pfSense is a firewall and load management product available through the open source pfSense Community Edition, as well as a the licensed edition, pfSense Plus (formerly known as pfSense Enterprise). The solution provides combined firewall, VPN, and router functionality, and can be deployed through the cloud (AWS or Azure), or on-premises with a Netgate appliance. It as scalable capacities, with functionality for SMBs. As a firewall, pfSense offers Stateful packet inspection, concurrent…
$179
per appliance
SonicWall TZ
Score 8.3 out of 10
N/A
SonicWall TZ is a NGFW for small to mid-sized companies. It is a Unified Threat Management solution, with additional native decryption and deep-packet inspection capabilities.
pfSense is just a more flexible, lower-cost solution—it can be installed (if you wish) on just about any x86 hardware or even virtual machines - the community edition is free and so enables rapid prototyping and low-cost prototyping and lab build out—something that isn't …
I have not seen a single thing that these other products do that pfSense does not. In fact, the performance/throughput of pfSense is better in my opinion.
While you can get the performance out of other products, pfSense offers the unique ability to put other services on the same device. Products such as Untagle's NG Firewall and SonicWall's TZ series offer cost effective options for firewall and VPN services, having incoming load …
I've used a number of routers like Cisco, Sonicwall, Juniper, Home based routers, etc. pfSense is like most routers but with the benefit of load balancing and multi-wan. Well many support multi-wan but load balancing is usually a separate device like an BIGiP F5 or Cisco CSS.
For fast-growing or SME companies, pfSense is quite suitable because pfSense already had many advanced features such as VPN and multiple WAN / LAN. As a result, we just need to pay for expensive router frequently to upgrade our infrastructure.
Based on my experience, this is a solid platform for a small to mid sized company, especially when there is someone who has IT experience, or can get outsourced IT help. I would not recommend for someone who is a technology novice. Also, this is a competent device for someone who is looking to add VPN services for remote workers.
pfSense is an excellent firewall - It logs all of your traffic. It has packages you can install to snort bad traffic.
pfSense has a tool called "p0f" which allows you to see what type of OS is trying to connect to you. You can filter these results and you can also block a specific OS from connecting to you.
pfSense is an excellent load-balancer: (Multi-WAN and Server Load Balancing) The fail-over/aggregation works very well. This is perfect if your business uses multiple ISP's to ensure your customers are always able to access their data. Also helps with bandwidth distribution as well.
VPN's - I am not entirely sure if this package was free with pfSense, but it does offer the ability to use OpenVPN which is what I am familiar with.
They also have IPsec in the settings as well, but I am not familiar with that enough to go into any detail with it.
As I mentioned I do use OpenVPN the only thing I don't care for with it is I can create OpenVPN configs for each user I want to be able to VPN into the network and I assumed each one would be "unique" but this does not seem to be the case. I could be doing it wrong, but if I create a config for a specific employee I would expect only that employee should be able to use that config, but I have been able to login to everyone that I made using my credentials.
I mentioned earlier that pfSense had a GUI.
I personally really think it is cool because it has a bunch of reporting graphs for monitoring your networks. I think when I become the full-time admin at the company I am going to try to talk them into getting me a TV I can mount on the wall and display all the graphs and real-time info pfSense shows so I can monitor what is going on with the network(s) at all times. Plus I think it would look rad.
There is no API for making changes. This can be a hindrance in environments where auto-deploying something needs firewall rules or HAProxy configs updated. Since all settings are stored in an XML file and then configs are generated from that, even manually updating config files cannot be done.
Beware that some network cards can have issues. pfSense is based on FreeBSD, so it's best to look on their compatibility list before deploying.
management is confusing has many items that could be improved to facilitate the work to the network administrator
in the diagnostic tool I would improve the response times, that is, if a ping test is required, it should be quick, since in cases of failures it is sought to minimize the impact as much as possible.
each function has a different license item, I would place a single license package for all team functions
I have used the SonicWall TZ 350 for years and I can say that it is an excellent and complete firewall. It is easy to configure and administer because it has a friendly interface. It is safe, it offers several types of security features, VPN, and also protection against malware. Support and warranty also recommended. It's fast and the problem was solved in less than 1 day.
Before pfSense we were using consumer and small business rated network appliances from Linksys, Cisco, Buffalo and Netgear. We were replacing them on average of every 6-12 months because they'd fail or would offer poor wifi availability. Switching to pfSense allowed us to use professional grade switches and wifi access points, offloading all of the services that the consumer grade products took care of, onto pfSense (DHCP, DNS, routing, firewall, VPN, etc).
SonicWall and WatchGuard are both fine appliances, but I am accustomed to the Barracuda NG. The Barracuda Control Center is so powerful and useful that it beats out the other two. SonicWall does a great job of dividing up firewall rules and NAT policies, but this is a preference among engineers.
Moving to a FWaaS solution installed on a decent computer the initial investment was moderate to cover 50 to 250 users, but still being cheaper that a Fortinet, Cisco ASA, or a Sophos UTM.
Paying only for support can be a double edge knife, cause you need to identify what's the goal of the request, or your drown into a an endless list of requirements.
To stay in the top with the half of a regular investment pFSense gives a wide variety of plugins that will give you a deep knowledge of your security flaws and strong points.