Is NethServer better than a dedicated utm distro?


(Vlad) #1

Am I crazy or are you guys saying that ns is better than a dedicated utm distro?
I am planning on building out a sophos utm router/firewall, should I look into using ns instead?
I am a bit of a noob so does it make sense for me?


NethServer vs Endian
Great Success/Deployed Nethserver 6.9
#2

Sophos :anguished:

Sophos is not Open Source, and read carefully the EULA…They are collecting data :cold_sweat:
For a security feature…This is contradictory at least.

Yes, Nethserver is better in way that it’s totally open source AND free, other UTM solutions are closed or paid.
All ClearOS free stuff is weaker, all Untangle free stuff is weaker.

Now if you want firewall/gateway ONLY, go for pfsense or opnsense, but it you want a little more… Nethserver exist.

.


(Alessio Fattorini) #3

Yes, why not? NethServer is a full-featured UTM firewall. What are your aims? Please add some details.


(Vlad) #4

Well when I was looking into ns I thought it was just an enhanced centos distro with webgui. As I came across of it on discussion about webvirtmanager.
I have been trying to setup webvirtmanager on a centos7 min. Install and was not too successful.

I was looking into using ns for my virtualization/fileserver setup. As I tried the ns in vm and it look nice, and the webvirtmanager setup from the app center was nice and easy, and it worked.

I thought I sould setup ns on my supermicro server and use that to run several vms for my needs and share the data drives for all clients. As I have only one server I want to use it in a double role capacity.
But my existing data pools are on btrfs raid1 and the ns 6.7 does not support btrfs out of the box. I posted a question here and got help on that so I was about to try the setup bit saw this comparison and got confused a bit.

Ps. I also plan to build a router/firewall on lenovo sff pc and planed to use sophos utm 9 on it.
I do not really need an elaborate setup, but my router from optimum does a terrible job with ip reservations and port pass through, hence want to build a custom setup.


(Alessio Fattorini) #5

Not use sophos, give NethServer a try and let us know. It’s a complete firewall UTM solution, trust me.


(Vlad) #6

I will need a lot of hand holding on this one.
I like sophos because it is an out of the box solutions. With ns I will have to figure out what I need and want to install and setup.
But I think it is a nice way to learn something. Will see how far I can take it.

Btw, do you think I can use ns for my main project?
Vm and file server?


#7

It’s hard to said…it’s depend on your skills.

A good way to start is the doc:
http://docs.nethserver.org/en/latest/

Take a look, and you will happen a lot, and the Nethserver gui is clear, and easy to navigate.
For setup the Firewall/gateway, it’s depend of your network.

But already read the doc, and you will see if NethServer feet yours needs :smiley:


(Alessio Fattorini) #8

I’m really interested, why sophos is better for your point of view? Could you compare them?
Try to figure out what you like to achieve and let me know your feelings.


(Vlad) #9

I never said it was better or worse.

I simply do not know.
I said I like sophos as it is an out of box firewall router solution that has all things installed.
Ns is new to me completely, and I got here by looking for a nice simple distro with a webui to control and manage it with. That I can also use for virtualising. Ns came with webvirtmanager that is actually posible to instal as ally attempts of installing ony centos setup failed. So here I am.
I do like ns however just didn’t know it can be used as router+firewall setup. I always knew that you can turn most linux distro into firewall but it is beyond my capability and knowledge. Setups like pfsence and sophos is nice for me as they are already configured ans setup as direct replacement for router and firewall.


(Vlad) #11

Take it easy, why is a simple quesrion have to turn into a distro war?
We all have our preferences, likes and dislikes.
Belive it or not, but until last week, I never heard about nethserver, but I have heard about untangle, pfsense, sophos.
Out of the box means, I install it and all that is needed for the hardware to become a router/firewall is there waiting to be setup. Yoy know like a regular router. When you buy a router and plug it in it also needs setup to work properly.
Yes almost any router will just work, but it will not be secure and will not do what you need untill you set it up. And yes sophos comes totally locked down by default, which might not be a bad thing.

Please, before jumping down my throat read my first question. I was just surprised that ns is a firewall distro as I expected it to be just a setup with a nice webmin like webgui. I am not a linux guru, so it might not be very simple for me to build out router and firewall based on ns. Not that I will not try, but it will be a challenge.


#12

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)


(Alessio Fattorini) #13

No war here, don’t worry :smile:
Obviously NethServer is not like a regular router, buy and plug it.

We are here for you and we have some of the top experts in the field who love a good challenge.


#14

After diddling around with a test install of sophos xg at a client’s home I’m about ready to drop kick it and instead of replacing it with untangle, try using NS as the utm… the lack of centralized reporting… that’s a thing though.

One thing that should work, is that using NS as the utm should allow for the painless install of unifi controller software on the utm…


(Giacomo Sanchietti) #15

I don’t know untangle, can you give an example of centralized reporting?

If CentOS is supported, you should be able to install it on NethServer. Is there any documentation on this?


#16

Whereby all the logs are presented in such a way that an hr director can see all aspects of an employee’s use of the network throughout a day a month later.
All dedicated, true utm’s have a form of reporting engine for the appliance to be reviewed by the non-technical.

Imagine pointing a ‘manager’ to the web proxy logs on NS…

It is, installation is a non issue, by default they’re using tomcat, mongodb, I don’t see where it would interfere with NS, whereas I would never try to run unifi controller by installing it on an untangle install though I’m inclined to believe it would probably work fine.


(Giacomo Sanchietti) #17

It seems cool :smile:
You can use lightsquid for a report on web traffic, and you can extract all network traffic data using ntopng API.
It’s not ready to use, but we can work on it. Maybe a new bounty? :smiley: