Open Source NGFW is always my choice when it comes to securing the network infrastructure from external and internal threats. I have chosen the top 5 from my experience.
What is NGFW (Next Generation Firewall) ?
As per Gartner : “A next generation firewall (NGFW) is, a “deep-packet inspection firewall that moves beyond port or protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.”
Though there are many Open source and free NGFW (Next Generation Firewall) Software that you can use to transofrm a bare-metal hardware appliance into a powerful and effective Unified Threat Prevention and Management Solution.
I have been advocate of open source systems since 2000 and today in particular I will emphasis on open source next generation firewalls that I have been using since 2005, when I first built a UTM box using Untangle.
I have tried and tested many and today I am going to share with you my top 5 Selections of hundreds that I have tested in last two decades.
I made a video and wrote the article to give flexibility, means those who like reading they can read and those who want to watch and listen, they can see the video.
Here is the video on YouTube where I have shared the same information.
Factors to Consider while Choosing Open Source NGFW
From my personal experience I have used many, but I am sharing those which as best as per my choice. I have built UTM based on these systems for my home, business, offices and many customers.
When selecting Open Source NGFW, we consider various factors to chose one. My selection is in fact based on my favorite Systems. And all of them are best fit for any application. I have considered various features to chose the Firewall and my selection is based on;
- Advanced Security
- Functions, Applications, Modules and Addons.
- Addons and Integration
- Popularity
- Flexibility
- Performance
- High Availability
- Hardware Independence
- Innovative
- Simplicity
- Support
- Reports and Dashboard
- Management Options
- Centralized Management
Here I will be only focusing on the brief introduction, key features and why I am using these systems. And I have explained all the systems with detailed tutorial and the configuration in separate play list which is available on YouTube playlist.
Common Functions of Open Source NGFW
First of all, my selection is totally for Free Systems and related free applications. Where you can use the NGFW Software and your Hardware to built your own UTM. Each Firewall has the common features like;
- Base Firewall
- Networking Function
- Routing Functions
- DHCP and DNS Server
- NAT and Port Forwarding
- QoS
- Captive Portal
- Modern Web UI
- VPN (Site to Site and User to Site)
- Open Source / Free License / Community Version
- Constant Updates
The features vary, as there are various features which are free in some are paid in some systems. I have considered only free applications for my review, but ranking is based on mainly popularity and recommendations.
How to get free NGFW Firewall
You can download ISO file from the website and can Install the system on your dedicated hardware.
I have also created a playlist where you can find detailed information and tutorials of all 5. Where I have covered Introduction, Installation, Setup and Configuration. I have explained you how You can Turn your spare PC to World Class Next Generation Firewall.
If you want to watch my YouTube video . Please watch the video till end so that you can get clarity of which appliances will best fit for you. Last appliance is not open source but I will let you know about a Powerful Free Version.
Top 5 Next Generation Firewall Systems/Software
I consider these best and free firewall of all the times. One of these 5 is not opensource, but you can have free license for lifetime. Which I will explain you in review.
My review will help you to chose the best open source or free system that will best fit for your need. Be it a home or office network of any size. I will help you to chose the best fit.
Let us begin the review now;
Before we start. Please don’t forget to subscribe to Syncbricks and press the bell icon.
5. Untangle Firewall
Untangle NG Firewall is a Debian Based network gateway with pluggable modules for various network applications. It is another open source firewall. I must say it is an ecosystem of technology applications, or ‘apps’. The system is one of the easiest platforms to use, because of its simplified UI.
Popular By Country :
I have ranked Untangle at number 5 because of its popularity. This platform is widely used in the United States and Canada.
Free Applications :
In Untagnle NGFW You can use variety of apps for free that include
- Firewall
- Intrusion Prevention
- Phish Blocker
- Virus Blocker
- Ads Blocker
- Spam Blocker
- Application Control
- Web Monitor
- Captive Portal
- Open VPN
Ease of Use:
If you are looking for user friendly system. Then go for Untangle. It is easy to learn and easy to configure. Complete Installation and Configuration is GUI based, even the Network Interface Configuration is done on WebUI through VGA. It is simple to install and configure. Most of the aspects can be configuration by running wizards. With basic skills you can configure Untangle. You don’t need to monitor the Untangle firewall all the times. Once deployed then you will have peace of mind.
