I had a little side project come up for a client that meant I got to spend a little time exploring new software to see what could be accomplished with near-zero budget. I had one or two of the free, open-source firewalls cross my path lately and the feature sets seemed to match one of the low priority items on a long to-do list. The goal was mostly to explore options for a captive portal, a DHCP server for a separate pool, and also take advantage of any other features.
I’m far from an expert in considering these firewalls and I didn’t give them nearly enough time so this article is mostly a first impressions summary rather than an in-depth analysis and review.
For the project, I was taking an older used computer, throwing in an additional NIC, and bumping up the RAM. All of those hardware components were already owned, so the budget was truly zero. Now, I turned to Linux for the free software to complete the package.
There are a large number of options out there these days when it comes to free firewalls. Based on research, I boiled my personal testing to pfSense, OPNsense, Untangle, and Sophos UTM. The other options have their own merits and include IPFire, IPCop, Smoothwall, Endian, Open Edgewize, Zero Shell, ClearOS, and the list goes on.
pfSense
pfSense was the most common recommendation I saw online when it came to free, open-source firewall. It’s easy to understand why. It is a very feature complete package that runs on FreeBSD. You can purchase appliances and support from the company or you can download the iso file and install it on your own hardware. Given my project, the hardware I had would be sufficient and I would test its performance in a proof of concept.
pfSense pretty much set my baseline for expectations. It accomplished the goal. Configuration was a little tedious but straight-forward. Its popularity is a boon to the amount of documentation and community support.
OPNsense
OPNsense is a fork of pfSense and was recently indicated as a successor to the recently retired grandfather project, m0n0wall.
OPNsense is very similar to pfSense. The configuration was the same command line process but it was fast and stable. I definitely preferred the OPNsense user interface over pfSense but that is mostly aesthetics, not functionality. It had similar capabilities and was not trying to upgrade you at every opportunity.
Untangle
Untangle is a commercial software firewall with a free version. I really liked its interface and the setup was practically automatic it was so easy.
Untangle was really easy to understand and put to use quickly. It was a little disappointing to see that it came with different skins but they were all worse than the default option. Untangle offers some functionality in ‘Lite’ versions of their applications but requires a paid subscription for the full, advanced functionality of virus scanning, spam blocking, web caching, and web filtering. It does offer trials for the paid applications though, so you can give them a shot.
While the configuration was easy, I found it frustrating for Untangle to start off so blank. There are no default Firewall rules, for example, and I found a justification in the site’s forums stating that Untangle was typically installed behind a different firewall, so there was no need for built-in default rules.
Sophos UTM
Sophos UTM is offered in 2 flavors – free for home or an essentials line, free for business. It comes from the company’s acquisition of Astaro. The firewall certainly has a corporate feel to it with readily-available PDF documentation files. Far and above, Sophos UTM had the best web interface. The setup was also easy and straight-forward, similar to Untangle.
Unfortunately, Sophos UTM Essentials is built on the freemium model and requires a subscription for all of the best features. If you are willing to pay for the support, Sophos UTM appears to be a great product with cutting edge features.
Points I took away
I got to refresh myself on some Linux with this project and see some great functionality that I could implement at home, for example. For example, with Untangle I was able to quickly add an application that scanned all web traffic for another layer of virus protection. Sophos and Untangle were my favorites with their intuitive interfaces. If I were to put one in place in my homelab, I would enjoy the VPN, antivirus, and other protections.
Exposure to these firewall products as well as further thinking through the original project goals helped me come up with another approach. The captive portal options were interesting but I think I have another solution already included in the infrastructure that will cover similar capabilities. It was definitely interesting to see each product, and I will keep them in mind for any appropriate upcoming projects that I have.