 I have in front of me a few different firewalls that I've done reviews on. I've done reviews on the NETGATE PF Sense firewalls, both the software and the hardware directly from NETGATE. I've done reviews on the EdgeRouter X. I've done reviews on the USG by Unify. I've done reviews on the protect teleboxes, such as this one here, which can run a lot of different firewall software. And a lot of people ask me always, comes down to which firewall should I buy or how do we know which one to choose for a client? Well, we're going to start with this one right here, the EdgeRouter X. Not really a popular choice in terms of for our clients, but it does have its use cases. This is a nice mini powerhouse of a firewall that you can pick up in the $50 range US, which is really reasonable for any firewall that's above consumer grade. It actually has fast routing capabilities. It has a ton of features once you get into the command line on it, so it's very diverse. It has all kinds of different things you can do. But, but this is the big downside, one of them is, people ask me, what about intrusion detection systems and intrusion prevention systems and things like that? And I'm kind of cross-eyed a little bit when I hear that because I'm like, okay, those take a lot of horsepower to run and I'm sorry, these are going to fail at that. You could probably find some hacky way to get more things running on this than it comes with, but the fact of it is, and I'm even holding the adapter right here to show you, this thing's only a couple of watts and that's it. It's so low-powered, it just doesn't have the horsepower to do a lot of advanced things. Now, the other downside that the edge router line suffers from, maybe benefits from, is it is advanced as you can go with it. It's also very difficult to do. So, if you look at any of the tutorials, a lot of people say, wow, that's a really long tutorial on to how to accomplish this or that. And I'm like, yeah, they are a lot of times, advanced features, it does require editing a config file and handwriting some of the rules and things like that. So, that is a disadvantage with these as powerful as they are and inexpensive as you can get, especially this model for. They have their use cases. The wizards in them are nice to get kind of basic things set up, but for advanced use, get prepared to get advanced with it and break out the command line to really get some, you know, very specific configurations. But from a low wattage standpoint, and sometimes when you just have to net something over a point-to-point in a small area, we've used them for that. And that is sometimes a client use case for them. No real advanced routing needed, just a basic net, low-powered in a small, especially when we've done some of these outdoor setups. They just need to get some devices online behind a net in a site-to-site. This combines really nice. Now, it does have, I will mention, I have not done any testing with it. This will connect into the UNMS dashboard by Unify. I've not done a lot of testing with that, but you can, you can dig up some information on there, but like I said, not really done much with that. The next one people ask me about is the Unify USG line. Now, I like these. These are nice, but they have back to specific use cases. They have beautiful dashboards to integrate with all the other Unify equipment. So, if you're putting in really nice Unify wireless and all the different range of those in the Unify switches, which we love and we love their wireless, and then you put this at the head end of it all, you just get a great dashboard that gives you a good overview of what's going on. And from an MSP standpoint, we manage a lot of clients using these, and they're great for those small businesses. Some of the advantages you have with this is that integrated dashboard with all the clients, the downside you run into with this, and this is where things get unfortunate. I really wish, I really want to love it. I really wish I could love it. The thing I dislike about it, and this, this is where it starts to fall off, is when people need advanced routing options, and they need VPNs, or they have one of these that's double-naded, you're back to editing files on this. You can't use the user interface through the web interface to make it do some of the things that you want it to do. If both of these, you have two of these at two sites that are on public networks, they have essentially a one click VPN set up, and it's super easy. You're like, wow, that was nice. One of these behind a NAT, well, you instantly have problems. And they're just not as configurable unless you once again break out the command line on them. And if you break out the command line, you can do quite a bit. These do offer as well the intrusion detections and intrusion prevention systems, but they're not very customizable. And once again, you're going back under the hood if you really want to start tweaking with it, you just don't have a ton of rule sets and a ton of options that you can do. It's kind of a basic filtering, basic bandwidth management. Everything's very basic on these, or break out the command line to do anything there, including as of right now, if you just want to have a second IP address where a range of IPs put on the WAN side, that's still a command line feature. That's, I mean, for my small business clients that are, you know, a four-person salon, for example, we actually have a handful of like small offices like salons using these. And they're great for them. I mean, they're simplistic. They get the job done. But yeah, if you have a client that has a lot of firewall rules, a lot of routing, they just don't feel as robust and are a little bit more difficult to work with. I'll cover here the neck gate. Now, I've seen people complain about this SG 3100 and saying, well, it's an armed device and armed devices should be super cheap like these and inexpensive. This isn't just your average armed device. This has a lot of power, good VPN speeds, can route gigabit and it's outstanding. Now, this is, you know, a really nice box from the makers of PF Sense. This is the neck gate box. We love putting these in because when you're doing remote updates, you're going to have problems with occasionally some of these type of boxes when you build it yourself. Doesn't mean you will have a problem, but occasionally there can be a problem because the folks at PF Sense test their software specifically on their hardware. So we know whenever we hit update and we're remote updates should go perfectly smooth. When you're running any type of white box hardware, there's always a possible chance of risk. And we actually ran into this with one of the other boxes. There was a parameter with one of the white boxes we had that had to be passed on to