I just made the move from Zentyal to Nethserver and I’m very pleased. Zentyal 4.1 has abandoned the gateway functions that I needed; Nethserver has those functions, including transparent proxy, web filtering, traffic shaping, firewall rules and multi-wan. This site has about 100 clients on two local networks, blue and green, and Nethserver manages that traffic to and from a 100Mb Internet connection.
I really appreciate the integration of Ntopng. Zentyal didn’t have any built-in traffic analysis tool, so I usually added Ntopng to my servers, but updates often clobbered my installs. I’m used to the idea of green, blue, orange and red interfaces from using IPCop – I use all 4 types on my network – so I like the way that model is used throughout NS.
I have a blacklist filter source that I have used, but I find that the included blacklists that come with NS work very well, and it’s a nice addition that they are automatically updated.
I have found that traffic moves through my NS gateway about 5-10% faster than it did through Zentyal, suggesting that your design is very efficient.
There are a few things about Zentyal that might make useful additions to NethServer.
Upload blacklist from file: Zentyal has no built-in recommended blacklists, but it does allow you to import a blacklist of your own from a tar.gz file.
Export/import confg backups. The NS automatic backup to USB drive is very nice. Zentyal only supported downloading a config backup to a local computer, which would be a useful addition to the current backup scheme. I keep a hot spare gateway running and attempt to keep the primary and backup machines configured identically, so that I can quickly swap them if I have a hardware failure. I found that I could clone the main server to the spare by moving my backup hard drive from one to the other and doing a restore, but the process would be simpler if I could just upload and restore a config file.
In doing the above cloning, I discovered that the server certificate was not part of the backup and did not copy from my main server to my hot spare. Creating a true clone machine would require moving that certificate manually. It would be nice if this could be changed.
Zentyal has a dashboard notification of updates to installed software, which was nice. It seemed like updates came out daily for either Zentyal or the underlying Ubuntu linux. I haven’t seen many updates for NS, and perhaps they are less frequent. (Also, both of my machines are having issues with the software center, so perhaps I’m not seeing them.)
Zentyal used the L7 filter and then dropped it. L7 is a very nice concept but is woefully out of date and really didn’t work well. If there is a better system for packet analysis and traffic shaping based on classes of services (libprotoident looks interesting), that would be a very useful future addition.
A final comment. I could not have moved to NS so quickly without the help of your excellent user docs and a very responsive user/developer community. The resources for learning about NethServer and the quick responses to questions are far better than anything I experienced when using Zentyal. Thanks!