Comparing the most popular, free open-source UTM solutions

An ever-increasing number of networking enthusiasts and professionals are turning towards inexpensive open source UTM (Unified threat management) solutions deployed on top inexpensive desktop and rackmount network appliances. Power users and savvy small business owners alike are reaping the benefits of firewalls, VPNs, router, access point and so much more all on a small integrated appliance no larger than the size of a modem. Given the volatile nature of software and our propensity towards mob mentality, one can’t help but wonder which of these free open source solution’s is currently the best choice.

Currently there are 2 free, open source solutions for UTMs that I see frequently in the spotlight. The most noticeable one being PFSense, and the other highly recommended one being Untangle. Truth be told many hours have already been spent discussing the merits of these 2 powerful solutions, and you will easily find long threads on the internet arguing about features and preferences over one or the other.  So now I will simply focus on their objective strengths and weaknesses when put side-by-side in order to form a more unbiased comparison.

PFSense:

PFSense is a completely free,FreeBSD-based software distribution developed by Electric Sheep Fencing, LLC. Viable for installation on virtual machines or physical appliances like industry favorite x86 rackmount network appliances, its widely recognized for its reliability and large feature set that easily rivals even expensive proprietary enterprise solutions. It is routinely deployed as a perimeter firewall, router, access point, DHCP server, DNS server, VPN Endpoint and much more. Licensed under GPL2, users are able to freely modify the code or even fork their own version (ie OPNSense).

Strengths

Popularity and support: 10/10 - By far the most widely used open source firewall Linux distribution both in terms of deployments and community support. You can easily find detailed documentation on its numerous inner-workings.

Feature set: Has the vastest support of features due to large community backing, modularity and support for third party packages.

Performance: Solid performance over other open source contenders like untangle and comparable to proprietary enterprise solutions. People have been able to integrate appliances that can realistically push out in the 1Gbps range and beyond.

Free: completely free, although PFSense does offer support services for a fee.

Weaknesses

Knowledge barrier: Although one can avoid touching the underlying BSD system altogether, it severely limits the power and control one can have over the system. It’s far more recommendable to have prior knowledge of the CLI and UNIX systems in general if implementing more demanding and advanced solutions.

UI Learning curve: This is one of the main faults for many people, as it takes some time to get accustomed to PFSense’s strangle layout. It could definitely use some improvement, as many people unfamiliar with the CLI will have to jump through hoops to get certain things done through the graphical interface (if it’s even an option outside of the CLI).

Untangle

Untangle has a UTM solution based on the Linux distribution, Debian. Untangle applications include anti-spam, content filtering, antivirus, anti-phishing, anti-spyware, intrusion prevention, firewall, OpenVPN, router, and web cache software. Untangle's NG Firewall and free applications are released under version 2 of the GNU General Public License (GPL), many components with the GNU Class path exception. Used by almost 40,000 different organizations worldwide, a major contributing factor to its popularity is its functional free offering which provides ample features for home and small business use.

Strengths

Easy of use: intuitive GUI that puts PFSense to shame, as well as an overall better out-of-the box experience that makes setting up a UTM much simpler through their graphical interface.

Updating: Updates are frequent and fully automated eliminating potential headaches.

Free: the free version is often times more than adequate for home or small business use cases.

Weaknesses

Cost: while the free version is sufficient for the majority home and some SMB use cases, high end features that are readily available in PFSense will cost you extra in Untangle.

Performance: untangle noticeably underperforms next to PFsense on identical hardware. It also has comparatively slow boot/shutdown time. Not really that much of a factor unless you plan on running your hardware to its limits or find yourself constantly rebooting.

Honorable mention: Sophos free UTM (not open source)

This is one I’m seeing come up often in these types of discussions. Since it is not an open source solution, it would be unfair to include it as a valid contender for this topic, but it’s still a perfectly viable alternative to either of the 2 open source solutions above due to the existence of a free version. It can do pretty much everything the full version can just limited to home and personal use.

This free offering, though limited to 50 IP’s, contains enterprise class features coupled with and excellent interface. I can easily see why it’s gaining favor in people’s low-power small form factor UTM x86 desktop appliances, as these are limited by hardware to around that capacity anyway.

Left: Lanners FW-7525 Small Form Factor Fanless Desktop x86 Network Appliance

Right: Lanners NCA-1010 a compact Fanless Desktop x86 network appliance

Platforms like the one above are what users are finding ideal for their UTM appliances, due to the integrated AES-NI  which allows hardware accelerated encryption, high port density to size ratio and low power usage. The fanless design not only increasing resilience it also decreases greatly power and HVAC requirements for the network equipment. This all goes a long ways towards building a 24/7 UTM appliance that will efficiently provide service for device-hungry power users and small businesses alike.

In Conclusion:

Presently, it’s quite hard to judge a clear winner, both of these free solutions are good at filling in different niches, as the knowledge entry barrier into PFSense makes it harder for home users to deploy, and untangle’s free limitations make it unusable(unless you chalk up the licensing fee) in more demanding environments. Though If PFSense ever decides for a UI overhaul that evens up its offerings, it will be quite force to be reckoned with throughout the industry- even in the enterprise world.