 Time here for more systems. We're going to talk about PF sense versus untangle and which one you might want to get now I've done comparisons before I've done videos on both of these products. These are both products We've used and no, I don't have the time necessarily to review your favorite firewall So I know this question is going to come up and people always ask right away Can you review insert name of firewall and talk about that one? I'm talking about the ones that we actively deploy and use because well It's better than a review of I opened it. I tested it at worked This is we actually deployed these at clients and I can tell you how they performed type of review and type of information I'm going to give here before we dive into which one you should choose Let's first feel like to learn more about me or my company head over to Lawrence systems.com If you like to hire short project, there's a hires button right at the top If you like to help keep this channel sponsor free and thank you to everyone who already has There is a join button here for YouTube and a patreon page. Your support is greatly appreciated If you're looking for deals or discounts on products and services we offer on this channel Check out the affiliate links down below. They're in the description of all of our videos Including a link to our shirt store. We have a wide variety of shirts that we sell and new designs come out Well randomly so check back frequently and finally our forums forums Dot Lawrence systems comm is where you can have a more in-depth discussion about this video and other tech topics You've seen on this channel now back to our content and I want to start with my features chart that I made Earlier this year comparing a handful of different firewalls and yes corrections have been made because there was a policy about the L2 TP VPN And I didn't realize it had support I had got that wrong and I updated it the chart matches the video has me saying I one of these firewalls doesn't support it And I don't know which one it was but I'll leave a link to that video Anyways the operating system that each of these are based on and we're only going to focus on the neck eight PF sensor on tingle Unfortunately, I've done videos on this. We just don't use anymore really any of the US cheese UDM's For people who need anything more than basic routing watch that video and much I'll leave a link to the video where I discussed some of the shortcomings of the USG including the lack of Ability to put multiple LAN IPs on there that still exists right now in October of 2020 They still have not gotten around to updating that request from I don't know four or five years ago So we're going to focus on neck eight versus Untangle or PF sense versus untangle and I bring up neck gate because it's a interesting way this works So PF sense is a hundred percent open source That's at least the very first thing that's going to be different despite someone in the comments It'll get their caps lock on it told me that PF says doesn't feel open source even though they give you the source code they are Legit and open source project no matter what your misgivings are about the company neck gate and neck gate is the hardware provider and The support team for the PF sense system so even though it's open source the business model is selling some hardware and Offering support and that for the PF sense product via the neck gate company So they do give away 100% of the source code you can have all of it and that's this product right here This is specifically for wanting which one this is they'd review of it. This is the SG 2100 Now untangle is also based on open source But you can't have 100% of every feature open source and free untangle has licensing fees attached to it And that it sometimes is enough difference where people have stopped watching and going alright That's it. I don't want something that has any recurring license fees But untangle look leave a link to my recent review of it They do have a free version Which does not have every feature that untangle offers and I break that down and they have links on the website where they Tell you what you get for free and what you get for a subscription and they also have hardware appliances And I'm going to be reviewing this one soon, which is one of the untangle E-Series firewalls that has the Wi-Fi built in so they both offer If you're not interested in trying to roll your own hardware because they both support that or you can just load This on your own hardware and you want to just buy something turnkey from either company You can do that or you can load the software on either company and license fees still apply over at untangle And well the net gates open source net gate slash PF sense PF sense project specifically is fully open source Therefore you can just download and load it now. Let's run down the features Free BSD versus Linux that means that you're going to have a difference in hardware support. So that's something to think about Free BSD is a really really secure and solid operating system and so is Linux But there is definitely a difference in hardware support now It's not that hard to find network card to support free BSD But it's worth noting that there's probably a broader range of hardware support You'll find in Linux and BSD is still really solid, but it's just of note and any time you're building a firewall It's not that hard I've talked about this for finding these especially if you're going to use Finding these Intel cards that are well supported in BSD and I've seen Linux Like I said, it's a little bit more flexible Centralized management. No, there's not a centralized management offering from PF sense or net gate untangle Yes, they have an entire dashboard that this can tie into but that's part of you know The services you can get from untangle and you're tying into their dashboard It's not like something you can host yourself But it does