Jump to content
gacpac

Pfsense or something else?

22 posts in this topic Last Reply

Recommended Posts

I was going to buy a USG or an ASUS RT-AC66. But I decided to try pfsense first.

 

 

I like and everything, it's somewhat complicated, but nothing you can fix with youtube. What I still don't find is how to use deep package inspection, monitor my internet speed and what every user downloads. Which is really easy with the alternatives I mentioned.

 

I really like the port forward and the nat translation in the firewall rules, I must say. But I feel like I'm missing something.

 

I know pfsense is enterprise grade so to speak. Have you guys felt the same way with this?

 

 

 

Sent from my Pixel 2 XL using Tapatalk

 

 

Share this post


Link to post

I used pfsense for years but recently switched over to Sophos UTM. It's... different, but as you mentioned, youtube for setting things up works fine. It seems to be developed more towards protection than pfsense, which functions more as a configurable firewall. Why did I switch? to better monitor and limit access to certain sites for specific users that should not have access to them.

 

I also used opnsense in the past, a spinoff of pfsense. But it's essentially the same thing and updated more frequently (and with a nicer web gui.)

Share this post


Link to post

I switched because my router died yesterday. And it made perfect sense to try it, since everyone I know and forums tell that is way better.

But to me it's not better. It's different, I can compare Pfsense to fortinet in that sense.

I'm looking for the same as you, in that case, control sites, get to know which device is using more bandwidth. Like unifi or even ddwrt does.

Sent from my Pixel 2 XL using Tapatalk

Share this post


Link to post
On 5/26/2019 at 5:53 AM, gacpac said:

USG or an ASUS RT-AC66

Between those two, definitely USG. I don't believe the ASUS RT-AC66 gets merlin builds anymore either. It's rather old.

 

On 5/26/2019 at 5:53 AM, gacpac said:

I know pfsense is enterprise grade so to speak. Have you guys felt the same way with this?

Yes brother, you're not alone in feeling that way.

Share this post


Link to post

I'll keep this until ubiquiti comes with something updated.

Sent from my Pixel 2 XL using Tapatalk

Share this post


Link to post

I have been running untangle, with home licens, in a VM the last couple of years. I have had a little switch to pfsense and opnsense, but went right back to untangle. Yes it cost money, but you get way more stuff ready to use and then there is a lot of graphs and data to inspect, if you got the time for it.


Sent from my iPhone using Tapatalk

Share this post


Link to post
3 hours ago, perhansen said:

Yes it cost money, but you get way more stuff ready to use and then there is a lot of graphs and data to inspect, if you got the time for it.

Thanks for this. Good things cost money, just like Unraid.

 

I'm going to give untangle a try.

Share this post


Link to post

Just like with unRAID, I'm a very basic user. pfsense saved me when I upgraded my internet to 400/25. I was shocked my RT-AC66U with merlin couldn't handle those speeds.

 

I don't use any dockers; I only have the most basic settings enabled in pfsense. But both options do exactly what I need.

Share this post


Link to post
On 5/26/2019 at 7:53 AM, gacpac said:

 

I was going to buy a USG or an ASUS RT-AC66. But I decided to try pfsense first.

 

 

I like and everything, it's somewhat complicated, but nothing you can fix with youtube. What I still don't find is how to use deep package inspection, monitor my internet speed and what every user downloads. Which is really easy with the alternatives I mentioned.

 

I really like the port forward and the nat translation in the firewall rules, I must say. But I feel like I'm missing something.

 

I know pfsense is enterprise grade so to speak. Have you guys felt the same way with this?

 

 

 

Sent from my Pixel 2 XL using Tapatalk

 

 

 

i believe you want to look at suricata for pfsense, all tools you mention a available just have to google and put a little effort into it.

Share this post


Link to post

I was looking at OPNsense which is a fork of pfense. Looks like it has a better GUI and might be easier to configure.

Share this post


Link to post

I know suricata. I don't need exactly IDS. And to see everything I have to check a log. Right now ntopng is doing the job for me with the details I need for the workstations.

Suricata is awesome but set this up properly I would need to add an external software to read a logs and getter a richer understanding of what's going on.


Sent from my Pixel 2 XL using Tapatalk

Share this post


Link to post
I was looking at OPNsense which is a fork of pfense. Looks like it has a better GUI and might be easier to configure.
I might try it out. Honestly I just love the GUI for unifi. But I don't feel like expending money for a rack mount USG. I'm waiting for a refresh in the current USG lineup

Sent from my Pixel 2 XL using Tapatalk

Share this post


Link to post
On 6/3/2019 at 1:35 PM, Lev said:

I'm going to give untangle a try.