the through grub. And if you didn't know about prior to the update, you couldn't do it remotely, you would have to get in there and add the parameter or it wouldn't boot. So having extra boot parameter, fixed problem. But one of those things, if you didn't stop and check before you just pushed update in your remote, you may be visiting that client on site. So we when we deploy these majority of our clients have one of the genuine neck gates, this one or one of the more powerful ones at their office that we've set up. Now, the last thing I'll talk about in terms of the hardware here is these protect teleboxes. This particular one is still a great box. These come in a little bit of different varieties. They're reasonably priced. And I know someone's going to point out that you can find these from Alibaba for cheaper not under protect telegram, I believe just to save that person writing a comment. I believe they're a market under QOTOM on the Alibaba. So if you have time to wait for something to come from China, you can find these for less money. That's not a secret. I'll leave a link in Amazon where you can find these though on Amazon if you're looking for a US seller that has it in stock and get it to you faster. Now, the difference between when you get these from and it varies because Alibaba is kind of a random marketplace. It seems sometimes I can tell you when things are available and then they'll have another brand but it looks like the other brand and they'll have a lot of them. The one one thing nice about protect tele I've actually talked with the people there and they seem to do a good job of putting these together because you can order them with the hard drive already installed and everything else. They give you a bundle price. They're not cheap but they're also really fast and really diverse. I mean this has all Intel Nix on it. Um labeled when land and when opt one, opt two, opt three, opt four. Uh we've tested this with untangle. We've tested this with PF Sense. Uh these boxes work really well for them. They are a nice solution if you're looking for something small, compact, powerful, um out there. Uh like I said for most of our clients, we do prefer this but this is an option as well. Both of these devices here and kind of these will all route at gigabit but there is exceptions. If you're using some of the IDS features on here that limits it. So if you turn on the intrusion prevention system, you're going to get slower speeds out of this. I know they're tweaking it so I'm not going to state the exact speed but you can Google it. I know it's round the 100 meg. So if you have a faster than 100 meg internet connection, you're right away going to have a bottleneck if you use those features. Uh this one, you have to turn on hardware offloading but that also eliminates I think some of I can't read exactly which feature. I have it in my video though. Uh so you'll have some issues if you try to get this but you know at what point do you expect a $49 product to fully perform at full gigabit and it's not quite gigabit. I believe actual performance varies on these because it can only hold so many state tables. So you may be able to get a single stream but you know for heavy use cases when you have a lot of devices behind it which means a lot of state tables that's another factor you have to think about. So if you're connecting a few hundred devices not just one or two computers in your home you can run into problems with this because it just it doesn't have the horsepower to handle all those simultaneous connections and the same thing you can run into here. If you have a larger office maybe you don't have as fast of internet but you just have a lot of connections. Well the more connections you have the more streams that you have going across the more states that are you're going to have hardware problems limitations with well it's a $99 box. When you get into these these handle lots of devices. We've got these deployed specifically this SG-3100 and like I said this is not your average arm based device and we've got several hundred computers behind it no problem. We've actually put this in at some of the locations like I I did the family fund center. We put one of this in it handles their entire guest network. You know tons of people on phones the entire building no problem at all. It's not even breaking a sweat. It does handle just a lot of connections at once. It's also one of my favorites in terms of PF Sense because PF Sense is really the Swiss Army of Firewalls. It's open source it has absolutely amazing top-to-bottom features and tools for diagnosing your network. It's one of the reasons I've done so many in-depth videos on PF Sense and this is going to lead into the software choices. So as much as I do love the unify line the software is a little lacking unless you break out the command line. For those of you that are not willing to dive into the command line and learn how some of that works in our tutorials on how some of those things work well this is where you're going to have some shortcomings with these. PF Sense on the other hand does do really really well for just you have some crazy configuration and I have clients with some odd configuration requests um this can handle it. You have we've connected these to other firewalls because they have things in the data center that they're running that they have to specifically connect to with certain IPsec VPNs. We've had good luck getting PF Sense to connect to those because PF Sense exposes pretty much through a web interface all the options you need to really get this thing going in whenever weird configuration you want. We even had some client that used some weird DHCP relaying and that's actually built into here as well. I've run into some odd configurations because they want to replace some legacy things that people come up with and PF Sense hands down whether you run it on the net gate or you run it on your own hardware and build it yourself is a great choice. Now this box like I said at 349 it's a pretty good value but back to the last piece and kind of the software related part untangles another firewall are reviewed now I think I kind of hinted towards its open source and not it's kind of a hybrid approach. Now the way they are the firewall itself is open source but they have closed source modules and subscriptions that give you feeds for filtering and untangles the firewall that I've been starting with a little bit newer we've seen it out in the field a handful of times I have friends that work in IT one of them said he's deployed about several thousand of these over the years and he's one of their premier partners and loves the firewall he says never let him down. My testing with it has been wow it's great I really have no complaints on it. Now the