IT Central Station is now PeerSpot: Here's why
Buyer's Guide
Firewalls
July 2022
Get our free report covering OPNsense, Fortinet, Sophos, and other competitors of pfSense. Updated: July 2022.
620,600 professionals have used our research since 2012.

Read reviews of pfSense alternatives and competitors

Josh Evans - PeerSpot reviewer
CEO at DragonTech IT Services, Inc
Real User
Top 20
Its simplicity, variety of features, and low pricing have enabled us to improve the security for our small business clients at a price that they are happy to pay for
Pros and Cons
  • "The majority of our clients are very small businesses, and Untangle devices have been fantastic for these small clients. We've basically standardized our stack to just simply use Untangle. We include the hardware and the service option, which makes it very easy and affordable for us to just simply push that into the monthly per-user costing that we provide as a managed services provider. It's really a no-brainer. They're easy to use, and they're easy to set up and configure. Support is generally good about resolving any issues that we have. We haven't had any real complaints."
  • "It does have multi-factor authentication in some areas, but I would love to see a more widely implemented version of that on the devices themselves."

What is our primary use case?

We are an authorized partner of Untangle, and we primarily work with small businesses that have limited needs. We have deployed Untangle NG Firewall z4 Plus to the majority of our clients. With simple hardware and a monthly service fee, it's very affordable for our clients. 

The software versioning is 16.5. We have deployed them primarily on-premises. We have a couple virtualized and on ESXi servers, and that's pretty much it. They're fully managed from our cloud database directly on untangle.com/cmd.

How has it helped my organization?

Its ease of use, variety of available features, and low pricing have enabled us to improve the security for a lot of our very small business clients at a price that they are happy to pay for. The big thing for us is that we're providing a good quality security service to them without spending thousands of dollars per year on hardware and licensing, which we would spend with something like SonicWall, Palo Alto, etc.

What is most valuable?

It is very easy to use. The user interface is very straightforward. It may not be as fancy as some of the ones I've seen, but it's very straightforward. It's very easy to find what you need, and it's very easy to get things done.

The majority of our clients are very small businesses, and Untangle devices have been fantastic for these small clients. We've basically standardized our stack to just simply use Untangle. We include the hardware and the service option, which makes it very easy and affordable for us to just simply push that into the monthly per-user costing that we provide as a managed services provider. It's really a no-brainer. They're easy to use, and they're easy to set up and configure. Support is generally good about resolving any issues that we have. We haven't had any real complaints.

What needs improvement?

I've heard other people saying that other firewalls have better detection rates, so better security. If they can improve the security of the device, I'm always for that, but at the moment, we've been happy with the service that we're getting out of them. 

It does have multi-factor authentication in some areas, but I would love to see a more widely implemented version of that on the devices themselves. 

It could use some improvement for Azure Active Directory Connections. It does exist, and it is available, but it needs work to be able to fully authenticate.

I know there are some advanced features that other firewalls have that aren't present in Untangle, but we've never noticed any feature that we need but isn't there. 

I also know a lot of people have complained about the cost per device because they license by device counts. So, once you get over a certain number of devices, it is not really a cost-effective solution.

For how long have I used the solution?

We have been using this solution for the past three years.

What do I think about the stability of the solution?

We have had one device go down in three years. I've never been certain if that was an issue with Untangle themselves or with the client location. I know for a fact that the client did unplug the device repeatedly because they did not want to listen to their tech support. They unplugged it repeatedly. They left it disconnected from the internet completely for several months. It was disconnected and turned off, and it came to a point where we were never able to remotely restore that connection. So, we had to go in and physically factory reset the device. That's the only issue that I've had in terms of stability, but I don't know if that's an issue with Untangle or an issue with the client themselves. We dropped that client shortly after.

What do I think about the scalability of the solution?

It is easy to scale. I ordered 10 of them in bulk just a month ago. We have about a hundred clients. 

