We use pfSense as our main router.
We implemented pfSense to address the instability and limited customization options we experienced with our previous router.
We use pfSense as our main router.
We implemented pfSense to address the instability and limited customization options we experienced with our previous router.
pfSense is highly flexible, allowing for creating IPsec tunnels and various other configurations.
Adding features to pfSense is easy.
Since implementing pfSense, our overall stability has improved significantly over the last ten years as we transitioned from Prosumer equipment to a more robust tool. This success has allowed me to implement more pfSense routers in other locations. We saw the benefits of pfSense in less than a couple of weeks. Having that added stability is great.
pfSense Plus provides us with the visibility to make data-driven decisions. We can see historical data and bandwidth utilization, allowing us to make informed decisions about our internet connection based on that information.
The most valuable aspects of pfSense are the stability, hardware compatibility, and low cost.
I want pfSense to add some next-generation firewall features.
The scalability has room for improvement.
I have been using Netgate pfSense for ten years.
I rate the stability of pfSense ten out of ten.
Due to the absence of a single pane of glass management feature, scaling out pfSense becomes quite challenging. I'd rate its scalability a three out of ten, as the process is far from straightforward at present.
The few times we've had to engage support, they have been professional and incredibly knowledgeable. If we encounter someone who doesn't have the answer immediately, they can find it very quickly. In the past, they have even joined meetings with us and a client to work on a problem, providing a lot of insight and assistance throughout the process.
Positive
We previously used Prosumer routers, but their capabilities were insufficient for our needs.
Initially, it was a bit complex when I started using the system over ten years ago. pfSense required a deeper understanding than the Prosumer devices I had used before. I had to grasp the ramifications of every action. However, once I overcame that learning curve, it became knowledge I possessed.
It took us about two weeks to implement and learn how to use pfSense. I've noticed that with pfSense, I'm always learning something new. Just because we've used something for a long time doesn't mean we know all of its functionality. For example, I needed to establish an IPsec tunnel for the first time last year. I called in support, and we successfully established the tunnel to another location. There's always something new to learn, whether pfSense adds new features or we encounter a need for functionality we haven't used before.
pfSense Plus is cost-effective for what we're getting. I've been using Netgate hardware for a long time, and including the pfSense Plus license with the hardware offers significant value. Additionally, using pfSense software for free is of great value.
The total cost of ownership is very low. We've used pfSense historically in a simple configuration, and I've been able to train peers on how to use the Netgate hardware and pfSense Plus effectively.
I rate Netgate pfSense seven out of ten only because of the lack of ability to manage all our switching and WAP from one location.
We have three locations, and two to 25 users use a combination of wired and wireless devices and a typical broadband connection.
pfSense requires maintenance when new versions or patches are released. This does not happen often, but it does happen.
I recommend pfSense to others. Once you overcome the learning curve, it becomes almost second nature to use. The cost is also a major factor. Every year or so, I explore alternatives to Netgate hardware, but almost everything I find is subscription-based, like Cisco Meraki or other brands. I'd struggle to justify renewing a router license every 18 months or risk it stopping working. So, using a platform like pfSense without an annual fee is a huge benefit for our budget.
I use it as a firewall and also as a router because you can address what you want to do with it. It can do network advanced translation (NAT).
It is sitting on my own server. It is on a remote server on a private network.
It is very simple to use. I'm working faster now. I don't have to configure a switch and sync some VLANs on the switch. I can concentrate more on my work because I know that pfSense is guarding my network. It improves my workflow a lot.
The plugins or add-ons are most valuable. Sometimes, they are free of charge, and sometimes, you have to pay for them, but you can purchase or download very valuable plugins or add-ons to perform internal testing of your network and simulate a denial-of-service attack or whichever attack you want to simulate. You can also remote and monitor your network and see where the gap is. Did you forget a printer port? Most attacks at the moment are happening through printers, and they can tell you immediately that you forgot to close the port of the printer. There are more than one million printers that are in danger, and everybody knows that hackers are using them to enter the network. So, you can download plugins to protect your network.
It is not only a firewall; it can also do some routing or network advanced translation (NAT), which makes it very powerful.
It is very simple to use. As long as you understand the basics or fundamentals of networking, you can manage everything very quickly with it.
