Whats your favorite brand of firewall?
- Thread starter WizardTux
- Start date
In my experience, pfSense is the overall winner. Netgate offers a broad selection of network hardware, spanning from SOHO/consumer units up to rack-mounted datacenter nodes. Netgate appliances come with a lifetime license for pfSense Plus, which is an upgraded version of the open-source operating system.
One of the key reasons I trust pfSense is because it's built on FreeBSD. The BSD family of operating systems (FreeBSD, OpenBSD, and NetBSD) is arguably one of the most secure operating systems due to their security-focused design, smaller attack surface, and rigorous code auditing. They actively implement security features like jails, and focus development efforts on stability and security. This conservative approach to development and new features minimizes the introduction of new vulnerabilities.
On the other hand, I voted for Palo Alto as well due to their extremely high product value and well-designed edge appliances that guard the network borders of some very large and notable organizations. Their threat intelligence team, Unit 42, is first-class, and the work they do directly improves the efficacy of other Palo Alto products. This level of expertise and dedication to research and development gives Palo Alto a significant advantage over its competitors.
Like most things in our industry, both products have their own strengths and weaknesses. Between the two, I'd say pfSense is a bit easier to manage, overall, but it can take some time to get comfortable with the interface and configuration. Palo Alto products are more polished, feature-rich, and bundle/integrate with first-party threat intelligence data.
(If money is the most critical factor, dude you're getting a pfSense CE box!)
Edit: Tux, I am certain you already knew all of this. Just explaining my logic.
One of the key reasons I trust pfSense is because it's built on FreeBSD. The BSD family of operating systems (FreeBSD, OpenBSD, and NetBSD) is arguably one of the most secure operating systems due to their security-focused design, smaller attack surface, and rigorous code auditing. They actively implement security features like jails, and focus development efforts on stability and security. This conservative approach to development and new features minimizes the introduction of new vulnerabilities.
On the other hand, I voted for Palo Alto as well due to their extremely high product value and well-designed edge appliances that guard the network borders of some very large and notable organizations. Their threat intelligence team, Unit 42, is first-class, and the work they do directly improves the efficacy of other Palo Alto products. This level of expertise and dedication to research and development gives Palo Alto a significant advantage over its competitors.
Like most things in our industry, both products have their own strengths and weaknesses. Between the two, I'd say pfSense is a bit easier to manage, overall, but it can take some time to get comfortable with the interface and configuration. Palo Alto products are more polished, feature-rich, and bundle/integrate with first-party threat intelligence data.
(If money is the most critical factor, dude you're getting a pfSense CE box!)
Edit: Tux, I am certain you already knew all of this. Just explaining my logic.
I've never used Palo Alto, but I've heard good things. We use Watchguards (and I'm not a huge fan personally). Then at home in the past I've used pfSense.