Netgate pfSense Reviews

I work in IT at a German insurance company, and I studied computer science. I also work in the network sector, so I know a lot about network solutions. I work with VPN solutions, Fortinet, and other products. For me, pfSense is a private home solution for my family. It's not the solution in my company.

I use pfSense as a firewall appliance, and the function is very good. But I think it's for users with more experience. It's not a solution for beginners.

If you are a professional, it's not difficult to add features to pfSense and configure them. But it is difficult if you are not. 

I utilize the core features. I have pfBlockerNG, SquidGuard, OpenSSL, and WireGuard. So, these are the core features I need.

The core benefits are that I can virtualize it with platforms like Proxmox or VMware, and I can buy third-party appliances. And Netgate offers a lot of hardware possibilities.

pfSense offers a lot of things that help to prevent data loss and intrusion, protect telemetry information, and so on. 

pfSense gives a single pane of glass management. But for me, it's not a problem because I have one appliance, but I think if you manage a lot of appliances, it could be better. It's important to be able to centralize management if I have 10 or 20 appliances.

I use pfSense Plus, it's called the "Zero-to-Ping" license [TAC Lite]. It's a very good solution, but it's a bit too expensive for private use. pfSense Plus is very good, but, for example, if I want to add another pfSense appliance for a cluster, it requires two licenses. For private use, if I want two licenses, it's very expensive.

pfSense Plus provides features to minimize downtime. One of the key features is ZFS. It's the file system. ZFS is very important for backups. I can make snapshots, and that is very good to make backups.

I am satisfied with the visibility that is provided by pfSense Plus. It is very good and optimizes performance because the hardware acceleration is very good for IPsec, SSL VPN, OpenSSL, and so on. This is very good support from pfSense.

The best feature is a function called pfBlockerNG. In pfSense, you can whitelist and blacklists for IP addresses or dangerous DNS sites. The top feature is the VPN. It's a very good SD-WAN solution and a very good VPN engine. It supports a lot of VPN techniques; it supports IPsec, SSL VPN, and WireGuard. It's the core feature of pfSense.

The flexibility is very good; we have a lot of possibilities. You can connect it with different WAN connections, whether you have a cable provider or fiber.

The feature list is good. For me, it's more important that we have fewer patches and better stability compared to OPNsense. I think OPNsense is too big. They support a lot of things, but pfSense is better. I think pfSense is better for stability.

The only thing that could be better is the hardware compatibility for LTE devices. This is a bit tricky for me; I wish the hardware compatibility were better for LTE devices.

I wish the FQ_CODEL limiters were improved. They're very good, but the FQ_PIE limiters don't work well. FQ_PIE limiters are important for cable modem connections. In Germany, we have a lot of cable providers for these interfaces, and the FQ_PIE limiters don't work well in pfSense.

I have been using it for eight to ten years. It has been a very long time. pfSense is very popular in Germany.

I use the latest pfSense Plus version.

The stability is very good.

I use it for my family, for maybe 20 or 30 devices. It's not a big environment.  

I utilize the pfSense forum and the community forum, and it's okay for me.

My preference in comparison with OPNsense is pfSense. I think it is better; it is stable.

The difference is that OPNsense has more features, but also has more bugs.

For me, pfSense is stable. It's better for my use case.

The deployment process is very good. For example, I can set up a new appliance and boot directly from a config file. This is very good.

It's very simple. I download new images, and during the boot process, if you make an image, you have a directory. In the directory, you make the config file, and then you can directly boot with the setup. You can boot a finished version. It's a good thing.

I use it on-premises. The on-prem version is very good. The software is good.

Maintenance depends on the features you use. If you have a proxy server with SSL introspection, sometimes it creates a small firewall size. If you have an easy firewall setup, then it's not so complicated. It depends on your environment and feature settings.

I did the deployment myself without the help of third parties or anything like that. It's very simple. I have enough skills because I studied computer science and work in the network sector. It's not a problem for me.

It took me ten minutes to deploy it. 

The ROI is good. pfSense is a very good solution, not only for home use, but also for middle-sized or larger companies.

In comparison with pfSense CE (Community Edition), pfSense Plus is a little bit too expensive. The pricing is a little bit high for private users. 

With the inclusion of the firewall, VPN, and router functionalities, the total cost of ownership of the pfSense Plus solution is very good because pfSense Plus has a lot of features. For the VPN features, it is good for the total cost of ownership.

