19 May Firewall Comparison
Firewall Comparison
pfSense vs Untangle vs Ubiquiti
pfSense, Untangle and Ubiquiti firewalls are among the most popular firewall used by SMEs and Enterprises. The table below should help understand the technical and commercial reasons why one solution may be chosen over the other.
Comparison Table
| Features | Netgate / pfSense | Untangle | USG/USG-Pro | UDM/UDM Pro | EdgeRouter |
| Can Run on Your Own Hardware | Yes | Yes | No | No | No |
| Operating System | FreeBSD | Linux | EdgeOS / UniFi SDN | UbiOs Linux / UniFi SDN | EdgeOS / UNMS |
Centralized Management | no | Yes | Yes | Yes | Yes |
| OpenVPN | Yes | Yes | Yes (very basic) | Yes (very basic) | Yes (via command line) |
| IPsec | Yes | Yes (paid) | Yes | Yes | Yes |
| L2TP VPN | Yes | Yes (paid) | Yes | Yes | Yes (via command line) |
| Wireguard | Coming in 2.6 | Yes (paid) | no | no | no |
| Policy Routing | Yes | Yes (paid) | Yes (via command line) | No | Yes (via command line) |
| IDS/IPS | Suricata or Snort | Yes | Yes | Yes | no |
| DNS Filtering | pfblocker | Yes | no | no | no |
| GeoIP Filtering | pfblocker | Yes | Beta Feature | Beta Feature | no |
Web Filter / SSL inspection | squid | Yes (paid) | no | very basic DPI / NO SSL | no |
| QoS / Traffic Shaping | advanced | advanced | basic on or off | basic on or off | Yes (via command line) |
| WAN Failover | Yes | Yes (paid) | Yes | UDM Pro | Yes |
Multi WAN Load Balancing | Yes | Yes (paid) | Yes (basic) | No | Yes (via command line) |
Active Directory Intergration | Yes | Yes (paid) | No | No | No |
| Captive Portal | Yes | Yes | Yes via SDN Controller | Yes via SDN Controller | No |
Let's Encrypt Certificates | Yes | No | No | No | No |
| HA Proxy | Yes | No | No | No | No |
Table based on the comparison published by: Lawrence Systems
Quick Review
VPN options (OpenVPN, IPSec and L2TP) are extensive in pfSense and Untangle but rather basic on the Ubiquiti USG, UDM and EdgeRouters. Ubiquiti have some known interoperability issue with VPN from other vendors. Untangle requires additional fees to enable some of the VPN options.
Policy routing is only truly available in pfSense and Untangle although it is possible to configure some level of policy routing on Ubiquiti USG and EdgeRouters via command line.
IDS/IPS is very advanced in pfSense and Untangle with slightly different way to fine-tune the configuration. Ubiquiti only have basic on/off switch with no way to granularly control how threats are dealt with in the background.
Filtering is where Untangle really shine. Web Filtering as well as DNS and GeoIP are easily configurable and manageable on Untangle compared to pfSense. These feature are almost completely absent in the Ubiquiti USG and Edge Routers.
WAN failover and Load balancing are extensive on both pfSense and Untangle but they are a paid feature with Untangle.
Conclusions
Overall, pfSense is the most complete solution in terms of features included even though it currently lack of a centralised management interface.
The Ubiquiti firewall offering is often appealing being well integrated within the Ubiquiti dashboard and it is often a solution of choice when only basic firewall functionalities are required. Untangle is often chosen when filtering is a key requirement for the design of a security solution.
