Can anyone rate pf against untangle



  • i am considering running 2-3 WAN connections into an office and running squid and spamd, i am wondering if anyone with experience can compare these against untangle.

    i have used untangle and like 90% of its features, i know it definitely lacks in the multiwan loadbalancing area, just wondering how pf compares in the spam and content filtering area?



  • http://www.highlogic.net/?p=48

    "So to summarize:

    pfsense: 26.3mbps / 1210kbps Upload
    Untangle: 9.69mbps /444kbps Upload

    PfSense - 271% faster download speed
    PfSense - 273% faster upload speed



  • Have you tried running untangle in bridge mode? you can run it in passive bridge mode with a pfsense router in front handling routing - this frees up some resources in untangle, I am wondering if there are an speed gains? Untangle definitely needs more resources to push the same load as pfsense, I know of people @ untangle with large deployments that dont complain about speed, and they mostly run in bridge mode.

    Any comparison between the spam and filtering capabilities? So far it just seems to me that pfsense is lacking in the AV area, but that will hopefully change soon with clamav.



  • What do you mean by 'soon' are you making clamav useful in pfSense?!



  • @ermal: unfortunately - no I am not a hard core programmer, i suppose if i put 1000 hours into it i could figure it out.

    i have seen some work being done with a clamav package in the cvs tree, so i am hoping that some other brave person has the time to complete that.



  • This has been covered myriad times.  ClamAV by itself is just a scanning engine. You could have a ClamAV package right now and it will do absolutely nothing.



  • @submicron:

    This has been covered myriad times.  ClamAV by itself is just a scanning engine. You could have a ClamAV package right now and it will do absolutely nothing.

    I agree.  It's a waste of energy in a firewall product.  Tack it onto your favorite mail server to scan attachments and call it a day.  Or just have all of your users run Linux and don't worry so much about attached virii (for now).  :)

    Best,



  • if virus scanning is a waste, then why even offer squid - it must be a waste also - or are we trying to compete with some other router offering?

    fyi - several of the other commercial offerings available do virus scanning at the gateway, even untangle FOSS does virus scanning - it would be stupid not to at least be able to "compete" and offer av as an optional addon.



  • I completely agree with this comment, and it makes the most sense.  Afterall, why make "packages" at all for pfSense then?!



  • @totalimpact:

    if virus scanning is a waste, then why even offer squid - it must be a waste also - or are we trying to compete with some other router offering?

    fyi - several of the other commercial offerings available do virus scanning at the gateway, even untangle FOSS does virus scanning - it would be stupid not to at least be able to "compete" and offer av as an optional addon.

    Since when is squid a virus scanner?  It's simply a proxy.  So you are saying that you think every packet should be inspected and compared against the ever growing number of "fingerprints" for virii?  That just isn't a realistic goal, especially for the typical firewall box that tend to be of relatively modest horsepower.  Perhaps I have misunderstood your meaning?

    Best,



  • Anyone is free to write a package.  The pfSense developers are generally not interested in things like content filtering or AV gateway scanning and so they don't devote their efforts that way.  Rather than sitting here and complaining about how pfSense doesn't compete with vastly more well-funded commercial entities (Untangle is a product of a commercial company with VC money), do something about it.  Learn to use the CoreGUIBuilder and write a package yourself, or contribute to a bounty project and pay someone for their time to do it.



  • @familyguy:

    Since when is squid a virus scanner?  It's simply a proxy.  So you are saying that you think every packet should be inspected and compared against the ever growing number of "fingerprints" for virii?  That just isn't a realistic goal, especially for the typical firewall box that tend to be of relatively modest horsepower.  Perhaps I have misunderstood your meaning?

    Best,

    I know what squid is, but if virus filtering is over the edge and an unrealistic option in pfsense, then surely web filtering is far less important - why has it made it into the tree? Just trying to use logic and be realistic. Obviously anyone can contribute and build such functionality, hopefully someone more skilled than I can, im not a developer, just an implementer.



  • why dont you setup an untangle box doing just antivirus or spam or whatever  and set it behind  pfsense then you have the best of both

    From untangle's faq :

    With Untangle you decide which applications to run. If you are happy with your current firewall and router, place Untangle behind it in bridge mode and use Untangle’s Spam Blocking, Web Filtering and 10 other applications. Many businesses that use Untangle practice “defense in depth” and run our product as one of multiple, redundant security layers.

    although if those throughput numbers posted above are legit then it looks like untangle is a bottleneck



  • Thats what i have done at many sites, but I am trying to cut cost at this site by not having 2 machines, especially since competing products offer all these features in a single solution.

    Back to the original question, i am wondering exactly this, how does pf stack up in the content filtering area as untangle. Untangle is modular, certain features can be added or removed, from my personal experience, minimizing running services (run as transparent bridge) seems to lighten its load quite a bit. Although I have no experience with squid or the spamd filter options in pf.



  • UT wont handle multiple WANs like you posted originally.

    Run pfsense as the router to handle multiple WANs with failover, then UT behind it for filtering.

    pfsense and untangle are both good at different things.

    This is what I am implementing this week at my office and it is testing well so far :)



  • @totalimpact:

    I know what squid is, but if virus filtering is over the edge and an unrealistic option in pfsense, then surely web filtering is far less important - why has it made it into the tree? Just trying to use logic and be realistic. Obviously anyone can contribute and build such functionality, hopefully someone more skilled than I can, im not a developer, just an implementer.

    It made it into the tree because somebody wanted it badly enough to implement it.  Other items have made it into the tree for the same reason, or because somebody (or many somebodies) stumped up for a bounty.



  • Antivirus as a whole is exceptionally overrated, and its effectiveness today is very poor. People put far too much weight into the value of antivirus in any role. Malware changes too quickly today for it to be effective. Back in the days when email virii were the biggest concern it was effective - the executables didn't change as they were spread by infected machines. Now that the most common means of distribution is the spamming of URLs where you download infected files it's nearly useless because those who are spreading this stuff will change the file as soon as most AV is detecting it. AV vendors can't put definitions out quickly enough to stay ahead. I frequently download the exe's from virus spammed links and run them through virustotal.com. After doing that on 100+ occasions, virtually all of them are detected by fewer than 10% of the AV engines and the few if any that detect it will vary greatly from one piece of malware to another so no vendor is always protecting you.

    Would I mind seeing it in pfSense? Not at all. I wouldn't use it though. One it's not effective, two it's a significant performance hit, look at Untangle's hardware requirements. For a network of 50 users they recommend the same class of hardware that people run 1000+ users on with pfSense.

    On the networks I run I force outbound connections through a proxy and block executable downloads from all but a very few trusted users. Vastly more effective than antivirus, and significantly faster.

    To sum up a comparison between Untangle and pfSense, Stoutman put it best - they are both good, at different things.


Log in to reply