Which is better for your small business router/firewall? We’re comparing pfSense, Cisco and Linux / BSD.
I realise pfSense is based on BSD. I realise there are millions of ways to configure a Linux or BSD server. And i realise there are hundreds of Cisco router/firewall models. That’s not the point of this article. We want to compare a pfSense device (a physical device with a web interface) with a Cisco device (something that has at least 2 LAN interfaces on it and a licensed OS) and a Linux or BSD server (that has at least 2 LAN interfaces on it and appropriate firewall and routing software) at a very high and general level. Another way to put the question is,
is it better to build your own firewall/router, use a proprietary system or something between? I’m approaching this form a high level and assume whoever is configuring the device is competent and has the skills to do so.
Here’ what we’re dealing with. We have an Internet connection of some kind that leads to us as an Ethernet cable. We plug that Ethernet cable into the first router/firewall port. We have a second Ethernet cable connecting the second port of the firewall/router to a switch. We’re not factoring in a DMZ because a small business network should be using the cloud for external services such as email, website, etc.
Let’s start with pfSense. You can download pfSense and install it your self on your own hardware. In our case, we’ve not doing that. We’ve assuming we’ve purchased it as a device all ready to go. We plug it in, direct our browser to the appropriate IP address, login and begin configuring it. We get nice features such as unlimited VPN accounts, layer 3 networking with VLANs, firewalls and NAT capabilities. It’s well supported and you can get your hands dirty by logging in at the CLI.
Moving onto Cisco. A little hardware to work with but probably the most reliable device on the market 9generally speaking). It’s well supported and there are plenty of Cisco guru’s around to help out. It’s rare for a Cisco device to have a hardware fault and they’ve been well tested over the year. However, they don’t come with a web based GUI although there are graphical means to configure them but it’s not the done thing. It’s very capable as a firewall and router. You don’t get the feature set that you do with a pfSense but you get plenty.
Finally the Linux / BSD option. You can do just about anything you like here. Firewall, routing, HA, packet inspection, transparent proxy’ing and so much more. However, the time taken to build and configure such a device is far more than the other two options. It’s easy to keep a Linux server up to date and there are plenty of Linux guru’s around to help. you can get special versions of Linux and BSD specific to the tasks of routing and firewalls.
Summary. Yes, this is a short article. I opt for the pfSense. It’s the best of both worlds. A physical device that’s been tested by the open-source community, great reputation, easy and quick to configure and has everything a small business needs for such a task.
I’m not saying the other two options aren’t right. I’m simply saying that as an IT person who moves around from one place to another, it’s nice to have a great product with a web interface that’s priced well and reliable.
large businesses would be using Cisco or HP gear and that’s perfect. Small businesses who want to save night opt to use some old hardware and put Linux on it and use that as the firewall but i’d suggest this will be the wrong choice in the long run.