Hi,
I'm looking at different options atm. I believe OPNsense is essentially Pfsense with a nicer UI?
Sophos is Sophos which has a UTM offering for home users, presumably so that you try it out commercially.
OPnsense also has the advantage of being able to be used commercially, and we could use that on our guest network with an air gap. Can you use OPnsense as a UTM solution?
I appreciate that you might have to download various packages instead of a unified dashboard in "one single pane of glass" to use the marketing terminology
Thanks
Quote from: Solid-Profession on July 26, 2020, 02:16:54 PM
Hi,
I'm looking at different options atm. I believe OPNsense is essentially Pfsense with a nicer UI?
No, that might have been true in the past but the product diverged over the years and there are lots of things that have been rewritten from scratch. OPNsense has also more plugins in count but the core has almost the same functionality. The usually used plugins are in both systems but the implementation is likely different. In some regards, pfSense is better in others OPNsense if you need some special things, you need to test both separately.
Here is a small comparison (note that an employee of that company is committing to opnsense):
https://techcorner.max-it.de/wiki/Datei:2020-04-06_15_19_18-Window.png
Quote from: Solid-Profession on July 26, 2020, 02:16:54 PM
Sophos is Sophos which has a UTM offering for home users, presumably so that you try it out commercially.
OPNsense is an UTM as well, especially if you add the Sensei plugin.
It has a Firewall, WAF, Spam protection, malware scanning etc. if you use and combine the plugins correctly. Sadly not everything can be combined. For example the nginx plugin cannot make use of the local clamav service.
Quote from: Solid-Profession on July 26, 2020, 02:16:54 PM
OPnsense also has the advantage of being able to be used commercially, and we could use that on our guest network with an air gap. Can you use OPnsense as a UTM solution?
As I said above, with the right plugins you have an UTM. The only thing is that commercial products often have better signatures and for that reason better detection. OPNsense also has no analysis engine for dynamic malware analysis. You only have a static scanner. So that depends on your needs.
Quote from: Solid-Profession on July 26, 2020, 02:16:54 PM
I appreciate that you might have to download various packages instead of a unified dashboard in "one single pane of glass" to use the marketing terminology
Thanks
This paragraph confuses me.
Solid advice from @fabian.
Just a "btw" from me: UTM is a marketing term without a precise technical definition. You can set up a similar level of protection/enforcement with OPNsense for sure.
"btw2": a firewall is a policy enforcement device. Without a policy it's worthless. Try to set up a policy in writing and then check if the products in question are capable of enforcing that.
Only thing from Sophos I'm missing is the user portal to self-enroll certificates and VPN configs.
Quote from: fabian on July 26, 2020, 09:52:55 PM
Quote from: Solid-Profession on July 26, 2020, 02:16:54 PM
Hi,
I'm looking at different options atm. I believe OPNsense is essentially Pfsense with a nicer UI?
No, that might have been true in the past but the product diverged over the years and there are lots of things that have been rewritten from scratch. OPNsense has also more plugins in count but the core has almost the same functionality. The usually used plugins are in both systems but the implementation is likely different. In some regards, pfSense is better in others OPNsense if you need some special things, you need to test both separately.
Here is a small comparison (note that an employee of that company is committing to opnsense):
https://techcorner.max-it.de/wiki/Datei:2020-04-06_15_19_18-Window.png
Quote from: Solid-Profession on July 26, 2020, 02:16:54 PM
Sophos is Sophos which has a UTM offering for home users, presumably so that you try it out commercially.
OPNsense is an UTM as well, especially if you add the Sensei plugin.
It has a Firewall, WAF, Spam protection, malware scanning etc. if you use and combine the plugins correctly. Sadly not everything can be combined. For example the nginx plugin cannot make use of the local clamav service.
Quote from: Solid-Profession on July 26, 2020, 02:16:54 PM
OPnsense also has the advantage of being able to be used commercially, and we could use that on our guest network with an air gap. Can you use OPnsense as a UTM solution?
As I said above, with the right plugins you have an UTM. The only thing is that commercial products often have better signatures and for that reason better detection. OPNsense also has no analysis engine for dynamic malware analysis. You only have a static scanner. So that depends on your needs.
Quote from: Solid-Profession on July 26, 2020, 02:16:54 PM
I appreciate that you might have to download various packages instead of a unified dashboard in "one single pane of glass" to use the marketing terminology
Thanks
This paragraph confuses me.
Thanks for that. That really helps. I thought that with Opnsense not everything would immediately show as "obviously" as with a commercially backed product? Even if that commercially backed product is a free product
To be fair, all these are commercially backed products in some way. But let me get straight to the biscuits:
You will find that OPNsense is more aligned with commercial UTM offerings than pfSense. Why? It was one of the reasons for forking it. This can also be witnessed by the mere existence of the TNSR offering that came later. ;)
Cheers,
Franco
Quote from: franco on August 18, 2020, 10:24:55 AM
You will find that OPNsense is more aligned with commercial UTM offerings than pfSense. Why? It was one of the reasons for forking it. This can also be witnessed by the mere existence of the TNSR offering that came later. ;)
Quoted for truth!
Actually, seeing Sensei available for OPNsense and netgate releasing TNSR was the main thing that made me jump over to OPNsense. TNSR release made it obvious that netgate will spend less resources on pfsense.
Quote from: mimugmail on July 27, 2020, 09:57:01 AM
Only thing from Sophos I'm missing is the user portal to self-enroll certificates and VPN configs.
May I ask why you moved from Sophos to Opnsense?
I didnt move, I offer my customers both of them, and it depends on the use case
Quote from: mimugmail on August 18, 2020, 09:54:08 PM
I didnt move, I offer my customers both of them, and it depends on the use case
May I ask why you'd choose one over the other?
Sophos is a commercial vendor with commercial virus scanner. And it offers a user portal and integrated WiFi. If a customer needs this, Sophos, if not, OPNsense
Quote from: mimugmail on August 19, 2020, 07:39:30 AM
Sophos is a commercial vendor with commercial virus scanner. And it offers a user portal and integrated WiFi. If a customer needs this, Sophos, if not, OPNsense
Thanks. For a home user, does the Sophos stuff compare?
I think it's Limited to 50 devices
Quote from: mimugmail on August 19, 2020, 10:40:20 AM
I think it's Limited to 50 devices
The XG one isn't tbh which is the replacement. Even then that seems fine. Not sure then which to go for?
Try it on your own, I dont like the XG, will stay at SG
Quote from: mimugmail on August 19, 2020, 01:01:22 PM
Try it on your own, I dont like the XG, will stay at SG
Sorry. SG is Sophos UTM? May I ask why you don't like one vs the other? Do you also prefer it to Opnsense?