Netgate pfSense Reviews

I use the solution in my home network as the main firewall before all data heads out to the internet. I use it for DNS resolution as well.

I noticed the benefits of pfSense immediately after deployment. I was able to take complete control of my security to my house, and it gave me all the things that I needed in order to secure my home network.

The GUI and the user interface have been very clean, understandable, and feature-rich across the board.

The flexibility of pfSense is great. 

It is very easy to add features. 

There are features that help to prevent data loss. The rules engine of pfSense, a traditional firewall rule structure, has always been the same.

There's definitely a single pane of glass. There's definitely a lot there in front of you. 

pfSense provides visibility that enables users to make data-driven decisions. I'd rate the capabilities seven out of ten. 

Sometimes it's a bit of a challenge to know how to do something when you want to do something, for instance, setting up a point to point VPN.

Configuration is sometimes a challenge just due to a lack of knowledge on my side. I find that if I don't set up the rules correctly, and this goes to lack of knowledge of being an expert in the firewall space, it's a bit of a challenge sometimes in setting that up.

I would ask them to update it to a more modern interface, as it does look a little tired compared to GUIs today. However, the features are there. A redesign would be greatly appreciated, just from a human engineering aspect.

It might be easier if they separated things out a little bit more instead of putting all the aspects of what pfSense can do for you in a single menu. For instance, they have services, and they have all the services that you could have on your system. It's a lot.

Sometimes I find it difficult to find the data visibility that I would need in the interface to then go make a data-driven decision.

pfSense helps optimize performance. From a performance standpoint, setting up firewall rules does a great job of laying out exactly what those rules are. The layout of the firewall rules makes it easy to create a secure environment on my home network, albeit not very big. However, all the features are within the firewall, and I can create individual rules and organize the rules.

I've used the solution for six years. 

I have never experienced downtime from my pfSense device. I'd rate stability ten out of ten.

The scalability is very good. I'd rate it a ten out of ten.

I contacted technical support when there was a major upgrade a few years back, and I needed some assistance.

The quality was perfect. They were fast and very helpful. Even though I wasn't a paying customer for support, they still gave me great guidance and helped me focus on the issues at hand.

Positive

I've always had my service provider, Verizon, with their main router, and that router usually has a firewall built into it. I've never used anybody else besides pfSense outside of that.

The initial setup is straightforward. I've done it for my son at college in a matter of two hours, from unboxing to operation. It's easy to deploy a box. I can deploy it by myself.

It does not require any maintenance.

The ROI and the TCO are significant. You get a lot of features under one product. However, I don't use it as a router. I only use it for firewall and VPN capabilities and DNS.

The pricing and licensing are spot on. It's well below the industry average.

I did not look into other options. I knew of pfSense as being a leader in the industry, and that it is utilized by major corporations in large environments. To that end, I assumed it wouldn't hurt for me to have familiarity with the product and use it at home.

I'm an end-user.

I use the Plus version of pfSense. However, I do not pay for support.

I would rate the solution eight out of ten.

The solution is primarily used for anything to do with security. SMEs are using it to protect their businesses.

The companies we work with are fairly generic. What we see most is companies using the solution since it's affordable.

The price point is the most valuable aspect of the solution. Customers really value that.

Customers value the following features:  

• It's highly configurable
• It's flexible. 
• The features are easy to use.

The interface is somewhat challenging if you compare it to other commercial products. If you compare it to something like Sophos, where someone with decent firewall knowledge can get it up and running in a very short time, you need to be a fairly skilled security worker for this product.

Configuring the interface can be a bit hard.

We've found working with SAP networks challenging. The model that they have in terms of partner networks works very well in the US. However, it's very challenging in our part of the world. What works very well here (Kenya) is a distributor-reseller model, where you have the vendor appoint a distributor. Then the reseller can quickly serve the client. The partner support could be better here.

We've been selling the product for two or three years. 

The solution is quite stable. I'd rate stability nine out of ten. I rarely have a failure.

We largely work with SMBs. 

Support is excellent. 

Positive

We have used other products as well in the past. For example, I do have knowledge of Sophos. We are a reseller.  We've had it longer than pfSense. Sophos is a bit easier to set up. pfSense pricing is very good, however. It does need a more friendly UI.

