I USE Netgate pfSense for home networks, lab environments, and R&D. In production, professional career-wise, I have built pfSense production firewalls that run in various configurations and high availability for different organizations serving a different number of clients and servicing any amount of requests throughout any given day.
It also serves thousands to tens of millions of requests a second a day from small to large deployments.
Netgate pfSense is an extremely flexible solution. It is an open-source tool that has a very large community of professionals, enthusiasts, and hobbyists alike. There is a lot of flexibility in doing whatever you want with it. It also offers enterprise-grade support so that you can have something equivalent to the Cisco enterprise-grade data center firewall product. You could build that with pfSense or OpenSense, which is a derivative of pfSense.
The initial benefit I saw of pfSense was way before I ever used it professionally. It is a robust tool that can replace your consumer-grade firewall router solution. I also saw immediate benefits in my professional career as it is a powerful solution that can be compared to other solutions like Palo Alto or Meraki today.
Netgate pfSense can be a fully functional L7 firewall. You can not only have the base Layer 3 functionality of the firewall, but you can add things like Snort and pfBlockerNG to build out and become an L7 firewall doing actual inspection and security analysis.
It is very easy to add and configure features to Netgate pfSense.
pfSense has a built-in auto-configuration backup. While that is technically data loss from the sense of protecting the firewall, it is a feature Netgate offers to every pfSense user, licensed or not. You get this feature if you have a Netgate appliance. Just using pfSense won't get you that. There are third-party packages you can use to set up pfSense configuration backups if you don't have pfSense Plus.
In terms of data loss outside of that, you configure it in a way that puts it as a security device. By default, pfSense is not inherently a security device. It is a Layer 3 filtering firewall. If you want it to be a security appliance beyond basic TCP/IP Layer 3 filtering, you can run Snort or pfBlockerNG to turn it into a security appliance. Doing so can aid in data loss prevention by using the tool for basic intrusion detection prevention.
Netgate pfSense provides a single-pane-of-glass management capability. Its dashboard has a lot of prebuilt functionality, allowing you to have a single-page view of the firewall's status and everything going on with it.
pfSense Plus provides features that help us minimize downtime as a supporting part of the infrastructure.
pfSense Plus provides visibility that enables us to make data-driven decisions. The kind of data-driven decisions that could be made with information from pfSense are things like how much bandwidth I am using and what is the throughput of all my band connectivity.
I can also decide whether I need to go from a 1 Gig network to a 10 Gig network or a 2.5 Gig network and whether I need to increase my commit for my WAN circuit because we see that we are averaging above 99%, etc. The kind of decisions that it can help you make are related to your network and your connectivity.
The visibility that pfSense Plus provides helps us to optimize performance. It could help you to improve performance on the network side. It is, after all, a firewall router, so it is a network piece of equipment. It could help improve performance in that if you are actively monitoring, pulling data from pfSense, or actively reviewing the different types of information and graphs that pfSense provides, you could make decisions to see that a machine is consistently using lots of network traffic.
I have been using Netgate pfSense for 15 years.
I have pfSense Plus in production. I have both pfSense Plus and pfSense Community Edition (CE) running at home. They are essentially the same, and the only difference between them is the support and auto-configuration backup.
Overall, I rate the solution a nine out of ten.
I use pfSense for my home network firewall. I also manage two Cloud platforms that use it.
Netgate pfSense is flexible allowing for modifications to meet our needs.
With my strong security background and experience managing pfSense, adding and configuring new features is a breeze. While some might encounter challenges, my expertise allows me to navigate them with ease.
pfSense impressed me with its ease of deployment and low maintenance. It excels in protection and firewall functionality and offers a wide range of add-ins to further customize my network. After considering alternatives like OPNsense and Untangle, pfSense emerged as the perfect fit for my needs.
The single pane of glass provided by pfSense makes it easier to determine issues related to attacks and what is being blocked. I can see live logging of the firewalls and what rules apply to what.
pfSense does a good job helping prevent data loss using Snort which identifies and blocks suspicious traffic before it enters our network.
pfSense Plus offers a visibility feature that helps me optimize network performance. The dashboard displays clear traffic graphs and device load information, and I can customize it to show exactly what I need.
The total cost of ownership is extremely reasonable. pfSense is a good option, especially for people conscious of recurring expenses.
The most valuable features of pfSense are the high availability that easily allows failover to a backup unit and the Snort integration with pfSense and WireGuard.
