Which Firewall is RIGHT for YOU? pfSense vs. UniFi

For years, I used pfSense. You can make a hobby out of tweaking it (which I did). But, now that I'm nearly 70, I'm at the point where I just want things to work, without having to overthink settings. So, when Ubiquiti came out with the UCG-MAX, I bought one just to play with in my lab. 2 or 3 days into playing with it, I decided to make the switch from pfSense to UniFi. It's a bit more fun, and a lot less to think about. For me, it's a nice change.

tac

I am a network engineer, tried pfsense at home. but eventually I didnt need that much complexity. So I switch back to unify. I value the ease of use. but both are great. love both

ELIKESBIKES

Thanks for this comprehensive comparison. I see our friends from Untangle aren't even a consideration anymore and I have retired all those devices about two years ago. Just installed a new location with a full UniFi last weekend and then the next day the software update to version 9 and the policy-based routing. So far it's working great. Since I am also a pfSense fan I think UniFi has caught up feature wise to most configurations I deploy with pfSense.

RonV-hh

Thank you for clarifying that you can run unifi networks without having a unifi account. That is specifically why i came to your channel. 🌻

moeinio

I was going to switch to pfSense, but as the features of the routers have finally caught up to a very decent level, I just don't need it now. As my main business is not networking, just an out-of-hand hobby haha, it meets the needs for my heavily networked home where we have 3 people making a living or remote-working that way, plus I donated my older UI gear to a school and am able to help monitor and remotely fix things for them (they are a 10 hour drive away if the weather is bad). I really like that the equipment is super reliable as well. They have confusing and overlapping product ranges that were not really an issue before, and the POE+++ is not actually a standard, and the RSTP implementation still has problems sometimes. But I've used their gear for 15ish years now, and no regrets. The same is true for the Protect system. The refinements and no EOL for a lot of their stuff for a very, very long time, is also providing confidence in upgrading my own equipment every once in a while and then offloading the older stuff to those who need it and/or could benefit from improved networking.

wiebowesterhof

Could you do a video where you go through the FWs you deploy and what criteria you use to determine what you suggest?

RT-iypu

Did you ever do a video about adding let's encrypt to the UDM pro series hardware? If not, could you do a step by step. Thanks

sonikempire

I migrated from pfSense over the summer to a UDM Pro Max. Mostly for the single plane of glass management and the ease of maintaining it. There are some things missing but nothing I really actually needed so I'm pleased with it. Need to take time and migrate to the new firewall rules just haven't yet.

mcol

I have been using pfSense CE for a few years now. It works great and without issues. Most features are easy to find and setup. A quick search finds everything else.

For me and my home lab, I see no reason to jump ship.

justinpatrick

I moved from PFsense to Unifi and do not regret it. I have fully bought into the Unifi ecosystem for 6 sites now (including my house). I only wish they could keep their products in stock more haha. Needing to buy 2 more of the PDU-Pro and they have been out of stock for too long - and that's just one example.

mattgofastgo

Thanks for the video Tom! I was concerned with the UDM reviews I was seeing with the VPNs and firewall rules but this video has shown much needed improvement in the UDM's management.

I have proceeded with an order for a UDM Pro Max and am looking forward to seeing how that journey plays out. My firewall journey has been from crappy home routers to pfSense, pfSense to OPNsense, and now hopefully from OPNsense to UDM.

SgtKilgore

For client VPN, you put Tailscale for pfSense and Teleport for Unifi, but you can easily use OpenVPN or Wireguard for client devices with Unifi, too. That's how I used to client VPN to a Unifi-run network from a Windows computer, before Teleport was available for PC.

rfh

Been using pfSense since 2017. First bought the Netgate SG-2440 and still in use in my test lab area (learning and testing stuff). Been using a 6 port NIC Brick PC for many years now running CE edition. No plans to change. Does all I need it to and I am quite familiar with the system (many thanks to Tom here and some others for the great videos). Getting a new 1U Atom C3758R unit with 2.5GbE as my new pfSense system.

JohnDoe-lgmh

I’ve had the Cloud Gateway Max in my home setup since last August and I recommend it highly.

jberg

Did I understand you correctly, that the XG can be configured and managed entirely 'on prem'? Erroneous or not, I'm nervous about entrusting the configs to cloud (encrypted backups is one thing, live configs quite another) and my understanding was their stuff was all cloud based so I always skip over them. Not sure why I watched this one, but I did, and now I'm curious :)

davelloyd-

pfSense for no/low cost implementations, but honestly the Cloud Gateway Ultra for $129 is really hard to beat for ease of use. I've been running pfSense in the homelab for 8+ years, and it's been fantastic. Just take an old computer, put in a dual nic, and away you go. But for a customer or business that you may need to remote into and manage multiple devices (APs, cameras, switches, etc.) the Unifi ecosystem makes it incredibly easy. I also have installed Netgate devices for places that use OpenVPN just for the additional features and support pfSense and Netgate deliver. Also kudos for Netgate support; even at the lower "email only" support levels, they've been quick to answer and are able to fix problems I don't have the ability or time to fix.

TwoHeadsBrewing

I was a senior systems integrator and internet architect back in the day. I was at 9/11 doing early InfiniBand, DWDM multiplexers and fiber channel if that tells you anything. Anyway, BSD is hardened. Linux is dogish. There's a reason BSD is used on most firewalls and "ease of use" never entered the picture. Having said that I grow tired of monkeying with pfsense. But at the same time I will be damned if I'm buying vendor locked security appliances particularly Ubiquiti. And at this point I'm too damned old to be hacking together my own thing. I was just curious what the kids on the streets were using these days. Thank you for the video.

GhostBear.Goldsmith

i use both, pfSense on the outer perimeter; defense in depth, treat the network in-between as a DMZ.

DanMackAlpha

It`s been years that I use both of them. At home, my main firewall that is my backbone is a UDM-Pro (unifi), to complete, I have some pfSense running in my ProxMox cluster. To be able to do home user stuff, Unifi is great and simple but for more advance stuff, pfSense is better !

ianaway

I am running Unifi controller on my QNAP NAS controller in docker. No virtualisation? Seriously ? What am I doing wrong?

oldfisherman