Netgate pfSense Reviews

I have used Netgate pfSense for a range of purposes. Initially, I employed it for VPN connections, mainly for personal and professional use. I also relied on it to maintain network equipment in a professional context. In the professional sphere, I have experience with both pfSense and Juniper, but eventually, I decided to phase out Juniper due to its high costs, especially for updates and the addition of new functionalities. pfSense's cost-effectiveness and the flexibility to transition to new hardware while retaining configurations made it a preferred choice. pfSense also stands out in terms of its rapid algorithm evolution compared to competitors like Juniper. Its scalability is another advantage, where adding a new box or reconfiguring can boost the firewall's capacity.

On a personal note, I use Netgate pfSense to connect to my equipment at the data center. Currently, I have a highly available installation that requires two instances of pfSense. While I considered pfSense for this setup, I had to assess whether OpenSense might offer better features for future requirements before delving deeper into pfSense.

It's worth noting that Netgate pfSense's performance is independent of the hardware it runs on. As I mentioned earlier, its scalability is a strong point. Most functions are readily available, and additional features can be obtained by downloading and installing plugins, which are generally free. When you compare this to the alternative of purchasing a firewall from a different supplier, you'll find that the latter option typically doubles the cost of the firewall itself. This cost increase is often attributed to additional licenses for deep inspection and similar functionalities. While configuring pfSense may require more time and effort upfront, the long-term cost savings make it a more cost-effective choice.   

One concern I have with Netgate pfSense is related to packet filtering. Specifically, issues can arise with certain functionalities like GP, and, at times, there may be bugs. When creating IP lists, I've noticed that synchronization doesn't always function correctly. While it's not entirely dysfunctional, troubleshooting these synchronization problems can be quite challenging.

I have been using Netgate pfSense since 2015-16.

I've experienced certain issues with Netgate pfSense in the past, particularly with the previous version, which was 2.5. It posed several problems. However, the current version appears to be more stable. Nonetheless, I still encounter troubleshooting challenges. For instance, there is an issue where it initially blocks an IP range but releases it after ten minutes. This behavior is somewhat peculiar, and it pertains to IP filtering.

The support for Netgate pfSense mainly comes from online forums. These forums are populated by a significant number of individuals who are knowledgeable in pfSense and its related areas, making it a valuable resource.

The choice of whether to use Netgate pfSense often depends on the company's preferences. In some cases, particularly in Switzerland, there is a strong preference for open source solutions. This choice is sometimes motivated by the desire for open source alternatives and can also be related to cost considerations.

The Initial setup is very easy.

Netgate pfSense is a cost-effective option. If you're not using a VPN, you can acquire a decent embedded PC for around a hundred dollars and install pfSense on it, effectively creating a robust firewall solution. With this setup, you can achieve a throughput of two hundred to three hundred megabits per second without any issues, provided you're handling relatively simple rules. The level of performance depends on the specific requirements and tasks.

If you're considering using Netgate pfSense for the first time, I would recommend giving it a try. It's relatively easy to set up and use, especially if you have some prior knowledge of network and IT work. The user manual provides helpful guidance, and the basic configuration is straightforward. Just ensure you pay attention to the hardware requirements to make the most of it.

It can be rated as an eight for simplicity. However, as you progress and introduce complexities, such as enabling deep packet inspection, adding extra features, or installing multiple plugins, the configuration can become more intricate. I encountered some issues with iOS in version 2.5, but they are expected to be resolved or have been resolved.

We use pfSense as a firewall to improve our security. 

pfSense is viable and works as it's supposed to. It prevents data loss. I've used it on several networks. It's there in the background and just works. It minimizes downtime by running dual WANs and automatically switching between two connections.

pfSense is relatively easy to set up and just runs. It's easy to use. The platform is flexible. We've been able to do everything we've tried. It seems very complete. I'm not using all of the capabilities, but it does what we want to do. 

