A Detailed Comparison of The Latest pfSense and UniFi Firewalls in July 2023

Рет қаралды 85,022

Күн бұрын

lawrence.video/pfsense
lawrence.video/unifi
The Comparison Chart
lawrence.video/firewallreview...
Tailscale pfsense Video
• How to Setup The Tails...
Which VPN to use in pfsense
• Which VPN To Use In pf...
2023 Firewall Features Compared: pfsense | Arista | UniFi | Sophos | Fortinet | Meraki & What We Use
• 2023 Firewall Features...
Magic Site-to-Site VPN feature
community.ui.com/questions/In...
Mactelecom Networks Unifi Magic site to site Video
• Unifi Magic site to site
Connecting With Us
---------------------------------------------------
+ Hire Us For A Project: lawrencesystems.com/hire-us/
+ Tom Twitter 🐦 / tomlawrencetech
+ Our Web Site www.lawrencesystems.com/
+ Our Forums forums.lawrencesystems.com/
+ Instagram / lawrencesystems
+ Facebook / lawrencesystems
+ GitHub github.com/lawrencesystems/
+ Discord / discord
Lawrence Systems Shirts and Swag
---------------------------------------------------
►👕 lawrence.video/swag/
AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store
🛒 www.amazon.com/shop/lawrences...
UniFi Affiliate Link
🛒 store.ui.com?a_aid=LTS
All Of Our Affiliates that help us out and can get you discounts!
🛒 lawrencesystems.com/partners-...
Gear we use on Kit
🛒 kit.co/lawrencesystems
Use OfferCode LTSERVICES to get 10% off your order at
🛒 www.techsupplydirect.com?aff=2
Digital Ocean Offer Code
🛒 m.do.co/c/85de8d181725
HostiFi UniFi Cloud Hosting Service
🛒 hostifi.net/?via=lawrencesystems
Protect you privacy with a VPN from Private Internet Access
🛒 www.privateinternetaccess.com...
Patreon
💰 / lawrencesystems
Time Stamps ⏱️
00:00 pfsense vs UniFi firewall 2023
01:57 Firewall Comparison Chart
02:53 Running on Own Hardware
03:15 Central Management
04:18 Licence Fees & Support
04:58 High Availabilty
05:26 BGP & OSPF
05:37 VLAN support
06:17 OpenVPN & IPSEC
06:44 Wireguard
07:14 UniFi Site to Site Magic
09:48 Tailscale Support
10:39 IDS & IPS Suricata and Snort
11:12 Content Filtering
11:52 DNS Filtering
12:06 Traffic Shaping
12:24 Multiple WAN Support
12:55 Policy Routing
13:10 Reverse Proxy
13:37 Let's Encrypt
13:53 Captive Portal
14:05 Traffic Monitoring and Reporting
#psense #unifi #firewall

Пікірлер: 174

@LAWRENCESYSTEMS Жыл бұрын

lawrence.video/pfsense lawrence.video/unifi Tailscale pfsense Video kzfaq.info/get/bejne/hpOhYJuDm52zgI0.html Which VPN to use in pfsense kzfaq.info/get/bejne/fapzbMR82cvGcYk.html 2023 Firewall Features Compared: pfsense | Arista | UniFi | Sophos | Fortinet | Meraki & What We Use kzfaq.info/get/bejne/ZsiEncyTsb-3f6M.html Magic Site-to-Site VPN feature community.ui.com/questions/Introducing-the-Magic-Site-to-Site-VPN-feature/5caa6244-6cae-472a-ac79-6922c211fe43 Mactelecom Networks Unifi Magic site to site Video kzfaq.info/get/bejne/qJ2Fnqyby5PYgKM.html Time Stamps ⏱ 00:00 ▶ pfsense vs UniFi firewall 2023 01:57 ▶ Firewall Comparison Chart 02:53 ▶ Running on Own Hardware 03:15 ▶ Central Management 04:18 ▶ Licence Fees & Support 04:58 ▶ High Availabilty 05:26 ▶ BGP & OSPF 05:37 ▶ VLAN support 06:17 ▶ OpenVPN & IPSEC 06:44 ▶ Wireguard 07:14 ▶ UniFi Site to Site Magic 09:48 ▶ Tailscale Support 10:39 ▶ IDS & IPS Suricata and Snort 11:12 ▶ Content Filtering 11:52 ▶ DNS Filtering 12:06 ▶ Traffic Shaping 12:24 ▶ Multiple WAN Support 12:55 ▶ Policy Routing 13:10 ▶ Reverse Proxy 13:37 ▶ Let's Encrypt 13:53 ▶ Captive Portal 14:05 ▶ Traffic Monitoring and Reporting

@WAGISDev Жыл бұрын

Did you punch a firewall Tom?