have that ability to do that for management and for reselling purposes and for license management It ties into the dashboard because obviously it's got a contact a licensing server for the extra features They both have open VPN servers and client options IP sack L2 TP VPN policy routing And this is where the nuances start coming in while I can run down and say yes to the features Let's do a little bit of explaining when it comes to the policy routing. It is a little bit more complex This is why I have so many videos on PF sense It is Capable of doing some really advanced tinkering and policy routing But that means it's also a little bit more complex to do and if you're into network engineering It's generally a more favorable thing because people who like myself have been doing network engineering for a long time Really love all the options and bells and whistles and don't mind the complexity because well We've been doing it for a long time for policy routing on an untangle They got some really simple one-click options for like tunneling a VPN out a certain tunnel traffic There's really some simple things you can do an untangle with a couple checkboxes and not having to understand everything And it does it behind the scenes so while they both support it. I won't lie. It's gonna be way easier untangle Intrusion detection sericata or snort they kind of blend this in an untangle you just get sericata But it's also kind of pretty interface on top versus very detailed All the buttons are able to be clicked and very fine-tuned you can still do that a lot in untangle And but some people like the fact that they've simplified it versus it is going to be more complicated That's why I have a much longer video on how to do it on PF sense versus untangle GUIP filtering This is an add-on inside of PF sense for GUIP and DNS filtering with PF blocker And yes, they have it an untangle as part of just built-in modules web content filtering another add-on squid versus Yes, they have entire web filtering part of their license package Advanced traffic shaping. Yes, they have that when failover not part of the free version Which I find kind of odd But if you want when failover of that is an option that they have over on a tangle load balancing Yes, back to the paid integration Also active directory. Well, I said no, but I know someone's gonna hammer out that well You can have a talk LDAP that can talk to directory or some of the other ways like loading a radio server on a Windows machine that can then bridge the gap So no direct integration is why I said no right here Untangle yes direct integration with their directory integrator tool once again part of the paid services But hey, it's a feature that they have in there both have captive portal Let's encrypt certificates is something unique to not unique to only but definitely a feature that's welcome over at PF Sense and HA proxy I've done videos on combining these two because well while you can run a separate proxy server having an all-in-one box is Really convenient because then you can put your DNS entries and make everything matching You can do a one-stop shop for having all your reverse proxies manage your authentication against it and everything else Now one other thing it's really not on this list But this comes down to some nuance that matters a lot to people who are into network engineering And that's aliases and aliases or objects as you want to build them. It's going to be very from Company-to-company I should say on how they may use that nomenclature and what that means is let's take how we create an object In some of the other firewalls and you know, I've done this I've worked with Cisco I've worked with 40 gate I've worked with a lot of different companies and though have you create an object for ports So let's say I have a server that has a group apart ports that need to be opened up I can create an object that object has those ports in it. That's referred to as aliasing inside of PF sense now in PF sense though, you can also group, you know, IPs you can group ports You can have those ports be pulled from external URLs, which is actually really neat and how pf blocker works So it's basically aliasing objects is a little bit interchangeable If you're using some of the other firewalls that use the object language, and it's the same concept I can group a porch together. I can group the you know URLs together so I can actually have actively updated feeds So those are really cool features that are just kind of missing from untangle And it's not that there's not questions about them and there's an entire forum post I can leave a link to where people discuss that they've requested aliases and it does have some Policies that allow you to group things together, but it's not quite the same And I'll leave that link to discussion because they talk about the nuance differences that kind of go out of scope of this Video, but that is kind of a you know a big thing now the overall which one should you choose though is comes down to I Really like pfSense here and at our office why we're using he proxy. We're using let's encrypt I love all the advanced features I love the fact that I can load the radius server right into one device to handle the Authentication to handle everything and someone's probably pulling their hair out screaming going no those all had to be 100% separate servers for Security purposes and no they don't they don't have to be if you set them up properly and configure things properly You can have one device because if they crack one device They usually have access to the other device because if you have authentication to your radius server built into your firewall And someone gets into your firewall doesn't matter if they have access to a server They have the authentication to get into it, but I'm not going to get to out of scope on that debate They have local directory a local user database You can have so you can