Results 1 to 7 of 7
  1. #1
    Newbie
    Join Date
    Dec 2018
    Posts
    6

    Default pfSense vs Untangled feedback

    I've been a long time user of pfSense, and in an effort to broaden my horizons a bit, I decided to give Untangled a try. I'm currently trying to migrate my port forwards and firewall rules over to Untangled and while for the most part it's pretty cut and dry, I do think the dialog box for adding a new entry could be done better. Attached is a comparison of how it's done with pfSense vs in Untangled. It's a lot more approachable with pfSense, despite Untangled having the overall prettier UI. This isn't limited to just Port Forwarding either.

    I'm sure some of it is just practice, but aside from the fact that the pfSense page is a lot more informative, I find the process of adding port forwards to Untangled quite a bit slower.

    Port-forwarding is primarily used for exposing custom service and yet with Untangled it requires extra clicking to get access to dialog boxes required for custom services, particularly if you are remapping different external & internal ports.

    The red underline in the two dialog boxes is super annoying, and just ugly. It's identical to the browser misspelling underline, and just looking it implies an error has been made before I've even entered anything. A better solution would be a red star on the right, or an exclamation point icon to indicated required fields. The red underline should only be used when an entry is invalid for some reason beyond being blank.

    The network layout widget seems like it should be equivalent to the traffic graph in pfSense, but it's significantly less useful for the simple fact that it's just a number instead of a graph. It looks like it should be setup as a graph, but doesn't appear to work that way. 'Network Layout' designation doesn't seem to fit it's function as a bandwidth meter. Network Layout seems to mean 'Network Map' to me.

    I understand that pfSense & Untangled are in the same market, but not exactly the same products and each have different advantages in functionality. I'm not a pf-fanboy, or anything like that, but I think acknowledging where a similar product is doing better and improving your product is just good innovation. pfSense's rules interface, while being a bit more approachable than Untangled's looks like it's rooted in a dated design ethos. On the other hand, pfSense has shortcuts like Aliases that make configuring and reconfiguring the firewall pretty fast.

    Also to consider, Gonzopancho can be hostile at times and Netgate has made poor choices dealing with basically any PR situation in recent years. How the OPNSense/Decisio controversy was handled is pretty ugly. Netgate seems to go nuclear any time someone takes advantage of the open licensing of their product, despite pfSense being entirely based on other open source projects. While pfSense is a very solid product, it's got some technical issues that are irritating to work around for me. All of these things made it clear that I should have more than one solution I'm comfortable with when recommending products to my customers, which is why I'm here.

    I hope that you take the above feedback not as a criticism, but just as an area I think you can do better. I'd make similar suggestions over on pfSense's forum to take queues from your UI, but I genuinely feel like I'd be in danger of getting banned for mentioning another product in a light that isn't 100% favorable to pfSense. I'm interested to see how my suggestions are handled here.
    Attached Images Attached Images
    Last edited by DarkKnyte; 12-11-2018 at 03:17 PM.

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,729

    Default

    Thanks for the feedback.

    Network Layout is meant to show you your layout. Its not interesting to you because you only have 1 WAN and 1 LAN. You can hide it by editing your dashboard if you don't want that widget.
    Its not meant to show historical information nor as a chart. Its also not a "map" of your network because its really just the layout relative to Untangle.
    If you're interested in bandwidth - I would use the Interface Usage widget instead.
    Last edited by dmorris; 12-11-2018 at 04:21 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Dec 2018
    Posts
    6

    Default

    I didn't have the Reports module installed, and this was unavailable due to that. Didn't know it was there. You were right. Thanks.

    Edit: When creating a port forward rule, and start writing everything out, but realize at the end you need the 'advanced' box, it erases your text entry when you click advanced. Why not just default to the advanced box? It's a tiny dialog, so there's plenty of room. You could even grey out the extra entries with a check box that will open them up to editing, rather than regenerating the dialog and erasing what's already been input.
    Last edited by DarkKnyte; 12-11-2018 at 05:00 PM.

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,729

    Default

    Quote Originally Posted by DarkKnyte View Post
    Edit: When creating a port forward rule, and start writing everything out, but realize at the end you need the 'advanced' box, it erases your text entry when you click advanced. Why not just default to the advanced box? It's a tiny dialog, so there's plenty of room. You could even grey out the extra entries with a check box that will open them up to editing, rather than regenerating the dialog and erasing what's already been input.
    I'll attempt to answer these. You likely won't like the answer based on earlier comments.
    I really like pfsense, but I look at that pfsense port forward page and think its a usability disaster. Theres options and words everywhere. I have to fill out a huge survey to create a port forward? I read some of these things as a user and I think - "what the hell is that?" XMLRPC? CARP? RDR? NAT reflection? I gotta crack open google to figure out what these settings mean?
    Yes, some of these are important options for the .2% (what percentage of people are really using CARP in HA setups?). However they're showing users these options to 100% of users and to some extent forcing them to parse and understand these rules. Even if they just say "screw it" and go with the defaults the user is now nervous that they may have answered incorrectly. Worse, a lot of time they'll just start clicking buttons because they are there.

