SonicWall vs pfSense Opinions

[ere109]

Do many folks here have experience with Sonicwall?
I'd been reading and exploring hardware options for a pfSense device attached directly to the incoming connection for my home network. One option was to install ESXI on my NAS, and try to pass ethernet straight through to a pfSense VM. I also read about various "Mini PC" hardware available online (I searched Amazon, but bet it's even cheaper on Ebay). I was just about to bite the bullet when a friend said his company was throwing away some old SonicWall NSA2400 devices. He gave me one. It's a 1U rack unit, so very big and cumbersome in my media closet.
But is a Sonicwall "better" than a standard pfSense install? It's commercial vs freeware, but I also saw that various add-ons are available for an additional license. Perhaps there's much more I can do with pfSense, in which case, steer me back in a direction.

 

[Dice]

One option was to install ESXI on my NAS, and try to pass ethernet straight through to a pfSense VM.

I ran this setup for a year or so. I will revisit the setup once the IT infrastructure allows again.

 

[Mirfster]

While I don't have personal experience with SonicWall, I do use pfSense. However, I prefer my firewall to be on a separate device so I have a NetGate SG-4860.

Prior to that I ran DDWRT on DLink DIR-825s which worked well enough for me and was cheap. Also, I have used Cisco ASA 5505.

I would say to go ahead and try out the SonicWall since it is free (not sure about licenses) and give pfSense a whirl in a VM. That way you get exposure to both and can choose what works best for you.

If you end up loving pfSense (which I think you will) you can always backup the config and restore it to a physical box (if desired).

Last thing I will mention is to make sure that if you have high speed internet (120mb +) that the firewall is capable of handling that speed. The Cisco ASA 5505 was only rated up to 100 mb and my ISP is ~200 mb so that is why it is collecting dust now. ;)

 

[danb35]

While I don't have personal experience with SonicWall, I do use pfSense. However, I prefer my firewall to be on a separate device so I have a NetGate SG-4860.

Ditto on all this, except that I'm using a SG-2440 instead. I bought mine a couple of years back; I don't think I'd buy one today--they've jacked up the price by $200 (when I bought, the bare, non-pfSense-installed, without-support-subscription, unit was $350, while the unit with support was $550; last I looked both versions were $550), but I still like having it on its own device so that hypervisor upgrades don't take down the whole network. Even at $350, the Netgate devices were pricey; the Zotac units are probably a better deal.

 

[Mirfster]

Ditto on all this, except that I'm using a SG-2440 instead. I bought mine a couple of years back; I don't think I'd buy one today--they've jacked up the price by $200

Totally agree, they used to be a better deal. Also wish that they had holes in it for actual wall mounting.

I've heard about Zotac in the past and may give them another looksy.

 

[silverback]

At home, running pfSense on esxi with multiple nic's passed through work flawlessly for me. The trouble being every time you reboot the host you lose your network.

I currently use this: https://www.amazon.com/Firewall-Micro-Appliance-Gigabit-AES-NI/
More expensive because of AES support, and just works.

 

[ere109]

Thank you all. After a lot of hardware research, I was seriously considering the Zotac, listed below, but did find one user review that said the unit randomly reboots (may have just been one user). At $156, this wouldn't hurt too much. I'll start with the Sonicwall (which is rated at 75mb/s throughput, and my connection only goes up to 50), and play with a pfSense vm.
https://www.amazon.com/gp/product/B0728F8JS5/ref=ox_sc_sfl_title_1?ie=UTF8&psc=1&smid=ATVPDKIKX0DER

 

[danb35]

If you buy (or repurpose) hardware for pfSense, make sure it supports AES-NI--that will be required in the 2.5 release.

 

[Jailer]

my connection only goes up to 50

Another option with a connection of that speed would be pcengines APU2C4. I have one and recently set up a friend with one. Latest pricing was $170 shipped for a complete kit and they are good for about 450 Mb connection. Only downside is VPN speed is a bit limited at around 50Mb if you plan on running a VPN.

 

[ere109]

Another option with a connection of that speed would be pcengines APU2C4...

I notice they use AMD processors. I had read somewhere that Intel hardware is the most compatible with pfSense. Many reviews even insist on only Intel.

 

[Ericloewe]

@m0nkey_ has one of those APU boards, or something similar. I'm not sure what he's running on it at the moment, though.

 

[Jailer]

Many reviews even insist on only Intel.

Well don't tell that to my little APU that's been chugging along for about a year running pfsense without a single issue. ;)

 

[m0nkey_]

@m0nkey_ has one of those APU boards, or something similar. I'm not sure what he's running on it at the moment, though.

I do indeed. Running pfSense right now. Prior to that it was running FreeBSD and for a short period, OpenBSD.

 

[ere109]

Excellent. Then I'll consider it. I'll consider it even more after tonight. I did a factory reset on the SonicWall and discovered that it has an outdated firmware - and I have to buy a maintenance package to get the updated version...

 

[ere109]

Yep, I've been banging my head against the wall since yesterday. Without an active license, nearly everything on the sonicwall is disabled. Then it occurred that I might be able to install my own software on the hardware, but my reading so far has indicated that this is pretty well locked down as well. There goes another day.