@LAWRENCESYSTEMS Жыл бұрын

The desire has definitely been there from time to time

@sean7949 Жыл бұрын

@@LAWRENCESYSTEMS can confirm... ASA

@kenstoudamire7366 Жыл бұрын

Get well soon Tom..must have been subjected to malicious software that resulted in tissue damage.

@stevenmishos Жыл бұрын

Good update Tom, thanks. A suggested parameter for a future comparison is NAT. UDM doesn't currently allow per-host 1:1 static NAT for outbound traffic -- the best it currently offers to people with multiple WAN IP addresses is the ability to assign an egress IP per network.

@wiebowesterhof Жыл бұрын

When they finally updated the udm pro to the 3.1 branch, things got way better. Load balancing, failover, both with options that actually work, vpn client that works, like minutes to route my firetvs via unlocator vpn to the USA, great stuff. You can do a lot more basic routing now. The case for pfsense has reduced in that context. If you want to use the self hosted controller, buy the gateway. It is basically equivalent to the udm pro without controller and a drive bay for protect.

@henriklind Жыл бұрын

I run pfSense at home. I have a Netgate router, Unifi switch and access points and a Raspberry Pi that run Unifi Controller. This setup might be way overkill for what I need (decent adblocking and DNS filtering, a couple of VLANs and some basic firewall rules) but it works great.

@geekdomo Жыл бұрын

0:05 - Uhh I have my arm in a sling as well. As soon as you came on I was like - it must be spreading. By the way I was JUST looking at the unifi gateway on the store yesterday. Perfect timing.

@TechnoTim Жыл бұрын

Thanks Tom! great comparison!

@MactelecomNetworks Жыл бұрын

Great overview Tom! I use the UDMs at tons of businesses and they have worked great. As for HA it’s “coming soon” to Unifi.

@LAWRENCESYSTEMS Жыл бұрын

I wonder how they're going to implement the high availability

@MactelecomNetworks Жыл бұрын

@@LAWRENCESYSTEMS right now it’s stated that you need a Unifi PDU professional to do it

@PowerUsr1 Жыл бұрын

I expect to see “Magic HA” very soon..

@TexasSnek Жыл бұрын

Very much looking forward to finally having an HA solution

@andyrandy0815 Жыл бұрын

Well, a second UDM Pro, connected to the same switches and maybe modems / upstream routers, might do the trick.

@pransis Жыл бұрын

I'm using Netgate 1100 as my home router/firewall, but I wanted to upgrade since I've been having problems upgrading it to the latest version. But the problem is they stopped selling Netgate products here in my country, well at least for consumers. I can still buy it internationally or thru contractors who provide solutions to other companies, but it's pretty expensive. I am now considering the UDM Pro since I feel like they've really matured in the last 2-3 years and it's more affordable than the other Netgate offerings here in my country.

@SomeGuyFromFlorida Жыл бұрын

Nice video, Tom. Healing vibes on the arm (shoulder?)! Concerning Site-to-Site VPN, the plain ol' USG does this in "just a few clicks" as well of course. And both ends can have Dynamic IPs. I use Change IP which is totally free for this, and setup hostnames for the endpoints. Once both USGs are adopted to my cloud controller, I'm seconds away from a Site-to-Site VPN with the USGs. Now, obtaining said USGs... that's another story lol. I also use EdgeRouters a lot in other cases in combination with UniFi APs managed on my cloud controller. The EdgeRouterX for example is like $60 (compare that with the UXG @ $500) and suprisingly powerful. Just marry up whatever VLAN structure you defined in UniFi and away you go. I really like the flexibility of EdgeOS for port forwarding and firewall rules. The main downside is they don't integrate with the Ubiquiti Controller, but if you have remote access into the site, this isn't so much of a big deal.

@HomeSysAdmin 10 ай бұрын

Great comparison explanations. I haven't used any of the Ubiquiti products, but love my pfSense for sure!

