Top 5 Open Source Firewalls for Business

Posted January 9, 2018 By  Matt Hartley
  • Previous
    Top 5 Open Source Firewalls for Business
    Next

    Top 5 Open Source Firewalls for Business

    These open source firewalls can offer a cost effective option for businesses.
  • Previous
    pfSense
    Next

    pfSense

    pfSense -- Without question, pfSense is my goto firewall appliance. Not only is it a powerful firewall, it also offers outstanding network routing capabilities. As I type this, my computer actually receives its LAN IP address from my own pfSense instance. pfSense is also versatile as you can choose to install it yourself onto an old PC or purchase a pre-configured firewall appliance. pfSense is a BSD operating system with both community and professional support made available.

    pfSense features:
    • Stateful packet inspection firewall.
    • Interface isolation features for LAN, DMZ, etc.
    • Traffic shaping and filtering.
    • Failover cluster firewall support.
    • Multi-WAN support.
    • VPN support.
    • Real Time traffic graphs.
    • Wake on LAN support.
    • Captive portal support.
    • DHCP server and relay.
    • DNS forwarding and resolver support.
    • Packet sniffing options.
    • Extremely simple configuration backup options.
    • VLAN and proxy support.
    • WiFi, UPnP, QoS (quality of service), SSH, port forwarding and triggering options.

    In addition to the above list of basic features, pfSense also gives the option to add new functionality through its pfSense packaging system. These packages include solutions for security, network management, monitoring, services, routing and misc.

    Best used for: As a general rule, pfSense is a commercial grade firewall with routing capabilities. pfSense is suitable for many enterprise environments yet straightforward enough to be used by power users at home.

  • Previous
    DD-WRT
    Next

    DD-WRT

    DD-WRT -- For many smaller businesses, there's a lot of perceived value in using an off-shelf consumer grade router. Unfortunately, consumer routers tend to have a shelf-life of sorts as the updates for security don't go on forever. Bundle this with the lack of features found with most consumer routers and it's easy to become frustrated with their limitations. This is where DD-WRT comes in for some users. DD-WRT offers custom firmware to many brands/models of consumer routers.

    DD-WRT features:
    • Stateful packet inspection firewall.
    • Traffic shaping and filtering.
    • VPN support.
    • Real Time traffic graphs.
    • Wake on LAN support.
    • Captive portal support.
    • DHCP server and relay.
    • DNS forwarding and resolver support.
    • Packet sniffing options.
    • Extremely simple configuration backup options.
    • VLAN and proxy support.
    • WiFi, UPnP, QoS (quality of service), SSH, port forwarding and triggering options.

    Best used for: DD-WRT is best for environments where the user is looking to an existing compatible router that they wish to flash the firmware on. Usually you'll find DD-WRT in use with home users, however I've seen it used successfully with a variety of smaller businesses that need something easier to use and less robust than installable firewall appliances.

  • Previous
    Tomato
    Next

    Tomato

    Tomato -- Installing and running Tomato on a compatible router offers the same benefits as you might find with DD-WRT. Where Tomato differs from its DD-WRT cousin is that it's lightweight and offers unmatched real time monitoring. Another great benefit is that when you make a change to the flashed router, you won't have to reboot it everytime you make a minor change.

    Tomato features: • Unmatched real time stats (when compared to DD-WRT).
    • Stateful packet inspection firewall
    • Captive portal support.
    • DHCP server and relay.
    • DNS forwarding and resolver support.
    • WiFi, UPnP, QoS (quality of service), SSH, port forwarding and triggering options.
    • VPN support.
    • Bittorrent and TOR clients.
    • Disable router's flashing lights for stealth mode.
    • Increase the strength of your wifi signal.

    Best used for: Tomato is a solid alternative to someone opting for DD-WRT. The biggest consideration when looking into Tomato is that fewer devices support it. This means you may need to be extremely selective with the router you choose before attempting to flash it. So even though you can do neat stuff like putting your flashed router into a stealth mode and increasing your wireless strength, hardware compatibility is absolutely a factor.

  • Previous
    OPNSense
    Next

    OPNSense

    OPNSense -- Forked from pfSense, OPNSense shares a lot of its backend functionality with pfSense. It's most noticeable difference for those trying it for the first time would be OPNSense's more robust menu.

    OPNSense features:
    • Stateful packet inspection firewall.
    • Interface isolation features for LAN, DMZ, etc.
    • Traffic shaping and filtering.
    • Failover cluster firewall support.
    • Multi-WAN support.
    • VPN support.
    • Real Time traffic graphs.
    • Wake on LAN support.
    • Captive portal support.
    • DHCP server and relay.
    • DNS forwarding and resolver support.
    • Packet sniffing options.
    • Extremely simple configuration backup options.
    • VLAN and proxy support.
    • WiFi, UPnP, QoS (quality of service), SSH, port forwarding and triggering options.
    • Advanced menu layout.

    Best for: OPNSense is well suited for anyone looking to see how it compares to pfSense. Like pfSense, it's a fully installable BSD operating system. Unlike pfSense, OPNSense is comparatively young. Another thing to be aware of is that the level of support and documentation isn't anywhere near as robust with OPNSense as you'll find with pfSense. So while OPNSense does feel a bit more newbie friendly, I'd suggest that OPNSense may be best as a second choice to pfSense until you've personally determined that it's going to meet with your workplace needs.

  • Previous
    Untangle
    Next

    Untangle

    Untangle -- Many people might not realize that Untangle was released in 2007 as an open source firewall solution. Flash forward to now, Untangle is still a major player for those looking for an enterprise firewall that offers a straightforward user interface.

    Untangle features:
    • Geolocation by IP features.
    • Time of request for authorized parties.
    • Port restrictions.
    • White and blacklisting.
    • QoS, advanced filtering, and the ability to extend its capabilities with add-ons.

    Best for: I firmly believe that Untangle is best for business environments that need a set it and forget it appliance. Untangle is perfect for the business that doesn't have a dedicated IT department to keep the firewall up to date and secured.

  • Previous
    Which is the best open source firewall for your business?</h2>
    Next

    Which is the best open source firewall for your business?

    My advice in determining which firewall is best for you is to consider the following. Age of the project and support available. Both pfSense and DD-WRT have both extensive age and robust communities to seek out help if needed.

    Still, there's a lot of benefit in trying out the other solutions mentioned above. They key consideration of course is to make sure whatever you choose is always patched and up to date. After all, none of< this matters if security of your firewall isn't job one.

Whether it be for home or for your workplace, chances are you've encountered an open source firewall. And if you haven't, you really should check out what these open source firewalls have to offer. In this article, I'll share the open source firewalls I've admired, used in the past and heard good things about. Keep in mind that the needs of your workplace may vary, so be sure to review the features of each firewall solution carefully.



0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 

IT Management Daily
Don't miss an article. Subscribe to our newsletter below.