prams

Centi Zen says:

Untangle makes no sense for 90% of the situations I need to use a firewall in. Their licensing is absolutely boneheaded once you start getting to scale, and they either make you pay for every feature they provide or charge you ridiculous prices for a la carte features. And if you go even one user over your license amount, well, someone is going to be wondering why their device randomly won’t connect to the internet.

Bart says:

And if your a MSP get all your clients on FortiGate. Use a FortiManager for central management and FortiAnalyser to collect the logs. Again I can’t imagine not using them.

Thomas Casey says:

The protectli is way better than any netgate, runs everything under the sun including OpenBSD. I’ve run VyOS, OPNsense, PFsense, OpenBSD without any issues. I have the SG-1100 and it is very fast but it appears like you are stuck with PFsense only, please correct me if I am wrong here on this. BTW installing firmware on the protectli FW2 J1800 is very straightforward and simple. Super happy with it.

bakkerman73 says:

Sorry but this is not a firewall comparison. pfSense is a firewall with routing capabilities, an Edgerouter is a router with some firewall capabilities. 2 different things. 
What is your obsession with being scared of a commandline ? Without the commandline, the internet backbone wouldn’t work.

Yudraciell says:

Review watchguard

Richard Russell says:

What is your opinion on the usg pro vs the smaller usg?

vin h says:

My ISP has a Modem/router all in one. Right now i have an apple router set as follows:

*ISP modem/router ——> DHCP range set to 192.168.10——256

*Static IP set for apple router —— outside dhcp range

* placed apple router in ISP router settings DMZ so my router can do its own routing

My question is can i do this same set up with the USG with ease or will i need to have more advanced skills to change these settings?

FelixKarlsson91 says:

Stateless > Stateful > NGFW. In this day and age go for a NGFW thats has AV/IPS/App-Control/Web-Filter/Cloud based Sandboxing etc. //Felix “Cyber-Security Consultant!

John Mautz says:

Thank you for the great video. I just took the plunge into the world of pfSense. Prior to this I was running ZeroShell (zeroshell.net – nice product and it served me well for about 6 years, but not the caliber of pfSense). For the router/firewall I went with the Ali Express/MiniSys version of the Protectli. This way I was able to get the i5-7200U for cheep – https://www.aliexpress.com/item/Minisys-Newest-Pfsense-Box-7th-Gen-Kaby-Lake-Intel-i5-7200u-2-5GHz-Dual-Core-fanless/32854681562.html?spm=a2g0s.9042311.0.0.698d4c4deEQC8l). I loaded pfSense, Suricata, pfBlocker and added the Pi-Hole and other lists from your other videos. This little box works great!!! I loaded it with 32G RAM and 500G M2 drive – total over kill, I know, but I’m very pleased and that is what matters. I have Spectrum Cable 400M and my fist speedtest through the box ran at 479Mbps. The CPU toped at 12% and RAM is only around 6%. Love it. Thank you very much. I’ve subscribed to your channel and will keep watching.

Act1veSp1n says:

IPFire is a great one too!

Mitchell Dawson says:

The “edge router X” is surprise surprise a ROUTER not a firewall. Nat functionality does NOT constitute a firewall, routers have been able to do most forms of NAT for a long time. In my view you dont have a firewall unless you have a box with SPI,DPI, web proxy, ips/ids, decryption, malware and AV scanning built in, otherwise you just have a router with SPI & access lists.

Mitchell Doubleday says:

Never again will I buy an EdgeRouter. It has the worst GUI-CLI interaction, any configurations that are slightly advanced requires daunting CLI and config file changes. We experienced this router delete it’s own Eth0 WAN port after a reboot over the weekend (IT DELETED ITS OWN WAN PORT FOR FUCKS SAKES). Oh and once you start doing anything in CLI DO NOT TOUCH THE GUI, it will over ride changes.

Thomas Casey says:

Some shilling going on here for sure

Alex Stamatis says:

The question is UNIX vs Linux. PF Firewall vs IPtables firewall. And yes … there is nothing better than PF in the open source world. PFsense makes it easy for many people to manage a PF firewall with tons of addons instead of installing BSD and feeling the pain.

Shared Knowledge says:

Thanks. This has been really helpful. I have a Sonicwall but refuse to pay Dell’s annual fees after the initial 3 years ran out. I’ve played around with pfsense but Untangle might be even easier and I can handle $50 a year. Your videos are some of the best of their kind on the web.

ll NATE DOGG ll says:

No review on Watchguard Firebox Models? I have the T70 and I think its great.