Once you find what you're looking for, it's relatively easy to add features and configure them. Google helps out. I've been able to do anything I wanted.

The learning curve is a little long.

We deployed pfSense in the last five years. 

I rate pfSense 10 out of 10 for stability. 

It's a small firewall and we have a small network. 

I rate Netgate support 10 out of 10. I've only contacted them a couple of times, and it's been fine. They've responded quickly and done the job. 

Positive

I've only used off-the-shelf routers without a truly community-built firewall product. 

My background is in IT, so the installation is relatively straightforward once you understand a few concepts, but that's normal. I got pfSense running in a day.  d

The price of pfSense is fair. We have a relatively small network, and most of the competitors are pretty expensive. 

I rate pfSense 10 out of 10. It does everything it should do.

I had an appliance that died six months ago. Then I didn't want that hardware anymore, so I bought two new servers. A single power supply but dual on a network with three times four network cards. On that, I installed the pfSense (Community Edition).

From inside to outside, I have about 15 to 20 node servers and users going outside. From outside to inside, I have only three tech support people, myself and two other ones. With regard to clients using the platform from outside to inside, on the servers inside, I have about 1000.

I had some outages in the network and we provide services for our company. We sell mobile credits. The terminal gets access to our own server inside the network and if one internet fails, then the other one is still up and we have a back-up link on the devices. 

If the devices cannot send the first IP address, they make use of the second IP address, which is the back-up link to access the servers. In terms of outages, ever since I used pfSense, I have that feature. 

In terms of experiencing delays, the server has the primary IP and the secondary IP configured on the client terminals. The total solution works.

I'm still experimenting with some new features. I want to do a high availability configuration. I haven't done that yet, but I'm using OpenVPN, it's very handy. 

Some suggestions for improvement of pfSense are:

• Adjustment in the interfaces: I had to adjust those interfaces manually and of course that is a great feature that you can restore it but it is immediately also one point for improvement. If you don't have to adjust, if it's just stamped and it works, that's great.
• With regard to the Community Edition, when I installed it, we use Proxmox as an equivalent of PMWorks and I installed the Community Edition in Proxmox. That was very difficult to get to work at first. A lot of tweaking. That is very, very not easy.
• When I'm inside of my network and I go to a URL, the URL points to a server inside my network. It doesn't hang, but I don't get a response. It just stays blank. 
• I can imagine that inside my network, I am going outside, and it points to the public address, so I can reach it. With eSoft, without any adjustment, it worked, and I was able to do that. I went to search pfSense for an option, and I had some documents open to read about how it is done, but it isn't clear enough. It's not that easy. I would appreciate it if I could get easy help on that.

pfSense is very stable. My own disappointment is the appliance only worked for a year and two months. It might be just bad luck, but that was very disappointing.

I had to use pfSense Community Edition on a general desktop. That was done within three hours. It took me three hours just to get the hardware, download the software, and then set it up to get everything working again. 

After that, I ordered the new server with two servers: one has to be active and the other standby. I am going to try higher scalability on it using pfSense. 

The configuration is already on the servers. I did all this myself because of my experience. The utilization of the CPU, etc., it's very low. 

I like pfSense. It doesn't take too many resources and it's very stable.

I did not utilize pfSense customer support. You have documentation, there is enough documentation online to get you through. I haven't actually used tech support. When I bought the appliance, I was entitled to one year of tech support. I never used it, it wasn't needed. 

I previously evaluated eSoft by Untangle. Untangle is an open source company but you have to buy custom add-on's to get it to work. I bought eSoft and it's very good.

I am also the CEO of my company. This technical part, it's not my profession, but I get less and less time to invest, and more time playing around with this stuff. 

When we were growing, a small company, eSoft was small, so I needed a bigger one. I had to reset eSoft every week because of the growing traffic over it. I wanted a bigger one and it was not available. 

What I wanted to do was not possible with Untangle. Untangle was basic stuff. I bought the pfSense appliance and it's open source, but I support the project. 

