At home I started off with USG but I was having issues with VPNs so I have now moved on to pfSense in a VM with no dramas at all. Not sure what they use at work though.
Pf_sense itâs easy to setup maintain updates, what else need be said.
O yeah its not an arm and a leg.
Recently I have been testing Untangle on Protectli hardware at my home (which connects to my office via Site-to-Site VPN) So far I am blown away. The office runs Fortinet systems.
I recenly upgraded from Ubiquitiâs EdgeRouter at home, and Meraki at work. The features offered from Untangle are really attractive to me, and the home licensing is more than worth it to me (the enterprise licensing isnât bad either).
I have also been testing pfSense on Netgate hardware, but so far I am underwhelmed when compared to the Untangle.
I am intrigued, are you willing to elaborate?
In my experience I found from installation to function the Untangle was just easier and faster to get up and running, with much less command line interaction to get higher functions working.
Donât get me wrong, pfSense still seems a very good, inexpensive option, but I am more than willing to pay the yearly fee for Untangle to save me time on the back end.
Maybe it is just me being lazy in my old age, but as time goes on I prefer GUI interfaces to CMD.
If there is something specific that you are curious about let me know, I am more than happy to share.
Running multiple 10G interfaces on the firewall. pfSense seems a sensible option from a cost perspective.
@tkanger I wasnât after anything specifically, just a comparison as to why you prefer Untangle - which is what you provided, so thank you for that. Feel free to add anything further if you think of it, but I am happy with the response.
Started with a USG at home, but once they added the IDS/IPS stuff it wasnât enough. Now Iâm running pfsense on a E5-2609v2 set up that didnât cost me much more than the USG. From testing on the LAN side, it should be good with Suricata and pfblocker it should be good for 1G if I ever get it. I should have fiber available in about a year.
Firewall at home & office and at my client sites is pfsense.
At home this is my Spec:
2GB of Ram in a small ITX case made by a company called OneLan - Dual Intel Pro NICs
I have ran Ubiquiti Edgerouters (I still have one deployed at my parents and have an ERL at home as a âhot spareâ in case my Protectelli machine dies.
The Protectelli started out with Untangle, but the lack of IPV6 made it a non-starter for me. Moved on to pfSense and for the most part I liked it, however there was just something that I didnât like. Figuring out why my phoneâs would not connect to my banking app for example was a pain. I had all the firewall rules logging things and it was still a struggle trying to figure out what to whitelist. From there I moved to OpnSense and so far I have to say I really really like it.
I use it at work and I like it. now I want to try qradar.
Iâm flipping between Untangle and Sophos XG V18 atm. Have done a bit with pfsense etc.
Work wise in the past Iâve used Fortigate, Cisco ASA/PIX, Microsoft ISA (shudderâŚ)âŚ, Junipier and others.
Hmm, curious â I didnât think you could virtualize Untangle within xcp-ng â perhaps you can. Do you have any more information?
Yes, you can virtualize Untangle
@LTS_Tom - I just wanted to clarify an issue. This is directly from the Untangle website â
By just downloading the OVA file, you can have Untangle NG Firewall up and running in a matter of minutes in your virtual environment. In order to have a successful deployment, the virtual appliance must have VMware ESX or ESXi running.
Although itâs been about two months since I looked into the issue, I only found one user in their forums that had tried to use specifically xcp-ng but the forum was dated several years ago and it kind of suggested it was working but there were a lot of followup questions by users that went unanswered. I wrote untangle directly about virtualization with xcp-ng and their official response was to use esxi. Can xcp-ng be used to virtualize this product successfully?
We have it configured in our lab using XCP-NG, seems to work just fine. But I have never used it in production that way.
What exactly is the patch doing or what does your ISP require? Can you elaborate?
The USG VPN Client and S2SâŚwow what a steaming pile. UBNT has made a complete mess of it. I inherited a Full-stack that a user had USG Pro at the head and as C19 hit they tried to get their users working remotely, it crashed and burned, tons of non-routing packets, and myriad of issues getting the S2S to work properly with a Meraki MX. After 4 hours of troubleshooting, testing and attempts to put the issue right I dropped in a SG-3100 and had them all staff working remotely by the end of the day.
Have had 1 ticket since then when one of the Fibre lines dropped.
{sorry was supposed to be threaded elsewhere}
I have been running pfSense at home for a couple years on a Intel i5 system. Started with an Intel i3, then later upgrade to i5.
I also like to thanks Tom for his guides! (need more )
Untangle. Itâs just easy and I like the Command Center to conveniently manage all of my customer firewalls.