 Tommy here from Orange Systems, and we're gonna talk about a popular topic. I say popular, but it's really someone asking in YouTube comments So persistently they wore me down and had me do a video on it But I think there's some real reasons I should cover this it is the open sense versus PF sense debate It comes up a lot specifically as I said on YouTube occasionally on Twitter And of course there's two places on Reddit one for PF sense one for open sense And I think there's some ping-ponging back and forth between the homelab people of who makes the best firewall and why their Answer is the best now I'm gonna weigh in on this and I will at least let people know is if you didn't already that we are a long-time user of PF sense and don't plan on right now here in May of 2021 changing that I bring that up because Time matters when it comes to context of what I know we like a product. There's products I don't like from the past But I'd like them then and right now. I still like PF sense. That's still my position on things We still plan to keep deploying and using it But that's right now if you catch me 10 years from now because he's thing changed. Hey, why not? This is why we have dates on videos and this is the experience in May of 2021 before we dive into this and all the details which will of course be linked down below So you can just skip ahead to the time index that interest you the most if that's what you'd like to do Let's talk about the sponsor of today's Video me if you like to learn more about me or my company head over to Lawrence systems calm I like to hire short projectors a hires button right at the top If you like to support this channel in other ways There's affiliate links down below the get you deals and discounts on products and services We talk about and other ways to connect with us except you won't find an affiliate link to neckate or PF sense We're not a reseller We're also not a reseller of open sense But that was probably obvious by anyone who's followed this channel for any length of time because we don't really do open sense videos But not being a reseller is one of our ways we've always kept a separation and this wasn't lucrative for us to become a reseller matter of fact by Telling people and this is frequently for a lot of the products that are not channel partner We tell people go ahead and buy the product directly from you know XYZ company or in this case if you want to buy a neckate appliance and our Task is frequently to integrate not just the PSN's firewall or do consulting with it But usually an overall network stack It's a lot of what we do is build and engineer these things for companies for internal IT teams and even for small businesses Or even people building different, you know labs and things like that We offer a range of consulting services and PF sense has been one of the things that we consult on But we have done consulting on open sense as well, but not being a reseller I just want to be up front so this is not paid for endorsed by either those companies I sponsored this video and the video is my own thoughts now the first thing we'll talk about though is the common ancestor of PF sense and open sense, which is monowall In the early days in the before times and the earliest times of technology as it feels because it was so many years ago now It's been in technology iterates fast. There was a move towards some of these Different types of open source firewalls or just basically completely softer to find firewalls using old hardware There's actually a lot of competitors in the early market for this in the 2000s and maybe one day I'll dive into the history of all them because it might be really fun But monowall was among those and monowall was a really cool project based on BST Versus a lot of the other ones at the time were based on Linux There's some cool features that BSD had ahead of Linux back then for large scalable systems So you've seen a lot of enterprise use of this because it could do things the other systems couldn't and it could do it without some of the you know hardware and Licensing that came with some of the enterprise offerings of that time swing it all the way now most firewalls are more Software-defined than they are hardware-defined But not to get too off-topic on that but it's it's changed a lot in the market over the last 20 years But monowall is defunct PF sense was the fork of that code that took over the project to carry it on then Comes open sense who like all things in open source when a group of developers can't agree on something fork it Man just fork it and this is what happened in 2014 I think the first original release was 2015. So there's obviously some Arguing that went back and forth. This is how these go. I'm not going to dive into it But I'm sure there's forum plus people can watch and developers argue and have different opinions But the fork why did they fork? Let's read their words right here from the open sense page Which is back in 2014 after having sponsored PF sense for years. We felt there was no other Option than to fork the project to keep the spirit of the original monowall based fork alive Blow you can read about the original motivations and the birth of open sense So they you know cover this here one of the reasons though that is kind of funny And these are some of the arguments and they there is some validity to this of saying Hey, the GUI should not perform tasks that require root access and that's something they were going to fix So this is back in like 2015 But here we are and I have both of these open sense We'll get to the interfaces shortly here But I have both open sense and pf sense virtualized so we can talk about this But right here is logged into open sense and everything's still running as root You can go through their code commits and read They say it's because they brought over so much legacy code It's one of those things like I get the goal like hey We want to separate things and do things differently But it ended up that they still haven't really changed over from that seven years later And I just want to bring this up because this is where the comments Come in when I do a pf sense video, but I want to readjust it. It's not that they are More or less secure They're much the same because they're still running things