thing about untangle they do have a wonderful if you're a home user a 50 dollar a year subscription that's really gives you amazing features for 50 bucks for the home user edition. They have licensing that goes for business users and with the business class ones you get that really nice filtering a lot of people really want good filtering and that's what you're really paying for when you pay for untangle is you pay for that extra filtering that they offer so they offer that you know I want to filter this website and the way this works that is something you can do the other nice thing that I've noticed with untangle is for example people who asked me about policy based routing I've done videos about it on pfSense I've also done how to use like piavpn with pfSense and it's a much longer instruction than it is for example with and I have to have untangle loaded on this is why keep holding this one when you have untangle it's just a couple clicks you can use Nordvpn piavpn and a couple others they're built in you just drop in your username password and the vpn profile and you're done in a few seconds it will then create a tunnel network so you can tunnel all your traffic over vpn and then you can even select specific devices with just the web interface and a checkbox yes you can do that on pfSense no it's not going to be as easy because you have to write policies and routing and have multiple gateways and decide which gateway you want traffic to go out based on the conditions and rules untangle is just kind of one click so when it comes to some of that software features these are really nice advanced features supported by both pfSense and untangle and I won't lie untangle makes a little bit easier and back to that filtering yes I know you can add some third party add-ons and it's been a long time since I tested it but I know one of them is a DNS thingy has a plug-in for pfSense that's also a paid service that allows you to add filtering features to pfSense but once again it's going above and beyond those the filtering really comes down to a lot of times you got to pay for those type of subscriptions if you want really good filtering features now both untangle and pfSense do have not just sericada built in but they give you a lot of options with it much more so than the sericada that you get with the USG I mean I love the unify interface in terms of ease of use but once we start talking sericada tunnel VPNs everything else they're not impossible to do on these but they're basically command line and if you find a difficult and pfSense you'll probably find it even more difficult over on the unify and edge router lines versus untangle one click put your username and password in for piavpn I've tested it myself because I have a pia account and it just works so these are kind of the choices you have and these are some of the reasons we buy them so if you have those advanced use cases and you really like that swiss army knife and you want some firewall for 349 I won't lie neck eight still my go-to still one of my favorites it's what I have at my office here it's what we use to manage our network and you know a project I was working on and we're going to be finishing soon I'll be doing some videos about this is in a complete captive portal free radius along with a signed SSL cert for doing the captive portal enhancements well pfSense has all those plugins running in one place oh by the way it also has Zavix monitoring and other extensible plugins that really make pfSense a like I said I'm still really happy with it and still generally my go-to firewall for most solutions but I won't lie for those of you looking for just an easy way to point and click your way through some simple setups including like that tunnel network untangle the filtering and everything else for their home users that want just basic filtering that $50 a year really hard to beat it at the price but I think they're both really good firewalls are both great products and they're both products I recommend so once again it depends on your use case and if you really need those so hopefully this was helpful in deciding which firewall to buy I guess in all of them have their merits but once you start getting into advanced things pfSense and untangle are really the the two I like pfSense still being my favorite just I love all the bell's whistles and features and that's a reason there's so many pfSense videos I have on my channel here if you have other thoughts on there and I know there's going to be at least a couple people who mentioned the micro tick routers they come over to the edge router category they seem to be really nice I've not done much testing with them we really don't run into a much in the field they seem to be a good value for their money but they also have a more complicated interface and I've talked about the security they had left some default insecure settings which is kind of scary and when a lot of home users deploy I think everything should default to secure and you open it up and their original policies apparently allowed you to create insecure settings and then you had to close them I think they've changed the policies but it's still one of those things anytime a firewall companies like that and I yeah I'm not done a lot of testing on the micro tick ones I guess they're okay if you're looking for really good budget but if you're looking for the power houses PF sensor and untangle are still there for the all the advanced uses lots of flexibility and all the belt you know just that real advanced power set along with filtering and things like that intrusion detection and everything else all right hopefully this is helpful and thanks thanks for watching if you like this video go ahead and click the thumbs up leave us some feedback below to let us know any details what you like and didn't like as well because we love hearing the feedback or if you just want to say thanks leave a comment if you want to be notified of new videos as they come out go ahead and subscribe and the bell icon that lets YouTube know that you're interested notifications hopefully they send them as we've learned with you too anyways if you want to contract us for consulting services you go ahead and hit launch systems.com and you can reach out to us for all the projects that we can do and help you we work with a lot of small businesses IT companies even some large companies and you can farm different work out to us or just hire us as a consultant to help design your network also if you want to help the channel in other ways we have a Patreon we have affiliate links you'll find them in the description you'll also find recommendations to other affiliate links and things you can sign up for on LawrenceSystems.com once again thanks for watching and I'll see you in the next video