I been using PFsense for awhile now, and so far I have no problem about it. However, last week I was tempted to try Untangle. Maybe like you I was also curious about the difference between the two. Now I am going to evaluate my personal experience with these two leading firewall application.
First of all I know it is not right to compare PfSense and Untangle because they are not in the same category. PfSense is a firewall distro while Untangle is UTM distro, but because both of them can be use as a firewall, a router and can be use in web filtering, let me compare it in three aspects; the installation, system requirement and their most common functions, the web filtering.
First of all I know it is not right to compare PfSense and Untangle because they are not in the same category. PfSense is a firewall distro while Untangle is UTM distro, but because both of them can be use as a firewall, a router and can be use in web filtering, let me compare it in three aspects; the installation, system requirement and their most common functions, the web filtering.
Installation
Untangle is much easier to install but it takes more time because of its additional packages. PfSense is also easy and less of problem but the configuration is more complex that Untangle.
System Requirements
The minimum requirements for pfSense is only a machine with at least a 200 MHz processor , 2 NICs and 128 MB RAM but the exact requirements will vary primarily depending on what features you plan to use and how much network throughput you require.
For additional information about the list of supported hardware and known working configurations please click here.
On the other hand, Untangle has also a minimum requirements of a Pentium III processor, 2 NICs and 512MB of RAM, and like Pfsense this is just the minimum requirements for smaller networks that is why multi-core chips with extra RAM really make Untangle more convenient for larger networks.
Below is the additional information about the system requirements for untangle.
| Resource | Processor | Memory | Hard Drive | NICs | Notes |
|---|---|---|---|---|---|
| Minimum | Intel/AMD-compatible Processor (800+ Mhz) | 512 MB | 20 GB | 2 | |
| 1-50 Users | Pentium 4 equivalent or greater | 1 GB | 80 GB | 2 or more | |
| 51-150 Users | Dual Core | 2 GB | 80 GB | 2 or more | |
| 151-500 Users | 2 or more Cores | 2 or more GB | 80 GB | 2 or more | |
| 501-1500 Users | 4 Cores | 4 GB | 80 GB | 2 or more | 64-bit |
| 1501-5000 Users | 4 or more Cores | 4 or more GB | 80 GB | 2 or more | 64-bit |
Web Filtering
Untangle has a great and easy web filtering option. You can just select the the Pass, Block, and logging options for all categories, such as gambling, web mail, shopping, and pornography.
You can also add your own URLs and file types to block, log, or pass in a web filtering option or add the domain or URL to default block list through web filter submission tool.
On the contrary unlike untangle web filtering in pfSense is demanding a considerable effort. Pfsense includes most all the features in expensive commercial firewalls, so web filtering can be by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic but the most common used for web filtering in pfsense is by using squid proxy server and squid guard.
Like untangle, you can also add the domain or URL to the blacklist of squid proxy server in order for it to be blocked in the network.
Conclusion
Based on these comparisons, I can only say that Untangle has a sweet filtering options than pfsense, but its hardware requirements are more higher than Pfsense. Untangle also has far more filtering capabilities than pfSense but it resulted in lower speed of internet as expected.
Based on my experiences, everything is fine in Pfsense while there were some issues in Untangle. It includes the constant hangs when I only have limited RAM in my server, sometimes during the installation it fails to recognize the NIC, and it lacks the efficacy to block HTTPS websites, such as https://www.facebook.com.
I know Untangle is great, it makes internet flows pretty good. If there were times that it slows the internet when it filters emails and everything because like PfSense it can't do everything perfectly. To choose between Untagle and pfSense, you really have to understand your needs very well and match them to the products' capabilities. Personally, I like them both, but I am more comfortable with PfSense.
I don't think that this is a nice comparison between the two. Besides we cannot compare two products that are not in the same category. Web filters are more common in residential customers which neither of these products are the primary target of, this products are more on VPN and anti virus.
ReplyDeleteYes Like I mentioned in this post that it is hard to compare these two products but for the sake of web filtering which is one of the functions of of these products we need to compare them.
ReplyDeleteWe've been using PFSense for two years now on a production scale. We ran it on atom boxes on pure firewall/nating functions. No proxy, web filters whatsoever.
ReplyDeleteI've also deployed untangle on a client network with thousands of users behind it. Also in a firewall/nating only usage. No others (proxy, filters, etc).
PFSense outperforms UT by thousands of miles in terms of PPS. On atom 1.6 boxes with 2GB RAM, were sustaining our desired PPS with multiple 100mbit upstream links.
Geek in me wanted to investigate further. One thing I found out....
PFSense runs on Unix. NOT linux. I have nothing against Linux. But in my 20+ years IT experience, Unix is still the OS of choice for processing-intensive applications running on limited hardware. No wonder even Apple selected a flavor of BSD for their OSX platform.
Very well said Saintluci. :)
ReplyDelete@Saintluci
ReplyDeleteIt's not a matter of Unix vs Linux. Untangle is written in Java. That's the slowdown.
Hi,
ReplyDeleteis it possible that the pfsense can be used a server software i mean a stand alone software for a server capacity?
Pfsense and dyndns is my prefered route
ReplyDeleteHi, The basic thing Untangle is not free , but pfsense is free.
ReplyDeleteSquidblacklist.org is the worlds leading publisher of native acl blacklists tailored specifically for Squid proxy, and alternative formats for all major third party plugins as well as many other filtering platforms. Including SquidGuard, DansGuardian, and ufDBGuard, as well as pfSense and more. Our adult blacklist contains over 1.1 million domains, we have unique blacklists that you will not find any other place.
ReplyDeleteThere is room for better blacklists, we intend to fill that gap.
Signed,
Benjamin E. Nichols
http://www.squidblacklist.org