The initial setup is a bit complex. There are other products that are easier to set up. The installation is not a problem, however, the complexity comes in with the configuration. The installation itself, which is basic, won't take long. The configuration process is longer since it can be from challenging to quite complex. 

There is some maintenance required. There are updates every quarter. Previous to the last update, you couldn't do an update without breaking. It's easier now, however, there is still maintenance. 

The solution is cost-effective, however, that does come at a cost to the client. They do have to buy the product in the US and ship it to Kenya. The total cost of ownership, including acquisition and support, can be quite competitive. 

We are resellers. 

I'd recommend the solution to other users.

I'd rate the product seven out of ten. There are a few challenges. However, it is stable and offers good support. 

After successfully using pfSense at home to manage IoT devices and separate their traffic from my computers and gaming consoles, I'm now evaluating its suitability for our hospital system. As the IT manager, I'm impressed and considering replacing our current firewalls with Netgate pfSense appliances.

I implemented pfSense at home to proactively prevent security issues on my home devices.

Netgate pfSense is flexible allowing us to add plugins.

It has improved my home network's security, making it significantly harder for attackers to access my data.

Netgate pfSense works well to prevent data loss and helps optimize performance.

As a first-time NetGate pfSense user, I've been impressed by several features: easy integration for blocking traffic by country, straightforward creation and management of firewall rules, and the ability to extend functionality through plugins.

I'd love a centralized management system for multiple pfSense appliances. This is where Netgate could improve. Redesigning my network for seven pfSense units sounds like a daunting task, especially with the need for individual configuration. A single pane of glass for managing everything at once would be a game-changer, streamlining the process significantly.

I have been using Netgate pfSense for five years.

I would rate the stability of Netgate pfSense ten out of ten.

Based on what I have heard from other users and what I have read, Netgate pfSense can scale.

The deployment was easy, but I took a cautious, phased approach to avoid disrupting household internet access. Once complete, the upgrade from my previous Netgate appliance allowed me to take advantage of SFP+ ports, so I put ten gigabytes into it and continued fine-tuning the system.

The initial deployment for basic functionality was completed within a few hours, but achieving full functionality took approximately two weeks. 

Netgate pfSense stands out as a cost-effective option that delivers excellent value. While I haven't personally used their support at home, a vendor I spoke with praises it highly. Their reputation suggests phenomenal hospital-grade support might be worthwhile for a critical environment like ours.

Netgate's maintenance contracts are significantly more affordable compared to other vendors, demonstrating their competitive pricing and commitment to customer value.

I would rate Netgate pfSense ten out of ten.

Netgate pfSense is low maintenance.

Before committing to any network or security hardware, including Netgate pfSense, I recommend a Proof of Concept to ensure it meets your specific needs. Don't rely solely on others' suggestions. Thankfully, pfSense offers downloadable virtual images, allowing you to experiment with its features before purchasing physical equipment.

I am using it for personal use.

It is quite easy to manage firewall rules and policies in pfSense. It is not the most user-friendly, but it gets us there. We have to be sure of all the things that we are activating, but it is easy. It is alright.

Open source and support are valuable. I have community support.

Its performance is good. It is reliable. I would rate it a solid nine out of ten for performance.

There are several levels of firewall configuration such as beginner, advanced, and expert configurations. At each level, it becomes more complex and more tricky to set up the firewall. For example, if you want to install the firewall on your computer system, it would be a lot easier if it just tells you that this is the internet NIC and this is the Wi-Fi NIC. 

It would also be interesting if we could add an interface for DNS versions. It will be a multisystem to make all the blocks of the DNS. I know that firewalls are different from DNS, but if we could take advantage of everything in a single system, that would be lovely.

I have been using pfSense for half a year.

It is stable. I would rate it a nine out of ten in terms of stability.

I believe it is scalable. If I need more computers with more NICs, it is scalable, but it is not something related to pfSense. 

The support that I have is community support. 

Neutral

I also use WatchGuard Firebox. It is different from pfSense. I have Firebox on a rack mount server on a cabinet, whereas pfSense is on my computer, so it is quite different because I can use any kind of hardware to implement the firewall.

