pfSense/Smoothwall/Untangle vs Juniper/Sonicwall/Watchguard

L

LiQuiD[EViL]

Limp Gawd
Joined
Jul 1, 2003
Messages
181
Wondering what the advantages are of either going with an open source solution like pfsense/ipcop/smoothwall/untangle or a commercial firewall product from juniper/sonicwall/watchguard. It would be pretty cheap to buy an intel atom board and run pfsense/smoothwall/untangle but used juniper/sonicwall/watchguard units can be had for less than $100 or even $50 on ebay. Are there features that one solution has over the other?
 
Tell us the purpose, plans to deploy, thoughts behind why your asking us this question.

My first obvious answer if the level's of support you get with each product, but to me the only thing worth it is the Juniper. Sonicwall and Watchguard are not very good in my opinion
 
This question was more out of curiosity. Just as far getting a general purpose gateway/firewall solution that is in the below $200 range. It doesn't need be to tailored to my specific needs. So you could say things like you can upgrade the pc solution to gigabit nics or that the consumer products use less electricity. Or you get unlimited vpn clients with pfsense. Things of that nature.
How about adding cisco or any other products into the mix if sonicwall/watchguard are inferior?
 
For home stuff, you don't really need a Cisco or Juniper firewall, those firewall distros are fine. If you're trying to learn Cisco or Juniper that's a different story, but if not, don't bother.
 
Keep in mind that most non-free units will require that you pay a yearly support fee to keep the security software up to date.

In the case of the Sonicwalls they're pretty much useless for anything other than basic firewalling. If you don't pay then the features don't work.

Riley
 
It depends on what features you're looking for. I have clients with Juniper, I have clients with Sonicwall, and I have a lot of clients now with Untangle...I really like the Untangle product...I have several clients using their "pay for" pro package. Their support is excellent also.

In your list ...Untangle is different from smoothwall/pfsense/ipcop..in that Untangle is first and foremost a full blown UTM appliance, they are not...granted some of them have a few basic add-ons such as ClamAV or some SPAM filtering.

I've had far less malware issues at my clients that run behind an Untangle box..it's spy-ware scanning module really seems to make a difference.

Cost-wise...take an older business grade desktop PC that you retired...even just a Pentium 4 H/T, with a gig of RAM..slap in a decent 2nd NIC..and you're all set. I put in a new hard drive for reliability..so basically the cost is just 75 bucks plus a blank CD to burn the ISO. Using solid Intel motheboards from biz grade small form factor desktop PCs...it runs rock solid...I only reboot them when doing major upgrades to Untangle..like a new version..else they run rock solid 24x7x365.

It's great at VPN tunnels also...I have a client with Untangle at both sites...solid VPN tunnel in between..and setting up VPN tunnels using OpenVPN...peh...can't get any easier, it's the easiest VPN you'll ever setup.
 
We also put untangle at a clients. Spam, spyware and virus down since putting it in.

But again like Vito said. all in what your looking for
 
I have been running m0n0wall and now pfsense for years. I even have it handle my wireless through the use of an atheros based card. Everything runs great and I have never had it die on it's own.

I have run it on an old PII 233 up through my new VIA EPIA board. Hardware is dependent on desired throughput.

A good working firewall is one of these Nortel Contivity 100's off of ebay http://cgi.ebay.com/Nortel-Networks-Contivity-100-Model-II-100S_W0QQitemZ360227122974QQcmdZViewItemQQptZLH_DefaultDomain_0?hash=item53df35af1e running m0n0wall.
 
As an eBay Associate, HardForum may earn from qualifying purchases.
I'm really not a fan of SonicWall, IMO the interface is terrible, the license fees are pretty ridiculous, and really the feature set & performance are pretty garbage compared to the competition. I haven't used WatchGuard, but the Juniper stuff isn't bad.

That said, I can't say enough good things about pfSense. Tons of functionality, a good interface and the right price. I would hands down recommend it for anything not requiring carrier-grade. You can either run it on a discarded workstation-class box with some spare NICs, or for a permanent small deployment I'd say the $150 or so investment in an ALIX board, case and some CF is worth it. Very reliable, low power and small size solution. For a slightly larger site, Atom makes sense; a great setup would be dual Atom boards in a dual mini-ITX 1U case running a CARP failover cluster.

The only feature I wish it had was the ability to NAT into IPsec tunnels; apparently this will require a fair bit of work to the underlying pf infrastructure in FreeBSD, so I don't expect it soon I'm afraid.
 
I guess this has turned into another bash each vender's firewall / utm.

Have any of you actually tried the new Sonicwall 5.8 OS ? I hated the 5.6 it was a PITA, but 5.8 works awesome.
 
Depends on your needs and know-how. For just a firewall and maybe a little more, pfSense. I have a few dozen units out in the field (amd geo, celeron, and atom based) and they have all been rock solid once they were set up. In the home/smb space, if you don't need/want support, go for pfSense. If you need the hand holding, go for Sonicwall (I only put this here because it tends to be cheaper than cisco/juniper, I don't hate the firewalls as much as I hate the company and their pricing structure), Cisco or Juniper but the costs quickly skyrocket from a pfSense install.

