Networks

General discussion

Gravatar
0 Votes
Locked

PFSense VS Endian VS IPCop -- some thoughts

By Dumphrey ·
I am always poking and looking at firewall distros. I like them. They have potential to make the lives of many people and smaller businesses much more comfortable. The trick is finding the release for you and your environment.
IPCop, my old stand by. Its easy to install, works well, and can be "extended" to do dern near anything. Pros: nice web interface, and port forwarding a simple process. Very nice traffic/cpu graphing. Drawbacks: the "extending" is not always easy, and can break the system or ruin its stability. Traffic shaping and firewall rules are port based only.
Endian firewall. Looks to me to be a refined IPCop. Easy install, nice web interface. Pros: smooth package, full feature out of the box. AV, snort, squid proxy... no real need to "extend". CONS: Minimal traffic shaping and port based only.
PFSense: Wow, im impressed. A bit more technical install then the others, but worth it. Nice web interface, nice terminal menu. Pros: The terminal menu (at first I saw this as a minus until I caught on to the disable gui enable ssh over serial) the pftop is nice, a constant "top" of net usage. The traffic shaping is massive, and protocol aware. They added a routine to figure which of the many cards on the back of a box is wan/lan/opt based on noticing the interface coming up as you plug them in, one by one.
Cons: The install was more technical, not exactly plug and play, but still should be well in grasp of any technically inclined (defaults work well). Default "extra" packages are a very small selection (though well chosen and they work). No auto update feature. You have to manually update based on "firmware" downloads.
Overall, my recommendations have changed from IPCop, to PFsense followed by Endian. Ther is a new IPCop out that may rival the Endian, but somehow I doubt will rival PFSense and its amazing qos/shaping.
What firewall distro have you all used, and do any of you use them in a production environment? home environment?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

The firewall distributions i have tested

by davidhaman In reply to PFSense VS Endian VS IPCo ...

I have installed , and configured the following
M0n0wall
Endian
Ipcop
Smoothwall
Untangle
Pfsense
Astaro

Overall i have stuck with Astaro over the past few months , It is a VERY polished product, granted i have it installed on a 3Ghz 3GB Ram system, the features it includes are great, Very granular control of IPS, NAT rules, packet filter rules, nice easy to setup Open Vpn, content filter, spam filter for my home mail server the reporting features are the best in class that I have ever seen . The negatives and this is the only one i have found. The home license only grants 10 Ips that's it. If you want to upgrade the next option is the 25 user license at 695 dollars. Needless to say this box has been a great project to work on.

I also really like Pfsense, it can run on much lesser powered hardware than Astaro , but due to the fact that Astaro is a full featured UTM product.
The pros are the web interface is very nice, the throughput is awesome, i have this installed on a Msi axis pc 1Ghz cpu, and 1GB ram small form factor machine with onboard nic, and a Intel dual port server nic for the lan and opt interface.s The cons are that unlike AStaro and even Untangle create the Open Vpn config and the executable. In Pfsense you are forced to configure Open Vpn the old fashioned way, nothing hard to do though. I wish it had some of the UTM features that Astaro had but then again i wouldn't be able to run this on my current hardware. I have easily created the equivalent of a 1000 dollar firewall for much less. Why would anyone ever buy a firewall again..ha ha that's just my take.
I really enjoy building my own network protection devices.

I like the others such as smoothwall, and endian etc but have had issues with buggy web interfaces and dropped connections.
My Astaro setup has been running for 120 days straight and Pfsense close to 1 year

Back to Networks Forum

Start or search

Related Discussions

Related Forums