Firebox can make an open-source version, but that is not the target of the company. pfSense is doing a great job because they have covered both situations. They have an open-source version with community support, and if we purchase the license for hardware, we can also get support from their side. In the long run, pfSense has more advantages.

If I go to a company and they ask me to implement something, I would most definitely go with pfSense. Its price is lower. I have a great knowledge of pfSense. I can very easily find support in the community, and if the company buys a license, I can get support directly from pfSense. I believe it is a win-win for pfSense and for the customers.

I am implementing it in two phases. In the first phase, it was implemented directly on hardware on an old computer with five NICs, and everything went smoothly. The second stage is virtualizing this machine into a Proxmox server, which is a bit more tricky. It is quite difficult to make it work on the NIC hardware system.

The first phase is very easy. It is almost plug-and-play. We just have to install it and activate the NICs. Everything will go smoothly. The second phase is not easy because I have to make double configurations on Proxmox and on pfSense. I would rate it an eight out of ten in terms of the ease of setup.

In terms of our environment, I have one computer connected directly to the Internet's router, and then all the information is passed through and managed, so I can filter everything by MAC address in my network. I have it on one computer, but my whole network is using it.

I use the free version.

I would recommend it. For personal use, it is a great way to start. For companies, it is a great add-on. Companies can get support by buying the license.

I would rate pfSense a ten out of ten.

I use pfSense for various reasons, including implementing IPsec technology due to having limited branches. I use a VPN for secure connections, control the Internet or network flow, employ it as an NTP server, facilitate conference calls, and set up VLANs. I use it to run a proxy server.

I use the free version of Netgate pfSense software. I installed it on my servers with mini network cards, allowing me to create mini gateways and implement different plans.

The Netgate forums and community don’t provide extensive discussions and topics related to every pfSense service.

I have been using Netgate pfSense for five years. We are using the V23.09 of the solution.

Everything is very smooth, with a user-friendly interface. You can use the user interface or CLI as a command.

We have 250 employees using this solution.

We have Git Community forums with a million topics about all issues regarding Netgate pfSense. We can save this information to address various concerns.

I have several reasons for choosing Netgate pfSense. Firstly, it serves my purposes effectively and is entirely free. Secondly, when I search on Google or inquire about past experiences with firewall workloads, its reliability and cost-effectiveness stand out.

The initial setup is too easy.

The product is free of cost.

I recommend using Postgres. However, if you need a firewall without additional tools and prefer a pool of well-established services, pfSense offers suitable features."

Other solutions like Postgres, Sophos, and Palo Alto are in the market. We've used firewalls for a long time, but in the last three years, I worked with pfSense, and it's efficient for all devices.

Overall, I rate the solution a seven out of ten.

Our most common use cases are for our corporate firewalls, and currently, I'm using it as our school firewall. So it's our perimeter firewall. So, we're running three firewalls on our network. 

So we have separate networks each because we have, like, different use cases. So we're running three at the moment.

We've been running it for six years now, and so far, it's been good.

Netgate pfSense has been utilized to create and manage VPNs within our organization. So we're running pfSense with VPN on one of our private cloud providers. So we're using IPSec VPN on that.

For everyday tasks, we just get alerts. It's anything that's suspicious, including from our Netgate. So, it's part of how we maintain cybersecurity in our school. This is working alongside our endpoint security solution. 

We were using an open-source endpoint solution for that. So we're integrating that with the one we have on pfSense. 

The ease of use. Like, it's easy to manage the firewall, rule-wise and interface-wise. For me, it's quite easy and friendly to use.

We have a set of rules so that it can manage all of our rules. We have a complex network here in our school. We have a lot of rules running, so it's really easy to match all of those rules using pfSense.

Integrating pfSense with other products was a bit tedious at first. We researched and tested for about a month, so it was not too hard but not instant.

For the third-party packages, I'd rather have it built-in, like a core feature of pfSense, part of the core model. This feature of pfSense would be great, instead of relying on a third-party module.

I have been using it for six years. 

It's about 95% stable, not perfect, but quite reliable.

If I needed to scale it and merge our pfSense machines into one, I'd prefer a dedicated hardware appliance instead of running multiple x86 servers on the firewall.

We have around 4,000 endpoints. 