I have used untangle for the last few days. Some thoughts...

- Lots of charts and reports. Even a daily email with reports. Most if not all these reports the Unifi USG will also give, pfSense does not, or at least not without some work to setup initially.

- Emails from the untangle sales team chat-bot. Even though I marked myself as a 'home' user, the automated bots are hot to sell me a license.

- Very easy to setup and get running. Very easy user interface. I think this is it's main advantage over pfSense.

 

After two days I completed what I wanted to find out about untangle and turned it off the server it was installed on. I'm happy I did it, I now know more than I did before and what works best for my use cases. I think my recommendation for @gacpac is to get started with Unifi USG as it'll cover 99% most use cases and it's integration with other Unifi products makes it so easy to manage a home or business network.

 

Share this post


Link to post
Posted (edited)
36 minutes ago, gacpac said:

I might try it out. Honestly I just love the GUI for unifi. But I don't feel like expending money for a rack mount USG. I'm waiting for a refresh in the current USG lineup

Sent from my Pixel 2 XL using Tapatalk
 

Yea, I love the interface as well but tired of waiting for them to refresh the lineup. It's temping to get a Dream Machine if I could ever catch it while it's in stock but it's not really what I want. 

 

I do understand the delay. They are writing a new OS for it and the DM is the guinea pig for it.

Edited by mgworek

Share this post


Link to post
I have used untangle for the last few days. Some thoughts...
- Lots of charts and reports. Even a daily email with reports. Most if not all these reports the Unifi USG will also give, pfSense does not, or at least not without some work to setup initially.
- Emails from the untangle sales team chat-bot. Even though I marked myself as a 'home' user, the automated bots are hot to sell me a license.
- Very easy to setup and get running. Very easy user interface. I think this is it's main advantage over pfSense.
 
After two days I completed what I wanted to find out about untangle and turned it off the server it was installed on. I'm happy I did it, I now know more than I did before and what works best for my use cases. I think my recommendation for [mention=83915]gacpac[/mention] is to get started with Unifi USG as it'll cover 99% most use cases and it's integration with other Unifi products makes it so easy to manage a home or business network.
 
I might as well do that. Honestly I'm a home user tired of shitty routers. That's all it is

Sent from my Pixel 2 XL using Tapatalk

Share this post


Link to post
48 minutes ago, gacpac said:

I'm waiting for a refresh in the current USG lineup

We all are brother. I love my USG but how much I wish for something better beyond there current offerings. That said, it's still the best for my use case compared to the competition.

Share this post


Link to post

I used to have a USG. Hated it, literally threw it in the trash. This was in the early days of the USG when it could do very little, and half of what it did do it did wrong. I acquiesce that it is MUCH better now.

 

I've been using Untangle for years, and wouldn't switch back now. Fast, granular control, decent reporting, and most importantly has been working 24/7/365 for years with little interaction (other than self induced things like new rules, etc).

Share this post


Link to post
I used to have a USG. Hated it, literally threw it in the trash. This was in the early days of the USG when it could do very little, and half of what it did do it did wrong. I acquiesce that it is MUCH better now.
 
I've been using Untangle for years, and wouldn't switch back now. Fast, granular control, decent reporting, and most importantly has been working 24/7/365 for years with little interaction (other than self induced things like new rules, etc).
That's why I still think before getting my hands in one. I might test untangle in a VM or something like that.

Sent from my Pixel 2 XL using Tapatalk

Share this post


Link to post

I've been using OPNSense and SophosUTM (Home Edition) for years. Been a pretty solid setup.

Share this post


Link to post
Posted (edited)

I like Sophos... When big new releases come out I still tinker with it in my lab.

 

I used to use it but had to move away from it when it had a 50 device limit for home use (I have >90 devices on my network, most of which need to connect outbound at some point)...

Edited by JasonJoel

Share this post


Link to post
On 6/7/2019 at 7:01 PM, JasonJoel said:

I like Sophos... When big new releases come out I still tinker with it in my lab.

 

I used to use it but had to move away from it when it had a 50 device limit for home use (I have >90 devices on my network, most of which need to connect outbound at some point)...

You can segregate those and put them behind another NAT ;)

Share this post


Link to post

A new usg has been spotted!!!!! Guess they are staying with he Dream Machine name. UDMPro. Hopefully it hits early access soon. Top device with the just announced non pro switches that aren't for sale yet.

 

h4wp07iyts331.jpg.7e6dc53db0cfa506cf299d67eed9d283.jpg

 

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.