We pretty much standardized it across our client base. We also provide some email services, Microsoft 365, and tech support to people who literally just work from their laptop from a Starbucks. They are the only clients who aren't using it. Any of our clients that have an office or home office have Untangle Firewall. We serve a lot of residential customers, and we've stuck the unlicensed version of the Untangle Firewall on their network. We manage those, and it's been great for the most part. The only way we would really increase that in our client base is by just increasing our client base.

How are customer service and support?

I would really like phone support for emergencies. I'm not sure if there is one. I don't think I've ever had to actually utilize it if there was. Having a direct line of contact or support, especially being a partner, would definitely be an improvement, but their tech support has been able to resolve every issue that we've had with them.

Which solution did I use previously and why did I switch?

Originally, we tested Untangle many years ago, but it wasn't a fantastic solution then. So, we didn't really utilize it and always stuck with pfSense, but over the past three years, we've been using, almost exclusively, Untangle devices for our clients.

Our clients were using a variety of solutions. They have been utilizing SonicWall. We have replaced a couple of WatchGuard firewalls. We've had people with pfSense, and we've had people with Cisco Meraki. We've seen most of the firewalls in the business, and I like Untangle.

How was the initial setup?

It was straightforward. You can basically set up a demo device with the settings that you want, take the config file, and export those configs and policies to any new device you deploy. So, the initial setup is not that complex. It is very simple and straightforward because the user interface is very simple and straight. 

When you get to whatever you like and how you want to configure it, you just save it as a policy set, save the config file, and deploy it within minutes. We order the device, get the serial number, apply the serial number to our portal, and then apply the policies, and we're done.

One person can handle the deployment. As a matter of fact, the end-user can handle the deployment, as long as the tech just tells them where to plug it in. The end-user doesn't need to do anything. As soon as it's connected to the internet, as long as it's plugged into the right place on the network, the deployment takes minutes, and we manage them all from the command center.

What was our ROI?

I'm not a financial type of person, but I can say that configuring a pfSense firewall is a couple of hours per location, and managing other firewall solutions is definitely more costly and time-consuming from what I've seen previously. We've definitely saved time in deployment, and we have also saved time in management. We save time and money in a variety of ways. So, we have definitely seen an increase in ROI. In addition, the fact that we're able to just simply include it in our monthly costs for what we charge our clients makes it all the better.

What's my experience with pricing, setup cost, and licensing?

Untangle is open-source software. So, you can get it for free. That has been a benefit, especially for the residential users because it is free. The license costs start at $25 a month for some additional features, including higher tiers of security intrusion prevention. The free version comes with intrusion detection, and then the license version has intrusion prevention. It also has some additional things for active directory connectors, etc.

It starts at $25 a month to cover 12 devices. Then it goes up from $25 to $50 a month for 12 to 25 devices. That's where it really doesn't scale out per site. If you have a site that has more than 50 devices on it, then Untangle quickly becomes cost prohibitive in comparison to several other competitors. They have a weird per-device licensing model, whereas most firewall vendors simply tell you that this is how many devices we expect you to cover and this is what your licensing costs. They don't tier it by the device. Firewalls have different costs and different licensing. So, in a way, it is the same, but Untangle is more upfront about it. They tell you that if you have X amount of devices, this is what your licensing cost is, whereas other firewall vendors tell you that if you're covering this amount of devices, you need this type of firewall that they make, and it's going to cost you this amount a month, which is going to be more, but the price comparison is definitely not favorable for Untangle once you go over 50 devices.

There is an additional cost of the hardware, which you can purchase upfront. You can pay for hardware as a service, or you can deploy it to your own hardware at no additional charge. We can deploy this for free, completely and utterly free and clear, just by simply running a VM and installing the free version of the software on it. So, there are literally no costs to it. The additional costs are basically just completely optional, except in the cases of industries where certain of these other security features are a requirement, but the only costs that you have to pay are the licensing costs. You can choose not to buy their hardware at all and just deploy it in a VM.

Which other solutions did I evaluate?

