 So we do a lot of unify installs. We love their Wi-Fi. We love their switches. We love the management dashboard It makes it very easy. We can self-host the controller. There's not a bunch of licensing fees to make it, you know, cost-inhibitive to Install these at scale for clients. So this is great and many times clients host your own controllers Internally because they don't want any data leaving and with the exception of the phone home Which you can sync whole which I did a video about yeah other than that. They've been really really good But that always brings me to the next question that comes up every time I talk about a project is Tom Why isn't this at the head end of your project? Why don't you have a USG? So you can complete the whole ecosystem and have a pretty dashboard with DPI and things in there And let's talk about that. So with the unify. I really like the unifies I love like I said all their other products, but their USGs once you need more than just routing to get to the internet They fall flat and I mean very flat the USG even though we are talking about this one right here This is the US you know the base USG but the pro and all the other ones have the same limitations is Let's say we want to add more than one IP address to one physical WAN port That is a pretty normal feature when you buy a block of IPs from an ISP Here's all the config you got to make sure we get the JSON file right which by the way is not officially supported by them and not supported through The UI at all you have to get to the command line and do this And I like how this right up, you know a couple of the comments right here even from five days ago This is November of 2019 any update on a roadmap timeline for multiple IP interface interfaces yet been watching Threads for four years waiting patiently no roadmap no timeline no comment And now someone's going to point out that some developer who was working in the PF sense project now works for you Viquity, I believe that happened to me almost two years ago. I clearly they're not adding if they're adding a feature I don't know when they're doing it If they're doing it that's one of the first problems you run into second advanced routing features such as Selective routing and things like that. Nope. What about VPN surely you have open VPN and all of the other Features in here because that's common open VPNs been around a long time. Nope That kind of falls flat too. They do have L2P for user VPNs which also over here Can cost them issues as well when you're doing if you use USG VPN client You'll find multiple users behind the same IP with L2P has a problem Because that's why that protocol is not as popular. But yeah, so there's another place that falls flat places It does do well routing does routing great. I don't think it's insecure. It it routes It does have under the hood But so to seek someone I've scared for me a serocot under hood for intrusion prevention But that limits its speed so you have to look at each model and whether or not It has enough capacity to handle not the routing speed But if you want those intrusion detection on there, it does have the DPI dashboard So you get some statistics. That's cool That is a great feature and the site-to-site VPN if you have two of these in the same controller one click site-to-site VPN Amazing great job hands off to the engineering behind that because it just works. I like that So but that's what reason we don't use is frequently run into clients that need those advanced features And like I said, it's just a problem when it comes to the the system. It just it falls flat on that So what about the edge router X that must be an awesome router? Actually it is. I am very much like these But the edge router has Kind of a limitation and it is the fact that you have to learn a command line if you want to do the powerful features No pretty dashboards in app But it you know, it doesn't tie into the unified ecosystem in terms of it doesn't tie into there Yes, it does have a UMS dashboard, which is not as full-featured as the unified one But yes, that's an option on there and if you're not familiar it is a fork So Viada, I think say say it is the system BIOS and edge OS were forked from so first You start with an open source product called. I believe it's open source card Viada Vios is fully open source is a command line driven Network operating system, which is very powerful but 100% command line driven There's no web UI or anything like there But it's very very powerful very very diverse and same with edge OS very powerful very diverse They kind of put a basic web UI on top of it and you know, here's a little history I can leave a link to for the fork and the history of it and you can do a lot with it So the edge router is not a bad choice. They like I said, they think they make a great product And are very affordable, but if you're looking for things to do all from the web interface Well, that's where this may fall short One of the things I'll actually bring up because someone has asked about this the other day Was I did a video on pf blocker and how it works with pf sense and dns ad blocking Blacklisting dns mass configuration in here. Once again, you're going to They have very specific Which ones it supports actually it's kind of interesting because you can do this because they do run essentially linux underneath dns mass blacklist test on an edge router er3 erx And yeah, you can set the system because you're you know ssh into these and get to the command line and start configuring these things and Update them and things like that. So if you're fine and you're comfortable with the command line And it's a good practice to learn network engineering If that's your day in and day out, but for some users they go, you know I just kind of want to be able to set something and have a web interface to make it a little easier not do a lot of time Custom configuring and writing scripts. So there's a good and bad with them. I don't dislike them as a product I think they're quite good, but for people wanting the one click easy setups Sorry, that's not for you Now the next one I have here is not something I know much about but people ask me about this all the time So i'm just going to give it an honorable mention is the sofos xg firewall and i'm talking about the home edition I know this is probably an older model. I don't even know if this is supported on here This is something we pulled out of a client this this box. It is heavy. Here's