I bought it and I got disappointed because I again wanted a bigger one. My first choice would be Cisco because of my background but Cisco is expensive.

eSoft was good. Before switching from eSoft to pfSense, Cisco at that time was not an option. 

Every software in our company, every desktop, every server, is open source. If it isn't CentOS then it's Red Hat or Ubuntu. 

Open source was preferred and pfSense was number one on the list.

Ever since the first time I used it, it's very straightforward, it's very easy.

My strategy was to get it connected to the internet first, then apply some rules for forwarding and VPN. 

The first one was very easy to set setup. VPN was not that straightforward but there is enough documentation to get you through it and that helped. 

In terms of time, the Community Edition took very long to install but once installed, to configure, it took around 15 to 20 minutes.

I did the setup all by myself. There is documentation online and that is sufficient. It's good enough, very good support in the documents.

If you haven't invested a lot of money, you will definitely see the return on investment with pfSense because you hardly spend anything, except for the hardware. 

With the appliances, pfSense should look into longevity issues. Your hardware should take, like Cisco's and others, years before they break. In terms of other retailer equipment, it's a safe bet towards pfSense.

That's why I purchased it but I have to look into the high availability. There is documentation of people that I know that are going to get it to work. I'm going to test it because that is our business that we are talking about also.

It should work because of the resale mobile credit for our customers. Another thing I will definitely try is the virtual IP because the virtual IP feature can bridge the two interfaces. The SSL certification is from Google. 

That was it for me, I'm 100% happy.

I prefer appliance licensing with pfSense (Community Edition). 

1. It's free. 
2. It's very stable. 
3. It's only on the hardware, it can be very fast.

Choose the appliances because it is nice to have the hardware cut out for it, i.e. the right hardware for the right software. 

I used to be a Cisco network expert. I used to train people and I've done some Cisco projects myself. I know Cisco by heart but I was less excited about Microsoft, so I went researching for open source solutions and I came across pfSense.

I was able to compare pfSense with Cisco. I used it for a client of mine as well, and it was interesting. After that, I started my own company and I came across pfSense again. 

I looked into pfSense. You have OPNsense from the Dutch and then you have pfSense. I've tried both and I like pfSense more.

I definitely plan to increase using pfSense. I am going for a higher capacity. If power fails or one server dies, or one gateway dies, the other servers will take over seamlessly. That's the ultimate for us.

I would definitely rate pfSense an eight and a half out of ten. Definitely eight and a half, not lower, could be a bit higher. Because it's stable, it's good. If the small issues I've mentioned are worked on then I would go to a 10.

We use it for home solutions and 200+ enterprises. We use it to address routing issues (NATing issues through VPNs).

Our environment consists of many enterprises with many subnets.

pfSense makes everything easier compared to Cisco or Fortinet.

Policy-based firewall rules are the most valuable feature because every other brand it is 200% more complicated to accomplish the same operation.

The flexibility is easy. We can implant in small businesses for less than 500 CAD and in 5k users enterprises. The only part that needs to be improved is the hardware, everything else is out of the box.

I would rate the ease of adding features a ten out of ten. With telecom knowledge, the product is crystal clear easy.

Evaluation and contracting could be improved. 

I have been using pfSense since 2016.

The scalability is good, they should offer filtration or a next-gen firewall.

From my experience, their support is very quick. 

Positive

I haven't evaluated any solutions since 2016. With pfSense you get the bang for your buck. pfSense routing, VPN, policy rules, NAT forwarding, everything is better.

The initial setup is straightforward. It was easy. We have 16 years of experience. I did the deployment, it only required one person. 

It is cheaper than other options. 

I would rate it a 9.5 out of 10. My advice would be to take the time to do an online course if you find using the solution a bit hard. It is worth it.