Netgate pfSense can improve by adding a different OS layer other than FreeBSD.
I have been using Netgate pfSense for ten years.
Netgate pfSense has been stable.
pfSense's scalability is highly dependent on the hardware you choose, but despite this, it offers a strong ability to handle increased network demands overall.
In addition to pfSense, I have used OPNsense, WatchGuard, and Cisco. The WatchGuard rules were more straightforward than pfSense. New pfSense users might find deciding between floating and interface rules for specific scenarios confusing.
The installation is easy for those who are comfortable with command-line interfaces. It is quick and straightforward but they have to be careful when assigning the internal or external net because that can be challenging for some.
One person is enough to deploy.
Netgate pfSense is competitively priced. The 4100 box is a good box for the price.
I would rate Netgate pfSense nine out of ten.
Before deploying pfSense in your lab, I recommend checking the pfSense forums to learn about any potential issues or considerations other users have encountered.
I work in IT at a German insurance company, and I studied computer science. I also work in the network sector, so I know a lot about network solutions. I work with VPN solutions, Fortinet, and other products. For me, pfSense is a private home solution for my family. It's not the solution in my company.
I use pfSense as a firewall appliance, and the function is very good. But I think it's for users with more experience. It's not a solution for beginners.
If you are a professional, it's not difficult to add features to pfSense and configure them. But it is difficult if you are not.
I utilize the core features. I have pfBlockerNG, SquidGuard, OpenSSL, and WireGuard. So, these are the core features I need.
The core benefits are that I can virtualize it with platforms like Proxmox or VMware, and I can buy third-party appliances. And Netgate offers a lot of hardware possibilities.
pfSense offers a lot of things that help to prevent data loss and intrusion, protect telemetry information, and so on.
pfSense gives a single pane of glass management. But for me, it's not a problem because I have one appliance, but I think if you manage a lot of appliances, it could be better. It's important to be able to centralize management if I have 10 or 20 appliances.
I use pfSense Plus, it's called the "Zero-to-Ping" license [TAC Lite]. It's a very good solution, but it's a bit too expensive for private use. pfSense Plus is very good, but, for example, if I want to add another pfSense appliance for a cluster, it requires two licenses. For private use, if I want two licenses, it's very expensive.
pfSense Plus provides features to minimize downtime. One of the key features is ZFS. It's the file system. ZFS is very important for backups. I can make snapshots, and that is very good to make backups.
I am satisfied with the visibility that is provided by pfSense Plus. It is very good and optimizes performance because the hardware acceleration is very good for IPsec, SSL VPN, OpenSSL, and so on. This is very good support from pfSense.
The best feature is a function called pfBlockerNG. In pfSense, you can whitelist and blacklists for IP addresses or dangerous DNS sites. The top feature is the VPN. It's a very good SD-WAN solution and a very good VPN engine. It supports a lot of VPN techniques; it supports IPsec, SSL VPN, and WireGuard. It's the core feature of pfSense.
The flexibility is very good; we have a lot of possibilities. You can connect it with different WAN connections, whether you have a cable provider or fiber.
The feature list is good. For me, it's more important that we have fewer patches and better stability compared to OPNsense. I think OPNsense is too big. They support a lot of things, but pfSense is better. I think pfSense is better for stability.
The only thing that could be better is the hardware compatibility for LTE devices. This is a bit tricky for me; I wish the hardware compatibility were better for LTE devices.
I wish the FQ_CODEL limiters were improved. They're very good, but the FQ_PIE limiters don't work well. FQ_PIE limiters are important for cable modem connections. In Germany, we have a lot of cable providers for these interfaces, and the FQ_PIE limiters don't work well in pfSense.
I have been using it for eight to ten years. It has been a very long time. pfSense is very popular in Germany.
I use the latest pfSense Plus version.
The stability is very good.
I use it for my family, for maybe 20 or 30 devices. It's not a big environment.
I utilize the pfSense forum and the community forum, and it's okay for me.
My preference in comparison with OPNsense is pfSense. I think it is better; it is stable.
The difference is that OPNsense has more features, but also has more bugs.
For me, pfSense is stable. It's better for my use case.
The deployment process is very good. For example, I can set up a new appliance and boot directly from a config file. This is very good.
It's very simple. I download new images, and during the boot process, if you make an image, you have a directory. In the directory, you make the config file, and then you can directly boot with the setup. You can boot a finished version. It's a good thing.
I use it on-premises. The on-prem version is very good. The software is good.
