IPFire vs other open source firewalls

Looks like they all pretty much the same. Being both built on linux they should equally supports the same apps.

Personally though, IPFire UI is terrible.
 
Realistically how do these open source firewall vendors compare to the likes of a FortiGate or Palo Alto? I cant imagine recommending this for a business.
 
MDKza said:
Realistically how do these open source firewall vendors compare to the likes of a FortiGate or Palo Alto? I cant imagine recommending this for a business.
Click to expand...
Why recommend Fortinet to a business when it is the most hacked and compromised systems on planet Earth? Fortigate has more vulnerabilities than Windows XP.
 
Last edited:
r00igev@@r said:
Why recommend Fortinet to a business when it is the has most hacked and compromised systems on planet Earth? Fortigate has more vulnerabilities than Windows XP.
Click to expand...

See thats the difference. You've heard of them because its well documented and well known if there are issues.
I personally dont even use FortiGate but better to know that never find out right ?
 
MDKza said:
See thats the difference. You've heard of them because its well documented and well known if there are issues.
I personally dont even use FortiGate but better to know that never find out right ?
Click to expand...
So just praise them for doing their job?
You would be talking out of your bum hole should you be implying that open source does not disclose vulnerabilities and only Fortinet does...
In actual fact the opposite is true. Fortinet sits on vulnerabilities without disclosure and it's well documented.
 
MDKza said:
Realistically how do these open source firewall vendors compare to the likes of a FortiGate or Palo Alto? I cant imagine recommending this for a business.
Click to expand...
Most issues people encounter is performance related but it is normally hardware related because opnsense is just software, whereas forti* provides the hardware as well so it is tested to work without issue.

Other reasons businesses may choose forti* products is because it will come with access to support whereas as opnsense there is no one to call.

As far as security goes, opnsense does conduct LINCE tests on their revisions which one can view to check for vulnerabilities.
 
Fortigate chows all the freebee / open source firewalls.The trick is to know how to use all the features that these main stream fws offer.There is a reason why they cost alot of money ....
 
MDKza said:
Realistically how do these open source firewall vendors compare to the likes of a FortiGate or Palo Alto? I cant imagine recommending this for a business.
Click to expand...
Pfsense and OPNSense are basically pretty solid but the main thing missing as far as I can see is effective Layer 7 filtering.

There is an argument that this is better to do on the endpoint these days rather than the network firewall which I think has some merit but I'm not sure where this is supposed to leave you with devices connecting to mobile and guest networks which may not be managed.
 
InvisibleJim said:
Pfsense and OPNSense are basically pretty solid but the main thing missing as far as I can see is effective Layer 7 filtering.

There is an argument that this is better to do on the endpoint these days rather than the network firewall which I think has some merit but I'm not sure where this is supposed to leave you with devices connecting to mobile and guest networks which may not be managed.
Click to expand...

thats were guys like Forti absolutely chow the open source firewalls , eg there was another thread regarding DoH filtering , and people were suggesting 3rd party.Well the big guys have all this integrated into the device.
 
I am a roll my own iptables++ sort person in general, but I've read a good review on NethSecurity https://nethsecurity.org/ recently and have been considering installing it on an old laptop to play with.
 
kidcolt said:
I am a roll my own iptables++ sort person in general, but I've read a good review on NethSecurity https://nethsecurity.org/ recently and have been considering installing it on an old laptop to play with.
Click to expand...
You can use openwrt + apps to do exactly the same.
OpenWRT as well as Nethsecurity are now on native nftables and that architecture is superior to any monolithic ripoff provided commercially.
 
ubercal said:
thats were guys like Forti absolutely chow the open source firewalls , eg there was another thread regarding DoH filtering , and people were suggesting 3rd party.Well the big guys have all this integrated into the device.
Click to expand...
www.linkedin.com

Tom Lawrence â on LinkedIn: Fortinet is dumpster fire with a $45 billion dollar market cap. I am⦠| 84 comments

Fortinet is dumpster fire with a $45 billion dollar market cap. I am reading through the Fortinet FortiSIEM CVE-2024-23108 RCE and it's a mess. The entire⦠| 84 comments on LinkedIn
www.linkedin.com www.linkedin.com

IMO Palo Alto is a more mature offering in their approach as they have less flotsam.

However, what everyone misses is that Azure, Amazon, google, Cloudflare and basically the significant majority of cloud providers use open source firewalls. When aggregated across the Internet real estate open source firewalls is chowing proprietary solutions.
 
r00igev@@r said:
What is worse at ignoring an attack and stopping a compromise?
1. Fortigate firewall
2. Microsoft Defender
3. Windows XP

The answer is not (3).
Click to expand...

You seem to be personally hurt by what I said but it wasnt an attack on you or the product. I've just worked with a few open source solutions, I've also worked with "semi-pro" paid ones and I work a ton with high end paid stuff.
I just personally cant ever seem to recommend open source stuff or "semi-pro" solutions to customers.

Whats your experience with Forti that makes you dislike them so much? Like I said its not my vendor of choice.
At the end of the day none of the products are worth anything if you dont configure them correctly.
 
MDKza said:
You seem to be personally hurt by what I said but it wasnt an attack on you or the product. I've just worked with a few open source solutions, I've also worked with "semi-pro" paid ones and I work a ton with high end paid stuff.
I just personally cant ever seem to recommend open source stuff or "semi-pro" solutions to customers.

Whats your experience with Forti that makes you dislike them so much? Like I said its not my vendor of choice.
At the end of the day none of the products are worth anything if you dont configure them correctly.
Click to expand...
You seem to be the one who has been touched on the studio. We talking about open source solutions and its now derailed to a thread with you bashing open source.
You seem to assume that something that is more expensive is better just by its price and not by its function.
You also have a binary view of technology that assumes that any criticism assumes hate.
Any technology is meaningless unless applied in an appropriate fashion.
Case in point as people purchase a network firewall as an example to have a checkbox ticked for cyber security and in the process miss seeing the wood for all the trees.
Companies like Fortinet market their product instead with the primary purpose of making a sale instead of making a customer more secure.
In truth it's weak to follow this strategy as you become no better than anyone else who has wasted perception over function. The Gucci crowd who ridicule someone who has made their own clothes.
Is Facebook inferior because they have no Cisco? Is CloudFlare useless as they haven't ever bought any commercial firewall, never mind a Fortinet?
The true maturity of an IT professional is the ability to abstract solutions from vendor propaganda.
It is an irritant as many enterprises engage in a mediocre model of engagement as far as their technology stack is concerned as they follow an analyst induced path of deployment. All zombies who have been numbed into irrational fear by Gartner who gauge worth by payment made and not actual business value delivered.
As you state the products are worthless when not configured properly it means that understanding the underlying theoretical knowledge of technology is paramount. There is no difference to this knowledge between open source and commercial systems and in actual fact this knowledge is suppressed in commercial systems so that the vendor can land bigger and lazy fish.
 
Last edited:
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X