631
17.1 Legacy Series / Re: OPNsense vs. pfSense article - any thoughts on that?
« on: November 12, 2017, 12:45:28 am »
Let me throw in my two cents about issues I have with PFsense, even though I do use it on some systems.
1. They seem to be moving away from the community edition. I suspect by version 3.0 you will need to buy it.
2. Forum support is not so good anymore. I get too many condescending replies. Few good posters anymore.
3. Suricata Inline in PFsense is very unstable and not usable. They keep blaming netmap. Works in OPNsense.
4. Cannot install PFsense using UEFI on many systems.
5. Notification system is useless and not customizable. No email alerts for hardware sensors.
6. Traffic Shaper and Suricata Inline. Forget it. Doesn't work.
7. No built in file manager. Only a file editor. Unless you learn Linux, you can't do much.
8. Cannot backup Suricata rules.
9. No migration ability for applying rules to another system with different settings. All Manual.
10. Rules management is not as straightforward as OPNsense using Suricata. PFsense uses too many resources trying to make Suricata backward compatible with Snort. OPNsense was built to only use Suricata which is far Superior to Snort in many ways. So in PFsense you have to keep track of which rules are enabled or dropped in two places. Way too cumbersome and hard to manage.
I am sure there's more items, these are just the ones that popped in my head while writing this post.
Now some of these features aren't in OPNsense either, but they haven't had 10+ years to do it either.
1. They seem to be moving away from the community edition. I suspect by version 3.0 you will need to buy it.
2. Forum support is not so good anymore. I get too many condescending replies. Few good posters anymore.
3. Suricata Inline in PFsense is very unstable and not usable. They keep blaming netmap. Works in OPNsense.
4. Cannot install PFsense using UEFI on many systems.
5. Notification system is useless and not customizable. No email alerts for hardware sensors.
6. Traffic Shaper and Suricata Inline. Forget it. Doesn't work.
7. No built in file manager. Only a file editor. Unless you learn Linux, you can't do much.
8. Cannot backup Suricata rules.
9. No migration ability for applying rules to another system with different settings. All Manual.
10. Rules management is not as straightforward as OPNsense using Suricata. PFsense uses too many resources trying to make Suricata backward compatible with Snort. OPNsense was built to only use Suricata which is far Superior to Snort in many ways. So in PFsense you have to keep track of which rules are enabled or dropped in two places. Way too cumbersome and hard to manage.
I am sure there's more items, these are just the ones that popped in my head while writing this post.
Now some of these features aren't in OPNsense either, but they haven't had 10+ years to do it either.