We evaluated pfSense, WatchGuard, and Sophos, and ultimately went with Untangle.

What other advice do I have?

I would definitely advise going for z4 Plus. The base z4 is good if you're going with the free licensing. It is a little bit lower powered. So, it's only good for the free tier licensing or very small offices with only a couple of devices. z4 Plus has been fantastic. We can turn on every feature that Untangle has, and it runs right along for months at a time.

I would rate it a solid nine out of ten. It has been fantastic for the uses that we put it to, which are primarily small clients. It does its job, and it does it well. I've had almost no issues in the past three years of running them except for one, and I'm pretty sure it was the client that caused the issue.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Flag as inappropriate
Eric Barba - PeerSpot reviewer
Senior Systems Analyst at a construction company with 1,001-5,000 employees
Real User
Top 10
Offers the right amount of control very simply; great integration and ease of management
Pros and Cons
  • "Offers the right amount of control without being incredibly convoluted and frustrating."
  • "Sonic Analyzer could be improved. It's difficult to manage and not very intuitive."

What is our primary use case?

In some cases SonicWall is used to outfit a company, replacing existing infrastructure and getting site-to-site VPN set up for easier management. It provides ease of use for VPN setups. We are customers of SonicWall and I'm a senior system analyst. 

How has it helped my organization?

The solution offers the right amount of control without being incredibly convoluted and frustrating, or without being too dumbed down where you don't have options to do certain things. It's very to the point with the controls and simplifies things for us. It's great value for money. 

What is most valuable?

The solution has a lot of robust options and it's easy to use. NSM is a good feature, a single pane of glass security center where you can monitor SonicWall for different clients and troubleshoot without it requiring individual access. The product has good integration with their SMA solution, which we deployed for one of our financial firms, and we've also provided a remote access solution for people with PCs at home who want secure access. It offers good content filtering.

What needs improvement?

I would probably say their GSM or their Sonic Analyzer could be improved. I have always found it difficult to manage and not very intuitive. I'd like to have better visibility of what each endpoint is doing. That's something Meraki has that is very easy to use.

For how long have I used the solution?

I've been using this solution for over seven years. 

What do I think about the stability of the solution?

The solution is stable. We're an MSP, so if our clients have any dated hardware, we'll make a plan to switch to SonicWall, otherwise there can be issues with the internet or configuration where we can't get in and troubleshoot. We need to know we can get into the firewalls and make sure that they're online, as opposed to having to schedule someone to come in and deal with the basic physical connections or troubleshoot.

What do I think about the scalability of the solution?

The scalability is very good because if you know how to work the base model, the old solution or the TZ 105, all the way up to the NSAs, they just scale up in terms of features and functionality and you don't change a whole lot. They have good terminology that sticks throughout, so if you work with one, you can work with them all. It means upgrading and scaling is very easy. We manage about 1300 users or so across about 100 different clients. For the most part, maybe 80% of them are on SonicWall, and we try to push that just because it makes our lives a lot easier.

How are customer service and support?

We don't use the technical support very often, but the last call I had with them, everything was resolved within the hour. I spent more time on hold than I did with the person. It was 15 minutes on hold, for 10 minutes to resolve the issue. Otherwise, it's great. 

How was the initial setup?

The initial setup was very straightforward. Deployment time depends on the client but if we're starting from scratch, you can have it updated and deployed within an afternoon without issue. We have our own techs with experience who can get things set up to the best of our ability. Implementation takes one person who knows what they're doing, but we have a team that can help out and troubleshoot if we run into issues. 

What's my experience with pricing, setup cost, and licensing?

I'm not sure of licensing costs, but the price point isn't bad. In addition, you need to buy the hardware. There is also a standard support license, and they offer an advanced security gateway with other intrusion detection, prevention, content filtering, etc. There are some additional options we usually go with, but things like content filtering are hit and miss, and depend on what the client wants.

Which other solutions did I evaluate?