The web is evolving every day. So, the product should be constantly improved with more regular updates. Things are constantly changing. There are obsolete protocols, and then there are new protocols. For my own use, it is not an issue, but for somebody who is more at the forefront of internet browsing, it could be a problem.
There could be a way to remote to it through a mobile app. You can always browse through your browser on your mobile phone or tablet, but it would be good to have a dedicated app. I understand that iOS and Android developers are expensive, but there should be a mobile app.
I have been using this solution since May.
It is very stable as long as you don't change the winning theme. When it is working, leave it working. My rule number one is one computer, one function. So, pfSense does that one function, and I don't try to use it for anything else. I could do some File Transfer Protocol or things like that, but it is not made for them. I don't restart it and move it. I only do the security updates and change the username and password very often.
I don't require much scalability. It is fine for a small-scale company with about 30 devices, such as printers, computers, etc. I'm only working with a few people, and I don't have any traffic problems, but a company with 50 or 60 users could have problems with it. Currently, there are four to five users, and I'm providing multimedia services to four to five people.
It is being used extensively. Sometimes, its usage is 50 times a day, and sometimes, there is no usage. I don't work on it on a daily basis. It also depends on the project I'm working on. We have plans to increase its usage.
Their support is good.
I didn't use any other solution previously. I didn't have a need for it. Only in May, I had the need to deploy my own service.
It is easy to set up if you understand the protocols. If you understand the theory of what is a firewall and what is a router, its initial setup is straightforward.
Its deployment took one week. The strategy was simple. It involved blocking certain traffic, allowing certain traffic, and making ACL or a list of undesired operations such as cookies so that if it is impossible to sniff, and there is complete security. If someone is trying to enter, I immediately get a message on my phone, whether I am in the county or abroad. I immediately get a message saying that somebody is trying to enter, and I am able to counterattack immediately. That's a big advantage of it.
I did it on my own with the advice of some of my friends who have much deeper knowledge than me. It is also very well-documented on the web, and there is a big community.
I am also taking care of its maintenance. I don't have any maintenance except that sometimes, the server on which this solution is implemented has issues. Its maintenance mainly involves regularly checking the systems.
There is a big return on investment because FortiGate is 60 to 70 times more expensive, which could be a big problem for me. It is more expensive than my car. I have a small budget and a small car.
It is about €1,000. It is a one-time payment. I do not have a monthly or yearly subscription. I don't subscribe to any subscription because I hate cloud services.
There are no additional costs.
I would advise others to try it and see if it is good for them. It is a very good product for me, but that might not be the case for other users. There are so many solutions, but I'm really happy with it. For my scale, it is good. If you are Amazon or a company with one million connections every minute, don't ever use this. It is not made for that. It is perfect for small-scale networks.
I would rate it a nine out of 10. It needs more regular updates, so I can't rate it a 10, but it is very easy to use, stable, and solid.
I have used Netgate pfSense for a range of purposes. Initially, I employed it for VPN connections, mainly for personal and professional use. I also relied on it to maintain network equipment in a professional context. In the professional sphere, I have experience with both pfSense and Juniper, but eventually, I decided to phase out Juniper due to its high costs, especially for updates and the addition of new functionalities. pfSense's cost-effectiveness and the flexibility to transition to new hardware while retaining configurations made it a preferred choice. pfSense also stands out in terms of its rapid algorithm evolution compared to competitors like Juniper. Its scalability is another advantage, where adding a new box or reconfiguring can boost the firewall's capacity.
On a personal note, I use Netgate pfSense to connect to my equipment at the data center. Currently, I have a highly available installation that requires two instances of pfSense. While I considered pfSense for this setup, I had to assess whether OpenSense might offer better features for future requirements before delving deeper into pfSense.
It's worth noting that Netgate pfSense's performance is independent of the hardware it runs on. As I mentioned earlier, its scalability is a strong point. Most functions are readily available, and additional features can be obtained by downloading and installing plugins, which are generally free. When you compare this to the alternative of purchasing a firewall from a different supplier, you'll find that the latter option typically doubles the cost of the firewall itself. This cost increase is often attributed to additional licenses for deep inspection and similar functionalities. While configuring pfSense may require more time and effort upfront, the long-term cost savings make it a more cost-effective choice.