I reached out to support for an unusual CPU usage issue after an upgrade. They were responsive, and even though I ultimately found a solution, they were helpful in diagnosing.

Positive

We used Fortinet. We opted for pfSense because of budget limitations. pfSense was a more affordable solution for our requirements.

pfSense is easier to manage and offers modularity for features. With FortiGate, everything is there, but we might not need everything, and too many features can be challenging.

The initial setup is very straightforward and intuitive. 

We use the pfSense software directly and install it on our rack servers. So, we're adding three instances of that.

I handle all the deployment processes. I am the core manager for the entire infrastructure, so I manage and deploy everything.

I consider how many users and gigabytes we expect on the network and try it on a test network first to validate before actual deployment.

Just my core team members manage the whole deployment, so that's enough for us.

Migrating the old one to the new one took around a month because we have many rules, and the new Netgate was quite different.

From the maintenance perspective, it is not difficult at all. 

While configuring or maintaining pfSense, we had high CPU usage on one firewall, but the GPAC subscription provided a good response. The support team was helpful, and we resolved it in a few hours. So, we had good support because of the support subscription. 

We just have the yearly support subscription.

I just found pfSense online. I just tried it out on a home lab and found it worked well enough for us. So, just started out, like, searching online and responded and tried it.

I would advise you to try to estimate your network first and do a test network just to have a proof of concept of what you want to run and check the routes you want to run against your network, making sure that your requirements are valid before deploying it.

Overall, I would rate the solution a nine out of ten. 

THe solution is used as a primary gateway with two lease lines of 450 Mbps total. Around 200 users are under it. 

There is no server or database in the environment. Users use only the internet extensively. We have three separate locations in the same building. Web filtering, IDS/IPS are the obvious requirements. Squid and Snort open-source packages are installed. 

Our organization is ISO 27001 certified. 

An active directory was implemented to control IAM. Synology NAS with RAID for file sharing and off-premise data backup on the cloud. We have mostly L-2 switches to connect nodes. 

Endpoint security product is another layer of security there. 

The Netgate 6100 Max Model is equipped with pfSense Plus software. We configured it last week and replaced the Mikrotik router. There are many improvements, including more visibility, more control over Internet usage, and a robust VPN (no license required). 

There are multiple lease lines and load balancing, reserve or restrict bandwidth based on traffic priority, and user data transfer quotas.

We have almost no complaints about low speed, choking of the internet, or link problems. Now we can see and observe connections logs also. Usage reports are another improvement. 

It's an ideal gateway solution for small and medium businesses, i.e., around 300 devices can be easily handled. 

We received a simple router, however, there are various tools/software to install to activate the full feature of pfSense plus products such as Squid for proxy, Snort for IDS/IPS, Squidguard for content filtering, etc. You can find many open-source software under the package manager tab on the dashboard of pfSense. 

Traffic shaping and load balancing are excellent features. 

pfSense Plus software is a powerful firewall, router, and VPN solution that leverages a number of highly-regarded open-source projects. The software competes effectively with far more expensive commercial alternatives and is used by hundreds of thousands of businesses, educational institutions, and government agencies all over the world. Leading secure-networking features and capabilities include:

Ad blocker (pfBlockerNG)
Captive Portal
CARP/HA
DNS Server
DHCP Server
HTTP transparent/web/reverse proxy (Squid)
IP/Country block list (pfBlocker)
IDS/IPS - Snort
Packet capture/inspection
Port forwarding
QOS/rate limiters
Software load balancer (HA Proxy)
Traffic monitoring
Traffic logging, statistics, and graphs
Traffic shaping
VLAN
Wake-on-LAN
Website blocker (pfBlocker)

and many more packages. Just install and play with it.

There must be a wizard section as per the use case. For example, if we need a simple firewall there must be an auto-install of most required packages. In the same way, if we need a more strict firewall, then different configuration settings.

There must be a more easy-to-use GUI.

More documentation should be available within the package manager.

A visible ON/OFF button must be there and can be easily configured as required. 

An additional non-us electrical plug must be inside the box.

There should be an option to upgrade RAM (i.e. 8GB to 16GB). It can enhance the capacity of the proxy server. 

I bought this solution 15 days back and configured it last week. 