I recently started using pfSense to secure my home network. As an IT consultant working remotely, I needed better security than my router offered. I run servers in a lab environment to demo software for clients, and in my previous consulting role, I managed networks for companies of all sizes, some with hundreds of thousands of devices. Since we can't modify a client's environment directly, having a secure home lab for testing is crucial. pfSense allows me to segment my network and use a VPN for secure remote access, offering more functionality than my previous setup. While a free version exists, I opted for the convenience of a pre-configured appliance.

pfSense surprised me with its ease of use, even though it's powerful enough for corporate environments. Unlike my previous complicated Cisco firewall that now collects dust in the garage, pfSense offers the flexibility and functionality I need.

pfSense offers a default rule that allows all traffic initially. While I prefer to block everything by default and only allow specific traffic, this approach led me to accidentally lock myself out of the firewall during configuration. The device functioned as intended, following my overly restrictive rule. Resetting to factory settings was a learning experience, and now I understand how to avoid self-imposed lockouts. After diagnosing my initial setup issues, I successfully corrected them and implemented filters that boosted our internet speed. This experience made clear the benefit of pfSense for our network.

The firewall acts as my first line of defense against data loss by controlling incoming and outgoing traffic. Additionally, I keep my devices updated with security patches and utilize application whitelisting, which restricts programs to those from approved vendors with verified digital signatures. This helps prevent unknown malware from executing on my system. While demonstrating data loss prevention for a government agency, I encountered a connection hurdle between my devices on different subnets. Realizing a firewall was blocking communication, I opened the necessary ports to allow the connection. This highlights the firewall's role as a first line of defense. Even if one device is compromised, the firewall helps prevent the attack from spreading to other segments of the network. However, it's important to remember that the subnet itself remains at risk, which is why I also use local firewalls on individual devices for additional protection.

When it comes to the firewall functionality of pfSense, it does provide a single-pane-of-glass to manage everything.

The most valuable aspect of pfSense for me is its firewall functionality. It allows me to set up different networks, and VLANs, and control how subnets communicate with each other, all the way down to individual nodes. This granular control is very important for my network security. Additionally, pfSense offers a variety of alternatives like VPN that I haven't explored yet, but my top priorities are the firewall features that protect my network from external threats and allow me to segment internal traffic. I also use the filter feature to filter internet ads and adult content. The filter list depends on someone keeping it updated, but the community has been great for this and it makes my internet browsing much faster because all the junk ads are blocked. 

pfSense would be much more efficient if it allowed exporting the entire configuration of a device after it's been set up. This way, the configuration could be easily imported onto another device, saving time and effort.

I have been using Netgate pfSense for one year.

Netgate pfSense is stable with zero downtime related to the firewall.

Netgate pfSense can scale at an enterprise level.

Cisco's firewall device proved too complex for me, ending up unused in my garage. Thankfully, pfSense offered a much more user-friendly experience.

pfSense deployment was straightforward thanks to the available documentation and video tutorials, although I did lock myself out once due to user error. While IT professionals might not always consult the manual first, pfSense helpfully allows saving configurations without immediate application, a feature that would have prevented my mistake. Learning from this experience, I now know how to leverage the provided resources for a smoother pfSense deployment process.

I did the deployment myself but someone who is not an IT person will require the help of an integrator or consultant.

I deployed pfSense in two and a half days. It included setting up VLANs for different purposes like a DMZ, server LAN, user devices, guest network, and VMware management. I also configured a firewall with rules to isolate these networks and implemented an IPSec VPN to filter out ads and malicious sites.

The implementation was completed in-house.

pfSense offers a surprisingly affordable enterprise-grade solution for small businesses. While my own pfSense 6100 costs $700, the value it provides makes it a very cost-effective purchase.

I would rate Netgate pfSense nine out of ten.

Other than installing updates, pfSense has not required any maintenance.

Before configuring your network devices, plan out your network segmentation. This written plan will guide how you set up VLANs, servers, DHCP scopes, and DNS. Think of it as a blueprint for your network design. While implementing the plan on a Netgate device or pfSense might be straightforward, without a clear strategy, you'll be overwhelmed by the available features. 