@jeanmichel482 Жыл бұрын

For thos of use not totally into the lingo, a breif expansion of acronyms such as BGP and IDF would be useful. Yes, I know I could google those, but just a one-liner as part of your otherwise excellent tutorials would help a great dela in those areas.

@tyrecies Жыл бұрын

learner exploring both. Thank you

@philiptalbert458 Жыл бұрын

Tom, can you elaborate on the VPN comparison? I am not familiar with unifi teleport, and run tailscale... But my pfsense tailscale is very slow, which bothers me (1/10th line speed). I saw this may be because of DERP, but I am not technical enough to address the issue. A follow up or direction to a previous video would be great. Keep up the good work.

@jfkastner Жыл бұрын

Well done, thank you!

@niggybee Жыл бұрын

Hey Lawrence. The latest UI update now allows you to create a local account to manage your console. You do not necessarily have to manage your Console by signing through you UI account👍... Thanks for always being the goto guy when it comes to UNIFI and PFSense

@lordcarnorjax8599 Жыл бұрын

One thing that's worth mentioning is that the USG line supports auto site to site VPN (IPSec) and the UXG's don't but the USG's don't support magic VPN (Wireguard) either. It basically means there's no migration path between the two platforms if you've got multiple sites on a single controller. With the upcoming UXG hardware to replace the USG3's out there this will be a real pain if you're still using auto site to site VPN on USG's and want to upgrade to UXG's. Magic VPN relying on UBNT Cloud infrastructure is basically a requirement all other SDN platforms have. For my mind no big deal as it's pretty much a requirement for connections on CG-NAT or non static IP.

@JP-no2fq Жыл бұрын

The UXG-Pro does have Wireguard in Unifi Network 7.4.142 and UXG Firmware 3.1.18. Not sure if it was added in a previous version.

@denton8047 Жыл бұрын

It would be nice if Unifi would support SNMP UPS support, while an ssh command to shut it down from another machine does work one of the biggest issues I see is that they can be corrupted by sudden power offs during extended power outages. Even if Unifi doesn't want to support direct connection with a UPS, they could allow networked support. I know they sell their own solution, but it's moderately pricey for someone who just is looking for a UPS for stability, a few minuets of runtime, and a safe power off.

@Doesntcompute2k Жыл бұрын

Tom, great video, as always! The chart ROCKED! May I point out one thing, which will keep me always using OPNsense/pfSense? And it might matter to others. Perhaps a new video idea for your team? :) UniFi FW really really is dismal as a true firewall. Stick policy-based routing on it, with full ACLs, and a lot of them, and it tanks on 5G and 10G WAN. Well and with same speed LAN. My LAN is 10G and my WAN is 10G. pfSense (and now OpnSense) handles full ACLs at line-speed. I literally measure no major degradation (- 5% at most) . I am using a very good server-level piece of hardware as my host. But whether hard-iron or as a Proxmox/XCP-ng guest, the *Sense twins run great. I HAVE a lot of Ubiquiti UniFi hardware, including UDM Pro. I've tried. Man I tried. But it just wasn't working well with full ACLs. Is it ME? Am I the problem? I'm not adverse to this being the case LOL but I have researched and gave up. pfSense won, then (now) OPNsense. I can destroy the OPNsense instance, bring up pfSense, same config, and be running if needed in 5 minutes (WITH ONE ZSH COMMAND LINE!. This includes spinning up a new VM in Proxmox. I had a UDM Pro die....uhmmmm, well, you know how that went. I currently have one edge OPNsense cluster using HA. Then six other internal firewalls all handling "logical domains:" Dev, Test, Prod, Corporate, IOT, NotIOT, etc., and the 28 VLANs. Seems to work flawlessly, managed by Ansible from my (own) Github.

@Obtuse94 Жыл бұрын

This was helpful insight for me (along with Tom's video). Came to the comments to ask "but what about OPNSense?" Thank you!

@cdoublejj Жыл бұрын

Nice video, would be even coolER with untangle in the mix

@Demios101 Жыл бұрын

In a professional setting pfsense all the time. At home either, though I'm partial to unifi there.

@renehoehle Жыл бұрын

Most times it depends on the use case. So for house setups with networking, video and WLAN i use the Dream Maschine. For bigger customers i use UniFi for networking and Sophos or other firewalls as Gateway. So i think you should use the best device for the job. In my opinion the Sophos XGS is not what it could and i have my problems with it.