I can recommend it if you are a professional or if you know what a firewall is.

It is a very good solution for the home sector, for companies, and for larger companies. I would recommend it to a lot of companies.

Overall, I would rate it an eight out of ten. 

We use pfSense as the main office gateway for firewall router access and OpenVPN for remote access.

We wanted to move up to a much more modern integrated system. Before adopting pfSense, we had an old basic router firewall that was starting to get long in the tooth. PfSense gave us more capabilities to monitor and set firewall rules appropriately and have all of the remote login capabilities with two-factor authentication.

I'm much happier because I don't need to see as much stuff in the logs. PfSense is blocking so much of that, and I feel more secure about it. We needed two-factor authentication for node access, and that's been a massive improvement. Also, allowing the staff to access the network remotely and use those applications has certainly helped. It made us more confident in what the firewalls were doing and gave us better controls on remote access. It adds another layer of protection for us.

The solution gives us a single pane of glass management for probably 99 percent of it. I don't need additional network infrastructure to handle the required jobs. The ability to back up previous installations, snapshot them, and go back to them if I break something has helped eliminate downtime. That's handy in terms of getting things up again. 

PfSense Plus helps us optimize performance. We can identify pieces that aren't performing as they should and lock them down or reconfigure functions inside. Our ability to see what's going on with the network has improved quite a bit. 

Remote access with two-factor authentication was a big one for us. Pulling in things like Endpoint NG to monitor traffic has been quite helpful. The pfBlocker has been good. It helps us limit who's trying to bash away at access to the systems.

PfSense has been flexible for us. It's done everything we've asked for. Adding plugins is pretty easy. You go into the little application section and install what you want. The documentation that they have online is certainly helpful. Most things are open source, so you can usually find additional notes about problems. 

One or two of the plugins didn't do what I wanted them to do. Maybe that was a misunderstanding or it's not quite ready yet. Sometimes, it's hard to wrap my head around the way the firewall rules work. 

It has been about a year since we purchased pfSense.

I rate pfSense nine out of 10 for stability. I've only had it lose its brains on me once. That was probably me just configuring something, getting lost, and going around in circles.

I rate pfSense 10 out of 10 for scalability. It's got plenty of scalability, and we're not pushing it unusually hard. 

I rate Netgate support nine out of 10. I've used them a couple of times, and they're prompt in responding. If the issue is outside their purview, they can point you to where you can get the information. Most of my questions had to do with third-party plugins more than the core Netgate infrastructure, which has worked fine.

Positive

It's a bit of work to initially set up virtual networks inside the office, and we have to add several staff members to the various servers and create additional firewall rules. This is a little bit. It isn't simple for a business with lots and lots of internal stuff, but it wasn't hard, either. 

It took a couple of days to get it online, but we spent a week tweaking it until we were fully happy. We needed one and a half people to deploy it. Other people on the network had to help with the configuration.

We've seen a return in the form of time saved. I can rely on it, get the nice logs out of it, and see what's happening. It saves me about 5 percent.

PfSense is reasonable for a business but a little pricey for home use. With the time savings and reliability, it pays for itself. I've been more than happy with the unit we've gotten here for the capacity we need. However, it'd be nice to have nice to have some nice home units that aren't a thousand dollars.

I rate Netgate pfSense nine out of 10. I would recommend it for business use cases. It's not appropriate for someone in a home environment, but it's good for business. 

We have one Head Office and two main offices and other small branches. We want to secure our network from external and internal threats and block all unnecessary ports. We want to create a WAN with firewalls installed at all other offices and branches to connect to Head Office directly.

Overall, our experience with pfSense has been good. We're satisfied with what we're doing, but we have to move forward. It's covering what we require now, but maybe we might need something else in the future. For example, we are implementing ISO 2701, and the regulators could demand something else for compliance if they conduct an audit. And if we're following the policies required by ISO 2701 best practices, then perhaps we need to implement new hardware too because we can't do everything with our existing hardware infrastructure. 

For instance, say I want to block USB access, but I don't have the software. Currently, we use our antivirus software, which is a proper endpoint management tool. We can use it to modify the Windows registry and block everything, I can do whatever I want with the PC on the endpoints. We need to have that, but not everything works without the hardware infrastructure. 

