If i want to replace pfsense with Sophos can I follow the same instructions you have provided for pfsense creating vlans on the layer 2 switch as well as on the sophos UTM and connect them as a trunk ports. Can you please advise how to create VLANS on sophos if possible. Thank you very much for your help till date mate. Much appreciate it!!! PfSense Plus for cloud Enterprise, Open Source SOLUTIONS Providing comprehensive network security solutions for the enterprise, large business and SOHO, Netgate solutions with pfSense Plus software bring together the most advanced technology available. Both UTM and pfSense offer DHCP to their LAN side, presented in a nice DHCP lease table. In Sophos UTM, from here you can press “Make static” and it’ll bring up the network host creation dialog with the host MAC, current IP, and hostname all pre-filled. You can assign any valid IP address to this, then save it. For one, pfsense is almost the only one that does any kind of high-availaibility, and certainly the only one that does it gracefully. (Not counting Sophos because I'm not evaluating that one at this time.) Second, NAT pooling is almost unheard of in other distros. OPNsense is most compared with pfSense, Untangle NG Firewall, Sophos UTM, Fortinet FortiGate and Kerio Control, whereas Sophos XG is most compared with Fortinet FortiGate, pfSense, Sophos UTM, WatchGuard Firebox and Sophos Cyberoam UTM. See our OPNsense vs. Sophos XG report. See our list of best Firewalls vendors.

pfSense Appliance Guidance

Pfsense Sophos

The following outlines the best practices for choosing the appliance best suitable for your environment.

Feature Considerations

Pfsense Sophos Utm Ipsec

Most features do not factor into hardware sizing, although a few will have a significant impact on hardware utilization:

VPN - Heavy use of any of the VPN services included in the pfSense software will increase CPU requirements. Encrypting and decrypting traffic is CPU intensive. The number of connections is much less of a concern than the throughput required. AES-NI acceleration of IPsec significantly reduces CPU requirements on platforms that support it.

Captive Portal - While the primary concern is typically throughput, environments with hundreds of simultaneous captive portal users (of which there are many) will require slightly more CPU power than recommended above.

Pfsense Sophos Sg

Large State Tables - State table entries require about 1 KB of RAM each. The default state table size is calculated based on 10% of the available RAM in the firewall. For example, a firewall with 1 GB of RAM will default to 100,000 states which when full would use about 100 MB of RAM. For large environments requiring state tables with several hundred thousand connections, or millions of connections, ensure adequate RAM is available.

Sophos Utm Pfsense

Packages - Some of the packages increase RAM requirements significantly. Snort and ntop are two that should not be installed on a system with less than 1GB RAM.