a prop Um, but one of the things I don't like is one sofos xg is not open source. Uh, if it is I couldn't find source Go to it Maybe parts. I know parts of it are but one of the things right away is Just to download it and use it as a home user You have to activate it and uh, you should receive an email shortly with your evaluation serial number and I Haven't gone through the process setting it up. I'm not likely to review the product One of those I don't have a use case for this. We don't really have any clients running it I've talked to people that says they enjoy sofos. They like sofos. I think sofos is great Um, it is a closed source proprietary firewall, but it does have some advanced features That's pretty cool. And I don't know of any known like major security problems with it, but I do lean towards open source firewalls And one of the reasons I bring that up is right here new discovery around juniper back door raises more questions about the company And these are one of those things that when you can't audit the source code and because it's becoming so much of a concern In the security world that we see all the source codes and businesses are realizing their reliance on code Is absolutely, you know, it drives their business. It's not like, oh, yeah, if the computers are down We can't, you know, we'll just muddle through it. We'll go back to a paper process If someone back doors your company and Start stealing intellectual property and other information right out. That is a huge concern So that's scaring companies more and more with these closed source firewalls. So take that for what it's worth But I figured it's worth bringing it up and one of the reasons I'm so bullish on open source firewalls Which brings me to the one on the bottom here See the best for last So yes, I'm aware someone forked an open sense and someone loves to ask that question every single time I've briefly looked at open sense. We had some problems with it could have been my lack of knowledge And I seen someone got mad at me Even though I always say it could be my lack of knowledge You couldn't make it do neither could the person using it who was had installed open sense numerous times Who then contacted us to help solve a vpn problem Who we couldn't get the routing to work in the way they wanted which was some very specific very advanced routing features We took that same piece of hardware and loaded pf sense on it and it works fine Now this is actually a neck gate pf sense box in front of me But that's where pf sense to me really excels. It's fully open source Which means we can audit all the code this makes companies very comfortable and for those you would say But it's not ready for the prime time commercial I did a video on this topic over to zippy quarters an easy way to do this Look for how them hiring for pf sense engineers when you see companies like mastercard hiring You're like, oh, they must be using it. So most large companies By policy specifically they will not disclose what things are using matter of fact This is an interesting facet of our business when we do have done work with large companies They do not want they even though they found us from youtube They say you may not use our company name or talk about projects You're done or even post that you use that you do things With us on our on your website. Can you be quiet about all that and I'm fine with this So I have worked with you know automotive suppliers and things like that They don't want their stack talked about but it's kind of funny because then they put things in zippy quarter Like they're hiring for an engineer for whatever support so you can figure out what hardware to using But yes, this has been used in many commercial environments One of the nice things about pf sense is you can go to the command line. It's fully open source It's modular so you can actually do a package update on an individual thing And I covered this when there was an engine x flaw That you could update engine x Individually on this not have to wait for the company to re-spin a new version of pf sense for you to download an update They also Expose more features so they put in open vpn And I mean like everything is exposed and if you find some weird advanced use case That's not all you have to do is they have a command line to pass further commands to It from the web interface. I think this is kind of cool This is at the bottom of a lot of the pf7 option boxes like an advanced configure You can just push extra parameters if you have something that they didn't expose But they expose so much to the web interface They kind of glue everything together in a really nice way between sericata and everything else and it's fully open source It does not require that you go and register some serial number Some license thing to phone home and activate your pf sense So if something were to happen or they change policies in pf sense the code itself is open And therefore if they were to try to close source it not that they have any intentions of this I'm just pointing out If any of these other companies if sofos for example because it requires a serial number to do some type of activation If they decide not to Honor that serial number then your firewall turns into a pumpkin at midnight This is my problem with a lot of commercial products is your reliance on them as a company and their policies to support this People asked me why I didn't support certain Companies that made wi-fi a number of years ago that I said, oh cool. They have a free dashboard You can't host that it's only their dashboard. They're going to charge for that people like no No, you should try this product. It's really cool And then the company got bought and they charged for their dashboard shocker and by the way It's not easy to get them off the dashboard The device was designed to do that So one of the reasons like I said, I'm really bullish on the open source and the pf sense specifically The company has been really tight with security They don't monkey with things so when they use open vpn It is the standard open vpn so you can use whatever open vpn client And I've actually had some you know talks with other people about pf sense and the engineers actually had net gate And it's kind of funny when they've had problems connecting and we did this We had a trouble with connecting to a 40 gate. So our client had a Open vpn the endpoint that you need to connect to another business had a 40 gate Turns out 40 gate