Demetrios Mustakas Jr. says:

unify wifi plus untangle UTM?

alilsouthosanity says:

here is one of my setups intel e6400 core 2 duo 4gb ram 80 gb hdd 2x intel 10/100/1000 running clearos cost me less than the unifi box. $15 for used hdd $30×2 for nic. $0 for clear os home use. no issues upto 30 users simultaneously

Michael Mast says:

The Ubiquiti also supports BGP, ipsec, and VTI. I use all these to establish tunnels between branches, AWS, and other datacenters as the BGP advertisements make things simple.

That said, the low end devices have a lot of features but they lack processing power. The Lite and ER-8 are used in branches while PFSense runs as a VM in the datacenter.

Esiquio Uribe says:

Someone farts at 1:24

Phillip Johnson says:

Helpful video, thanks! Bottom line…scale your router to your requirements and personal needs.

Mine is the $50 deal!

mdd1963 says:

Untangle…. $50 ….per *year*….?? LOL! I’ll pass

Dave McKewan says:

Looking to get one of these for the house. Idea is to stick it between the cable modem and WiFi router. Then everything/one is safer… Like what I hear about PfSense, so I think that’s where I’m going…

Yuriy Bolsh says:

For Business use: The Ubiquiti line + Cloud Key and Cloud management as an entry point. Chances are, you already (should be) using their AP’s anyway. CISCO Meraki MX with Advanced Malware Protection for most use cases, simply due to 0-day AMP and Sonicwall TZ series for more nerdy setups would be my starting points. First and foremost is support availability and not looping to a single tech guy who set it up through some “command line”

substrde says:

What about the USG-PRO series devices e.g. USG-PRO-4?

Gerff says:

IF YOU DON’T KNOW HOW TO CHOOSE A FIREWALL FOR A CLIENT, YOU SHOULDN’T HAVE THAT JOB! ASKING A YOUTUBER IS EVEN WORSE! THE ANSWER IS, IT DEPENDS, FIND SOMEONE WHO KNOWS HOW TO FIGURE THAT OUT, AND GO BACK TO THE HELPDESK YOU POS.

cdoublejj says:

how about encrypted DNS, VPN, VLAN and SQM! all at the same time @ 500mbps to 1gbs symmetric?

Forbidden User says:

You say… “Editing Config Files” as if it’s a bad thing… I personally like knowing exactly how the software that runs my network works. That’s why I always turn of DHCP on my routers and implement it on my home server with dnsmasq. Knowing things, and how to do things, and not having to rely on some company to provide you with an idiot proof gui interface is not a bad thing. If more people had these abilities, we wouldn’t have an industry full of solely M$ Server based Corporate IT guys who really don’t know how to do anything other than point and click who literally throw away countless hundreds of thousands of dollars a year in IT budges on Corporate Licensing fees when there are much more reliable and stable options that are totally free to implement with the only problem being the Typical Corporate IT guys is simply too stupid to understand how to use the software because his “IT Education” only taught him to be a M$ administrator.

Alberto Montes says:

what about openwrt on the x86?

Joshua Smallman says:

Great video, what are your thoughts about fortigate and checkpoint ?

maksiodzidek1 says:

some benchmarks or story about nothing

Peter Jespersen says:

Thanks for the clarification – the doubt I had regarding the EdgeRouter has been confirmed – great show.
BTW : What is your view on OpenSense ?

Joseph Klimczak says:

Im running into An issue with people looking for cheap home FW that can handle 1gig internet
That’s one step up from what they give you from the internet provider

Jacques Laroche says:

Great video! I’d love to hear your thoughts on the UniFi USG Pro 4 – especially with the ram increased from 2gb to 8gb (for large environments with ~500 users)

John Kirk says:

Hey guys! I deployed the netgate for a client that needed several vlans, one is a public wireless network. The venue is a performing arts theater and it has to handle a thousand connections both wired and wirelessly. It works great even running Surricata and other modules. It was super easy to configure, runs stable, but a little warm. I’d recommend it to anyone!

OhFreeGames says:

Would love to hear your thoughts on some other options as well like Sophos XG/UTM Home, ClearOS, etc.

Czeekaj says:

I’ using a PIA vpn on a packet squirrel. I just need a fire wall router 🙂

 Write a comment

*

Do you like our videos?
Do you want to see more like that?

Please click below to support us on Facebook!