The GUI is easy to understand. 

We had one issue with hardware support. The department head who was managing the solution became the director of the company, but he still has administrator access. And usually, whenever a WAN goes down, we always have a backup, but the hardware doesn't support more than one WAN. And then, if he wants to switch, he doesn't know how to reconfigure it. So we have to wait for the ISP to resume their services, which is not professional.

Also, the GUI is helpful, but it's not user-friendly. It's complicated. It should be more intuitive for the average user and have an excellent graphical view. Of course, the user will typically know about network administration, but it still should be easy to understand. A user should be able to find the feature they're looking for easily, but pfSense isn't so good in that sense.

We're using a flavor of pfSense. It's called XNET. It's a flavor of the pfSense main pfSense build because it's open-source, but it's basically similar to the pfSense build, and we've been using it since 2008.

Not very stable.

Scalable but only if one has expertise of open source configuration of software such as pfsense.

Customer support for any open source product is mostly based on the individuals who have expert knowledge while otherwise we have to resort to other internet sources.

I've used TMG by Microsoft, and it's much easier to manage domains and websites. For example, pfSense has IP-based blocking, but websites like YouTube and Facebook keep using different IPs. TMG blocks the actual domain name. That is one downside to pfSense I've noticed as a basic user.

It was complex and done by the vendor.

We only paid for the hardware and savings were quite high.

This is a good option. If a vendor is trying to sell Fortinet and Sangfor, but the customer's requirements are basic, they'll have a hard time convincing someone who believes in free, open-source software that pfSense is not suitable for them. The only cost is the hardware. But pfSense doesn't have after-sales support or some of the other features you might find in a commercial solution. 

I've heard that Fortinet is slightly more expensive than Sangfor. Then again, if Sangfor comes into the picture, maybe you would consider Sangfor.

I rate pfSense six out of 10. We want a product that has at least two WANs as well as fault tolerance or load balancing features, which pfSense also has, but we don't have the hardware or support. That's why we need to switch. However, if cost is a big issue, then I recommend pfSense for customers who can't afford a paid hardware and software solution. That was our issue because we're a government company, so our assets belong to the government. We have to think about where we want to spend money because it's the taxpayers' money. If your management doesn't understand the need to invest in IT, then you can consider this alternative.

I use pfSense as our primary firewall and router. We use several functions of pfSense, including the OpenVPN capabilities for mobile VPN and pfBlocker for DNS blocklisting. We also use Snort for IPS capabilities. 

The solution helped us secure the perimeter against vulnerabilities. I'm confident in the team's ability to keep things updated and all the security holes patched. It also has security add-ons like IDS, IPS, etc. We realized the benefits immediately.

My favorite thing about pfSense is its overall stability of the product. It's rock solid and low maintenance. I like that aspect. It doesn't cost much, and it's feature-rich, including mobile VPN, pfBlocker, and IPS. You have the flexibility to deploy it as bare metal or VM. 

It's very easy to add features to pfSense and to configure them. The solution's management page offers a single pane of glass view. You can clearly see the various features on the main page, and it isn't difficult to drill down into the other sections for more details. 

I can't say which features Plus provides that the community edition doesn't. I only knew that the Plus edition was the path forward. I was previously on a community edition for many years, but I've been on the Plus edition for at least a couple of years now.

One area of improvement would be better communication. They kind of left a lot of people in the dark and misled them about the pfSense Plus Edition. I feel like they automatically switched people over and then followed that up with a required subscription model. That aggravated a lot of customers, including me, but I stuck with it regardless.

I have used pfSense for nearly a decade.

I rate pfSense 10 out of 10 for reliability. 

pfSense is highly scalable. The only limitation is the hardware you have behind it. As long as you can upgrade your hardware when you scale, pfSense will be able to support it. 

I rate pfSense support nine out of 10. I've typically gotten all the answers I sought when needed. They are highly responsive. I don't think I've ever had to wait more than an hour to get a reply. 

Positive

I wasn't involved in deploying pfSense. I maintain an existing one. For maintenance, you just need to periodically update to the latest version of pfSense Plus and maintain the different rulesets, such as firewall, IPS, and pfBlocker rules. 

The total cost of ownership of pfSense is rather low. After the recent subscription change, it doesn't cost us more than a couple hundred bucks a year. The only other thing I have to pay for is the business Snort license for the IDaaS IPS functionality. 