@TheMaevian 4 ай бұрын

Why would you ever buy sophos, when you could just buy Fortinet?

@renehoehle 4 ай бұрын

@@TheMaevian because it's too expensive for what it delivers ;)

@trexgamer73 11 ай бұрын

Awesome!

@EvanCarrollTheGreat 11 ай бұрын

i'd love to see a comparison between pfsense and openwrt/x86 with LuCI.

@stlsaint1 Жыл бұрын

Thanks for this. Made me feel better about my recent choice to pfsense.

@LAWRENCESYSTEMS Жыл бұрын

Great to hear!

@jeremyrangel8138 10 ай бұрын

Lawrence, thanks for the video! I truly appreciate it. Do you think you'll ever use more Mikrotik equipment, namely their routers/switches, and/or do you think you'll ever feature more Mikrotik in your videos?

@LAWRENCESYSTEMS 10 ай бұрын

Not likely

@abe6215 Жыл бұрын

Thanks A+ for the breakdown TOM

@LAWRENCESYSTEMS Жыл бұрын

You bet

@Bill_the_Red_Lichtie Жыл бұрын

Hi Tom, 4:15 License Fees, I would add another line with "| Commercial support | Yes | No | No |" and drop the asterisk.

@weberzach Жыл бұрын

I'd say one more criteria could be added: "Update Success". Last night my UDM SE upgraded and failed to adopt all the things. While Unifi updates are way better now a days, its still once or twice a year an upgrade comes out that grinds everything to a hault. This requires some rollback and troubleshooting. With Pfsense I apply the upgrade, usually with a pretty sound rollback method. If its really bad i have the ability to virtualize a new router while i troubleshoot my quotum, protectli, etc... Back in 2018, I'd say most updates cause outages, while now, I'd say most updates work. But my only Pfsense failures were my own config flubs, and didnt require waiting for a new update from the vendor.

@tdegler Жыл бұрын

Great video! Very informative 🙂 I am grateful to be able to find such comparisons, thank you! Myself using couple of UDM pros. They bought me with simplicity.

@stavroswtf9208 5 ай бұрын

What about software stability on Unifi? Is it any better than previously? I am almost ready to buy the UDM pro but I am afraid of stability issues and bugs.

@anand-nb4bb Жыл бұрын

Hi can you please make a video on setting up/configure pf sense firewall step by step for total beginners like which cables on switch or routed and and what port for configuring it at home or office and also how to configure vpn etc. Please it's a request. Please reply

@sledgeHammerRulez Жыл бұрын

Hi L, you are indicating in the sheet that SNMP is possible on the UDM Pro but if I'm not mistaken that isn't. There is a button SNMP in the UI but that doesn't work. It is possible to do SNMP on the Unifi PoE switch (bandwidth) but not on the router. Please correct me (eg with a how to video :D) if I'm wrong (and I hope sincerely I am because a router without SNMP is crap). I did get it working with SNMP on the debian host but the update/upgrade fucked it up again .... Oh yeah, I wish you a good recovery!

@travisaugustine7264 Жыл бұрын

Before even watching I'm going to say I have ran pfsense (and opnsense) and am currently running Unifi...I like certain aspects of both and I'm not convinced that either one is completely right for me and my needs. I like the centralized management (single pane of glass) I get through Unifi, but I miss the granualar controls and expandability of pf/opnsense...not on to the show.

@MakeitZUPER Жыл бұрын

I would love to know if there's a firewall setting or add on software package that will allow me to access retail and streaming sites without any login delays while also blocking their data collection and ad infusions. Maybe even one that works just as seamlessly with a VPN in the mix too. I might be adding some software that captures video that would be otherwise unavailable and will need to figure out how compatible that would be. From what little I've learned, it seems like anything I want to do requires me to disable the firewall, so that I can access these sites and that makes a firewall kind of useless for me. Perhaps I need some sort of emulation software or a device to accept the data collection protocols but then filter it to my end user position. Then the sites will be satisfied, and they still won't be able to access me and everything I research buying or stream on Paramount or Amazon, lol. It really annoys me that no matter what tool I research, I end up with e-mails or ads from FB, Prime, ebay and Amazone etc. that have deals or alternatives to offer me.

