pfSense alternatives and competitors

We are an authorized partner of Untangle, and we primarily work with small businesses that have limited needs. We have deployed Untangle NG Firewall z4 Plus to the majority of our clients. With simple hardware and a monthly service fee, it's very affordable for our clients. 

The software versioning is 16.5. We have deployed them primarily on-premises. We have a couple virtualized and on ESXi servers, and that's pretty much it. They're fully managed from our cloud database directly on untangle.com/cmd.

Its ease of use, variety of available features, and low pricing have enabled us to improve the security for a lot of our very small business clients at a price that they are happy to pay for. The big thing for us is that we're providing a good quality security service to them without spending thousands of dollars per year on hardware and licensing, which we would spend with something like SonicWall, Palo Alto, etc.

It is very easy to use. The user interface is very straightforward. It may not be as fancy as some of the ones I've seen, but it's very straightforward. It's very easy to find what you need, and it's very easy to get things done.

The majority of our clients are very small businesses, and Untangle devices have been fantastic for these small clients. We've basically standardized our stack to just simply use Untangle. We include the hardware and the service option, which makes it very easy and affordable for us to just simply push that into the monthly per-user costing that we provide as a managed services provider. It's really a no-brainer. They're easy to use, and they're easy to set up and configure. Support is generally good about resolving any issues that we have. We haven't had any real complaints.

I've heard other people saying that other firewalls have better detection rates, so better security. If they can improve the security of the device, I'm always for that, but at the moment, we've been happy with the service that we're getting out of them. 

It does have multi-factor authentication in some areas, but I would love to see a more widely implemented version of that on the devices themselves. 

It could use some improvement for Azure Active Directory Connections. It does exist, and it is available, but it needs work to be able to fully authenticate.

I know there are some advanced features that other firewalls have that aren't present in Untangle, but we've never noticed any feature that we need but isn't there. 

I also know a lot of people have complained about the cost per device because they license by device counts. So, once you get over a certain number of devices, it is not really a cost-effective solution.

We have been using this solution for the past three years.

We have had one device go down in three years. I've never been certain if that was an issue with Untangle themselves or with the client location. I know for a fact that the client did unplug the device repeatedly because they did not want to listen to their tech support. They unplugged it repeatedly. They left it disconnected from the internet completely for several months. It was disconnected and turned off, and it came to a point where we were never able to remotely restore that connection. So, we had to go in and physically factory reset the device. That's the only issue that I've had in terms of stability, but I don't know if that's an issue with Untangle or an issue with the client themselves. We dropped that client shortly after.

It is easy to scale. I ordered 10 of them in bulk just a month ago. We have about a hundred clients. 

We pretty much standardized it across our client base. We also provide some email services, Microsoft 365, and tech support to people who literally just work from their laptop from a Starbucks. They are the only clients who aren't using it. Any of our clients that have an office or home office have Untangle Firewall. We serve a lot of residential customers, and we've stuck the unlicensed version of the Untangle Firewall on their network. We manage those, and it's been great for the most part. The only way we would really increase that in our client base is by just increasing our client base.

I would really like phone support for emergencies. I'm not sure if there is one. I don't think I've ever had to actually utilize it if there was. Having a direct line of contact or support, especially being a partner, would definitely be an improvement, but their tech support has been able to resolve every issue that we've had with them.

Originally, we tested Untangle many years ago, but it wasn't a fantastic solution then. So, we didn't really utilize it and always stuck with pfSense, but over the past three years, we've been using, almost exclusively, Untangle devices for our clients.

Our clients were using a variety of solutions. They have been utilizing SonicWall. We have replaced a couple of WatchGuard firewalls. We've had people with pfSense, and we've had people with Cisco Meraki. We've seen most of the firewalls in the business, and I like Untangle.

It was straightforward. You can basically set up a demo device with the settings that you want, take the config file, and export those configs and policies to any new device you deploy. So, the initial setup is not that complex. It is very simple and straightforward because the user interface is very simple and straight. 