One concern I have with Netgate pfSense is related to packet filtering. Specifically, issues can arise with certain functionalities like GP, and, at times, there may be bugs. When creating IP lists, I've noticed that synchronization doesn't always function correctly. While it's not entirely dysfunctional, troubleshooting these synchronization problems can be quite challenging.
I have been using Netgate pfSense since 2015-16.
I've experienced certain issues with Netgate pfSense in the past, particularly with the previous version, which was 2.5. It posed several problems. However, the current version appears to be more stable. Nonetheless, I still encounter troubleshooting challenges. For instance, there is an issue where it initially blocks an IP range but releases it after ten minutes. This behavior is somewhat peculiar, and it pertains to IP filtering.
The support for Netgate pfSense mainly comes from online forums. These forums are populated by a significant number of individuals who are knowledgeable in pfSense and its related areas, making it a valuable resource.
The choice of whether to use Netgate pfSense often depends on the company's preferences. In some cases, particularly in Switzerland, there is a strong preference for open source solutions. This choice is sometimes motivated by the desire for open source alternatives and can also be related to cost considerations.
The Initial setup is very easy.
Netgate pfSense is a cost-effective option. If you're not using a VPN, you can acquire a decent embedded PC for around a hundred dollars and install pfSense on it, effectively creating a robust firewall solution. With this setup, you can achieve a throughput of two hundred to three hundred megabits per second without any issues, provided you're handling relatively simple rules. The level of performance depends on the specific requirements and tasks.
If you're considering using Netgate pfSense for the first time, I would recommend giving it a try. It's relatively easy to set up and use, especially if you have some prior knowledge of network and IT work. The user manual provides helpful guidance, and the basic configuration is straightforward. Just ensure you pay attention to the hardware requirements to make the most of it.
It can be rated as an eight for simplicity. However, as you progress and introduce complexities, such as enabling deep packet inspection, adding extra features, or installing multiple plugins, the configuration can become more intricate. I encountered some issues with iOS in version 2.5, but they are expected to be resolved or have been resolved.
We use pfSense as a firewall to improve our security.
pfSense is viable and works as it's supposed to. It prevents data loss. I've used it on several networks. It's there in the background and just works. It minimizes downtime by running dual WANs and automatically switching between two connections.
pfSense is relatively easy to set up and just runs. It's easy to use. The platform is flexible. We've been able to do everything we've tried. It seems very complete. I'm not using all of the capabilities, but it does what we want to do.
Once you find what you're looking for, it's relatively easy to add features and configure them. Google helps out. I've been able to do anything I wanted.
The learning curve is a little long.
We deployed pfSense in the last five years.
I rate pfSense 10 out of 10 for stability.
It's a small firewall and we have a small network.
I rate Netgate support 10 out of 10. I've only contacted them a couple of times, and it's been fine. They've responded quickly and done the job.
Positive
I've only used off-the-shelf routers without a truly community-built firewall product.
My background is in IT, so the installation is relatively straightforward once you understand a few concepts, but that's normal. I got pfSense running in a day. d
The price of pfSense is fair. We have a relatively small network, and most of the competitors are pretty expensive.
I rate pfSense 10 out of 10. It does everything it should do.
I had an appliance that died six months ago. Then I didn't want that hardware anymore, so I bought two new servers. A single power supply but dual on a network with three times four network cards. On that, I installed the pfSense (Community Edition).
From inside to outside, I have about 15 to 20 node servers and users going outside. From outside to inside, I have only three tech support people, myself and two other ones. With regard to clients using the platform from outside to inside, on the servers inside, I have about 1000.
I had some outages in the network and we provide services for our company. We sell mobile credits. The terminal gets access to our own server inside the network and if one internet fails, then the other one is still up and we have a back-up link on the devices.
If the devices cannot send the first IP address, they make use of the second IP address, which is the back-up link to access the servers. In terms of outages, ever since I used pfSense, I have that feature.
In terms of experiencing delays, the server has the primary IP and the secondary IP configured on the client terminals. The total solution works.
I'm still experimenting with some new features. I want to do a high availability configuration. I haven't done that yet, but I'm using OpenVPN, it's very handy.
Some suggestions for improvement of pfSense are:
pfSense is very stable. My own disappointment is the appliance only worked for a year and two months. It might be just bad luck, but that was very disappointing.