@Hossimo Жыл бұрын

multi-wan on pfsense is so good. A recent job I did 4 tiered wans with routes based on VLAN, until recently multi-wan on USG hardware was non-existent.

@MikeHarris1984 Жыл бұрын

New UI commercial was awesome. Gor somw big names on it! But they made the comment about two sites being on the same subnet addressing😊 snd causing issues for new vpn and thsts when ui guy stepped in and said with magic you can have same subnets... I dont understand how that would work...

@littlenewton6 Жыл бұрын

Hi Tom. Is there any router operating system supports Clash/V2ray besides OpenWrt? Or I mean vmess/vless protocol. In China, those kinds of proxy and traffic camouflage tools are essential for our goverment don't allow us to access international Internet. We only have a China-local Internet. :(

@captgrant Жыл бұрын

Placing both hands on the home row, and index fingers on the F and J, spell out firewall without looking.

@ashuggtube Жыл бұрын

Nice one Tom

@xristosvo Жыл бұрын

@LAWRENSESYSTEMS Hello Tom, great content as always! Can I have your opinion about Mikrotik routers? Do you use it on clients? Or do you tryied? I see you have some content but it's years ago.

@LAWRENCESYSTEMS Жыл бұрын

They are ok, but the documentation is bad, the UI is bad, (I have heard they work better from the command line), and they can be buggy.

@BENTUN1T Жыл бұрын

How difficult would it be to change from UniFi to pfSense? I have 4 Vlans and and multiple firewall rules.

@muiruri Жыл бұрын

Great video! What do you recommend for Pfsense content filtering?

@LAWRENCESYSTEMS Жыл бұрын

I don't kzfaq.info/get/bejne/nMCIZdml296zdZ8.html

@tmakademia3526 29 күн бұрын

Nice, can you make video with the new Ubiquiti UCG-Ultra?

@acuteaura Жыл бұрын

VyOS is maybe an option worth mentioning, lots of shared lineage with UniFI under the hood.

@LAWRENCESYSTEMS Жыл бұрын

People are not choosing between unifi and vyos.

@CRK1918 Жыл бұрын

I use PfSense with unfi ap setup, and AP authenticate with PfSense RADIUS server😄. I using pihole for dns, and use a VPN server for VPN only. I try to separate different service on it own machine.

@mr.d6465 Жыл бұрын

Well the UXG Pro Supports Wireguard with UnifiOS 3.0.7 New Features Added support for the Ad Blocking feature. Added support for WireGuard VPN Servers. Added support for OpenVPN tunnels in traffic routes. Added support for DHCP Client option 77 and 90.

@canadianwildlifeservice8883 Жыл бұрын

As far as content and DNS filtering in pfSense, why did you not mention the Zenarmor NGFW plugin? Even though it requires registration it is still an optional feature. Is Zenarmor not recommended because it requires registration, or because it's not worth using?

@LAWRENCESYSTEMS Жыл бұрын

I don't load unofficial third party apps on our pfsense deployments.

@brobovick Жыл бұрын

Would be great a comparison with Firewalla devices as well.

@TechnowulfTV 11 ай бұрын

He got in a fight with Linuz 😂🤣😅 just kidding! Get well soon Lawrence

@JasonsLabVideos Жыл бұрын

Good video Tom.

@LAWRENCESYSTEMS Жыл бұрын

Glad you enjoyed it

@gandalf1124 Жыл бұрын

Surprised you say Squid is complex. It does have realy bad error messages, and it is a old product that could perform 100 times better if it was written today for modern hardware, but I dont find it complex. It's one of the reasons we still use it. Actualy Squid is the reason we use Pfsense. Pfsense just provides a nice easy tomanaged package for Squid and HA. Firewalling is done on dedicated layer 7 Firewalls.

@hccsit4796 6 ай бұрын

Can't you use pfBlockerNG for content filtering? Why do you say that only Squid is available for that purpose (and it sucks)?

@tomstechnews Жыл бұрын

Good comparison! 👍Thank you Tom. Just running a USG, upgrading to pfSense. Too many advantages for pfsense! The only weak points are a) no integration in Unifi SDN (Unifi Controller) b) no centralized management.