I've tried Meraki, but their price points are ridiculous and feature functionality is somewhat lacking. After Dell sold SonicWall, things improved a lot, and they've come a long way. There were some things about Meraki that I liked such as endpoint visibility. You can see the list of connected devices and apply a policy. You can get very low network so that bandwidth is not eaten up if someone is watching Netflix all day but they can still receive emails. Those kinds of things are what's missing in SonicWall. I've never been able to do something like that easily on the firewall side. Unfortunately, the cost of Meraki is really prohibitive. We tried a few other solutions and they just didn't pan out. If you want a good firewall, you have to pay thousands of dollars for what SonicWall does in a way that's easier to manage.

What other advice do I have?

I would recommend trying the product, it's not too difficult, whether it's the setup or the cost. If you're looking for a really low-cost solution, you'll probably end up using something like pfSense which doesn't really compare to SonicWall. There are probably better solutions out there, but there are things that SonicWall does better, it just depends on your budget.

I rate the solution eight out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Owner and business consultant at networks srl
Real User
Top 5
It allows me to assess our network traffic and has the best user interface
Pros and Cons
  • "The VPN server feature is the most valuable. It is integrated with Radius and AAA for doing accounting and authentication. Insight view is also an important feature for me at this time. It allows me to assess our network traffic. I also like the firewall feature. The BSD kernel has a packet filter. It is one of the most solid frameworks for firewalls. Its user interface is one of the best interfaces I have used."
  • "The only thing that I would like to see improved is the Insight or the NetFlow analysis part. It would be good to have the possibility to dig down on the Insight platform. Right now, we can easily do only a few analyses. If this page becomes more powerful, it surely will be a well-adopted platform."

What is our primary use case?

It is the main firewall for one of our locations. We use it for intrusion detection and prevention. We are using the latest software version, but the hardware is not the latest.

What is most valuable?

The VPN server feature is the most valuable. It is integrated with Radius and AAA for doing accounting and authentication.

Insight view is also an important feature for me at this time. It allows me to assess our network traffic. I also like the firewall feature. The BSD kernel has a packet filter. It is one of the most solid frameworks for firewalls.

Its user interface is one of the best interfaces I have used. 

What needs improvement?

The only thing that I would like to see improved is the Insight or the NetFlow analysis part. It would be good to have the possibility to dig down on the Insight platform. Right now, we can easily do only a few analyses. If this page becomes more powerful, it surely will be a well-adopted platform.

For how long have I used the solution?

I started to use OPNsense about three years ago.

What do I think about the stability of the solution?

It is stable, but for us, it is not yet so reliable. Our server is an old DL120 HP Server, which is from the year 2006. We have ordered another appliance. After we receive the new appliance, it would be more stable for us.

What do I think about the scalability of the solution?

It scales well for our needs. I haven't tried any horizontal or vertical scaling so far.

How are customer service and technical support?

I did not need any technical support.

Which solution did I use previously and why did I switch?

I used pfSense two years ago, but I was not so happy with our system protection. I have also previously used Cisco ASA appliance. It was a 5505 model, but it failed because of the hardware issues. It was prone to hardware failure, and in one month, we lost both firewalls. It was also not so easy to see traffic with Cisco ASA. I could not easily identify traffic issues. 

How was the initial setup?

The initial setup was straightforward. I also have experience with BSD services, so I had no issues at all. It took us half an hour to deploy it for 250 users.

What about the implementation team?

We deployed it ourselves. There was no need for a consultant for the deployment. We have two engineers for its deployment and maintenance.

What's my experience with pricing, setup cost, and licensing?

It is not an expensive product. Basically, I deployed it because it was the fastest solution to satisfy our needs in open source.

What other advice do I have?

We plan to continue using this solution. Right now, we are settling our networks. We plan to expand its usage, but I don't think it will happen until 2022.

It has a good user interface. Its configuration is simple but requires a little planning. It is much simpler than the Cisco ASA configuration.