Maintenance depends on the features you use. If you have a proxy server with SSL introspection, sometimes it creates a small firewall size. If you have an easy firewall setup, then it's not so complicated. It depends on your environment and feature settings.
I did the deployment myself without the help of third parties or anything like that. It's very simple. I have enough skills because I studied computer science and work in the network sector. It's not a problem for me.
It took me ten minutes to deploy it.
The ROI is good. pfSense is a very good solution, not only for home use, but also for middle-sized or larger companies.
In comparison with pfSense CE (Community Edition), pfSense Plus is a little bit too expensive. The pricing is a little bit high for private users.
With the inclusion of the firewall, VPN, and router functionalities, the total cost of ownership of the pfSense Plus solution is very good because pfSense Plus has a lot of features. For the VPN features, it is good for the total cost of ownership.
I can recommend it if you are a professional or if you know what a firewall is.
It is a very good solution for the home sector, for companies, and for larger companies. I would recommend it to a lot of companies.
Overall, I would rate it an eight out of ten.
I use pfSense for my home monitoring. It's used to build a subnet in my home environment to separate the IoT and my daily lab.
PfSense can separate the network into subnets, which I can't do with an ordinary home router. It is relatively simple to add a multiple gigabit network port on the home router. For example, I can buy customized hardware with 6x 2.5 GbE. It helps me optimize performance. I use pfSense as my reverse proxy and have a single interface for managing all the SSL certificates using HAProxy.
The best feature of pfSense is that it can be installed on any customized hardware. I don't need to use Netgate hardware. I like the dynamic DNS update and firewall feature. Adding features is easy. If a feature is built-in, I can check it, install the package, and convert it. If it isn't built-in, I can't add it to pfSense.
PfSense's interface could be improved. For example, the menu is ordered alphabetically instead of logically. The reboot button should be located near the shutdown, but it's in alphabetical order. Also, Netgear should create a home license for pfSense Plus for non-commercial use.
I have used pfSense since 2020, so it's been about four years.
I rate pfSense six out of 10 for stability.
I haven't tried to scale pfSense. I only use it locally.
I rate Netgate support five out of 10. They are helpful for basic questions, but if I ask something more complicated, they refuse because I am not a higher tier of support. The response time is acceptable.
Neutral
I used OpenWrt before pfSense but for a relatively short period. PfSense is more feature-rich than previous solutions.
Deploying pfSense is a bit complicated, but It's nothing I can't handle. It requires some maintenance, such as when they release updates.
PfSense saves me the time I would spend doing things separately. For example, building a VM to set the rear-end policy would take a lot of time.
If it's not the free community edition, pfSense is relatively expensive for home use. It's okay for commercial use. The cost of ownership is low. I can save about a hundred dollars annually.
I rate Netgate pfSense seven out of 10. I recommend pfSense for advanced users. It's a good solution if you want to learn more about networking in a company environment/.
I primarily used the solution to replace Cisco, which was horrible. I wanted something super simple. We needed something that would make the change process within my network easier.
I started with a small trial when I wanted to replace my Cisco switches. I liked that this was open source and I was able to test a few things. The capabilities of configuration made it so that I didn't have to test other options and I could translate my configuration the way I wanted to.
It's easy to configure segments in a network and the routing is good.
It is super robust. The flexibility is great. It's the main reason I switched off of Cisco. Everything is very intuitive.
I have a pretty complex network. With this, I can do some segmenting. I can have specific firewall rules to make my network as secure as possible.
It's so easy to use. I use the VPN features a lot. It's great.
It's simple to add features. There's lots of documentation and Youtube guides to help you. I did not need specialized training thanks to this knowledge base. As long as you have a background in networking, it's pretty straightforward.
You can add other software packages to pfSense.
Between the free and paid versions, I do not see something that would make one better than the other. However, I bought the pfSense appliance to ensure I had a nice piece of hardware to save and protect my network.
pfSense does provide good visibility into my network so that I can make data-driven decisions. If I need to troubleshoot anything, I can go and look at the data, the statistics, and the graphs. I don't do this daily; I do it only if I notice strange behavior.
It helps us optimize performance - especially in terms of internet use.
While the software is great, they could work on improving the hardware. The interface is a little bit sluggish. When I installed it on a random computer, the performance was pretty crisp. However, on the device itself, it's slower. I'd like to see them decrease storage and increase speed. With storage, you can always add more. However, you cannot make CPUs faster.
