What is your internal address range and the CGNAT ? Your routes ? Try taking the CGNAT box out of the mix and observe behavior.
Hi, CGNAT IP is 10.x.x.x, internal is 192.168.x.x. Even without the second ISP, which is behind a CGNAT, temps with just basic firewall and VLANs reach 58 °C. Untangle trial ends in a couple of days. Will try OPNSense next. Hopefully, FreeBSD 13.1 is a better match with my hardware. Thanks.
Damn, just reading OPNSense forum, it looks like there are a lot of problems with OPNSense 22.7.
OP, while Untangle seems interesting, I am personaly not drawn to services that have their management of my network security on the 'Net instead of inside the buildings I control. And while paying for something like Untangle seems reasonable, there are things a little more expensive that gives you a lot more in term of security, control, filtering, etc.
On the other hand, you seems pretty knowledgeable network-wise and you achieved your goals with pfsense, so why pay for Untangle?
As for pfsense itself running on FreeBSD - I respect FreeBSD for what is was, but as I said in an another post, what is dragging pfsense on low powered hardware is *BSDs (Open, Net and Free) itself. Linux-based firewalls are much faster and support a lot more hardware from scratch. Supports for Linux is very good vs the tiny group that still support *BSDs, so developping new stuff built on Linux is quite easier and more effective.
For Untangle to reach the level of popularity of pfsense, they need to change their business model, open source their code and make it free and full featured, just like pfsense is. And let the management of Untable be done internally.
1 Like
Thanks! My Untangle trial ended and I’m giving pfSense another go. I posted on the Netgate forums regarding my temperature problem and it turns out there is a bug in pfBlockerNG causing CPU usage spikes. I haven’t installed that package in my new install. That and some useful suggestions in the replies have made my appliance’s temp (53°C at ~30°C ambient) reasonable with my network setup minus pfBlockerNG.
They are two different products for two different purposes.
PFSense is a very fast, lean and mean router distro with excellent traffic shaping and QoS. Strong VPN freatures. We used to do quite a bit of it commercially for some of our clients years ago.
Untangle is a full and proper UTM firewall distro…Unified Threat Management. While it can be dang fast (depending on hardware it’s installed on), its really meant as a business firewall that excels in UTM features. It was designed first and foremost as a UTM.
PFSense was not designed first and foremost as a UTM. Yes…yes…it has a couple of modules you can install to make it almost/sorta a wanna-be intro/baby UTM-lite.
I’ve deployed a lot of Untangle appliances since around 2006, back when it was version 5.02. For our business clients, I’ll choose Untangle every day of the week without question…as security for business networks is most important for us.
Yes, UTMs are expensive. Look at Fortigate, Palo Alto, Watchguard, Sonicwall, Checkpoint, etc…those all have subscriptions, they’re not free. Untangle (now Arista) is not meant to be a hobbiest router distro, it’s meant to be a product/service for businesses, for MSPs to resell, with top notch support.
1 Like
You are right. This has been my impression as well.
Untangle is a router, if you disable some modules.
pfSense is a UTM, if you install some modules.
The gap is thin between them.
3 Likes
Running utm on a box of its own is better for complex high traffic nets.
1 Like