I have posted a few times about my home network and in particular all the great things you can do with DDWRT or with PFsense. I recently had my home PFsense firewall have some issues, mainly to a hard drive failure. When I was replacing it, I decided to try a few different versions of firewalls.
The hardware for my firewall is a small ASUS dual core Intel Atom computer, I think it cost me around $80. I then added 2 gigs of RAM and a 100Gig hard drive that I had laying around (which is probably why my hard drive failed). It is now running a 64gig SSD drive. Both firewall versions ran very well on this platform.
From a hardware perspective it is probably an overkill for a router but you never know. Here is a quick view of “top” from my zentyal firewall – Note the IDS suricata running at 20%
PFsense vs Zentyal
User Interface: Zentyal is the winner. I found that their GUI is both easy to use and intuitive. PFsense has everything but can sometimes be confusing with the vast options. One caviot here, Zentyal has a very slow user interface. I just seems to take a long time. The subsection of the interface falls on some reporting. Zentyal seems to be lacking in it’s community version with reporting. Bandwith, traffic, and overall usage reporting is a bit lacking. To make up for this I have installed SARG and also ntop, but more on that in a later post.
Performance: I think this is a tie. For what we do in my home. 20-25ish devices, randing from Tivo to iPads both firewalls have been great. I know when I’ve had family over we have topped 50 devices and had no issue streaming youtube, netflix, and other games.
Configuration: This was a challenge to rate. If you like to just get into the setting pfsense is the winner. If you want to be saved from yourself messing up the setting Zentyal wins. However, I found it really easy to just open up SSH on zentyal and treat it like a Ubuntu system and install my usual applications with very minimal configuration. So from a UI perspective Zentyal saves you, but from the command line it is just ubuntu.
Features: Again this was a challenge for me. I really liked the entire range of features that Pfsense has for router/firewall/ network appliance. Zentyal is an everything appliance. It has a range of features that are beyond a firewall. It can be a small business server, file server, and much more. In the end, I found that I don’t use many of those features from Zentyal, just the firewall. So Zentyal wins for the diversity of features.
Security: I think PFsense wins on this one. Even though Clam AV , SNORT, and other process are difficlut to setup they are very robust. Zentyal has all these features, it just seems that they are very challenging to determine if they are working. The openVPN setup for zentyal was great, however I never got my traffic to be forwarded from internal to the internet. PFSense is a challenge to setup openVPN but it has more configuration options.
Proxy and reporting – One main reason I intially chose a new firewall for ddwrt was to implement a transparent proxy to report on traffic and help on performance. I think both Zentyal and pfsense did this very well. However, the reporting from PFsense appears to be better (especially if you install SARG)
Overall the zentyal experiment has been successful. I think over the holidays I will be re-installing to Pfsense. When I started this upgrade I had intended to use Endian, however multiple issues with the install and configuration caused me to stop that process. Zentyal makes a great small business / firewall solution. I would recommend this to anyone looking for an all around solution and wanted a Windows Small business server replacement. I also read that Zentyal is creating a Exchange Server alternative, that should be very interesting and really make the product stand out.
If you have any questions drop me a line. I love talking about firewalls and performance.