@techtalkandtechunboxed Жыл бұрын

Hey Tom recently with version 7.5.165 you can have wireguard vpn open vpn working with UXG pro as router gateway I have done a KZfaq video of simply how to config a wireguard vpn on uxg pro

@LAWRENCESYSTEMS Жыл бұрын

I wish ubiquiti would have a clear chart on their site of all the features that would make this so much easier... LoL

@techtalkandtechunboxed Жыл бұрын

@@LAWRENCESYSTEMS yes they itself don’t know their some features work or some not WG/Openvpn released so long but recently it started working with EA controller version. Also with UniFi consoles content filtering is improved better than before

@InternetVet Жыл бұрын

I think it would be interesting to see a comparison between theses and Firewalla Gold Plus

@LAWRENCESYSTEMS Жыл бұрын

Firewalla is a consumer device popular with home users but I don't really have time to test it.

@HeWhoIsWhoHeIs Жыл бұрын

Just stick with pfsense. As for hardware, I prefer Protectli Vault devices.

@iankester-haney3315 Жыл бұрын

I love my USG, but the unified view is diasapointing. The network map just totally sucks. The Access points make up for it though.

@skorpion1298 Жыл бұрын

Id really like to know your opinion on Sophos UTM/XGS. We sell them primarily and I like them so far but not as much as I like pfSense. Support ist superb on Sophos BTW and S2S VPNs are excellent.

@LAWRENCESYSTEMS Жыл бұрын

I don't use them or have any interest in using them. I don't know anything wrong with them, I just don't know any compelling features that would make me want to use them.

@skorpion1298 Жыл бұрын

@@LAWRENCESYSTEMS ah alright thanks for your response!

@abe6215 Жыл бұрын

IMO Sophos FW UI, day to day usability and administration of them leave much to be desired, we tried them for a year but went back to pf. Their cloud managed option was also constantly crapping out on us, and support was really not great.

@SuperRedPanda22 Жыл бұрын

you just skipped past the snmp monitoring. With UDM its a crap shoot. The GUI says it supports it, but the button in their GUI does nothing and SNMP doesnt function at all. To get it to work: You have to go into the Linux OS and install several snmp tools and configure it manually. So your actual SNMP data is pretty limited to just interfaces and the OS and some hardware. You dont get other detailed data that Ubiquiti provides in their OS. It would be nice to have tunnel traffic information and better info

@sean7949 Жыл бұрын

Hey, hope the arm heals well.

@LAWRENCESYSTEMS Жыл бұрын

Thank you

@LordSaliss Жыл бұрын

UXG most definitely support Wireguard. You set it up exactly the same as on UDM Pro

@LordSaliss Жыл бұрын

Also seems weird to have UXG and USG in one category and UDP Pro in another. The USG shouldn't even really be listed it is so old (9 years at this point), IDK why Ubiquiti even brought it back recently. The UXG has all the same features and configuration as a UDM Pro. The only difference is you run the controller externally and no built-in switch. But hardware wise for the routing specs it is the same, features are the same, and configuration is the same. So UXG, UDMP, and UDMP SE should all be in the same category. What should be in a different category is the UDM (base) and the UDR, those are what are actually different from the UXG, UDMP, and UDMP SE

@Inphinityproductions 11 ай бұрын

I'm curious when you setup a pfsense with Cisco switches. Do you create the vlans in the pfsense. I have a layer 3 switch. And I have it do the routing for my vlans for efficiency. I'm curious what you recommend.

@LAWRENCESYSTEMS 11 ай бұрын

I prefer to created the VLANs in pfsense

@Inphinityproductions 11 ай бұрын

@@LAWRENCESYSTEMS what do you do for performance. Cause all traffic would be routed through the rg including inter vlan traffic.

@LAWRENCESYSTEMS 11 ай бұрын

@@Inphinityproductions Not an issue because things that require speed such as storage should always be on the same subnet.

@lifeslooker Жыл бұрын

what happened to your arm/ hand? you break it?

@gigabit9823 Жыл бұрын

Get well soon, mate.

@EuroPC4711 Жыл бұрын

Get well, Tom!