When you get to whatever you like and how you want to configure it, you just save it as a policy set, save the config file, and deploy it within minutes. We order the device, get the serial number, apply the serial number to our portal, and then apply the policies, and we're done.

One person can handle the deployment. As a matter of fact, the end-user can handle the deployment, as long as the tech just tells them where to plug it in. The end-user doesn't need to do anything. As soon as it's connected to the internet, as long as it's plugged into the right place on the network, the deployment takes minutes, and we manage them all from the command center.

I'm not a financial type of person, but I can say that configuring a pfSense firewall is a couple of hours per location, and managing other firewall solutions is definitely more costly and time-consuming from what I've seen previously. We've definitely saved time in deployment, and we have also saved time in management. We save time and money in a variety of ways. So, we have definitely seen an increase in ROI. In addition, the fact that we're able to just simply include it in our monthly costs for what we charge our clients makes it all the better.

Untangle is open-source software. So, you can get it for free. That has been a benefit, especially for the residential users because it is free. The license costs start at $25 a month for some additional features, including higher tiers of security intrusion prevention. The free version comes with intrusion detection, and then the license version has intrusion prevention. It also has some additional things for active directory connectors, etc.

It starts at $25 a month to cover 12 devices. Then it goes up from $25 to $50 a month for 12 to 25 devices. That's where it really doesn't scale out per site. If you have a site that has more than 50 devices on it, then Untangle quickly becomes cost prohibitive in comparison to several other competitors. They have a weird per-device licensing model, whereas most firewall vendors simply tell you that this is how many devices we expect you to cover and this is what your licensing costs. They don't tier it by the device. Firewalls have different costs and different licensing. So, in a way, it is the same, but Untangle is more upfront about it. They tell you that if you have X amount of devices, this is what your licensing cost is, whereas other firewall vendors tell you that if you're covering this amount of devices, you need this type of firewall that they make, and it's going to cost you this amount a month, which is going to be more, but the price comparison is definitely not favorable for Untangle once you go over 50 devices.

There is an additional cost of the hardware, which you can purchase upfront. You can pay for hardware as a service, or you can deploy it to your own hardware at no additional charge. We can deploy this for free, completely and utterly free and clear, just by simply running a VM and installing the free version of the software on it. So, there are literally no costs to it. The additional costs are basically just completely optional, except in the cases of industries where certain of these other security features are a requirement, but the only costs that you have to pay are the licensing costs. You can choose not to buy their hardware at all and just deploy it in a VM.

We evaluated pfSense, WatchGuard, and Sophos, and ultimately went with Untangle.

I would definitely advise going for z4 Plus. The base z4 is good if you're going with the free licensing. It is a little bit lower powered. So, it's only good for the free tier licensing or very small offices with only a couple of devices. z4 Plus has been fantastic. We can turn on every feature that Untangle has, and it runs right along for months at a time.

I would rate it a solid nine out of ten. It has been fantastic for the uses that we put it to, which are primarily small clients. It does its job, and it does it well. I've had almost no issues in the past three years of running them except for one, and I'm pretty sure it was the client that caused the issue.

In some cases SonicWall is used to outfit a company, replacing existing infrastructure and getting site-to-site VPN set up for easier management. It provides ease of use for VPN setups. We are customers of SonicWall and I'm a senior system analyst. 

The solution offers the right amount of control without being incredibly convoluted and frustrating, or without being too dumbed down where you don't have options to do certain things. It's very to the point with the controls and simplifies things for us. It's great value for money. 

The solution has a lot of robust options and it's easy to use. NSM is a good feature, a single pane of glass security center where you can monitor SonicWall for different clients and troubleshoot without it requiring individual access. The product has good integration with their SMA solution, which we deployed for one of our financial firms, and we've also provided a remote access solution for people with PCs at home who want secure access. It offers good content filtering.

I would probably say their GSM or their Sonic Analyzer could be improved. I have always found it difficult to manage and not very intuitive. I'd like to have better visibility of what each endpoint is doing. That's something Meraki has that is very easy to use.

