ManageEngine Firewall Analyzer vs. pfSense

Offering enhanced network security, performance, and connectivity, it is well as used in a business setting. Features including application control, web content filtering, firewall, IP address, application control, VPN, and good advanced threat protection. With enhanced features and advanced threat protection you get an awesome performance cost effective firewall device.

Incentivized

I believe PFSense is well suited for both home lab environments as well as up to small to mid-size business environments on a tight budget. However, I would implore that anything in production requires the use of the authorized hardware that PFSense sells to receive support. However, in my experience, PFSense is a solid set-and-forget firewall solution.

• Live traffic monitor: Firewall Analyzer lets us monitor traffic as it flows through the firewalls. It also breaks it down according to what type of traffic (e.g., web, mail, FTP, etc.) it is. It lists the tops hosts, the top users from traffic, and a lot of other useful statistics, all in a very visual format.
• Security Monitoring: Another good visual graph Firewall Analyzer provides is the security one, which shows us if we're being attacked, from where, by what, how many, etc. It will also send us alerts when there's an alarm of any kind on the firewall.
• Reporting: We can run all sorts of custom reports, and that helps us both with compliance and informing management as to what's going on. It would be difficult to describe all the various kinds of things we can include in these reports, but they are extensive.

Incentivized

• Easy to use. Good user interface design! Easy to understand and easy to set up.
• Lower hardware requirement. 3 years ago, we used an old PC to run it. Now, we have changed to a router device with Celeron CPU and 8GB RAM. It runs smoothly with a 1000G commercial broadband.

Incentivized

• Configuration is easy and you can expect all the features and modules.
• Simple and intuitive dashboard.
• Firewall Analyzer helps us to gain insight into security threat and traffic.
• Analyze the user behavior.

Incentivized

• I did kind of mention a Con in the Pro section with OpenVPN.
• When I create a config for an employee other employees are able to login to that config.
• I could be doing something wrong when I am making it - I am not afraid to admit that as I am pretty new to all of this, but it seems like it builds a key and I would think the key would be unique in some way to each employee, but I could be wrong.
• I actually do not have a lot of Con's for this software - I did not get to set this up on our work network so I am not sure of any downfalls when installing.
• I installed this on my personal machine in a Hyper-V environment to get a feel for it before I started working on it at work and it seemed pretty smooth. I didn't run into any issues.

Incentivized

It is fast to
download the test software and implement. It takes some sometime to understand the
ways you have to on board your firewalls into it. It is nice to buy and just
activate the product that you have already installed. Maybe some wizards could
be improved in order to accelerate these tasks.

The pfSense UI is easy to navigate and pretty go look at. It is much better than some high dollar firewalls that just throw menus you you. The pfSense UI is quick and responsive and makes sense 99% of the time. Changes are committed quickly and the hardware rarely requires a reboot. It just runs.

Incentivized

pfSense+ basic provides "As Available" email support. pfSense+ Pro offers 24 hr turn around email support. pfSense+ Enterprise offers 24/7 phone support.

Incentivized

ManageEngine was chosen over the use of AlgoSec as it slotted nicely with other Manage engine services we use for services such as active directory management. Other benefits include how lightweight and easy to install and set up it is. You can install it inside your network and start testing within 20 minutes.

Incentivized

Meraki has a unified management login for all devices, which is nice. It also has decent content filtering, both areas where pfSense is weaker. Where pfSense far ouclasses Meraki is in the ease of use and the other width of features. These include features such as better VPN interoperability, non-subscription based pricing, auditability, not relying on the infrastructure of a third party, more transparency of what's actually going on, easier to deploy replacements if hardware fails. Additionally, the NAT management for pfSense seems to be a bit better, as you can NAT between any network segment and not just the LAN segments out the WAN interfaces.

• Firewall Analyzer has definitely freed up a lot of IT's time, by congregating logs and displaying them in a more useful, visual way.
• The cost for licenses and proactive alerting, compared to the man-hours spent reactively through data, paid for itself in a few months.
• There was no negative impact to users, and only some to IT staff who had to train on the software, which mostly consisted of videos and playing around with the software.

Incentivized

• pfSense can be installed on commodity hardware with no licensing fees. With a simple less than 10 minute restore time, on most hardware, it's an extremely inexpensive way to achieve the same results that some of the more expensive vendors provide.
• The easy to use interface has allowed configuration management to be preformed by lower level technicians with quick and easy training.

Incentivized