I had to use pfSense Community Edition on a general desktop. That was done within three hours. It took me three hours just to get the hardware, download the software, and then set it up to get everything working again.
After that, I ordered the new server with two servers: one has to be active and the other standby. I am going to try higher scalability on it using pfSense.
The configuration is already on the servers. I did all this myself because of my experience. The utilization of the CPU, etc., it's very low.
I like pfSense. It doesn't take too many resources and it's very stable.
I did not utilize pfSense customer support. You have documentation, there is enough documentation online to get you through. I haven't actually used tech support. When I bought the appliance, I was entitled to one year of tech support. I never used it, it wasn't needed.
I previously evaluated eSoft by Untangle. Untangle is an open source company but you have to buy custom add-on's to get it to work. I bought eSoft and it's very good.
I am also the CEO of my company. This technical part, it's not my profession, but I get less and less time to invest, and more time playing around with this stuff.
When we were growing, a small company, eSoft was small, so I needed a bigger one. I had to reset eSoft every week because of the growing traffic over it. I wanted a bigger one and it was not available.
What I wanted to do was not possible with Untangle. Untangle was basic stuff. I bought the pfSense appliance and it's open source, but I support the project.
I bought it and I got disappointed because I again wanted a bigger one. My first choice would be Cisco because of my background but Cisco is expensive.
eSoft was good. Before switching from eSoft to pfSense, Cisco at that time was not an option.
Every software in our company, every desktop, every server, is open source. If it isn't CentOS then it's Red Hat or Ubuntu.
Open source was preferred and pfSense was number one on the list.
Ever since the first time I used it, it's very straightforward, it's very easy.
My strategy was to get it connected to the internet first, then apply some rules for forwarding and VPN.
The first one was very easy to set setup. VPN was not that straightforward but there is enough documentation to get you through it and that helped.
In terms of time, the Community Edition took very long to install but once installed, to configure, it took around 15 to 20 minutes.
I did the setup all by myself. There is documentation online and that is sufficient. It's good enough, very good support in the documents.
If you haven't invested a lot of money, you will definitely see the return on investment with pfSense because you hardly spend anything, except for the hardware.
With the appliances, pfSense should look into longevity issues. Your hardware should take, like Cisco's and others, years before they break. In terms of other retailer equipment, it's a safe bet towards pfSense.
That's why I purchased it but I have to look into the high availability. There is documentation of people that I know that are going to get it to work. I'm going to test it because that is our business that we are talking about also.
It should work because of the resale mobile credit for our customers. Another thing I will definitely try is the virtual IP because the virtual IP feature can bridge the two interfaces. The SSL certification is from Google.
That was it for me, I'm 100% happy.
I prefer appliance licensing with pfSense (Community Edition).
Choose the appliances because it is nice to have the hardware cut out for it, i.e. the right hardware for the right software.
I used to be a Cisco network expert. I used to train people and I've done some Cisco projects myself. I know Cisco by heart but I was less excited about Microsoft, so I went researching for open source solutions and I came across pfSense.
I was able to compare pfSense with Cisco. I used it for a client of mine as well, and it was interesting. After that, I started my own company and I came across pfSense again.
I looked into pfSense. You have OPNsense from the Dutch and then you have pfSense. I've tried both and I like pfSense more.
I definitely plan to increase using pfSense. I am going for a higher capacity. If power fails or one server dies, or one gateway dies, the other servers will take over seamlessly. That's the ultimate for us.
I would definitely rate pfSense an eight and a half out of ten. Definitely eight and a half, not lower, could be a bit higher. Because it's stable, it's good. If the small issues I've mentioned are worked on then I would go to a 10.
We use it for home solutions and 200+ enterprises. We use it to address routing issues (NATing issues through VPNs).
Our environment consists of many enterprises with many subnets.
pfSense makes everything easier compared to Cisco or Fortinet.
Policy-based firewall rules are the most valuable feature because every other brand it is 200% more complicated to accomplish the same operation.
The flexibility is easy. We can implant in small businesses for less than 500 CAD and in 5k users enterprises. The only part that needs to be improved is the hardware, everything else is out of the box.
I would rate the ease of adding features a ten out of ten. With telecom knowledge, the product is crystal clear easy.
Evaluation and contracting could be improved.
I have been using pfSense since 2016.
The scalability is good, they should offer filtration or a next-gen firewall.
