Goodbye pfSense, hello Untangle

After all my blogging about the wonders of pfSense, you’d think I’d stick with it…but I didn’t. Both my firewall and my mom’s have been moved to Untangle, and I regret neither. Now, don’t get me wrong – pfSense is still an EXCELLENT firewall that I thoroughly recommend for a number of reasons, which I’ll get to in a minute. However, Untangle works much better for my needs.

pfSense, pros:

  • much more lightweight
    • ’embedded’ version runs off USB flash drive.
    • faster startup time.
  • faster, more┬ásimplistic UI.
  • deals with multiple static IPs better.
  • actually taxing the CPU and RAM is a bit of a project.
  • great SIP support; generates OpenVPN files for Yealink VoIP phones directly.
  • BSD-based (generally considered a better router distribution than Linux due to better TCP/IP performance).
  • firewall rules and NAT translation can be “Linksys simple” or “Sonicwall complicated”, depending on what you need.
  • the only paid things are support and “supporter” subscription; all functions included regardless.

pfSense, cons:

  • UI can be a bit confusing.
  • plug-ins are inconsistent with their operation and UI.
  • ad-blocking is a pain, and requires manual updates.
  • adding multiple physical interfaces to the same LAN segment is handled by NAT rules.
  • I wasn’t able to get Squid to do much good with transparent caching.

Untangle, pros:

  • beautiful, intuitive user interface.
  • very simple ability to assign network interfaces to LAN segments; changing them is a drop-down.
  • great reporting features.
  • the free modules are excellent:
    • ad blocking is great, and auto updates.
    • single simplest OpenVPN implementation I’ve ever seen (for desktops and laptops, anyway).
    • even the free virus scanning and spam options are quite functional.

Untangle, cons:

  • paid plugins aren’t clearly labeled until you try to install them.
  • …also, there are paid plugins. While the home version is pretty cheap ($54/year for everything), it gets pretty expensive, pretty quick if you aren’t a ‘home user’.
  • the free web filter picks the ‘wrong’ categories, in my opinion – filtering porn and gambling is free, but malware and torrent filtering is paid??
  • the network configuration area could be organized a bit better.
  • significantly longer startup than pfSense, and requires hard drive.
  • in my particular circumstance, Untangle will only boot in ‘safe hardware’ mode. I’ve had no issues with it, but an Optiplex 755 is pretty standard hardware.
  • distro relies exclusively on NAT for firewalling by default, though to be fair, the firewall plugin is free.
  • no geo-ip blocking capabilities (beyond making firewall rules out of IP blocks).


So, there you have it. two great distros.

x  Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
Shield Security