What is your favorite firewall to use?

At home I use a Mikrotik RB3011 and love it!

At work it’s a mixture but mainly Cisco Meraki

Used SonicWall for close to 10 years. About a year ago switched to sophos. I enjoyed their SG line and really like their XG line as well and how it ties in nicely with their endpoint security via security heartbeat. Nice stuff. Based on Tom’s video I might take a look at untangle. We will see

PFsense is taking care of business very well in my home/office …

For years I would have said Pfsense, but mid-2018 I made the switch to Opnsense, originally it was only because they build OpenVPN with XOR patch by default. Because I’m an expat in a country that employs DPI to block VPN, so I need that. But I also manage four friends networks remotely, so I like that it has 2FA built in. It has its faults like more frequent updates, and the templates aren’t as nice as PFsense. Somethings are just named slightly different making it frustrating sometimes when looking for settings or a service. But it has been running reliably for about six months so unless Pfsense gets XOR patch for OpenVPN, then I will be sticking with OPNsense for now.

Currently at home Mikrotik RB-3011, at work Watchguard M200 with the subscriptions expiring in April.

Currently evaluating options for both.

For work the local vendors all want to charge for 2 hours to evaluate network, then replace switches with their preferred platform for vlans rather than using the existing Dell switches. Firewall would be their preferred vendor. I have not found anyone local that will support “non standard” solutions.

I have a unique non server network with a couple of remote sites that currently works, I need to establish some basic vlans to isolate the remote assets to a handful of users that need access to them.

Management likes the reporting detail that Untangle offers.

Jerry

Over the next month I plan on setting up live demos to evaluate PFsense and Untangle under real conditions. I have setup some hardware to do the testing.

NICE!!! Set those bad boys up!

Good choice we do the same.

I’ve found that the VPN on the USG is terrible…sometimes it works sometimes it doesn’t

No enterprise for me … but at home i have a Netgate SG-3100
a Unify 24 Port switch
a Unify AP AC-PRO
and a dell R710 with xpc-ng on it as a “Home-lab”

We’re using Palo Alto’s at work. Great firewall, super expensive but, really nice.

At work Cisco ASA 5510 for VPN. And at Home pfSense, running DHCP, Ntop and pfBlockerNG.

OPNsense because it has a built-in patch for my ISP, so the WAN side is much easier to setup and doesn’t require custom configs and maintenance on every update etc. (OPNsense is very active on the community side, making tons of little adjustments upstream to fit specific needs like my ISP’s weird DHCP setup).
I’d probably run pfSense if I could though, and that’s what I recommend for profesional sites. Having only one firewall to deal with on the personal and pro side would make things easier. But big props for OPNsense for their community-driven mindset, it’s a great fit for home/labs.

For years I used Asus RT-AC68U and then RT-AC86U but with Merlin firmware. Unfortunately, Asus has been releasing more closed-source modules so the ability of Merlin to really improve the firmware is waning. I also wanted to do more network segmentation with Vlans so I re-did the entire home network. The firewall is Pfsense running on an i3 6-port Protectli box with 8 gigs (4x2) of RAM and a 250gig Samsung 860 Evo (much too large but it was the smallest available at the time. The firewall is great and was lots of fun to setup. FYI, internet is 300/300 and Pfsense rarely gets above 3% CPU utilization. I bought the i3 so I would have headroom to run VPN, and PFBlocker at a later date. I do use NUT with Pfsense with my Synology NAS as the UPS/NUT server.

The rest of the network is Ubiquiti Unifi with a SW16-150 switch, SW8-60 switch, AP-HD access point, with a Gen2 CloudKey as the controller. Very pleased with overall network performance.

At home I have a Fortinet Fortigate 50E in production and two 90D’s with several 80C’s that I use for testing.

At work we have Fortigate 1500D’s and for testing Fortigate 201E’s.

Y-ASK

We run Palo Altos at work (just provided some reports before the holiday that pretty much lead to dude getting canned ). I need to get around to some pfSense at the house, but I’m a horrible IT person in that I get home and just want to spin records and read cheezy fiction and not continue fighting that good fight after 9 hours clocking in for “the man.”

Uh oh what happened for them to fire him based off logs? We use palo altos at our company and I love them…I havent tried pfsense or any other opensource firewall yet. Maybe for the home one day!

When I get home I usually spend my time researching and learn more tech haha I LOVE IT!

pf-Sense. Advise clients to buy the Netgate appliance for edge deployment, but use PCs internally to control access to network segments and VM Hosts (server class machines with SSDs are my current recommends but desktops can be used as well with multiport NICs). Have used others in the past but I look for something that is easy for admin to administer especially up dates.

I must say thanks to Tom for reviewing Untangle something I looked at some years back but decided against for some reason I don’t recall. The product seems much more robust in its current form and may be good for remote and mobile users. Am going to test with pf-Sense VPN.

Short version is we got acquired toward the end of last year. Guy just “ghosted” for days on end. Due to the chaotic structure after the acquisition it was pretty easy to slip through the cracks. Palo Alto has some great user activity reports that pretty much detailed attempts at circumventing firewalls, 3rd party vpn information, and a lot of non-work related internet traffic. That combined with logs from our badge system was more than enough information.

We currently are in bed with Meraki but that relationship has to end.