wasn't implementing something properly and it took an update from 40 gate Who the engineers first just blamed us using some crappy open source product that was a direct quote From from the people on the not from 40 gate directly, but from the people on the other side And yeah, uh, in matter of fact, one of the things we've done Working with the health care providers here in the Detroit area They now have a document on how to set up a week because our clients are using IP sec vpns to I don't know what's on the other end. I'm less than clear They're very vague about it But it's not pf sense But now they support connecting pf sense to it They have a document because we showed them how to get pf sense connected Because pf sense once again fully using the open source standard for things or the documented standard for You know ip sec vpns open vpn how they're implementing things They're not trying to compile everything into one big monolithic They're using each one of these projects and kind of pull them together in pf sense I know someone's gonna call me a fanboy, but if you notice we're not even an official reseller for pf sense I have no affiliate links. I buy direct at the same price you pay I do that on purpose because their reseller program I didn't think was all that advantageous for me to join So those are kind of my thoughts on some of the firewalls This is you know, I guess the pf senses are go to because it's so diverse It can do super advanced crazy routing things that sometimes well people need You don't need licenses for things like even ha or any of that You can load pf blocker. You can load suricata You can create a really strong utm device, but I will admit it's missing the dashboard So that is kind of not there now the last little piece I'm going to give an honorable mention to because I did a video on this is untangle And also hats off to them because I didn't have to go digging for prices So untangle is free, but they do have a home edition. What's the difference? So untangle people want the home edition because they want granular web filtering that requires a certificate to install I'll leave a link to that video I did talking about that because more and more sites have moved towards moving To an encrypted site if you want to get granular not dns blocking but granular see what websites each individual computer is going to and create Per computer block list and do that advanced level filtering Dashboard untangle does have that built in there's the free edition of untangle Which you can just install but then they have the paid edition so you want that advanced filtering that is something Where it's just not creating pf sense between the dashboards being you know If you want that high dpi lots of information and pf sense does has the ability to export the data out But does not have Native built-in high dpi and then you have untangle which does have some nice dashboards I've done a full review of untangle and of course I've done specifically the filtering because this is a common request that people have Which by the way isn't supported on either one of the unifies or usgs But is supported by many advanced firewalls such as uh your commercial products by morocchi and 48 So Untangle for their home edition They do have have this for like 50 bucks and someone told me and like I said, I'm not I'm not planning on evaluating it But I believe the home edition of sofos has some gradient or filtering that you get with the home user edition As long as you agree to their home user licenses and things like that and you guys said untangle is free But those filtering features Do cost money so take that for what it's worth and decide what your use case is on there I'm personally like I said bias towards open source overall. I try to use open source whenever possible That's my preference and someone's going to say it's because I'm cheap It's actually no because I care about security and care about code Auditing the code and I have no problems paying money and have donated money to open source projects and open source developers Some of them are just asked for you know as the quote-unquote beer money and things like that I have no problems Donating to these projects and helping these developers out and I've even contacted and hired some of them for specialized projects When we needed code updated so I like the fact that I have my hands on the code that makes me very happy So that's my background and love for open source. Hopefully this helps a little bit or maybe confuse you more about decisions Oh, you know Don't ask me to review consumer routers. I don't use them. I so I know that d-link and link sesser Name companies they have a bunch of products out there. I'm not going to do a comparison to them I just not interested in them. I don't run them so my comparisons would be like It has these features. I'd be reading off the box. I don't really do those I like to talk about products we've used products we've used in the field that way I can give you a more subjective or more realistic answer to how it uses versus reading off the back of the box or Reading in some forms again some understanding That's why I mentioned so folks. I see a lot of people talking about them They seem to be happy about them But I can't give you any real subjective answers on it because never used it I have zero clients using it The only client that was using it is that box is over there We pulled it out and put pfSense into us all some really advanced routing things that they needed and They've been really happy since we put it in All right, and thanks and thank you for making it to the end of the video If you like this video, please give it a thumbs up If you'd like to see more content from the channel hit the subscribe button and hit the bell icon If you like youtube to notify you when new videos come out If you'd like to hire us head over to laurancesystems.com fill out our contact page And let us know what we can help you with and what projects you'd like us to work together on If you want to carry on the discussion head over to forums.laurancesystems.com Where we can carry on the discussion about this video other videos or other tech topics in general Even suggestions for new videos. They're accepted right there on our forums, which are free Also, if you like to help the channel out in other ways head over to our affiliate page We have a lot of great tech offers for you and once again, thanks for watching and see you next time