From my experience, their support is very quick.
Positive
I haven't evaluated any solutions since 2016. With pfSense you get the bang for your buck. pfSense routing, VPN, policy rules, NAT forwarding, everything is better.
The initial setup is straightforward. It was easy. We have 16 years of experience. I did the deployment, it only required one person.
It is cheaper than other options.
I would rate it a 9.5 out of 10. My advice would be to take the time to do an online course if you find using the solution a bit hard. It is worth it.
I recently started using pfSense to secure my home network. As an IT consultant working remotely, I needed better security than my router offered. I run servers in a lab environment to demo software for clients, and in my previous consulting role, I managed networks for companies of all sizes, some with hundreds of thousands of devices. Since we can't modify a client's environment directly, having a secure home lab for testing is crucial. pfSense allows me to segment my network and use a VPN for secure remote access, offering more functionality than my previous setup. While a free version exists, I opted for the convenience of a pre-configured appliance.
pfSense surprised me with its ease of use, even though it's powerful enough for corporate environments. Unlike my previous complicated Cisco firewall that now collects dust in the garage, pfSense offers the flexibility and functionality I need.
pfSense offers a default rule that allows all traffic initially. While I prefer to block everything by default and only allow specific traffic, this approach led me to accidentally lock myself out of the firewall during configuration. The device functioned as intended, following my overly restrictive rule. Resetting to factory settings was a learning experience, and now I understand how to avoid self-imposed lockouts. After diagnosing my initial setup issues, I successfully corrected them and implemented filters that boosted our internet speed. This experience made clear the benefit of pfSense for our network.
The firewall acts as my first line of defense against data loss by controlling incoming and outgoing traffic. Additionally, I keep my devices updated with security patches and utilize application whitelisting, which restricts programs to those from approved vendors with verified digital signatures. This helps prevent unknown malware from executing on my system. While demonstrating data loss prevention for a government agency, I encountered a connection hurdle between my devices on different subnets. Realizing a firewall was blocking communication, I opened the necessary ports to allow the connection. This highlights the firewall's role as a first line of defense. Even if one device is compromised, the firewall helps prevent the attack from spreading to other segments of the network. However, it's important to remember that the subnet itself remains at risk, which is why I also use local firewalls on individual devices for additional protection.
When it comes to the firewall functionality of pfSense, it does provide a single-pane-of-glass to manage everything.
The most valuable aspect of pfSense for me is its firewall functionality. It allows me to set up different networks, and VLANs, and control how subnets communicate with each other, all the way down to individual nodes. This granular control is very important for my network security. Additionally, pfSense offers a variety of alternatives like VPN that I haven't explored yet, but my top priorities are the firewall features that protect my network from external threats and allow me to segment internal traffic. I also use the filter feature to filter internet ads and adult content. The filter list depends on someone keeping it updated, but the community has been great for this and it makes my internet browsing much faster because all the junk ads are blocked.
pfSense would be much more efficient if it allowed exporting the entire configuration of a device after it's been set up. This way, the configuration could be easily imported onto another device, saving time and effort.
I have been using Netgate pfSense for one year.
Netgate pfSense is stable with zero downtime related to the firewall.
Netgate pfSense can scale at an enterprise level.
Cisco's firewall device proved too complex for me, ending up unused in my garage. Thankfully, pfSense offered a much more user-friendly experience.
pfSense deployment was straightforward thanks to the available documentation and video tutorials, although I did lock myself out once due to user error. While IT professionals might not always consult the manual first, pfSense helpfully allows saving configurations without immediate application, a feature that would have prevented my mistake. Learning from this experience, I now know how to leverage the provided resources for a smoother pfSense deployment process.
I did the deployment myself but someone who is not an IT person will require the help of an integrator or consultant.
I deployed pfSense in two and a half days. It included setting up VLANs for different purposes like a DMZ, server LAN, user devices, guest network, and VMware management. I also configured a firewall with rules to isolate these networks and implemented an IPSec VPN to filter out ads and malicious sites.
The implementation was completed in-house.
pfSense offers a surprisingly affordable enterprise-grade solution for small businesses. While my own pfSense 6100 costs $700, the value it provides makes it a very cost-effective purchase.
I would rate Netgate pfSense nine out of ten.
Other than installing updates, pfSense has not required any maintenance.
