pfSense vs. Sophos Web Content Filtering vs. Untangle NG Firewall

I believe PFSense is well suited for both home lab environments as well as up to small to mid-size business environments on a tight budget. However, I would implore that anything in production requires the use of the authorized hardware that PFSense sells to receive support. However, in my experience, PFSense is a solid set-and-forget firewall solution.

Before Sophos, I would receive scammers regarding tradeshow lists. People wanted me to pay for lists, but these people weren't actually from the tradeshows. I can now block those, and have received much fewer of those scams. I am also able to open emails within quarantine to view them before deleting, releasing, allowing, or blocking. I use this to my advantage, and am able to make better decisions on what to do with the emails.

Incentivized

Untangle is very strong in the "traditional" sense of security. That means an edge appliance that either works with an existing router or is the router itself (recommended). This approach has also been adapted well to cloud environments in order to protect virtual servers and VDI workstations. As mentioned earlier, many schools are using cloud-based filtering for their 1:1 solutions for their students. This is an area where Untangle is unable to serve. Some have used an instance of Untangle in the cloud with VPN to serve their remote needs, but it is not the same as solutions that are designed for cloud-based filtering of devices without VPN.

Incentivized

• Easy to use. Good user interface design! Easy to understand and easy to set up.
• Lower hardware requirement. 3 years ago, we used an old PC to run it. Now, we have changed to a router device with Celeron CPU and 8GB RAM. It runs smoothly with a 1000G commercial broadband.

Incentivized

• Sophos does an excellent job of category-based content filtering. It's easy to configure and flexible for many environments with the ability to tighten or loosen restrictions as requirements determing.
• Sophos' built-in capabilites can force safe search rules to protect against content work-arounds like Image search and search engines in general.
• The Sophos XTreme architecture also helps improve the overall performance of the Web Content Filtering solution. It is very quick and very transparent when in use on the network.

Incentivized

• Web Filtering is strong, and can also do application fingerprinting to allow Facebook, but not Facebook games. Secondly, a separate partition called a "rack" can be set up to give one subnet or group of users different web filtering policies than another. For example, teachers would get more freedom to browse the web than students at a school.
• Built-in SD-WAN connectivity as part of your license. IPSEC tunnel creation is also amazingly easy.
• Will install on any x86 hardware created in the last 5-10 years. Ram and processor requirements per user are very low.
• Reporting is phenomenal, however you can get death by details very easily.

Incentivized

• I did kind of mention a Con in the Pro section with OpenVPN.
• When I create a config for an employee other employees are able to login to that config.
• I could be doing something wrong when I am making it - I am not afraid to admit that as I am pretty new to all of this, but it seems like it builds a key and I would think the key would be unique in some way to each employee, but I could be wrong.
• I actually do not have a lot of Con's for this software - I did not get to set this up on our work network so I am not sure of any downfalls when installing.
• I installed this on my personal machine in a Hyper-V environment to get a feel for it before I started working on it at work and it seemed pretty smooth. I didn't run into any issues.

Incentivized

• It only allows UTF-8 encoded characters.
• It does not support metadata.
• It does not support comments in the custom filter file.

Incentivized

• The full suite can be expensive for business but will be powerful enough.
• The full suite for home or small office isn't that bad of a price but may be out of reach for most home users but remember the basics are FREE so anyone can get started with it.
• I would like to see it promoted for mid to large businesses as I think it can handle it.

Incentivized

Service renewal is in Feb 2021. We will be renewing!

The pfSense UI is easy to navigate and pretty go look at. It is much better than some high dollar firewalls that just throw menus you you. The pfSense UI is quick and responsive and makes sense 99% of the time. Changes are committed quickly and the hardware rarely requires a reboot. It just runs.

Incentivized

Generally works well but seeing more and more bugs with the OpenVPN app.

Incentivized

pfSense+ basic provides "As Available" email support. pfSense+ Pro offers 24 hr turn around email support. pfSense+ Enterprise offers 24/7 phone support.

Incentivized

The phone support reps are highly competent and native-English speakers. big plus vs some other vendors with difficult to understand or less knowledgable support engineers.

Incentivized

Meraki has a unified management login for all devices, which is nice. It also has decent content filtering, both areas where pfSense is weaker. Where pfSense far ouclasses Meraki is in the ease of use and the other width of features. These include features such as better VPN interoperability, non-subscription based pricing, auditability, not relying on the infrastructure of a third party, more transparency of what's actually going on, easier to deploy replacements if hardware fails. Additionally, the NAT management for pfSense seems to be a bit better, as you can NAT between any network segment and not just the LAN segments out the WAN interfaces.

Sophos has been a much easier product to configure and eventually manage, with preset rules and policies to start off right out of the box, saving administrators time from adding every category and or site. However you can add/import all know good company sites (internal url's) as well as local sites for a safer settings. (know sites)

Incentivized

Untangle NG Firewall has a partnership with third parties to provide an amazing suite of applications. You pay for those. With free software, you have to wait for it to be updated. With Unifi, the hardware was too underpowered to do anything meaningful. I don't mind the monthly fees because these companies update quickly; they have a reputation to maintain.

Incentivized

• pfSense can be installed on commodity hardware with no licensing fees. With a simple less than 10 minute restore time, on most hardware, it's an extremely inexpensive way to achieve the same results that some of the more expensive vendors provide.
• The easy to use interface has allowed configuration management to be preformed by lower level technicians with quick and easy training.

Incentivized

• Super positive impact, the Sandstorming Add On, it increases protection at it's maximum level (for new or existent/variant threats).
• Customers often have the need of a system capable of report everything that the network is being handed, Sophos Web Content Filtering achieves this.
• The ROI is very fast since top management quickly see results on filtering and reporting of what is really going on within their networks.

Incentivized

• It's allowed us to be PCI compliant which we need to do business.
• It's allowed us to not only be PCI compliant but follow best practice to be actually as secure as we can be.
• It's really presented us with a lot of flexibility in terms of how we connect to other services.
• There is some maintenance, but it's very minimal.

Incentivized