I've been using this solution for over seven years. 

The solution is stable. We're an MSP, so if our clients have any dated hardware, we'll make a plan to switch to SonicWall, otherwise there can be issues with the internet or configuration where we can't get in and troubleshoot. We need to know we can get into the firewalls and make sure that they're online, as opposed to having to schedule someone to come in and deal with the basic physical connections or troubleshoot.

The scalability is very good because if you know how to work the base model, the old solution or the TZ 105, all the way up to the NSAs, they just scale up in terms of features and functionality and you don't change a whole lot. They have good terminology that sticks throughout, so if you work with one, you can work with them all. It means upgrading and scaling is very easy. We manage about 1300 users or so across about 100 different clients. For the most part, maybe 80% of them are on SonicWall, and we try to push that just because it makes our lives a lot easier.

We don't use the technical support very often, but the last call I had with them, everything was resolved within the hour. I spent more time on hold than I did with the person. It was 15 minutes on hold, for 10 minutes to resolve the issue. Otherwise, it's great. 

The initial setup was very straightforward. Deployment time depends on the client but if we're starting from scratch, you can have it updated and deployed within an afternoon without issue. We have our own techs with experience who can get things set up to the best of our ability. Implementation takes one person who knows what they're doing, but we have a team that can help out and troubleshoot if we run into issues. 

I'm not sure of licensing costs, but the price point isn't bad. In addition, you need to buy the hardware. There is also a standard support license, and they offer an advanced security gateway with other intrusion detection, prevention, content filtering, etc. There are some additional options we usually go with, but things like content filtering are hit and miss, and depend on what the client wants.

I've tried Meraki, but their price points are ridiculous and feature functionality is somewhat lacking. After Dell sold SonicWall, things improved a lot, and they've come a long way. There were some things about Meraki that I liked such as endpoint visibility. You can see the list of connected devices and apply a policy. You can get very low network so that bandwidth is not eaten up if someone is watching Netflix all day but they can still receive emails. Those kinds of things are what's missing in SonicWall. I've never been able to do something like that easily on the firewall side. Unfortunately, the cost of Meraki is really prohibitive. We tried a few other solutions and they just didn't pan out. If you want a good firewall, you have to pay thousands of dollars for what SonicWall does in a way that's easier to manage.

I would recommend trying the product, it's not too difficult, whether it's the setup or the cost. If you're looking for a really low-cost solution, you'll probably end up using something like pfSense which doesn't really compare to SonicWall. There are probably better solutions out there, but there are things that SonicWall does better, it just depends on your budget.

I rate the solution eight out of 10. 

I'm using OPNsense as an open VPN and a firewall to control the traffic.

OPNsense improved my organization in terms of controlling the bandwidth. Limiting the bandwidth is the primary purpose of the solution in the organization.

What I like best about OPNsense is that, as a firewall, it's pretty good. I'm quite impressed with it.

I had an excellent experience with OPNsense, which helped me achieve the targets I wanted.

An area for improvement in OPNsense is the hardware, which needs to be updated more frequently.

An additional feature I want to see in OPNsense is a transparent proxy.

DNS blocking is another good feature I want to be added to the solution, as that helps make processes faster.

pfSense has a peer-blocking feature that I also want to see in OPNsense.

I've been using OPNsense for more than one year.

OPNsense is a stable solution. Stability-wise, it's seven out of ten.

OPNsense is a scalable solution, and I find it very good, but it still depends on your requirement and what you want to achieve from OPNsense.

I didn't use OPNsense technical support because I resolved any issues myself.

I used pfSense before using OPNsense, and OPNsense covered most of my environment's needs. My organization uses only one firewall, and that's OPNsense.

Setting up OPNsense was easy for me. Even if you don't have experience, there is so much data available that you can follow so that the setup can be done easily.

The initial setup for OPNsense is an eight out of ten, especially if you know what you want to do and achieve from the solution. You also must try blocking methods based on what and how you want to block.