Dashboard and reporting
It has a built-in Dashboard and Reports tool for monitoring and to get information about who is accessing what and when.
Centralized Management :
You can also centrally manage your all appliances using the command center and Untangle Go mobile app.
Updates
Untangle keeps on enhancing the platform. Threats and Security Updates are automatically applied to all relevant applications.
Edition Comparison :
To to get advanced features and better protection against threats, you need to pay a subscription for each paid app you want to use. But still free apps do a lot.
It is fit for use?
You can use this for any size of network. You can protect your home and office for free. It is very strong, secure and reliable.
What is Missing in Untangle?
The most valuable features are not available in Untangle for free. Like web filtering, policy maker, traffic shaping, advance antivirus and spam filter.
4. Endian
Endian Firewall™ is a pure open source. It is a “turn-key” linux security distribution that turns every system into a fully featured security appliance. The software has been designed with “usability in mind” and is very easy to install, use and manage, without losing its flexibility.
Popular By Country :
This platform is widely used in Brazil and Italy
Free Applications ;
Community Edition includes a basic suite of security features;
- Stateful Packet Firewall
- Basic Web Security
- Basic Email SEcurity
- Open Source Antivirus
- VPN (IPSec and SSL)
Ease of Use:
Easy to install and use.
Dashboard and reporting
Endian provide Realtime monitoring, logging and reporting of Network activities, resource usage and bandwidth.
Dashboard and reporting
It has a built in Dashboard and Reports tool for monitoring and to get information about who is accessing what and when.
Centralized Management :
Centralized Management of Endian is not available in community edition.
Updates
When I was using it, latest Security Updates and Definition updates had to be manually downloaded and updated.
Edition Comparison :
This is another open source firewall. But Community Edition does not offer any technical support and have limited features.
It is fit for use?
Community Edition of Endian NGFW is best fit for home Networks only but for Business Endian UTM professionals will be required.
What is Missing?
Applicaiton Control, Advance Security, advance content Security, Some VPN Features, Event Reporting and Centralized Managment.
3. OPNSense
OPNsense® ,is one of the most popular open source, easy-to-use and easy-to-build HardenedBSD based firewall and routing platform.
OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
Popular By Country :
This platform is widely used in Austria, Switzerland and Germany
Free Applications :
You can use variety of features for free that include;
- VPN Server
- High Availability
- Load Balancing
- Traffice Shaping
- Captive Portal
- UTM Device
- Firewall / Router
- DNS/ DHCP
Updates
The robust and reliable update mechanism gives OPNsense the ability to provide important security updates in a timely fashion. OPNsense offers weekly security updates. A fixed release cycle of 2 major releases each year.
Ease of Use:
he interface is well organized, it is easy and institutive. Menu system is great, it if in fact a nice and clean layout. Even if you are not very technical, you can still configure the system easily. I must say, if you want to use pfSense and you are not much technical then go for OPNsense because it is a user friendly version of pfSense.
Dashboard and reporting
It also has a built in Dashboard and Reports too for monitoring and to get information about who is accessing what and when.
Edition Comparison :
Telemetry Edition is Free which is good for home or small office use but large networks Business Edition gives you a Commercial Firmware repository with some professional Plugins.
It is fit for use?
Free Edition is good for Home and Small Office. I will not recommend OPNSense for Large scale organization.
What is Missing?
Much technical documentation is not available.
2. pfSense
The real open source firewall is pfSense®, because this software is totally free. It is customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface.
pfSense is highly flexible as compared to all previous that I explained, you can do detailed configuration of your network that I have explained in pfSense Tutorial. I will not consider is as NGFW by default, but the flexibility of installing addons and application it is a perfect NGFW.
pfSense can be installed on a variety of Hardware Appliances even very low specs hardware can be used. If you are a highly technical network engineer, then you must go for pfSense because you will get flexibility and variety of options to configure each and every aspect in depth.
Popular By Country :
Belgium, Canada, Germany, Philippines, Sweden and Brazil
Free Applications ;
- VPN Server
- High Availability
- Load Balancing
- Traffic Shaping
- Captive Portal
- Intrusion Detection and Prevention
- Transparent Caching
- Web Content Filter
- And many more.
Ease of Use:
Pfsense is not user friendly at all. I feel the product still needs improvement, navigation of application. Ready made profiles and configruation is not available. Which means you need to configure everything manually from scratch. Need to assign the Network Interface using text console on Monitor. OpenVPN configuration takes time, in fact all the aspects of configuration takes time as you have to go in depth to do the configuration of each and every aspect.
