NGFW
Last updated
Was this helpful?
Last updated
Was this helpful?
Open Source NGFW is always my choice when it comes to securing the network infrastructure from external and internal threats. I have chosen the top 5 from my experience.
As per : “A next generation firewall (NGFW) is, a “deep-packet inspection firewall that moves beyond port or protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.”
Though there are many and free NGFW (Next Generation Firewall) Software that you can use to transofrm a bare-metal hardware appliance into a powerful and effective Unified Threat Prevention and Management Solution.
I have been advocate of open source systems since 2000 and today in particular I will emphasis on open source next generation firewalls that I have been using since 2005, when I first built a UTM box using Untangle.
I have tried and tested many and today I am going to share with you my top 5 Selections of hundreds that I have tested in last two decades.
I made a video and wrote the article to give flexibility, means those who like reading they can read and those who want to watch and listen, they can see the video.
Here is the video on YouTube where I have shared the same information.
From my personal experience I have used many, but I am sharing those which as best as per my choice. I have built UTM based on these systems for my home, business, offices and many customers.
When selecting Open Source NGFW, we consider various factors to chose one. My selection is in fact based on my favorite Systems. And all of them are best fit for any application. I have considered various features to chose the Firewall and my selection is based on;
Advanced Security
Functions, Applications, Modules and Addons.
Addons and Integration
Popularity
Flexibility
Performance
High Availability
Hardware Independence
Innovative
Simplicity
Support
Reports and Dashboard
Management Options
Centralized Management
First of all, my selection is totally for Free Systems and related free applications. Where you can use the NGFW Software and your Hardware to built your own UTM. Each Firewall has the common features like;
Base Firewall
Networking Function
Routing Functions
DHCP and DNS Server
NAT and Port Forwarding
QoS
Captive Portal
Modern Web UI
VPN (Site to Site and User to Site)
Open Source / Free License / Community Version
Constant Updates
The features vary, as there are various features which are free in some are paid in some systems. I have considered only free applications for my review, but ranking is based on mainly popularity and recommendations.
You can download ISO file from the website and can Install the system on your dedicated hardware.
I have also created a playlist where you can find detailed information and tutorials of all 5. Where I have covered Introduction, Installation, Setup and Configuration. I have explained you how You can Turn your spare PC to World Class Next Generation Firewall.
If you want to watch my YouTube video . Please watch the video till end so that you can get clarity of which appliances will best fit for you. Last appliance is not open source but I will let you know about a Powerful Free Version.
I consider these best and free firewall of all the times. One of these 5 is not opensource, but you can have free license for lifetime. Which I will explain you in review.
My review will help you to chose the best open source or free system that will best fit for your need. Be it a home or office network of any size. I will help you to chose the best fit.
Let us begin the review now;
In Untagnle NGFW You can use variety of apps for free that include
Firewall
Intrusion Prevention
Phish Blocker
Virus Blocker
Ads Blocker
Spam Blocker
Application Control
Web Monitor
Captive Portal
Open VPN
It has a built-in Dashboard and Reports tool for monitoring and to get information about who is accessing what and when.
Untangle keeps on enhancing the platform. Threats and Security Updates are automatically applied to all relevant applications.
To to get advanced features and better protection against threats, you need to pay a subscription for each paid app you want to use. But still free apps do a lot.
You can use this for any size of network. You can protect your home and office for free. It is very strong, secure and reliable.
The most valuable features are not available in Untangle for free. Like web filtering, policy maker, traffic shaping, advance antivirus and spam filter.
This platform is widely used in Brazil and Italy
Community Edition includes a basic suite of security features;
Stateful Packet Firewall
Basic Web Security
Basic Email SEcurity
Open Source Antivirus
VPN (IPSec and SSL)
Easy to install and use.
Endian provide Realtime monitoring, logging and reporting of Network activities, resource usage and bandwidth.
It has a built in Dashboard and Reports tool for monitoring and to get information about who is accessing what and when.
Centralized Management of Endian is not available in community edition.
When I was using it, latest Security Updates and Definition updates had to be manually downloaded and updated.
This is another open source firewall. But Community Edition does not offer any technical support and have limited features.
Community Edition of Endian NGFW is best fit for home Networks only but for Business Endian UTM professionals will be required.
Applicaiton Control, Advance Security, advance content Security, Some VPN Features, Event Reporting and Centralized Managment.
OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
This platform is widely used in Austria, Switzerland and Germany
You can use variety of features for free that include;
VPN Server
High Availability
Load Balancing
Traffice Shaping
Captive Portal
UTM Device
Firewall / Router
DNS/ DHCP
The robust and reliable update mechanism gives OPNsense the ability to provide important security updates in a timely fashion. OPNsense offers weekly security updates. A fixed release cycle of 2 major releases each year.
he interface is well organized, it is easy and institutive. Menu system is great, it if in fact a nice and clean layout. Even if you are not very technical, you can still configure the system easily. I must say, if you want to use pfSense and you are not much technical then go for OPNsense because it is a user friendly version of pfSense.
It also has a built in Dashboard and Reports too for monitoring and to get information about who is accessing what and when.
Telemetry Edition is Free which is good for home or small office use but large networks Business Edition gives you a Commercial Firmware repository with some professional Plugins.
Free Edition is good for Home and Small Office. I will not recommend OPNSense for Large scale organization.
Much technical documentation is not available.
pfSense is highly flexible as compared to all previous that I explained, you can do detailed configuration of your network that I have explained in pfSense Tutorial. I will not consider is as NGFW by default, but the flexibility of installing addons and application it is a perfect NGFW.
pfSense can be installed on a variety of Hardware Appliances even very low specs hardware can be used. If you are a highly technical network engineer, then you must go for pfSense because you will get flexibility and variety of options to configure each and every aspect in depth.