I've used the solution since September 2022.
I've never experienced any crashes. It's quite stable.
It's a pretty beefy appliance. That said, thus far, I have no need to scale. At the time, I went with the biggest offering they had in terms of appliance size.
I've only contacted technical support in order to get a device replacement. I've never experienced any issues.
I previously used Cisco. It was difficult.
The initial setup is moderately easy. I struggled a bit. It's a bit tricky at first. However, within a couple of months, I had a really good setup. Now, it's working flawlessly. The deployment took a few months. The first month was a lot of troubleshooting. By the second month, I was fine-tuning. By the third month, it was completely up and running.
There isn't too much maintenance. The device is almost maintenance-free. Every once in a while, there are updates. The backup is automatic after configuration. I don't have to worry about that.
I handled the setup by myself.
The pricing is good. I'm not locked into any kind of subscription. Since I bought the appliance, I have it until it breaks.
I'd rate the solution eight out of ten.
I wouldn't recommend pfSense to somebody who has no limited network. While pfSense, for me, was pretty easy to set up, it does have so many features that you could easily get confused. I would recommend it to anybody with experience as a network engineer, not just a beginner.
Our most common use cases are for our corporate firewalls, and currently, I'm using it as our school firewall. So it's our perimeter firewall. So, we're running three firewalls on our network.
So we have separate networks each because we have, like, different use cases. So we're running three at the moment.
We've been running it for six years now, and so far, it's been good.
Netgate pfSense has been utilized to create and manage VPNs within our organization. So we're running pfSense with VPN on one of our private cloud providers. So we're using IPSec VPN on that.
For everyday tasks, we just get alerts. It's anything that's suspicious, including from our Netgate. So, it's part of how we maintain cybersecurity in our school. This is working alongside our endpoint security solution.
We were using an open-source endpoint solution for that. So we're integrating that with the one we have on pfSense.
The ease of use. Like, it's easy to manage the firewall, rule-wise and interface-wise. For me, it's quite easy and friendly to use.
We have a set of rules so that it can manage all of our rules. We have a complex network here in our school. We have a lot of rules running, so it's really easy to match all of those rules using pfSense.
Integrating pfSense with other products was a bit tedious at first. We researched and tested for about a month, so it was not too hard but not instant.
For the third-party packages, I'd rather have it built-in, like a core feature of pfSense, part of the core model. This feature of pfSense would be great, instead of relying on a third-party module.
I have been using it for six years.
It's about 95% stable, not perfect, but quite reliable.
If I needed to scale it and merge our pfSense machines into one, I'd prefer a dedicated hardware appliance instead of running multiple x86 servers on the firewall.
We have around 4,000 endpoints.
I reached out to support for an unusual CPU usage issue after an upgrade. They were responsive, and even though I ultimately found a solution, they were helpful in diagnosing.
Positive
We used Fortinet. We opted for pfSense because of budget limitations. pfSense was a more affordable solution for our requirements.
pfSense is easier to manage and offers modularity for features. With FortiGate, everything is there, but we might not need everything, and too many features can be challenging.
The initial setup is very straightforward and intuitive.
We use the pfSense software directly and install it on our rack servers. So, we're adding three instances of that.
I handle all the deployment processes. I am the core manager for the entire infrastructure, so I manage and deploy everything.
I consider how many users and gigabytes we expect on the network and try it on a test network first to validate before actual deployment.
Just my core team members manage the whole deployment, so that's enough for us.
Migrating the old one to the new one took around a month because we have many rules, and the new Netgate was quite different.
From the maintenance perspective, it is not difficult at all.
While configuring or maintaining pfSense, we had high CPU usage on one firewall, but the GPAC subscription provided a good response. The support team was helpful, and we resolved it in a few hours. So, we had good support because of the support subscription.
We just have the yearly support subscription.
I just found pfSense online. I just tried it out on a home lab and found it worked well enough for us. So, just started out, like, searching online and responded and tried it.
I would advise you to try to estimate your network first and do a test network just to have a proof of concept of what you want to run and check the routes you want to run against your network, making sure that your requirements are valid before deploying it.
Overall, I would rate the solution a nine out of ten.
THe solution is used as a primary gateway with two lease lines of 450 Mbps total. Around 200 users are under it.
There is no server or database in the environment. Users use only the internet extensively. We have three separate locations in the same building. Web filtering, IDS/IPS are the obvious requirements. Squid and Snort open-source packages are installed.