Before configuring your network devices, plan out your network segmentation. This written plan will guide how you set up VLANs, servers, DHCP scopes, and DNS. Think of it as a blueprint for your network design. While implementing the plan on a Netgate device or pfSense might be straightforward, without a clear strategy, you'll be overwhelmed by the available features.
We have a client who's got a number of VMs on a single piece of hardware. They needed to have access over a VPN to those VMs from inside their network. We use pfSense to provide the VPN link using the IPsec.
In others, let's say smaller organizations, we will put a Mini ITX system that then connects into their broadband - typically sort of fiber or something like that - and just gives protection.
The solution also allows us then to manage port forwarding and things like that.
The firewall aspect of the solution is very valuable to us. We had so many limitations with the Dre tech, however, it's the firewall and the port forwarding that is the most interesting due to the fact it allows us to restrict IP addresses and move things from different ports and things like that.
I'm the expert when it comes to Linux systems, however, with the pfSense, due to the web interface, the rest of the staff can actually make changes to it as required without me worrying about whether they've opened up ports incorrectly or not. The ease of use for non-expert staff is very good.
The solution is easy to use in general, for everyone.
The product is very powerful.
It's the type of device that does one thing well. There isn't much I would want to change.
We are at the moment looking to use it as a proxy service so that we can limit what websites people go and view and that sort of thing. That's an area I've struggled with a little bit at the moment and it could be a bit easier to set up.
The only other thing I might look at would be some sort of antivirus type of aspect to check traffic coming in and out of the network. If they offered unified threat management, that would be an ideal outcome for us.
I have been looking at it as a sort of an appliance, rather than installing it on an actual PC. However, that's for future research first.
pfSense is only a small part of what we do. The majority of our systems are full-blown Linux systems and we use that firewall as a system. It's only recently we've started switching some clients to pfSense where we think we need to have slightly different things. Maybe they haven't got a server and this is just replacing their sort of existing TP-link or router, et cetera.
I've had no issues with stability whatsoever. I'm quite happy letting it run for days, months, weeks, et cetera. We have no requirements to actively manage it. In terms of performance, we just need to go in and make changes as required by the customer. Other than that, it's set and forget. There are no bugs and glitches to navigate. It doesn't crash or freeze.
It's not been extensively used at the moment as we've already got a Linux server in place. If we can justify it for the customer, we tend to use that. That said, we are looking to increase usage of that as it would say it takes some of the work away from me and allows me to farm that out to the staff.
We've never had to use technical support. Therefore, I can't speak to their level of knowledge or how helpful they are. We've always just been able to find the answers we need without their help, and therefore have never really had to use them.
We're still using Linux servers that are running IP tables, et cetera. Prior to that, we were using, something called IPCop. Before that, I can't remember what it was. We've always used sort of Linux old BSD-based solutions for our firewalls. That's just what we've always done.
The initial setup is not overly complex or difficult. It is very straightforward. We connect and we just have got a couple of standard procedures to setup once it's complete. We could probably get one up and running between half an hour to an hour. The deployment is fast and the whole process is pretty seamless at this point.
We did not use any integrator or anything like that. We're offering our client's the installation process as part of our services. I find it very, very straightforward, however, that's due to my previous experience with Linux setups.
We use the open-source version, which is free to use.
I say we've always used the community edition as I've never felt a need for support or anything like that and our clients have never insisted on it. I know where to go to look for answers if we run into problems, so paying for that extra support isn't something we need to worry about.
We are just end-users and customers.
I cannot speak to the exact version we are using. Ours may be slightly out of date. We may not be using the absolute latest version. Version 2.51 is available soon and we'll likely upgrade to that.
It's good for where people have outgrown their existing broadband routers, such as the TP-link, the Dre Tech, and that sort of thing. Often, it doesn't justify putting in a full system. We tend to use a Mini ITX PC, multiple LAN network cards, and then install the opensource version and configure it appropriately.
You need to be slightly more tactical than just plugging in a Dre tech or similar Nokia device. I don't think you need to be incredibly technical to set this up.
I like it, I'd recommend it to most people to at least give it a try, and to spend a few hours initially to work their way around it.
I'll definitely give it at least a nine out of ten for its general ease of use for me and my staff. It does pretty much everything that we ask of it and the required resources for the hardware are minimal as well.