@LAWRENCESYSTEMS Жыл бұрын

Thanks

@michaelrichardson8467 Жыл бұрын

I have had multiple clients on a site to site vpn on a hosted controller for years now using USG and USG pros.... It's literally as easy as having multiple sites on one controller. I thought the magic VPN was giving the same functionality and on click set for the consoles? Weird

@agisubagio88 10 ай бұрын

I have created a rule to block access to social media (Facebook, Instagram, Twitter, TikTok, etc.). This rule only works in the Firefox browser, while the Chrome/Edge browser which uses the QUIC protocol has no effect. is there another workaround to solve the problem above?

@LAWRENCESYSTEMS 10 ай бұрын

You could block QUIC but that is a bad idea because it's used by most major sites to give a faster experience

@aloneinthoughs9583 9 ай бұрын

Reg edit

@leester9487 Жыл бұрын

Do any of these utilize ASIC's?

@abdullahX001 Жыл бұрын

Nope

@strikesbac Жыл бұрын

Still baffles me why the UDMs don’t have letsencypt support baked in.

@LAWRENCESYSTEMS Жыл бұрын

Even weirder knowing Ubiquiti is a big donor to the Let's Encrypt project

@PowerUsr1 Жыл бұрын

Traffic monitoring and reporting -NTOP Yikes…”reporting “is doing a lot of work in there. The current ntop community edition available on pfsense does NOT do any reporting or top talkers analysis. It’s extremely barebones and borderline unusable. Your review video of ntop needs an update as it’s not even the same software anymore

@urzu181 Жыл бұрын

I use PfSense at home and at work. We have one head office and three site offices and all are well connected and working perfectly.

@wodn184fn8 Жыл бұрын

i run watchguard as my main firewall woth ruijie products or unifi underneath and i can say that none of my clients had issues before. ofc watchguard is a different story and ruijie is a chinese brand so america dont know about them.

@paracha3 10 ай бұрын

You did. not include Unifi UDR?

@waheedkhan3505 10 ай бұрын

I doubt they are of much use to adv prosumer or for commercial settings. That’s his targeted audience

@RobertM949 Жыл бұрын

What about Firewalla? Now they have a MSP offering. Nice UX but still not complete IMHO.

@LAWRENCESYSTEMS Жыл бұрын

Not a product I'd seriously look at or consider. Feels too much like a consumer product with a weird requirement to use a mobile app to configure it.

@RobertM949 Жыл бұрын

@@LAWRENCESYSTEMS Agree. They recently added a web interface but it is not complete. But I learned far more about my network traffic in a few hours than months with pfSense. I would keep on eye on it as they seem to be moving toward the MSP market. The founders and many employees are all former Cisco folks.

@zolartan4442 Жыл бұрын

Enabling IDP/IPS on a USG chokes the gateway and you will never get even 150Mb through it. Weak device (Partially why im setting up a alternative firewall/router device. Debating between Sophos, pf, and opn sense.

@gtwannabe2 Жыл бұрын

That's because the USG is an ancient product that uses an e-waste class MIPS CPU. Officially it can only handle 85Mbps throughput with IDS/IPS enabled. Ubiquiti needs to retire the USG and replace it with a UXG Lite based on the ARM chip in the base UDM or the UDR.

@zolartan4442 Жыл бұрын

@@gtwannabe2 most recent controller update seems to show a new usg style device. Course at the rate they release stuff even to beta/ea it'll be 5 years.

@petertrahan9785 Жыл бұрын

Is there a link to the spreadsheet?

@LAWRENCESYSTEMS Жыл бұрын

lawrence.video/firewallreview2023

@thespencerowen 11 ай бұрын

What about firewalla purple?

@LAWRENCESYSTEMS 11 ай бұрын

It's a neat consumer device but I don't really have time to test consumer devices.

@svettnabb Жыл бұрын

In firewall comparison it is nice if explicit webproxy is mentioned as a feature, this is often used in enterprise.

@coldracerx Жыл бұрын

I personally use UniFi dream machine at home as I know it will be easy for my wife a non technical person to manage should the worst happen to me.

@kevinteesteel 11 ай бұрын

But her boyfriend uses PfSense, so you can choose either one ;)

@Vision06 5 ай бұрын

Am I the only one who would say "No, the UDM Pro has no firewall log."? I mean, cmon, the logs they give you is really the worst that I have ever seen. Though it does fit the overall experience regarding "Firewall" in the UDM Pro. It is painful topic and I will sell my UDM Pro and buy me a proper little, passively cooled server and install pfSense/opnsense on that hardware. I honestly do not know how people can trace traffic to rule out some errors in their network, using a Unified Gateway like the UDM Pro - it is a gateway and that is it.