Untangle is a whole different beast. It is a UTM. It is not just a firewall, it is so much more.
 
awesomo said:
Depends on your needs and know-how. For just a firewall and maybe a little more, pfSense. I have a few dozen units out in the field (amd geo, celeron, and atom based) and they have all been rock solid once they were set up. In the home/smb space, if you don't need/want support, go for pfSense. If you need the hand holding, go for Sonicwall (I only put this here because it tends to be cheaper than cisco/juniper, I don't hate the firewalls as much as I hate the company and their pricing structure), Cisco or Juniper but the costs quickly skyrocket from a pfSense install.

Untangle is a whole different beast. It is a UTM. It is not just a firewall, it is so much more.
Click to expand...

A soncwall can do way more than a pfsense box...
 
Zyxel USG's can route at layer 3 between subnets and the bulk mail spam filter is free, along with the LDAP integrated capable IPsec VPN. Zyxel will hold your hand for the first 90 days of ownership.

I'm still trying to wrap my brain around how much actual ability a sonicwall has once the subscription runs out.
 
Mackintire said:
Zyxel USG's can route at layer 3 between subnets and the bulk mail spam filter is free, along with the LDAP integrated capable IPsec VPN. Zyxel will hold your hand for the first 90 days of ownership.

I'm still trying to wrap my brain around how much actual ability a sonicwall has once the subscription runs out.
Click to expand...

Same as any other utm device..

Those zyxels are slow as fuc too. I played with one and the routing between vlans brings it to its knees too.
 
ljgrizzle said:
I've had a P3 1.4GHz w/1.25GB ram running for the past year flawlessly. The Untangle beast just needs m0ar RAM! Good ol Dell sc500!

:D
Click to expand...

I have pfsense running on a P3 and yeah, they are not to be underestimated when all they're doing is moving packets around. I have never seen the cpu go even close to 100% even when I had snort going.

Personally, I'll recommend pfsense, though my opinion is somewhat biased as I have not tried the other solutions. Sonicwall is not a bad product either though, I've played with it a bit and it was fine. Not sure why it is bashed so much.
 
Red Squirrel said:
Sonicwall is not a bad product either though...Not sure why it is bashed so much.
Click to expand...

Because they force yearly licensing on you to use certain features (VPN being my #1 complaint). I can buy a Cisco Firewall, buy licenses and choose not to renew smartnet and the stuff will just keep going. Sonicwall's license will expire and those licensed features will cease to work. Now that Dell owns them, I hope this changes.

They are off my radar for all small business installs. I walk into a company wanting to replace their already free yearly firewall with something a bit better and as soon as I mention "Oh you want vpn? That'll be $xxx per year) The answer is usually an instant NO. Even if it is affordable, people don't want yet another forced subscription to something.
 
Mackintire said:
Zyxel will hold your hand for the first 90 days of ownership.
Click to expand...

I can vouch for this. I recently installed my first Zyxel. Basic things in the interface are fine, but I had to call in the big guns to make PPTP over L2TP VPN work for ipads. Their knowledge base on how to set it up was very incomplete. They logged in and did it all for me, which is nice, but I'd rather have good documentation.
 
Its about 300Mbit on a gigabit interface....so its not fast....but what did you expect for a sub $500 box?
 
Keep in mind I almost purchased a Zyxel USG 300 for home use, but instead grabbed a x700 firebox converted to run PFsense. I 'll probably jump over to a 8 port Ubiquiti EdgeRouter sometime later next year.
 
ZyXEL will hold your hand for more than 90 days.

Dashpuppy have you really used any of the new ZyXEL units? I know you are brand biased, but the ZyXEL USG models are great.

I have some that haven't been touch or rebooted in almost a year (since I have installed). Very reliable and fast models.

But you cant get a USG 50 and put all the features and hope it works with a 100 person network. ZyXEL rates the models for the number of user with full UTM features on.

I have only a few clients with the UTM on.
 
/usr/home said:
Again, that should be done on a L3 switch.
Click to expand...

Agree, but who has1-2$k at home for a switch.



All firewalls are good, you just have to pick the one that suits your needs ie budget or features.

I used to hate sonicwall, now that I've actually set them up and used them and unrest and them I like them. I don't like paying for the subscriptions they are pricy.

( in theory I get mine. Free every year )
 
dashpuppy said:
Agree, but who has1-2$k at home for a switch.



All firewalls are good, you just have to pick the one that suits your needs ie budget or features.

I used to hate sonicwall, now that I've actually set them up and used them and unrest and them I like them. I don't like paying for the subscriptions they are pricy.

( in theory I get mine. Free every year )
Click to expand...

I have a gigabit "Layer 3" switch at home. It's barely layer 3, but it can do VLAN routing. Got it for 200 on eBay. HP ProCurve 2824.
 
awesomo said:
Because they force yearly licensing on you to use certain features (VPN being my #1 complaint). I can buy a Cisco Firewall, buy licenses and choose not to renew smartnet and the stuff will just keep going. Sonicwall's license will expire and those licensed features will cease to work. Now that Dell owns them, I hope this changes.

They are off my radar for all small business installs. I walk into a company wanting to replace their already free yearly firewall with something a bit better and as soon as I mention "Oh you want vpn? That'll be $xxx per year) The answer is usually an instant NO. Even if it is affordable, people don't want yet another forced subscription to something.
Click to expand...

Yuck, did not know that. Now I see why. Yeah screw licensing. I rather pay for the hardware once and be able to use it however I want for as long as I want.
 
You must log in or register to reply here.
Back
Top