pfSense vs. Sophos SG Firewall Appliances

I believe PFSense is well suited for both home lab environments as well as up to small to mid-size business environments on a tight budget. However, I would implore that anything in production requires the use of the authorized hardware that PFSense sells to receive support. However, in my experience, PFSense is a solid set-and-forget firewall solution.

It is well-suited for all sizes of organizations. It will help them to safeguard their network from various cyber threats like ransomware, phishing, malware, etc. It will provide them with many features like deep packet inspection, web filtering, application control, etc. in one place. It will also help them optimize bandwidth usage

Incentivized

• Easy to use. Good user interface design! Easy to understand and easy to set up.
• Lower hardware requirement. 3 years ago, we used an old PC to run it. Now, we have changed to a router device with Celeron CPU and 8GB RAM. It runs smoothly with a 1000G commercial broadband.

Incentivized

• It helps you to protect your corporate network and data from external cyber threats.
• It provides you with with advanced features like load balancing, web and app access, etc., to optimize bandwidth uses.
• It enables you to configure an IPsec VPN to access organization resources remotely.

Incentivized

• I did kind of mention a Con in the Pro section with OpenVPN.
• When I create a config for an employee other employees are able to login to that config.
• I could be doing something wrong when I am making it - I am not afraid to admit that as I am pretty new to all of this, but it seems like it builds a key and I would think the key would be unique in some way to each employee, but I could be wrong.
• I actually do not have a lot of Con's for this software - I did not get to set this up on our work network so I am not sure of any downfalls when installing.
• I installed this on my personal machine in a Hyper-V environment to get a feel for it before I started working on it at work and it seemed pretty smooth. I didn't run into any issues.

Incentivized

• We would like more feature reach port blocking. This could be reorganized to make it easier on Network Admins to add or change ports.
• I would like easier access to the CLI
• I would like it to perform faster

Incentivized

The pfSense UI is easy to navigate and pretty go look at. It is much better than some high dollar firewalls that just throw menus you you. The pfSense UI is quick and responsive and makes sense 99% of the time. Changes are committed quickly and the hardware rarely requires a reboot. It just runs.

Incentivized

Management could use some improvements. Sophos management and workflows has always been designed by Engineers for Engineers. They do not always follow logical workflows in the real world. Once you figure this out it is easier to use but no where as smooth as many other products on the market.

Incentivized

pfSense+ basic provides "As Available" email support. pfSense+ Pro offers 24 hr turn around email support. pfSense+ Enterprise offers 24/7 phone support.

Incentivized

The biggest selling point for sophos is their vendor support. Those guys put a smile on our faces. There are multiple ways you can contact their support like chat, or telephone or email. They are very responsive and they do have very knowledgable and patient support staff. We have raised tickets at all odd hours and they have been addressed correctly

Incentivized

Meraki has a unified management login for all devices, which is nice. It also has decent content filtering, both areas where pfSense is weaker. Where pfSense far ouclasses Meraki is in the ease of use and the other width of features. These include features such as better VPN interoperability, non-subscription based pricing, auditability, not relying on the infrastructure of a third party, more transparency of what's actually going on, easier to deploy replacements if hardware fails. Additionally, the NAT management for pfSense seems to be a bit better, as you can NAT between any network segment and not just the LAN segments out the WAN interfaces.

We use Sophos in conjunction with WatchGuard, for an extra added level of security. Sophos is a little more sophisticated and complicated but they work well together as added layers of protection against most cyber threats.

Incentivized

• pfSense can be installed on commodity hardware with no licensing fees. With a simple less than 10 minute restore time, on most hardware, it's an extremely inexpensive way to achieve the same results that some of the more expensive vendors provide.
• The easy to use interface has allowed configuration management to be preformed by lower level technicians with quick and easy training.

Incentivized

• Positive ROI due to the competitiveness of the product.
• Positive impact as the device is fully functional and easy to operate.
• Negative impact when it comes to log integration as it does not support industry logging standards.

Incentivized