@themightyapefish Жыл бұрын

I want to see a review of Firewalla

@LAWRENCESYSTEMS Жыл бұрын

It's a consumer device with a weird phone interface that I don't have time to review.

@themightyapefish Жыл бұрын

@@LAWRENCESYSTEMS The performance on paper seems very good, consumer device or not. Most of your viewers are probably prosumers. Could be nice to see something new being reviewed for a change.

@LAWRENCESYSTEMS Жыл бұрын

@@themightyapefish We review product we use and I don't plan on using it.

@SomeGuyInSandy Жыл бұрын

Why no SonicWALL ?

@LAWRENCESYSTEMS Жыл бұрын

Because Sonic Wall is awful

@SomeGuyInSandy Жыл бұрын

@@LAWRENCESYSTEMS There's a bold statement. Any reasons?

@LAWRENCESYSTEMS Жыл бұрын

Unfriendly old interface, terrible support, and generally buggy.

@sean7949 Жыл бұрын

@@LAWRENCESYSTEMS Only used them a few times myself. If you are truly an enterprise user (not a home user) then the only correct option is Palo Alto. Also in other news, do not try checkpoint please save yourself.

@jandorniak6473 Жыл бұрын

Do you dare to step into pfSense vs OPNSense? I'd love for someone trustworthy and knowledgeable to explore the differences.

@shadow.banned Жыл бұрын

Customers should make it known that cloud is unacceptable.

@NORULERUST Жыл бұрын

you should do a new video on static ips and setting them up on each one with wireguard

@LAWRENCESYSTEMS Жыл бұрын

Not sure I understand what you are asking for.

@sean7949 Жыл бұрын

If you mean sticky dhcp leases you set those up under the DHCP server in pfsense. In Unifi land you sent them up by clicking on the client and specifying the designated IP address once you scroll down in the devices settings. Spend some time searching it is there.

@byrd203 11 ай бұрын

Even software developers of the routers I spoke too say never use captive portal they are forced to include it always use WPA 2 OR HIGHER to secure the network this came straight from a the makers like Cisco unfi links us and Belgian because captive portal is a very risky move plus makes setup of Wi-Fi harder people never open the browser when they connect they just want Wi-Fi to use apps without cell data comon complaint

@Netz0 Жыл бұрын

It's sad that Ubiquiti stopped their Edge device routers and switches and forced UniFi on everyone. Comparing the UniFi 'anything' to something like pfSense is not fair, UniFi network devices are on the amateurish side, not anything someone would consider for an enterprise or datacenter, said that pfSense is clearly the obvious choice if you want to compare firewalls. Even a half - priced MicroTik switch will blow away UniFi, just compare the number of packets it can handle and UniFi looks like a toy. The only reason they sell that much is because of the fancy interface, but no SSH/console commands, no, thank you. No real network engineer would consider a device like that, which is why people loved their Edge lines, affordable but still powerful, even their AP's still can allow for SSH log in and commands as long as you enable that manually. And Ubiquiti is really pushing towards closing that down as well and forcing everyone to a limited web controller. I see this coming miles away, at some point they are going to force a cloud subscription on everyone. Better stay away unless I see new Edge lines models, which are 10 years old at this point and not worth the price. Sad because their Edge router/switches were excellent for the price.

@arubial1229 Жыл бұрын

There’s really no comparison. pfSense is infinitely better.

@TheDillio187 Жыл бұрын

I hate all firewalls. I like to pretend that it's 1995, and simply place my computer directly onto the internet.

@RobertoCarlos-tn1iq Жыл бұрын

so what?

@sean7949 Жыл бұрын

I like your care free attitude lol

@KARO69GRP Жыл бұрын

Pfsense needs NAT64 and DNS64. They're full of shit if up to now, they can't see that. IPv4 ain't going anywhere anytime soon, and there be plenty of us who want to run IPv6 on local net and be able to use IPv4 ISP.

@rodfer5406 7 ай бұрын

Until firewalls have systems on-a chip (ROMS), they will ALL be vulnerable.

@mitchellsmith4601 11 ай бұрын

NO ONE who knows what he’s doing would ever use UniFi products. Their security is lackluster, as is their support. Installing or recommending UniFi products is malpractice.