IPFire vs other open source firewalls

[MDKza]

You seem to be the one who has been touched on the studio.
You seem to assume that something that is more expensive is better just by its price and not by its function.
You also have a binary view of technology that assumes that any criticism assumes hate.
Any technology is meaningless unless applied in an appropriate fashion.
Case in point as people purchase a network firewall as an example to have a checkbox ticked for cyber security and in the process miss seeing the wood for all the trees.
Companies like Fortinet market their product instead with the primary purpose of making a sale instead of making a customer more secure.
In truth it's weak to follow this strategy as you become no better than anyone else who has wasted perception over function. The Gucci crowd who ridicule someone who has made their own clothes.
Is Facebook inferior because they have no Cisco? Is CloudFlare useless as they haven't ever bought any commercial firewall, never mind a Fortinet?
The true maturity of an IT professional is the ability to abstract solutions from vendor propoganda.
It is an irritant as many enterprises engage in a mediocre model of engagement as far as their technology stack is concerned as they follow an analyst induced path of deployment. All zombies who have been numbed into irrational fear by Gartner'who gauge worth by payment made and not actual business value delivered.

You're turning me asking your opinion on something to calling me a sheep.
You know nothing about me or the technology I've used and tested for myself yet you preach to me about fanboyism when clearly you are exactly what you hate so much. (Like I've said twice - I dont even recommend FortiGate)

If you're not willing to give your actual opinion on a product when I am just asking a simple question of you then we can rather leave this discussion because clearly you're out to just try and use around the corner methods of insulting people instead of explaining why something is better or worse in a plain and simple fashion.

Like I said I wasnt trying to "attack" you. I've just found open source products inferior on many levels when it comes to implementation, documentation etc.

 

[r00igev@@r]

I've just found open source products inferior on many levels when it comes to implementation, documentation etc.

Without open source SpaceX would not exist. It would be like Boeing.

I've just found closed source products inferior on many levels when it comes to implementation, documentation etc.

 

[CheddarByte]

Pretty much every open-source firewall is exactly that.
Open source, built from the same components with a bit of a reskin, really just down to who's out-of-box experience you like the most, because the features will mostly be in parity.

Will preface this by saying I've done my fair share of deployments on both open-source Linux/BSD & 'vendor' solutions and they each have their advantages which can be summarized as cost vs feature.

You'd be hard pressed trying to find functional differences between most of them.

Most enterprise/paid solutions are costly for a reason, you get the extra features and signatures that take time* to develop and implement.

Regardless of your poison of choice, you're in one of two camps, you're looking at NGFW/Next-generation firewalls that have things like application databases & inspection functionalities that can look into traffic at layer 7 to detect signatures of threats or you're using an open-source solution that can really only do true 'firewall' functions of IP/Protocol/Port rules with some VPN functions bolted in.

There are of course projects like OpenAppID by SNORT https://www.snort.org/downloads#openappid
But these aren't things natively built into a platform and don't give you a working solution OOB.

You'd have to ask yourself, if you had to develop a NGFW with cool features and functions, why would you give it away for free or make it open source?

Also +1 for Sophos XG Home, best 'free' firewall you'll get for home.


TL;DR you're either using open source solutions and doing glorified access control lists on the cheap, or paying a vendor and getting better visibility & security.


*time is money

 

[Hemps]

Playing around with ipfire, see no wan failover which sucks.