I would recommend this solution. I would rate OPNsense a nine out of ten. I am happy with it.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Pardeep Sharma - PeerSpot reviewer
Network security engineer at a tech services company with 1,001-5,000 employees
Real User
Top 5
A simple and reliable firewall with best support and very good netting, routing, and VPN functionalities
Pros and Cons
  • "Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA. The biggest advantage of Cisco products is technical support. They provide the best technical support."
  • "Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this."

What is our primary use case?

I am using Cisco ASA 5525 for netting, routing, and site-to-site VPN. We have two sites. I am using Cisco ASA Firewall on one site and Check Point Next-Generation Firewall on another site.

How has it helped my organization?

We have integrated it with Cisco Anyconnect. This feature has been very good for us during the lockdown.

What is most valuable?

Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA.

The biggest advantage of Cisco products is technical support. They provide the best technical support.

What needs improvement?

Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this.

For how long have I used the solution?

We have been using this solution for one and a half years.

What do I think about the stability of the solution?

It is stable and reliable. If you are looking for security from Layer 1 to Layer 4, Cisco ASA is good, but if you are looking for Layer 7 security, deep security, and malware detection, this is not the right product. You have to use some other product.

What do I think about the scalability of the solution?

We have more than 400 employees. We are currently not thinking of increasing its usage because we need more security, and Cisco ASA is not good for Layer 5 to Layer 7 security.

How are customer service and technical support?

The biggest advantage of a Cisco product is technical support. They provide 24/7 support on 365 days. Their technical support is one of the best. I would rate them a ten out of ten.

How was the initial setup?

Cisco ASA is very not complex. It is a very simple firewall. If you are configuring it through CLI, it is easy. If you configuring it through ASDM, it will be more difficult for a beginner engineer.

It takes around two to three days to cover all the parameters. It is very easy to deploy in an existing network, which is one of the main advantages of Cisco ASA.

What's my experience with pricing, setup cost, and licensing?

We are happy with its price. Licensing is on a yearly basis for technical support. There is one license for technical support. There is another license for IP Version 2 VPN and IPS.

Which other solutions did I evaluate?

I considered pfSense, but when I checked the reviews, pfSense's reviews were really bad, so we purchased Cisco ASA.

What other advice do I have?

I am very happy with this product in terms of netting, routing, and VPN functionalities. If you are a small organization with around 100 people and you are not thinking of Layer 7 security, deep security, and malware detection, Cisco ASA would be very useful and cost-effective for you.

I would rate Cisco ASA Firewall an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Firewall Engineer at a marketing services firm with 1-10 employees
MSP
Top 5Leaderboard
Scalable solution with a straightforward setup

What is our primary use case?

I use the solution primarily for the VPN connections in local area. In some cases, I use it at universities in order to secure the local network in the university, such as servers and backup devices.

I have also used the solution as a load balancer and the EMS functionality, which I use as a controller for wireless devices.

What needs improvement?

The PPPoE server protocol with a connection to a Radius server is used a lot by ISPs and not so much by the end user. I think it would be great to see this solution with the protocol developed for ISPs.

For how long have I used the solution?

I have been using the solution for more than two or three years.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and technical support?

There are some problems that support cannot give you a logical reason as to why it happened. For example, I had a case where I was dealing with a WhatsApp application that was giving issues. Technical support gave more than one reason it could be giving issues, but none of them solved the problem. Eventually I solved the problem, but it was far from the solutions that support had given.

Which solution did I use previously and why did I switch?

Before choosing Fortigate, I was using Cisco and pfSense.

How was the initial setup?

The initial setup was very easy and straightforward.

The time it takes to setup the solution depends on the case. It may take less than a day or more than two months, it depends on the technology that is being used. For example, a hospital I am working with has 20 switches with two firewalls, but there are issues in the physical place and not in Fortinet. In this case, the environment limits the speed of setup.

What other advice do I have?

I would rate FortiGate a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Firewalls
July 2022
Get our free report covering OPNsense, Fortinet, Sophos, and other competitors of pfSense. Updated: July 2022.
620,600 professionals have used our research since 2012.