pfSense vs. SonicWall TZ

For fast-growing or SME companies, pfSense is quite suitable because pfSense already had many advanced features such as VPN and multiple WAN / LAN. As a result, we just need to pay for expensive router frequently to upgrade our infrastructure.

Incentivized

Based on my experience, this is a solid platform for a small to mid sized company, especially when there is someone who has IT experience, or can get outsourced IT help. I would not recommend for someone who is a technology novice. Also, this is a competent device for someone who is looking to add VPN services for remote workers.

Incentivized

• pfSense is an excellent firewall - It logs all of your traffic. It has packages you can install to snort bad traffic.
• pfSense has a tool called "p0f" which allows you to see what type of OS is trying to connect to you. You can filter these results and you can also block a specific OS from connecting to you.
• pfSense is an excellent load-balancer: (Multi-WAN and Server Load Balancing) The fail-over/aggregation works very well. This is perfect if your business uses multiple ISP's to ensure your customers are always able to access their data. Also helps with bandwidth distribution as well.
• VPN's - I am not entirely sure if this package was free with pfSense, but it does offer the ability to use OpenVPN which is what I am familiar with.
• They also have IPsec in the settings as well, but I am not familiar with that enough to go into any detail with it.
• As I mentioned I do use OpenVPN the only thing I don't care for with it is I can create OpenVPN configs for each user I want to be able to VPN into the network and I assumed each one would be "unique" but this does not seem to be the case. I could be doing it wrong, but if I create a config for a specific employee I would expect only that employee should be able to use that config, but I have been able to login to everyone that I made using my credentials.
• I mentioned earlier that pfSense had a GUI.
• I personally really think it is cool because it has a bunch of reporting graphs for monitoring your networks. I think when I become the full-time admin at the company I am going to try to talk them into getting me a TV I can mount on the wall and display all the graphs and real-time info pfSense shows so I can monitor what is going on with the network(s) at all times. Plus I think it would look rad.

Incentivized

• If you have multiple sites and you want the connect the sites through secure medium this is best firewall for you.
• There are very advanced features helps you to connect the device easily and securely.
• Easy to connect the sites through advanced routing protocols.

Incentivized

• There is no API for making changes. This can be a hindrance in environments where auto-deploying something needs firewall rules or HAProxy configs updated. Since all settings are stored in an XML file and then configs are generated from that, even manually updating config files cannot be done.
• Beware that some network cards can have issues. pfSense is based on FreeBSD, so it's best to look on their compatibility list before deploying.

Incentivized

• management is confusing has many items that could be improved to facilitate the work to the network administrator
• in the diagnostic tool I would improve the response times, that is, if a ping test is required, it should be quick, since in cases of failures it is sought to minimize the impact as much as possible.
• each function has a different license item, I would place a single license package for all team functions

I have used the SonicWall TZ 350 for years and I can say that it is an excellent and complete firewall. It is easy to configure and administer because it has a friendly interface. It is safe, it offers several types of security features, VPN, and also protection against malware. Support and warranty also recommended. It's fast and the problem was solved in less than 1 day.

Incentivized

Before pfSense we were using consumer and small business rated network appliances from Linksys, Cisco, Buffalo and Netgear. We were replacing them on average of every 6-12 months because they'd fail or would offer poor wifi availability. Switching to pfSense allowed us to use professional grade switches and wifi access points, offloading all of the services that the consumer grade products took care of, onto pfSense (DHCP, DNS, routing, firewall, VPN, etc).

Incentivized

SonicWall and WatchGuard are both fine appliances, but I am accustomed to the Barracuda NG. The Barracuda Control Center is so powerful and useful that it beats out the other two. SonicWall does a great job of dividing up firewall rules and NAT policies, but this is a preference among engineers.

• Moving to a FWaaS solution installed on a decent computer the initial investment was moderate to cover 50 to 250 users, but still being cheaper that a Fortinet, Cisco ASA, or a Sophos UTM.
• Paying only for support can be a double edge knife, cause you need to identify what's the goal of the request, or your drown into a an endless list of requirements.
• To stay in the top with the half of a regular investment pFSense gives a wide variety of plugins that will give you a deep knowledge of your security flaws and strong points.

Incentivized

• VPN access allowed employees to be more flexible and being able to get internal resources from anywhere.
• Lower licensing price compared to competitors saved some money.
• Protecting from unnecessary connections increased performance and uptime.
• One of the firmware versions caused CPU performance degradation that slowed down the Internet speed which caused issues in the call center.

Incentivized