We use it for its firewall features and VPN.

I provide it to my customers, and I also use it in my office. It is a very good solution for enterprises that need a VPN for their employees. It is the best way to provide a remote work facility to employees at a very low cost. Other solutions that I have had in the past were very expensive. Enterprises don't always have that kind of money to invest.

Its firewall ability is very good. It is very good and smooth at stopping attacks. It is better than others because we have to perform quite a bit of programming.

It is a very good and affordable solution for enterprises.

Other solutions provide more scope for growth. For instance, we can have only 10 to 20 employees on VPN, but other solutions can support more users. We also have more capabilities to increase the performance of the solution.

I have been using this solution for four years. I am using it now, and I have also used it in the past.

It is very stable. Both pfSense and Netgate appliances are very stable. I have had some of these solutions working non-stop for about a year and a half.

It is very scalable. It is being used in an enterprise with 70 employees and about 30 terabytes of communication per month. I also have other small enterprises with 10 to 20 employees. In my office, I have four users. 

I usually use community forums for any tech support. I get very good information there.

I have also worked with Netgate appliances in the past. Both Netgate and pfSense are very stable.

It is not very easy, but it is straightforward. We have an agreement with the clients to have the equipment and install the appliance in three or four days.

It is very suitable in terms of the price. If a client cannot acquire a Netgate appliance, I provide a custom-made appliance, and I install the Community edition of pfSense. It is a very good and affordable solution for enterprises. Some of the clients pay monthly but usually, it is annually.

The maintenance cost varies depending on the kind of solution we have implemented. It could be €100 per month or around €800 per year.

I would absolutely recommend this solution. I would rate it a nine out of 10.

We have a client who's got a number of VMs on a single piece of hardware. They needed to have access over a VPN to those VMs from inside their network. We use pfSense to provide the VPN link using the IPsec.

In others, let's say smaller organizations, we will put a Mini ITX system that then connects into their broadband - typically sort of fiber or something like that - and just gives protection. 

The solution also allows us then to manage port forwarding and things like that.

The firewall aspect of the solution is very valuable to us. We had so many limitations with the Dre tech, however, it's the firewall and the port forwarding that is the most interesting due to the fact it allows us to restrict IP addresses and move things from different ports and things like that.

I'm the expert when it comes to Linux systems, however, with the pfSense, due to the web interface, the rest of the staff can actually make changes to it as required without me worrying about whether they've opened up ports incorrectly or not. The ease of use for non-expert staff is very good. 

The solution is easy to use in general, for everyone.

The product is very powerful.

It's the type of device that does one thing well. There isn't much I would want to change.

We are at the moment looking to use it as a proxy service so that we can limit what websites people go and view and that sort of thing. That's an area I've struggled with a little bit at the moment and it could be a bit easier to set up.

The only other thing I might look at would be some sort of antivirus type of aspect to check traffic coming in and out of the network. If they offered unified threat management, that would be an ideal outcome for us.

I have been looking at it as a sort of an appliance, rather than installing it on an actual PC. However, that's for future research first.

pfSense is only a small part of what we do. The majority of our systems are full-blown Linux systems and we use that firewall as a system. It's only recently we've started switching some clients to pfSense where we think we need to have slightly different things. Maybe they haven't got a server and this is just replacing their sort of existing TP-link or router, et cetera.

I've had no issues with stability whatsoever. I'm quite happy letting it run for days, months, weeks, et cetera. We have no requirements to actively manage it. In terms of performance, we just need to go in and make changes as required by the customer. Other than that, it's set and forget. There are no bugs and glitches to navigate. It doesn't crash or freeze.

It's not been extensively used at the moment as we've already got a Linux server in place. If we can justify it for the customer, we tend to use that. That said, we are looking to increase usage of that as it would say it takes some of the work away from me and allows me to farm that out to the staff.

We've never had to use technical support. Therefore, I can't speak to their level of knowledge or how helpful they are. We've always just been able to find the answers we need without their help, and therefore have never really had to use them.

