After all my blogging about the wonders of pfSense, you’d think I’d stick with it…but I didn’t. Both my firewall and my mom’s have been moved to Untangle, and I regret neither. Now, don’t get me wrong – pfSense is still an EXCELLENT firewall that I thoroughly recommend for a number of reasons, which I’ll get to in a minute. However, Untangle works much better for my needs.
pfSense, pros:
- much more lightweight
- ’embedded’ version runs off USB flash drive.
- faster startup time.
- faster, more simplistic UI.
- deals with multiple static IPs better.
- actually taxing the CPU and RAM is a bit of a project.
- great SIP support; generates OpenVPN files for Yealink VoIP phones directly.
- BSD-based (generally considered a better router distribution than Linux due to better TCP/IP performance).
- firewall rules and NAT translation can be “Linksys simple” or “Sonicwall complicated”, depending on what you need.
- the only paid things are support and “supporter” subscription; all functions included regardless.
pfSense, cons:
- UI can be a bit confusing.
- plug-ins are inconsistent with their operation and UI.
- ad-blocking is a pain, and requires manual updates.
- adding multiple physical interfaces to the same LAN segment is handled by NAT rules.
- I wasn’t able to get Squid to do much good with transparent caching.
Untangle, pros:
- beautiful, intuitive user interface.
- very simple ability to assign network interfaces to LAN segments; changing them is a drop-down.
- great reporting features.
- the free modules are excellent:
- ad blocking is great, and auto updates.
- single simplest OpenVPN implementation I’ve ever seen (for desktops and laptops, anyway).
- even the free virus scanning and spam options are quite functional.
Untangle, cons:
- paid plugins aren’t clearly labeled until you try to install them.
- …also, there are paid plugins. While the home version is pretty cheap ($54/year for everything), it gets pretty expensive, pretty quick if you aren’t a ‘home user’.
- the free web filter picks the ‘wrong’ categories, in my opinion – filtering porn and gambling is free, but malware and torrent filtering is paid??
- the network configuration area could be organized a bit better.
- significantly longer startup than pfSense, and requires hard drive.
- in my particular circumstance, Untangle will only boot in ‘safe hardware’ mode. I’ve had no issues with it, but an Optiplex 755 is pretty standard hardware.
- distro relies exclusively on NAT for firewalling by default, though to be fair, the firewall plugin is free.
- no geo-ip blocking capabilities (beyond making firewall rules out of IP blocks).
So, there you have it. two great distros.