I rate pfSense nine out of 10. I recommend doing a white box deployment because it's easier on the hardware. I tried pfSense on a Netgate appliance and wasn't impressed with the performance compared to the white box I already had in place. I suggest starting with a spare server you have — Dell, HP, etc. 

pfSense is a nice product, and I find that there's a lot of information out there. There are some good tutorials on YouTube and other websites with helpful information.

pfSense could improve by having a sandboxing feature that I have seen in SonicWall. However, maybe it is available I am not aware of it.

I have been using pfSense for approximately three years.

I have used the SonicWall solution. 

Sometimes firewalls can get a little complicated. I think some of the things about the setup could be a little bit clearer. Maybe something like a configuration wizard or something that would guide you on more in-depth projects.

I'm running pfSense on old hardware, it takes all of 10 minutes to install.

I did the implementation of the solution, it is not difficult.

I like pfSense and I have deployed a number of them. I have approximately four of them in the area that I'm using. I have replaced SonicWall with a pfSense unit. It's a more economical way of using a firewall, and the protection it provides is second to none.

Lonnie Buchmann:
I would say give it a serious look. And especially a lot of times when you're in a small business, this is a really good solution that doesn't kill you with all the technology overhead that you deal with nowadays.

I rate pfSense a ten out of ten.

I had an appliance that died six months ago. Then I didn't want that hardware anymore, so I bought two new servers. A single power supply but dual on a network with three times four network cards. On that, I installed the pfSense (Community Edition).

From inside to outside, I have about 15 to 20 node servers and users going outside. From outside to inside, I have only three tech support people, myself and two other ones. With regard to clients using the platform from outside to inside, on the servers inside, I have about 1000.

I had some outages in the network and we provide services for our company. We sell mobile credits. The terminal gets access to our own server inside the network and if one internet fails, then the other one is still up and we have a back-up link on the devices. 

If the devices cannot send the first IP address, they make use of the second IP address, which is the back-up link to access the servers. In terms of outages, ever since I used pfSense, I have that feature. 

In terms of experiencing delays, the server has the primary IP and the secondary IP configured on the client terminals. The total solution works.

I'm still experimenting with some new features. I want to do a high availability configuration. I haven't done that yet, but I'm using OpenVPN, it's very handy. 

Some suggestions for improvement of pfSense are:

• Adjustment in the interfaces: I had to adjust those interfaces manually and of course that is a great feature that you can restore it but it is immediately also one point for improvement. If you don't have to adjust, if it's just stamped and it works, that's great.
• With regard to the Community Edition, when I installed it, we use Proxmox as an equivalent of PMWorks and I installed the Community Edition in Proxmox. That was very difficult to get to work at first. A lot of tweaking. That is very, very not easy.
• When I'm inside of my network and I go to a URL, the URL points to a server inside my network. It doesn't hang, but I don't get a response. It just stays blank. 
• I can imagine that inside my network, I am going outside, and it points to the public address, so I can reach it. With eSoft, without any adjustment, it worked, and I was able to do that. I went to search pfSense for an option, and I had some documents open to read about how it is done, but it isn't clear enough. It's not that easy. I would appreciate it if I could get easy help on that.

pfSense is very stable. My own disappointment is the appliance only worked for a year and two months. It might be just bad luck, but that was very disappointing.

I had to use pfSense Community Edition on a general desktop. That was done within three hours. It took me three hours just to get the hardware, download the software, and then set it up to get everything working again. 

After that, I ordered the new server with two servers: one has to be active and the other standby. I am going to try higher scalability on it using pfSense. 

The configuration is already on the servers. I did all this myself because of my experience. The utilization of the CPU, etc., it's very low. 

I like pfSense. It doesn't take too many resources and it's very stable.

I did not utilize pfSense customer support. You have documentation, there is enough documentation online to get you through. I haven't actually used tech support. When I bought the appliance, I was entitled to one year of tech support. I never used it, it wasn't needed. 

I previously evaluated eSoft by Untangle. Untangle is an open source company but you have to buy custom add-on's to get it to work. I bought eSoft and it's very good.

I am also the CEO of my company. This technical part, it's not my profession, but I get less and less time to invest, and more time playing around with this stuff. 

When we were growing, a small company, eSoft was small, so I needed a bigger one. I had to reset eSoft every week because of the growing traffic over it. I wanted a bigger one and it was not available. 