    I shudder to think what lives under "Show Advanced" if that stuff doesn't count as advanced.
    Lets not even start on the details where you check the box to *disable* the rule, not have the box checked to enable the rule. How "No RDR (NOT) [] Disable redirection" has so many negatives even as an engineer I have no idea what this settings actually does. Hilariously it says "Don't use this option" right below. Why is it listed second then? I could go on about this page pretty endlessly.

    You are probably comfortable with this UI because you've used it. It doesn't mean its good or that anything different is bad.

    The goal of Untangle is to keep things simple. Data shows in the huge majority of port forwards there are only 3 variables:
    1) Protocol (UDP/TCP)
    2) Port (the server port is the same MOST of the time)
    3) New Destination/Server

    As such, Untangle shows users three, plus requires a text description and enable checkbox. Adding more options makes the user answer more questions, understand more things, make more decisions. Worse, it gives them more opportunity to click on settings and change stuff they don't understand.
    We strive to still support the configurations for advanced users, but we make the advanced user switch to advanced mode, and then add those options as necessary. They're the minority, not the majority.

    Not saying ours is perfect, but thats some of the reasoning.
    But yeah, it should keep the text value. And yes, it would be nice if the UI validation didn't kick in immediately. Alas, we have bigger fish to fry.

    edit:
    To state the obvious, pfsense and untangle have very different goals, are targeted and different people and markets and are not competitors. Many people compare the two because we're both open source and software, many people are home experimenters playing with the two. We never really list them as a competitor.
    Last edited by dmorris; 12-11-2018 at 06:44 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,118

    Default

    Quote Originally Posted by DarkKnyte View Post
    Edit: When creating a port forward rule, and start writing everything out, but realize at the end you need the 'advanced' box, it erases your text entry when you click advanced. Why not just default to the advanced box? It's a tiny dialog, so there's plenty of room. You could even grey out the extra entries with a check box that will open them up to editing, rather than regenerating the dialog and erasing what's already been input.
    users have been complaining about this for years. myself I wished for a switch that flips the first time you click "Advanced" then all future port forward boxes open up in advanced mode; it could revert if you click "return to Basic" or whatever the button says. However the "Basic" dialog has stubbornly continued to default and annoy one and all through dozens of updates.

    (ok, I'll admit "one and all" may just mean sky-knight and me and now DarkKnyte... but still!)
    Last edited by johnsonx42; 12-11-2018 at 06:57 PM.

  6. #6
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,118

    Default

    Quote Originally Posted by dmorris View Post
    ...I look at that pfsense port forward page and think its a usability disaster. Theres options and words everywhere. I have to fill out a huge survey to create a port forward? I read some of these things as a user and I think - "what the hell is that?" XMLRPC? CARP? RDR? NAT reflection? I gotta crack open google to figure out what these settings mean?
    I fully agree with this. I took one look at the pfsense screen in the OP's post, egads, can't imagine liking that better than untangle's advanced dialog where you add conditions as you need them. to each their own I guess.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,288

    Default

    I love PFSense, but the idea that it's anything like Untangle or would even be used for the same things is just so foreign to me. PFSense's visibility is atrocious, seriously if I wanted something clearer, I'd be fishing in a well for it. The rule structure is powerful, but overly complex. But, it does what it does in a much smaller system. So I tend to use it for virtual routing loads, and it does exceedingly well as a bridge isolating vulnerable VMs you wouldn't trust the Windows firewall to protect. But, while all that's true, I can get Untangle to do the same work in 1/4 the time, and the reports give me 1000% better view of what's going on.

    PFsense sicking their lawyers on me because I dared to publicly say their name on my website isn't helping... The funny part is I wish I could say the Untangle didn't do that... but it did! However, the former was just being a bully about it, the latter was inventing a channel it had no idea how it would work... so here we are. It's just growing pains.

    Oh, and yes I despise the "easy" port forward rules... they drive me crazy. I love the advance rules, click add, set my flag, click add again set that flag, I can build a custom rule to get exactly what I want in seconds and off I go.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2