the way pf sense did the way pf sense still does now And that's just because it's really difficult to write it in a different manner The other thing we want to talk about is their choice of hardened bsd versus your standard free bsd This is another talking point that people think make open sense substantially different than pf sense And while they're still based on it right now They are parting ways and moving away from it as of april of 2021 But I wanted to bring this up because there are differences and It's not a bad thing that they were using that but it just comes down to implementation This is where it gets a little bit more nuanced both projects are secure Both projects have good track history of security So whether they implemented it as pf sense has done with standard bsd and then Ply their own compilation tweaks to it and you know fine-tune things or you start with the patches from hardened bsd They are different approaches, but they both have achieved in both products. I can't name any Major security breaches now. There's always security fixes and a lot of security fixes came from the underlying tools and open source things That they integrated in there, you know, for example, there was a problem with unbound at one point in time And both projects were using it But the way it was compiled means it was not something that was immediately exposed or A default config that could have been a problem Matter of fact, I believe it was the way it handles some of the dns That goes a while ago But this is just an example But both projects because they are based on a lot of the same bsd packages that type of security problems still occurred But both of them because of the mitigations they have Didn't really have any problems directly from it So this is where there's a little bit of nuance and you know, it's a bold statement But it actually in reality as long as you're implementing it properly and writing secure code is hard As long as you're doing that all properly. Yes, it should work great Now on to the controversial topic that i'm going to spend a little bit of time on because You know flame wars have nothing to do with technology But boy do people love them and let's talk about that And i'm only going to talk about it briefly Because what happened was you have the fork of open sense now I think there's always more to the story that we just don't have the full context for of everything that happened We can't see externally what did happen in the court of law because there's published papers on this The folks over at or specifically, I believe his name is jim over at uh decade did Typo not typo squat domain squat. It's not really a typo. They had open sense.org he registered opensense.com And squatted on it essentially saying open sense sucks childish behavior. I don't condone this at all I think that's uh, yeah, that's just childish, but uh That as an excuse I am once again being very clear. I don't condone this behavior I think people make mistakes. I think people make horrible choices This was one of them and that case was ruled against them And they had to surrender domain back over to open sense And the reason I think we're missing some of the nuance there is netgate is the foundation that sells hardware that funds the developers that develop pf sense And that hardware funding, you know, people say, uh, why does the netgate product cost x? Well, that extra money over the actual cost of the physical product that goes into software development Is what gets you the pf sense software and what gets all the other things that netgate sponsors And that's one of those little nuances that shouldn't be glossed over too much that netgate spends a lot of money Sponsoring and paying some of these developers to develop the bsd kernel and other open source projects I just know this because I know some of the people that are, you know, working there or working on the payroll that work on bsd Contributions, I know there's a lot of people that, you know, all the software should be free But the reality is it still takes very skilled developers to write this and someone has to pay their bills It turns out their computer isn't free their electric bill and utilities aren't free So they may have some free time, but they still have to eat and they still have to buy the technology that they Type on to write the code so there has to be money somewhere or it becomes a hobby project And unfortunately when some projects are less supported, they well fall by the wayside and lack features And bsd is an ecosystem that is substantially smaller than the linux The linux world is very much propped up by many commercial enterprises, you know, google and red hat And ibm and all these other companies do massive Contributions that end up in the kernel end up everywhere else on linux The bsd community is a lot smaller with a fewer number of developers And the two biggest projects I can think of well three, I guess if you count netflix Who does use bsd under back end, but you have ix systems and The pf sense and of course open sense and those are the big projects that are on the bsd front everything else And I know there at least be one or two comments But is an ix system starting churnass scale, which is also based on devian Yeah, so they're going to have You know development on both sides, but back to the point Bsd development costs money and netgate is contributing to it. I don't really know or at least I couldn't find I'm not saying open sense isn't I just couldn't really find it But they are both backed by hardware company because by the way open sense has another hardware company I don't know how to say it. It's des ico But they sell appliances that fund the development of open sense. So there's a very similar Business model that both of these have and here we go high quality dutch engineering And we don't really run into many of these over here in the u.s But I believe my thoughts would be they're probably more popular in europe because being that it's based over there Um, I've had people complain that just you know, because I'm not an expert on this But when you import some of the devices from the u.s over there There's a lot of fees that may get added on to it versus things you buy directly in the eu But that's uh, certainly outside of what I do every day