Our organization is ISO 27001 certified.
An active directory was implemented to control IAM. Synology NAS with RAID for file sharing and off-premise data backup on the cloud. We have mostly L-2 switches to connect nodes.
Endpoint security product is another layer of security there.
The Netgate 6100 Max Model is equipped with pfSense Plus software. We configured it last week and replaced the Mikrotik router. There are many improvements, including more visibility, more control over Internet usage, and a robust VPN (no license required).
There are multiple lease lines and load balancing, reserve or restrict bandwidth based on traffic priority, and user data transfer quotas.
We have almost no complaints about low speed, choking of the internet, or link problems. Now we can see and observe connections logs also. Usage reports are another improvement.
It's an ideal gateway solution for small and medium businesses, i.e., around 300 devices can be easily handled.
We received a simple router, however, there are various tools/software to install to activate the full feature of pfSense plus products such as Squid for proxy, Snort for IDS/IPS, Squidguard for content filtering, etc. You can find many open-source software under the package manager tab on the dashboard of pfSense.
Traffic shaping and load balancing are excellent features.
pfSense Plus software is a powerful firewall, router, and VPN solution that leverages a number of highly-regarded open-source projects. The software competes effectively with far more expensive commercial alternatives and is used by hundreds of thousands of businesses, educational institutions, and government agencies all over the world. Leading secure-networking features and capabilities include:
Ad blocker (pfBlockerNG)
Captive Portal
CARP/HA
DNS Server
DHCP Server
HTTP transparent/web/reverse proxy (Squid)
IP/Country block list (pfBlocker)
IDS/IPS - Snort
Packet capture/inspection
Port forwarding
QOS/rate limiters
Software load balancer (HA Proxy)
Traffic monitoring
Traffic logging, statistics, and graphs
Traffic shaping
VLAN
Wake-on-LAN
Website blocker (pfBlocker)
and many more packages. Just install and play with it.
There must be a wizard section as per the use case. For example, if we need a simple firewall there must be an auto-install of most required packages. In the same way, if we need a more strict firewall, then different configuration settings.
There must be a more easy-to-use GUI.
More documentation should be available within the package manager.
A visible ON/OFF button must be there and can be easily configured as required.
An additional non-us electrical plug must be inside the box.
There should be an option to upgrade RAM (i.e. 8GB to 16GB). It can enhance the capacity of the proxy server.
I bought this solution 15 days back and configured it last week.
It's an enterprise product and very stable.
The solution is very easily scalable.
As of now, we have not taken support.
Positive
We were using a simple Mikrotik router with the limited capabilities of a firewall.
It's not straightforward to set up. That said, it is not complex. Just use Netgate documentation and get help from YouTube resources.
We implemented it via an in-house team. My system admin configured it with the help of available documentation.
The solution offers matchless ROI. There is no license for the VPN and no annual fees. It is a simple product.
The product is very cost-effective and has no requirement for additional licenses.
The setup is not easy. Users need more technical expertise to configure it. This is not advisable for non-IT users.
We checked Sophos and Sonicwall. Due to more configurable options and lower prices, and even no requirement of licenses, we decided to move to pfSense.
This is the best solution with very impressive cost-effectiveness.
We use Netgate pfSense as a firewall solution for small and medium-sized businesses.
Netgate pfSense offers firewall protection, VPN access, and a range of monitoring tools.
Adding features to pfSense is easy to do through the wizard.
Netgate pfSense is well documented, and the interface is easy to use when we consult the documentation.
Netgate pfSense was recommended, so the benefits were immediate.
It provides a single wizard. Some third-party tools out there allow us to manage remotely. It also helps us optimize performance by enabling us to turn features on and off.
With the inclusion of firewall, VPN, and router functionality, we love pfSense's total cost of ownership.
The most valuable features are the alerting and local monitoring.
We are a security shop. It would be very useful if we could place pfSense appliances in customer environments and remotely manage them.
I have been using Netgate pfSense for four years.
Netgate pfSense is relatively stable. It has been running for four years now without any issues.
The scalability is limited without upgrading the appliance.
The technical support offers great quality and good response times.
Positive
The initial deployment is not a plug-and-play out of the box. It takes a little bit more than that. For us, it takes ten to 20 minutes for one person to deploy one pfSense firewall.
Netgate pfSense has a great pricing model.
I would rate Netgate pfSense ten out of ten.
Maintenance is required for software updates.