It's an enterprise product and very stable. 

The solution is very easily scalable. 

As of now, we have not taken support. 

Positive

We were using a simple Mikrotik router with the limited capabilities of a firewall. 

It's not straightforward to set up. That said, it is not complex. Just use Netgate documentation and get help from YouTube resources.

We implemented it via an in-house team. My system admin configured it with the help of available documentation. 

The solution offers matchless ROI. There is no license for the VPN and no annual fees. It is a simple product. 

The product is very cost-effective and has no requirement for additional licenses.

The setup is not easy. Users need more technical expertise to configure it. This is not advisable for non-IT users. 

We checked Sophos and Sonicwall. Due to more configurable options and lower prices, and even no requirement of licenses, we decided to move to pfSense. 

This is the best solution with very impressive cost-effectiveness. 

I have used Netgate pfSense for a range of purposes. Initially, I employed it for VPN connections, mainly for personal and professional use. I also relied on it to maintain network equipment in a professional context. In the professional sphere, I have experience with both pfSense and Juniper, but eventually, I decided to phase out Juniper due to its high costs, especially for updates and the addition of new functionalities. pfSense's cost-effectiveness and the flexibility to transition to new hardware while retaining configurations made it a preferred choice. pfSense also stands out in terms of its rapid algorithm evolution compared to competitors like Juniper. Its scalability is another advantage, where adding a new box or reconfiguring can boost the firewall's capacity.

On a personal note, I use Netgate pfSense to connect to my equipment at the data center. Currently, I have a highly available installation that requires two instances of pfSense. While I considered pfSense for this setup, I had to assess whether OpenSense might offer better features for future requirements before delving deeper into pfSense.

It's worth noting that Netgate pfSense's performance is independent of the hardware it runs on. As I mentioned earlier, its scalability is a strong point. Most functions are readily available, and additional features can be obtained by downloading and installing plugins, which are generally free. When you compare this to the alternative of purchasing a firewall from a different supplier, you'll find that the latter option typically doubles the cost of the firewall itself. This cost increase is often attributed to additional licenses for deep inspection and similar functionalities. While configuring pfSense may require more time and effort upfront, the long-term cost savings make it a more cost-effective choice.   

One concern I have with Netgate pfSense is related to packet filtering. Specifically, issues can arise with certain functionalities like GP, and, at times, there may be bugs. When creating IP lists, I've noticed that synchronization doesn't always function correctly. While it's not entirely dysfunctional, troubleshooting these synchronization problems can be quite challenging.

I have been using Netgate pfSense since 2015-16.

I've experienced certain issues with Netgate pfSense in the past, particularly with the previous version, which was 2.5. It posed several problems. However, the current version appears to be more stable. Nonetheless, I still encounter troubleshooting challenges. For instance, there is an issue where it initially blocks an IP range but releases it after ten minutes. This behavior is somewhat peculiar, and it pertains to IP filtering.

The support for Netgate pfSense mainly comes from online forums. These forums are populated by a significant number of individuals who are knowledgeable in pfSense and its related areas, making it a valuable resource.

The choice of whether to use Netgate pfSense often depends on the company's preferences. In some cases, particularly in Switzerland, there is a strong preference for open source solutions. This choice is sometimes motivated by the desire for open source alternatives and can also be related to cost considerations.

The Initial setup is very easy.

Netgate pfSense is a cost-effective option. If you're not using a VPN, you can acquire a decent embedded PC for around a hundred dollars and install pfSense on it, effectively creating a robust firewall solution. With this setup, you can achieve a throughput of two hundred to three hundred megabits per second without any issues, provided you're handling relatively simple rules. The level of performance depends on the specific requirements and tasks.

If you're considering using Netgate pfSense for the first time, I would recommend giving it a try. It's relatively easy to set up and use, especially if you have some prior knowledge of network and IT work. The user manual provides helpful guidance, and the basic configuration is straightforward. Just ensure you pay attention to the hardware requirements to make the most of it.

It can be rated as an eight for simplicity. However, as you progress and introduce complexities, such as enabling deep packet inspection, adding extra features, or installing multiple plugins, the configuration can become more intricate. I encountered some issues with iOS in version 2.5, but they are expected to be resolved or have been resolved.