But they do it. Like I said have some more business models on there. All right now back to finalizing this They surrender the domain over and open sense got open sense.com and everyone loves to Complain about this controversy. I think it's Something that they regret doing but hey take it for what it's worth I'm willing to move on and forgive when someone makes a horrible mistake Because if I hated every software where someone was just an ass is all I can say I would probably not use any software at all software development is peppered with people who are uh, Less than good behavior, but hopefully regret it grew up and became more adult later All right, moving on to some technical topics And I do consider this somewhat of a technical topic and it this is kind of where my leanings are for Uh, pf sense. It's a job search. I know job search doesn't sell any technical topic But hear me out technical people using pf sense I have covered this before and there's something that I'm under nda for that I can't talk about Which is the large companies that have hired us to help integrate pf sense with some of their other systems The same thing with netgate many companies when they buy products They don't want you to know what product stack they're using they don't disclose that all the time This is why when you look at some of the larger companies are becoming quieter and quieter about the technology Because from a security standpoint this reduces threat surface Because if you know that a company is running any particular stack and then you know, there's a flaw in that stack Now you have a vector of attack to potentially go after that company because you're like, hey cool There's a flaw in this product and we know the target that we're looking for Uses that product. This can be one of the reasons like they obscure it But I bring that up the way you can sometimes find out what stacks companies are using is by looking at The job postings and when you look at the job postings, I put an open sense over here And indeed which I think is probably more focused on the us Maybe there's a way I could look in europe and it would be a little bit different But I don't see many of these open sense systems Operations people being hired matter of fact, I find it interesting. I think that There's just it more like mentioned like do you know some of the open sense stuff in here and there's like a little bit in here but when you look at the Job offerings for pf sensors 58 job listings for people looking for pf sense And I bring this up because one we've run into it in the wild very frequently like we've taken over You know random client that needed it help or they lost her it admin and they need someone to take over and we'll find a pf sense Device in there or software defined or however, they've got it loaded whether they bought it from netgate or virtualized or anything else in between That is very very common. We run into these data centers We have just been in them and notice. Hey look at netgate and netgate and netgate They're really common in there when we're at colo locations. I've seen a lot of them out there I just have never seen anything from open sense and like I said, maybe because they're more european but this is also where my start came from in using pf sense is at a bank in around 2014 or 15 Was a banking system and we were surprised to learn that their system had it and we just a little bit of consulting that was going on back then and Like I said, we've run into it a wild constantly and you know, we just see it a lot more for it so it's one of the reasons that you know, I'm so well versed in it and uh, yeah That's kind of the same thing going for the job thing now That is not a reason not to use open sense But it's just a you know my perspective of how much we run into it and one of the reasons we stay kind of focused on it So now we can get into the actual technical topics and looking at the interfaces Because I noticed what a lot of people want to do is talk about What makes it really different and what makes it really different is this dashboard that looks different here than it does here, right? Well, this is where the nuance is and this is where a lot of engineering went into open sense to change things The big change is the interface. It's A lot different the underlying technology is the same This is one of the reasons that they're both solid solutions for firewalls is because they're still based on bsd They're still based on a lot of the same core functionality at the bottom But how you address and how you get to that functionality is where the nuances start coming in So the dashboards do look a little bit different Um, but also look kind of the same in some ways when you start at the dashboard So if we started the dashboard here, uh, we know whanlan services and go over here very very similar Now let's look at something like the firewall and net rules If we go over here or we can go over here This is part of the experience you get we can go to firewall and uh, or we can even type in nat and uh cool now pf sense no such universal search bar This is where if you're starting from ground zero and you've never used one of these before Either one of these devices There may be where you find the open sense a little bit easier because you can just use the universal search without having to Go through the menus such as firewall net Now that is one of those things that's just going to be different. So actually let's start with this rule here Let's look at the wan role because I may have a very similar rule in both and uh It's the open up to the outside world rule and this is the allow firewall rule Let's edit this one and actually we'll go here And go to rules We'll go to wan And then here's our you know, what allows me to remotely access this. I'm on the outside of both of these networks Action pass. We have the option to disable the rule interface direction in Protocol and let's actually go show hide the advanced options. Um There's just all these features here, you know tcp flags and things like that scroll down interface address protocol disable the rule source destination logging display advanced tcp flags They both have tagging So we have the tag options right here tagging is actually a pretty cool feature where you can tag a rule to