Belgium, Canada, Germany, Philippines, Sweden and Brazil
VPN Server
High Availability
Load Balancing
Traffic Shaping
Captive Portal
Intrusion Detection and Prevention
Transparent Caching
Web Content Filter
And many more.
Pfsense is not user friendly at all. I feel the product still needs improvement, navigation of application. Ready made profiles and configruation is not available. Which means you need to configure everything manually from scratch. Need to assign the Network Interface using text console on Monitor. OpenVPN configuration takes time, in fact all the aspects of configuration takes time as you have to go in depth to do the configuration of each and every aspect.
Dashboard is available with configurable widgets where monitoring of hardware, network traffic, usage can be done. As I said earlier, who is doing what and when can be seen.
Centralized Management is not available in pfSense. Centralized management is possible through DynFi. Which is free for up to 3 appliances.
Negate periodically release new versions that contain new features, updates, bug fixes, and various other changes. In most cases, updating an installation is easy.
There is also a cloud based version by netgate.
pfSense+ is held for 3rd-party application options, proven reliability, and access to business assurance support options. Where Netgate provides professional and enterprise-class technical support arrangements. But if you can manage everything by yourself then you don’t need to go for pfSense +
The solution is very robust, I will recommend it for anything large scale. Though it doesn’t how big you are, public or private pfSense community Edition fits everyone’s need. But if you are a skilled Network Engineer then you must go for it. It needs a lot of administration. The basic concept of pfsense is Firewall and Router, not the Unified Threat Management. Though there are addons available for this. But I must say It is powerful and for businesses you must go for it.
Product needs improvements in various aspects of UI. It doesn’t have user-friendly interface. Ready made profiles are missing. Important addons are not installed by default. Layer 7 Advanced firewall features are no included in the solution.
Finally, Sophos XG Firewall
If you want to implement SOPHOS in your business, then you can use only Commercial Product.
SOPHOS is not open source firewall, but the product that I am going to talk about is free. Yes, free NGFW for home users only.
Free Home Edition will help you to access various features.
Increase Internet Bandwidth
Protect Kids Web Surfing Habits
Solve Spam Mail Problems
Access Home Network from Anywhere
Stop Viruses in Web and Email
Sophos is most popular globally. UAE, Germany, Switzerland, Kenya, South Africa, Australia, Saudi Arabia, Pakistan, Japan, Nigeria, India,, Malaysia, Indonesia, Thailand, United Kingdom
Rules and Policies
Network Protection
Web Protection
Application Control
Email Protection
Web Server Protection
VPN
UserPortal
Home edition is easy to install similar to other systems that I discussed previously. Deployment is simple, you can run setup wizard and on completion of wizard, predefined IPS, web, apps and traffic shaping policies will start working. You can customized the based on your needs. Common deployment scenarios are already configured in policies.
You can monitor on real time using the Control Center which is Dashboard and can also monitor current activities.
Reports are also available.
Central Management is available in Sophos Central only for Business.
Not required for Home Appliance, but you can access the configuration from anywhere.
Definitions are automatically updated regularly.
Home Products are Limited but Business Products are all about complete protection. SOPHOS is one of the top ranking companies in Magic Quadrant by Gartner. SOPHOS doesn’t have any community Edition for Business.
Three free version is best Appliance for Homes and personal use. For businesses there are plenty of systems available.
It is Free for Home Users only. It is not open source. Even Free for home also has some key features missing like Definitions updates and so on.
It is very clear that cyber-security is becoming increasingly important and IT security budgets are going to grow. NGFWs are also contently enhancing. Currently I am using Untangle on Office Network, pfSense for for Virtual network in Virtualized Environment and Sophos at home.
Today, Nextgen firewalls add features like behavioral analytics, malware detection, and content monitoring to prevent unauthorized access and data exfiltration.
Tomorrow, AI Based NGFW will act proactively to protect the network before the attack is even detected.
Here I will be only focusing on the brief introduction, key features and why I am using these systems. And I have explained all the systems with detailed tutorial and the configuration in separate play list which is available on playlist.
Before we start. Please don’t forget to subscribe to and press the bell icon.
is a Debian Based network gateway with pluggable modules for various network applications. It is another open source firewall. I must say it is an ecosystem of technology applications, or ‘apps’. The system is one of the easiest platforms to use, because of its simplified UI.
I have ranked at number 5 because of its popularity. This platform is widely used in the United States and Canada.
If you are looking for user friendly system. Then go for Untangle. It is easy to learn and easy to configure. Complete Installation and Configuration is GUI based, even the Network Interface Configuration is done on WebUI through VGA. It is simple to install and configure. Most of the aspects can be configuration by running wizards. With basic skills you can configure . You don’t need to monitor the Untangle firewall all the times. Once deployed then you will have peace of mind.
You can also centrally manage your all appliances using the and mobile app.
™ is a pure open source. It is a “turn-key” linux security distribution that turns every system into a fully featured security appliance. The software has been designed with “usability in mind” and is very easy to install, use and manage, without losing its flexibility.
,is one of the most popular open source, easy-to-use and easy-to-build HardenedBSD based firewall and routing platform.
The real open source firewall is ****®, because this software is totally free. It is customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface.
** is a world leader in IT security and data protection. Sophos has various Commercial Products and Services .
In this review I will be mainly talking about which is a fully equipped software version of the Sophos UTM firewall, and it is available at no cost for home users for up to 50 IP Addresses. As it has become very important to secure and control networks at home. Since COVID19 Pandemic Kids are now at homes using computers and the Internet most of the time.