It took me two weeks to implement OPNsense completely. I set up the network and made a lab before using OPNsense in a production environment.

We implemented OPNsense in-house.

I'm using the free version of OPNsense. I didn't check the pricing for the solution because I still need to test it before getting the approval to purchase OPNsense, and it isn't easy to get approval from the higher-ups.

I'm using two products, OPNsense and pfSense.

I upgraded to the latest version of OPNsense.

My organization is planning to move OPNsense to the cloud, in particular, hybrid cloud, but right now, it's deployed on-premises. Cloud deployment will be much more efficient than the current on-premises deployment, but I still need to test it before getting approval from the higher-ups.

Within my organization, fifty people use OPNsense because one department is trying it out. Still, when the solution is fully deployed, there could be from five thousand to six thousand users of OPNsense.

Ten to twelve people help maintain the solution yearly for the whole campus.

I advise anyone who wants to implement OPNsense to look into the suppliers and pick the right one because having the right supplier helps you achieve what you want from the solution.

My rating for OPNsense is eight out of ten.

I am using Cisco ASA 5525 for netting, routing, and site-to-site VPN. We have two sites. I am using Cisco ASA Firewall on one site and Check Point Next-Generation Firewall on another site.

We have integrated it with Cisco Anyconnect. This feature has been very good for us during the lockdown.

Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA.

The biggest advantage of Cisco products is technical support. They provide the best technical support.

Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this.

We have been using this solution for one and a half years.

It is stable and reliable. If you are looking for security from Layer 1 to Layer 4, Cisco ASA is good, but if you are looking for Layer 7 security, deep security, and malware detection, this is not the right product. You have to use some other product.

We have more than 400 employees. We are currently not thinking of increasing its usage because we need more security, and Cisco ASA is not good for Layer 5 to Layer 7 security.

The biggest advantage of a Cisco product is technical support. They provide 24/7 support on 365 days. Their technical support is one of the best. I would rate them a ten out of ten.

Cisco ASA is very not complex. It is a very simple firewall. If you are configuring it through CLI, it is easy. If you configuring it through ASDM, it will be more difficult for a beginner engineer.

It takes around two to three days to cover all the parameters. It is very easy to deploy in an existing network, which is one of the main advantages of Cisco ASA.

We are happy with its price. Licensing is on a yearly basis for technical support. There is one license for technical support. There is another license for IP Version 2 VPN and IPS.

I considered pfSense, but when I checked the reviews, pfSense's reviews were really bad, so we purchased Cisco ASA.

I am very happy with this product in terms of netting, routing, and VPN functionalities. If you are a small organization with around 100 people and you are not thinking of Layer 7 security, deep security, and malware detection, Cisco ASA would be very useful and cost-effective for you.

I would rate Cisco ASA Firewall an eight out of ten.

We are working with VMware and we are using virtual machines for Kerio Control.

The most valuable features of Kerio Control are the IPS and traffic rules. The traffic rules are very user-friendly and the IPS is working well. Additionally, the anti-virus is effective with quick options, such as filtering.

Kerio Control could improve by having higher availability and adding a mobile VPN channel. These additions are needed. The VPN is working fine on the Kerio Control but there needs to be a VPN client on the mobile phones, both for iOS and Android. This would be very good for us.

In a future release, SD-WAN features would be very useful.

I have been using Kerio Control for approximately seven years.

The solution is stable. However, we have had some problems, and we want to receive some updates for the IPS module. Sometimes we have errors downloading the IPS updates.

I have not contacted technical support. When I have an issue I search the internet and solve the problem. When I search Google, I find solutions for my problem.

Previously I was using OPNsense and pfSense. However, Kerio Control is more user-friendly and stable than pfSense and OPNsense.

The deployment of Kerio Control was easy and user-friendly. We have no problems deploying the Kerio Control, Kerio Portal, and Kerio Connect for our customers.

I am living in Iran and we cannot buy the product from Kerio because of sanctions.

I rate Kerio Control an eight out of ten.