We're still using Linux servers that are running IP tables, et cetera. Prior to that, we were using, something called IPCop. Before that, I can't remember what it was. We've always used sort of Linux old BSD-based solutions for our firewalls. That's just what we've always done.

The initial setup is not overly complex or difficult. It is very straightforward. We connect and we just have got a couple of standard procedures to setup once it's complete. We could probably get one up and running between half an hour to an hour. The deployment is fast and the whole process is pretty seamless at this point.

We did not use any integrator or anything like that. We're offering our client's the installation process as part of our services. I find it very, very straightforward, however, that's due to my previous experience with Linux setups. 

We use the open-source version, which is free to use. 

I say we've always used the community edition as I've never felt a need for support or anything like that and our clients have never insisted on it. I know where to go to look for answers if we run into problems, so paying for that extra support isn't something we need to worry about. 

We are just end-users and customers.

I cannot speak to the exact version we are using. Ours may be slightly out of date. We may not be using the absolute latest version. Version 2.51 is available soon and we'll likely upgrade to that.

It's good for where people have outgrown their existing broadband routers, such as the TP-link, the Dre Tech, and that sort of thing. Often, it doesn't justify putting in a full system. We tend to use a Mini ITX PC, multiple LAN network cards, and then install the opensource version and configure it appropriately.

You need to be slightly more tactical than just plugging in a Dre tech or similar Nokia device. I don't think you need to be incredibly technical to set this up. 

I like it, I'd recommend it to most people to at least give it a try, and to spend a few hours initially to work their way around it.

I'll definitely give it at least a nine out of ten for its general ease of use for me and my staff. It does pretty much everything that we ask of it and the required resources for the hardware are minimal as well.

After successfully using pfSense at home to manage IoT devices and separate their traffic from my computers and gaming consoles, I'm now evaluating its suitability for our hospital system. As the IT manager, I'm impressed and considering replacing our current firewalls with Netgate pfSense appliances.

I implemented pfSense at home to proactively prevent security issues on my home devices.

Netgate pfSense is flexible allowing us to add plugins.

It has improved my home network's security, making it significantly harder for attackers to access my data.

Netgate pfSense works well to prevent data loss and helps optimize performance.

As a first-time NetGate pfSense user, I've been impressed by several features: easy integration for blocking traffic by country, straightforward creation and management of firewall rules, and the ability to extend functionality through plugins.

I'd love a centralized management system for multiple pfSense appliances. This is where Netgate could improve. Redesigning my network for seven pfSense units sounds like a daunting task, especially with the need for individual configuration. A single pane of glass for managing everything at once would be a game-changer, streamlining the process significantly.

I have been using Netgate pfSense for five years.

I would rate the stability of Netgate pfSense ten out of ten.

Based on what I have heard from other users and what I have read, Netgate pfSense can scale.

The deployment was easy, but I took a cautious, phased approach to avoid disrupting household internet access. Once complete, the upgrade from my previous Netgate appliance allowed me to take advantage of SFP+ ports, so I put ten gigabytes into it and continued fine-tuning the system.

The initial deployment for basic functionality was completed within a few hours, but achieving full functionality took approximately two weeks. 

Netgate pfSense stands out as a cost-effective option that delivers excellent value. While I haven't personally used their support at home, a vendor I spoke with praises it highly. Their reputation suggests phenomenal hospital-grade support might be worthwhile for a critical environment like ours.

Netgate's maintenance contracts are significantly more affordable compared to other vendors, demonstrating their competitive pricing and commitment to customer value.

I would rate Netgate pfSense ten out of ten.

Netgate pfSense is low maintenance.

Before committing to any network or security hardware, including Netgate pfSense, I recommend a Proof of Concept to ensure it meets your specific needs. Don't rely solely on others' suggestions. Thankfully, pfSense offers downloadable virtual images, allowing you to experiment with its features before purchasing physical equipment.