still mostly do a lot of the same things here at untangle But they also have their directory connector which then allows you to connect to a radio server and active directory and things like that So maybe that's easier. So while I love all the features that are here I won't lie untangled for a lot of small businesses and especially the home users who are going Tom Just give me the answer for a turnkey easy inexpensive solution Untangles kind of a little bit easier for home users The web filtering comes up quite a bit and I'm going to do a deep dive soon into Untangle and their home user addition and review some of their hardware And I wanted to do this because for people that seem Daunted and a little bit scared of loading up a pf sense I mean I've done all these tutorials, but yes My tutorials are fairly in-depth on it because it is a more complex firewall to deploy versus untangles kind of a next Yes, next. Yes, cool. I got the firewall I bought a turnkey piece of hardware and I checked that box for web filtering I bought my license fee to enable all of that and yes it does have a recurring license fee annually, but the home user additions only 50 bucks a year and People go I just needed my kids, you know, not to wander the internet in places where I needed good Reporting and this is one of those things that's kind of nuanced as well the reporting and untangle is definitely really really good and There are third-party ways to export or playing with n-top where you can get some reporting out of pf Sense, but no it's not as good watch my recent review of untangle or play with any of the demos yourself and untangles Reporting is definitely superior to pf senses. There's no argument about that But like being able to play with pf top and dive into sessions. I still kind of like the way pf sense does it and to me, you know forwarding Packets and all the little advanced videos that I have on pf sense still make it to me something better for network engineering But untangle still makes it easier for the majority of end users now the one last thing I'll comment on is things like transparent bridging in some of the reared one-off cases That's something that you can really customize and I've done videos on with pf sense and untangle well less or so But then again, who's doing that? Well, it's an edge case It's not that common and what about the web filtering with it not being in pf sense It's someone's gonna hammer out that I love squid and I don't like squid on pf sense I don't find it to be the smoothest of integrations. I have My reservations about anytime you get a load SSL search and do inspections because it just causes Issues with many applications that don't like having extra search installed And it does open yourself up to potential more threats because now you've got something added to the trust of that particular system and They both have support for doing this. It's just not my favorite way to implement it the basic web filtering that comes with Untangle actually works quite well without doing any type of certificate install Which is you know, like I said something I do like in end users and home users So hopefully this either made your decision a little bit easier and not too much harder But I we see if you're you know more into learning the network engineering You're probably living over here to the pf sense side of the world. Will you load it yourself or buy the hardware? Whichever works for you and if you're going I'm just a home user time and my focus is on you know Software development things like that, but I don't want the kids wandering internet And I'd like to separate my networks and I have a solid firewall That's not some junk consumer thing and I don't mind 50 bucks a year for a home user or even their reasonable prices for small businesses Or if you're an IT provider and you're looking for that, you know Central dashboard management, which everyone seems upset pf sense doesn't have then you can look over here in the final Because someone's gonna ask this question will Tom if you deploy neck eight and pf sense at your clients How do you handle any web filtering and I'll answer that question once again? We use a solar wind stack and load endpoint management because firewalls are not substitutes for endpoint control and endpoint management for things like web filtering So that is right now what we're doing in October of 2020. We're still using solar winds with our clients that we deploy Netgate appliances on for the firewall. So just gonna clarify that question because I don't think I've posted a video about firewalls Where that question doesn't get asked so I'll leave links to videos. I've done on both of these products And you can check them out for yourselves fold disclosure We are in untangled reseller and part of their partner program just FYI But all this was just me doing the video. There's neither company gave me any input about this video I could have disclosed at the beginning, but there's not really anything to disclose about that. All right. Thanks And thank you for making it to the end of the video If you liked this video, please give it a thumbs up if you'd like to see more content from the channel Hit the subscribe button and hit the bell icon if you like YouTube to notify you when new videos come out If you'd like to hire us head over to Lawrence systems calm fill out our contact page and Let us know what we can help you with and what projects you'd like us to work together on If you want to carry on the discussion head over to forums not Lawrence systems calm Where we can carry on the discussion about this video other videos or other tech topics in general even? Suggestions for new videos. They're accepted right there on our forums which are free Also, if you like to help the channel in other ways head over to our affiliate page We have a lot of great tech offers for you and once again, thanks for watching and see you next time