Then have it processed by a second rule essentially changing rules together But there's just some neat stuff that's in here that both of them have because other than a slight interface design When it comes to writing a lot of the rules, they're very similar and much the same The only thing that becomes a little bit different and I haven't researched how they handle it But they do handle it is like how they do the qos It's done a little bit differently because you can do your qos and an outpipes And cues here for things but overall like I said other than slight implementation differences They're very very similar now Let's go back over to nat rule because this is where they did diverge a bit And here is the remote access to a system behind it and we'll edit this rule This was confusing and They say filter rule association now to explain what a filter rule association is when you nat something you bring it in And we want to redirect port 22 on the van side of the firewall and bring it to forwarding it With nat translation to a device behind here. So it hits port 22 on the device behind there There's actually a two step process that goes on and some firewalls consolidated into a single step or obscure Especially the consumer ones are known for obscuring it. You just port forward something There's actually the forwarding option and then there's the allowing that rule to happen on when the filter rule that happens They've done this in pf sense if we go over to firewall nat And we look at this right here They have done it by filter association rule and we have a click to say view the filter rule And here is the filter rule versus the net rule I'm confused because there's the rule for filter association rule that says I should create a filter rule that passes it But where the confusion comes in is when we go over to rules and we go over to when That rule doesn't exist over here Which causes me a little bit of confusion But these little nuances are some of the differences that sometimes make it difficult when people say tom Why don't you do more open sense videos? I'm like I'd have to learn some of these nuances Now you can usually reverse engineer and sort this out But I also consult the documentation which wasn't clear on this This is one of the things that I did kind of notice is the documentation isn't quite as thorough in open sense As is in pf sense to address those changes the underlying system may be the same But the nuances do kind of matter for you know, if you want to make sure you're doing all these things right All right. Now, let's talk about the alias system. They actually both have an alias system So firewall aliases we can do ip we can do ports. We can do URLs. They did the same thing here But once again, there's the nuances of how they change it to make it a little bit different But this may come down to preference for how you want to do it. They group them all here You hit the little plus And they're just done differently where you do a pull down here instead of a series of tabs gyp URL tables I was actually at first slightly confused about how they did this but it turns out You do it this way. So once again, they do offer aliases. They do have port aliasing and all those features Implemented slightly differently and uh, that's a little bit of nuance. Now, what about an intrusion detection system? Do they have that? Yes, there is intrusion detection. So if we go over here to services intrusion detection administration Did it not go? There we go Intrusion detection, they have this now the difference between the way it's implemented is you get to use sericada You only get to use sericada versus in PF sense you install a package. It's not natively installed It is a separate package, but you get to choose which package you want. They're both official Whether it's the snort package or The package for sericada. So you have two options. They're using sericada and open sense and both are great So, uh, that's just a nuance if you have a preference for snort, sorry It's not available. You can only use sericada in there. Now. I did notice too I could be me of not knowing where everything is it feels like there's a lot more fine tuning that can be done and a Lot more options you can dig into for here But like I said, it could be just me not knowing in open sense where it is But overall they both do have that feature Now let's talk about qos and The traffic shaper. So here's a traffic shaper. Here's a wizard for the traffic shaper We can go through and enter a number of WAN interfaces This is virtualized and doesn't have proper alt q So it does give an error because they can't do alt q on this particular interface But they just call it shaper inside of here You have Pipes q's and rules. I didn't see a wizard But they do have the ability here to create some of the rules I'm less familiar with how it works in here, but nonetheless It is an available option in here and they do have coddle q. So that's good VPN options this is Interesting because there are different ways apparently the Way it handles wire guard and wire guards one of those little controversial ones. So yes, it has it But it's got wire guard go implemented currently But my understanding is they're moving over to the kernel wire guard Now this is a development version of pf sense And let's talk about the wire guard situation real quick here in the 2.5 version It came out and the 2.5 1 it was removed the reason why was there was some code problems found Let's swing all the way over here to the code commits by jason donfield And this is where some of that confusion comes in I'll leave a link to it so you can read so i'm not going to read you all the code commits on there But i'll leave a link so you can go through it. What happened was the team over at netgate hired a developer That yes, they hired someone who did not do a great job apparently of writing the code But did do a lot of the code writing And that's a sponsored project that went into the bsd kernel that now anyone who uses the bsd kernel i.e. open sense is going to be able to use that code and You're saying no jason donfield is writing it jason donfield imported all the code And that's actually he took the code that was written and then made the changes Now, I know someone will say it was terrible. It was