Dashboard and reporting
Dashboard is available with configurable widgets where monitoring of hardware, network traffic, usage can be done. As I said earlier, who is doing what and when can be seen.
Centralized Management :
Centralized Management is not available in pfSense. Centralized management is possible through DynFi. Which is free for up to 3 appliances.
Updates
Negate periodically release new versions that contain new features, updates, bug fixes, and various other changes. In most cases, updating an installation is easy.
Edition Comparison :
There is also a cloud based version by netgate.
pfSense+ is held for 3rd-party application options, proven reliability, and access to business assurance support options. Where Netgate provides professional and enterprise-class technical support arrangements. But if you can manage everything by yourself then you don’t need to go for pfSense +
It is fit for use?
The solution is very robust, I will recommend it for anything large scale. Though it doesn’t how big you are, public or private pfSense community Edition fits everyone’s need. But if you are a skilled Network Engineer then you must go for it. It needs a lot of administration. The basic concept of pfsense is Firewall and Router, not the Unified Threat Management. Though there are addons available for this. But I must say It is powerful and for businesses you must go for it.
What is Missing?
Product needs improvements in various aspects of UI. It doesn’t have user-friendly interface. Ready made profiles are missing. Important addons are not installed by default. Layer 7 Advanced firewall features are no included in the solution.
1.Sophos XG Firewall
Finally, Sophos XG Firewall
Sophos is a world leader in IT security and data protection. Sophos has various Commercial Products and Services .
If you want to implement SOPHOS in your business, then you can use only Commercial Product.
SOPHOS is not open source firewall, but the product that I am going to talk about is free. Yes, free NGFW for home users only.
In this review I will be mainly talking about Sophos XG Firewall Home Edition which is a fully equipped software version of the Sophos UTM firewall, and it is available at no cost for home users for up to 50 IP Addresses. As it has become very important to secure and control networks at home. Since COVID19 Pandemic Kids are now at homes using computers and the Internet most of the time.
Free Home Edition will help you to access various features.
Why I use Sophos
- Increase Internet Bandwidth
- Protect Kids Web Surfing Habits
- Solve Spam Mail Problems
- Access Home Network from Anywhere
- Stop Viruses in Web and Email
Popular By Country :
Sophos is most popular globally. UAE, Germany, Switzerland, Kenya, South Africa, Australia, Saudi Arabia, Pakistan, Japan, Nigeria, India,, Malaysia, Indonesia, Thailand, United Kingdom
Modules
- Rules and Policies
- Network Protection
- Web Protection
- Application Control
- Email Protection
- Web Server Protection
- VPN
- UserPortal
Ease of Use:
Home edition is easy to install similar to other systems that I discussed previously. Deployment is simple, you can run setup wizard and on completion of wizard, predefined IPS, web, apps and traffic shaping policies will start working. You can customized the based on your needs. Common deployment scenarios are already configured in policies.
Dashboard and reporting
You can monitor on real time using the Control Center which is Dashboard and can also monitor current activities.
Reports are also available.
Centralized Management :
Central Management is available in Sophos Central only for Business.
Not required for Home Appliance, but you can access the configuration from anywhere.
Updates
Definitions are automatically updated regularly.
Edition Comparison :
Home Products are Limited but Business Products are all about complete protection. SOPHOS is one of the top ranking companies in Magic Quadrant by Gartner. SOPHOS doesn’t have any community Edition for Business.
Is it fit for use?
Three free version is best Appliance for Homes and personal use. For businesses there are plenty of systems available.
What is Missing?
It is Free for Home Users only. It is not open source. Even Free for home also has some key features missing like Definitions updates and so on.
Final Thoughts and Future of NGFW
It is very clear that cyber-security is becoming increasingly important and IT security budgets are going to grow. NGFWs are also contently enhancing. Currently I am using Untangle on Office Network, pfSense for for Virtual network in Virtualized Environment and Sophos at home.
Today, Nextgen firewalls add features like behavioral analytics, malware detection, and content monitoring to prevent unauthorized access and data exfiltration.
Tomorrow, AI Based NGFW will act proactively to protect the network before the attack is even detected.
What are your thoughts, please let me know in the comments section below.