What I wanted to do was not possible with Untangle. Untangle was basic stuff. I bought the pfSense appliance and it's open source, but I support the project. 

I bought it and I got disappointed because I again wanted a bigger one. My first choice would be Cisco because of my background but Cisco is expensive.

eSoft was good. Before switching from eSoft to pfSense, Cisco at that time was not an option. 

Every software in our company, every desktop, every server, is open source. If it isn't CentOS then it's Red Hat or Ubuntu. 

Open source was preferred and pfSense was number one on the list.

Ever since the first time I used it, it's very straightforward, it's very easy.

My strategy was to get it connected to the internet first, then apply some rules for forwarding and VPN. 

The first one was very easy to set setup. VPN was not that straightforward but there is enough documentation to get you through it and that helped. 

In terms of time, the Community Edition took very long to install but once installed, to configure, it took around 15 to 20 minutes.

I did the setup all by myself. There is documentation online and that is sufficient. It's good enough, very good support in the documents.

If you haven't invested a lot of money, you will definitely see the return on investment with pfSense because you hardly spend anything, except for the hardware. 

With the appliances, pfSense should look into longevity issues. Your hardware should take, like Cisco's and others, years before they break. In terms of other retailer equipment, it's a safe bet towards pfSense.

That's why I purchased it but I have to look into the high availability. There is documentation of people that I know that are going to get it to work. I'm going to test it because that is our business that we are talking about also.

It should work because of the resale mobile credit for our customers. Another thing I will definitely try is the virtual IP because the virtual IP feature can bridge the two interfaces. The SSL certification is from Google. 

That was it for me, I'm 100% happy.

I prefer appliance licensing with pfSense (Community Edition). 

1. It's free. 
2. It's very stable. 
3. It's only on the hardware, it can be very fast.

Choose the appliances because it is nice to have the hardware cut out for it, i.e. the right hardware for the right software. 

I used to be a Cisco network expert. I used to train people and I've done some Cisco projects myself. I know Cisco by heart but I was less excited about Microsoft, so I went researching for open source solutions and I came across pfSense.

I was able to compare pfSense with Cisco. I used it for a client of mine as well, and it was interesting. After that, I started my own company and I came across pfSense again. 

I looked into pfSense. You have OPNsense from the Dutch and then you have pfSense. I've tried both and I like pfSense more.

I definitely plan to increase using pfSense. I am going for a higher capacity. If power fails or one server dies, or one gateway dies, the other servers will take over seamlessly. That's the ultimate for us.

I would definitely rate pfSense an eight and a half out of ten. Definitely eight and a half, not lower, could be a bit higher. Because it's stable, it's good. If the small issues I've mentioned are worked on then I would go to a 10.

We use it for the backup line for the internet. When the internet is disconnected, we transfer to pfSense.

We only use it for the backup internet connection. It is effective. We have not had any problems.

We have not had any problems with it, and we also do not have a need for any new features. If anything, its reporting can be better. Sophos has better reporting than pfSense. Sophos has more detailed information. pfSense is not as detailed. It is summarized.

I have been using pfSense for six months.

It is stable. I would rate it an eight out of ten for stability.

It is scalable. I would rate it a seven out of ten for scalability.

I have not used their support.

The installation of pfSense is very easy. It took two to three hours.

It is easy to maintain. We did not have to do any maintenance of pfSense since we installed it.

It is free. It is open source.

We have not used the VPN capabilities of pfSense. We also did not have a need to integrate pfSense with any service.

I would rate pfSense a nine out of ten.

We use the product as a perimeter firewall.

We can run it on any hardware.

The product must provide integration with other solutions.

We have been using the solution for ten years.

The tool is stable.

The tool is not very scalable. That is why we are planning to switch to a different product. The solution is used by one administrator and 75 end users in our organization.

I have used SonicWall, Sophos, FortiGate, and Cisco Meraki. The choice of product depends on the context. Netgate pfSense is suitable for small businesses and homes. It is not the best solution for large deployments or branch offices. Sophos and FortiGate would be suitable for large companies.

It is easy to install the tool. We need two weeks to deploy it. One person can deploy the solution. It is also easy to maintain. One person can maintain the solution.

It is an open-source solution.

Overall, I rate the product an eight out of ten.