broken, etc, etc But you can actually look through the commits if you understand how code work and see The incremental and small changes now incremental small changes It doesn't take much code change to change something from hey, you've Broke something and made a port open or offered an insecure Way for something to happen, which was also kind of an edge case with an mtu Problem if you use an oversized mtu that won't even transport across the internet and accepted that mtu with the special filter rule Yes, you could buffer overrun the particular Experience in here and that was one of the things they did they had a couple race condition issues But it mostly is the same code that's now in here That's been ported back and brought into free bsd for both projects to now enjoy or any project that runs on bsd So it's coming back as a package in 2.6 But it is available as a go implementation currently in open sense But my understanding is they're going to be moving to that kernel implementation So hey, I'm so glad someone sponsored the code because it got the ball rolling because it wasn't happening without Someone being paid to do it So that's kind of the bottom line on that now moving on to the next topic and that's open vpn Once again much the same. So if we look at open vpn, which is a long time well established And so a very popular vpn for managing remote users and we look through all the options they have in here like tls authentication and Certificate management and all these checkboxes plus the ability to add advanced features Let's go ahead and look at our test vpn here Yep Much the same now I didn't check to see if absolutely everything was in feature parity here But you get the idea that they're very similar Which is of course when I've done many videos on open vpn People say hey I was able to use your video to figure out how to make the same thing happen inside of open sense Because they're very similar To the way they work and of course they do have ip 2nd here as well same thing tunnel settings rsa key pairs etc Next topic is package management This is where there's definitely a lot of the same packages. So we'll go over to the package manager in here And we'll look for uh ha proxy And this is one of them we can load so we hit the little plus here if we want to load ha proxy You can also do the Let's encrypt with acby so it's cool. Once again something else we have And we have those over here install. I don't think I've installed here, but the system and package manager type in proxy all right cool, we can Find different proxies or specifically we can find ha proxy in here Maybe yeah, it is right there. So there's ha proxy if you want to put it in So that's a popular feature. I've mentioned. I really like on pf sense But yes, it does exist not used it But it does exist over in the open sense world as well And once again, that's pretty cool. The one thing where we have a big of a divergence though is in this pf blocker hugely popular project on pf sense There's not a direct equivalent that i'm aware of because pf blocker Natively does not exist in open sense, but that package is different But you may have noticed or maybe seen it flipping through here. We have this install Now this is a separate third party package, but can be loaded through their package manager called Sensi and it's pretty neat. I don't know a ton about it I play with it a little bit It gives you some cool graphs and tells you where people went It has some filtering options when you pay a subscription for it and it's a cool add on here There's not an equivalent in pf sense to this particular package for doing this filtering I don't know much more than the review that you can probably find here a Feature comparison of the open sense plugin by sensi by sunnywayvely's by the home network guy And uh, the home network guy, uh, I will leave a link to this particular review and He goes down and dives into all the features that it has that is more extensive than I've taken the time to research But uh, he appears to have done a lot more time in it So if you want to read more about this particular plugin and this description seemed reasonable to it It is a cool feature on open sense that does not exist in pf sense So that's worth mentioning onto the diagnostics. Let's talk about pf top I love pf top because pf top allows me to do things like type in host and uh Go like I think I can take that host. Yeah, there we go. We see some connections here. Um Go here. There's one for this. All right I like using pf top when I'm doing research to try to figure out what's connecting to what and trying to trace things out It's a great tool and someone's probably already said, yeah, it doesn't open sense have pf top well, yes, but They just dump the list and don't give you a way to filter it So that's kind of a one nuisance. I did find right off the top here when I started looking at diagnostics. Secondly diagnostics, there's a lot of them here inside of pf sense so but they're all in one place So I have all these options here I can even do cool things like execute a shell command and you know Halt the system and reset to defaults and edit a file and everything else It's a little more confusing how they did it at least to me it is and this is my opinion Of course, someone may think this is better. There is a subcategory of diagnostics. There's system diagnostics, which are going to be under system than diagnostics interface diagnostics Firewall diagnostics and it's just a different way of grouping the tools So at first I was confused as to where those things were because I'm used to using menus not using a universal search But maybe that's just the way I am and because I spent too much time I personally do like it better in one list, but that's just the way they designed it but props to the open sense people because I've always thought this was stupid in pf sense And I know they've gotten plenty of people complaining about this before Is we have a power option to reboot or power it off in pf sense to me That absolutely belongs in this short little system menu. That's would make a whole lot of sense Where do I restart this thing? I should be able to go to system and have a power Do I want to reboot it or do I want to you know, turn it off? But pf sense has insisted that's a