pfsense, smoothwall, untagle or other firewall


Recommended Posts

So in like a couple of weeks I'm gonna start studying/practicing in my home lab these (and if there are others they are welcomed) firewalls / UTM.

 

What i really want to know is how they behave (as in performance), the kind of features they have (if they support VPNs and how many, ease of publishing rules, the amount of updates released by the vendor, etc.), your experience of this products versus commercial ones (like Cisco, Juniper, SonicWall, Fortinet, etc.). I'm a ISA / TMG guy but i must learn other alternatives since TMG isn't available right now (and it's phased out) and the recommended ones by Microsoft are way too much expensive ones for the clients i have (small/middle sized business).

 

oh also very important: most of the clients i have they publish OWA (exchange) via ISA / TMG, so this firewall must support this as well.

Link to comment
Share on other sites

Well you won't necessarily be publishing it like you do with tmg or isa, you will be sending the port over to that server either through one to one nat or simply forward the port over.  All of these support this, even still none support publishing like tmg does all firewalls either forward ports or support one to one nat.

Link to comment
Share on other sites

You forgot IpCop which if I'm not mistaken does everything you mentioned and has a shitload of plugins which you can add according to your needs.

The other ones probably too.  Why not Dragon as IDS while you're at it? :b

Link to comment
Share on other sites

SphireWall seems to be another interesting one... although I can't ascertain with development is continuing or is dead.

 

Big fan of pfSense myself.

Link to comment
Share on other sites

SphireWall seems to be another interesting one... although I can't ascertain with development is continuing or is dead.

 

Big fan of pfSense myself.

 

 

Sphirewall is still under development! :) 

Link to comment
Share on other sites

Do a quick search and their last release was in July 2013 ;)

 

No news on progress since does make me wonder.

Link to comment
Share on other sites

hum...my main concern is:

- easiness of deployment (install, configure and maintain).

- cost.

- support.

 

I my opinion, ISA / TMG had a huge advantage as the cost was low for the amount of features it had; now i have to find a similar product for enterprise environments (small/middle sized) with cost, feature wise and support as my #1 priorities. Cisco / Juniper / Fortinet have good produts but the cost is prohibitive for some of the clients i have.

Link to comment
Share on other sites

Sophos UTM (formerly astaro) is a pretty decent free for home use product.  The reporting is decent and the features are pretty nice.  I like it over Untangle.

 

Very interesting! I tried to download it but all I get is ...

 

Il s'est produit une erreur inattendue.

 

Can anyone else download it?

Link to comment
Share on other sites

How do you know?

 

Because according to their website:

July 31, 2013

Sphirewall 0.9.9.6 Released Today

Today we have pushed out another Sphirewall release. This release was spent working on stability and performance, ironing out a whole heap of issues. Users can expect a new level of stability and performance with both the management interfaces and core system. We have also reintroduced some of the functionality that was removed with the wmi migration to python flask such as logging, and validation.

For the full release notes click here? or head over to our website for downloads and more information, http://sphirewall.net 

Link to comment
Share on other sites

You mentioned for your clients, so I'm assuming you will be responsible/liable for the firewall in the clients production environment? Why are you looking for free high-risk options for your clients? Most cisco/sonicwall/watchguard firewalls are affordable for any size business. Do yourself a favor and don't offer free/unsupported/outdated solutions to your clients. Besides, once you become an expert in Cisco or Sonicwall, your value goes up (more companies use cisco/sonicwall, so you have more chances to land new clients)

Link to comment
Share on other sites

pfsense, for example of a free solution, does offer support and is current.  I am not sure exactly where you are coming from bnelson...because it isn't cisco or sonicwall doesn't mean that it can't do the same or has support for. 

 

http://pfsense.com/index.php@option=com_content&task=view&id=63&Itemid=69.html

 

Current update as of this post is September 15th, 2013, not bad only 5 days old.

Link to comment
Share on other sites

Unsupported? Outdated?  Free yes the product is free..  But that has little to do with its ability to run in an enterprise environment or small ma and pa shops.

 

To be honest your going to get better support from a pfsense then you would cisco or sonicwall, etc..  Have you looked into their support model?

 

https://portal.pfsense.org/support-subscription.php

 

What is the cost of cisco or sonicwall support?  Do they offer to directly support your customers with reseller support for 2k a year?

https://portal.pfsense.org/reseller-subscription.php

 

So while your statement that pfsense is free is quite valid - to think its not supported or outdated is just ludicrous.

Link to comment
Share on other sites

This topic is now closed to further replies.