diagnostic tool Which I guess in some ways it is we reboot things because we're not sure what went wrong So we reboot it to see if it fixes all the problems we're having And this is just true for most things in tech, but they've decided to have halt system and reboot system under diagnostics So I definitely will give props open sense for fixing that when they did the new UI because that's where it belongs I don't know that needs its own separate menu. I think it should be a system function not a Diagnostic function, but that's my opinion again and clearly the people over at neck eight or pf sense developers don't agree with me Maybe someone does but anyways, it's it's such a minor problem. Honestly. We once in production We rarely ever reboot a firewall except for for updates now. I want to talk about logging system logging the logging seems a little bit more dispersed in here and It became a little bit more confusing for me to just see all the logs I am favoring the way the logs are done here Where there is tabular and I can go through all the different logs in one place to be able to dive into things this just Yeah, it's kind of a Consolidated here and in here. I don't know. It just feels like it's not but the good news is I know there is a way to push all the logging somewhere else So if I push the logs out somewhere that would probably do it, but I'm not sure where that is but the logging just feels like System gateway log file they've dispersed it because kind of the way they did diagnostic each one's a subheading under each thing So it made it a little bit trickier to go through log files But because we do a lot of troubleshooting, this is why I think about this We actually spend a lot of time looking at you know Diagnostics and log files because if someone calls us for a consulting project on integrating to our network It's not because it's integrated into your network. It's because they're having a problem with it So troubleshooting is a huge piece of the consulting work that we end up doing And having in one place does make my life a lot easier And one minor little thing I'll mention. I do like that they've integrated the net flow Right here into the system as opposed to having as a plugin. It's a plugin inside a pf sense You can use n-top png to Dive into some of the net flow data and look at it But they did integrate it natively with net flow and then you tell it to either Use an external destination server or you tell it to use local host here Which gives you some insight into some of the traffic with literally what's called insight right here This can be helpful when you want to look at certain Aspects of things on the wan or the land How things in traffic and what ip addresses or do some reverse look up on some of the ip addresses that it is reaching out and touching Do this it'll pause a second and do that you can do this with n-top But like I said, it's an add-on plugin in the packages that you can load for pf sense, but it's natively built into here But overall the reporting on this with the traffic reports and things like that are very similar Once again to what you can do here looking at packets you can look at system processor traffic VPN users dive into this and create these views under the monitoring so they they both have a way to do it And frequently when you get into the enterprise market You start piping all the logs and all that net flow data to something that can really do it And there's plenty of projects that support both open sense and pf sense for exporting all of that data Into something like grafana and making some really pretty graphs and much more actual intelligence on there So neither one of them I think does an amazing job of giving you the most in-depth reporting But they both have different ways of handling it But the net flow being natively built and I thought was you know plus for the open sense side Now finally the question which one should you use Now they're both open source projects pf sense though This is the way they've been doing things they have their community edition Which is just called pf sense ce or community edition and then they have the pf sense plus Which is the community edition with some closed source add-ons on there There's something similar because I don't believe the full sense system is fully open source So there's add-ons you can get to pay for or buy the licenses for open sense They do have a business model where they sell support and licenses just like the folks at pf sense and neck eight do So there's different ways you can have certain components and add-ons put onto these And this is where people say well, it's not truly open source if there's add-ons But the base components are and it's a lot of nuance you can you know, uh spin around and debate about and really Go crazy about if you want Bottom line of which one you should use pf sense or open sense. I don't know just use some common sense That's kind of where i'm going to leave you with this I'm not here to tell you not to use either one because I think they're both good products I think they're both secure products. They both have different ways of implementing things from the interface to use a similar Underlying system so on there So I can't make those decisions for you But hopefully this video helped you understand the two different product bases and let you use your common sense to make a decision It works for you. Thanks And thank you for making it to the end of this video if you enjoyed this content Please give it a thumbs up if you like to see more content from this channel Hit the subscribe button and the bell icon to hire a sure project head over to laurance systems.com And click on the highest button right at the top to help this channel out in other ways There's a join button here for youtube and a patreon page where your support is greatly appreciated For deals discounts and offers check out our affiliate links in the descriptions of all of our videos Including a link to our shirt store where we have a wide variety of shirts and new designs come out well randomly So check back frequently And finally our forums forums.laurancesystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel Thank you again, and we look forward to hearing from you in the meantime check out some of our other videos