Netgate pfSense Reviews

We use it for its firewall features and VPN.

I provide it to my customers, and I also use it in my office. It is a very good solution for enterprises that need a VPN for their employees. It is the best way to provide a remote work facility to employees at a very low cost. Other solutions that I have had in the past were very expensive. Enterprises don't always have that kind of money to invest.

Its firewall ability is very good. It is very good and smooth at stopping attacks. It is better than others because we have to perform quite a bit of programming.

It is a very good and affordable solution for enterprises.

Other solutions provide more scope for growth. For instance, we can have only 10 to 20 employees on VPN, but other solutions can support more users. We also have more capabilities to increase the performance of the solution.

I have been using this solution for four years. I am using it now, and I have also used it in the past.

It is very stable. Both pfSense and Netgate appliances are very stable. I have had some of these solutions working non-stop for about a year and a half.

It is very scalable. It is being used in an enterprise with 70 employees and about 30 terabytes of communication per month. I also have other small enterprises with 10 to 20 employees. In my office, I have four users. 

I usually use community forums for any tech support. I get very good information there.

I have also worked with Netgate appliances in the past. Both Netgate and pfSense are very stable.

It is not very easy, but it is straightforward. We have an agreement with the clients to have the equipment and install the appliance in three or four days.

It is very suitable in terms of the price. If a client cannot acquire a Netgate appliance, I provide a custom-made appliance, and I install the Community edition of pfSense. It is a very good and affordable solution for enterprises. Some of the clients pay monthly but usually, it is annually.

The maintenance cost varies depending on the kind of solution we have implemented. It could be €100 per month or around €800 per year.

I would absolutely recommend this solution. I would rate it a nine out of 10.

The solution is primarily used for anything to do with security. SMEs are using it to protect their businesses.

The companies we work with are fairly generic. What we see most is companies using the solution since it's affordable.

The price point is the most valuable aspect of the solution. Customers really value that.

Customers value the following features:  

• It's highly configurable
• It's flexible. 
• The features are easy to use.

The interface is somewhat challenging if you compare it to other commercial products. If you compare it to something like Sophos, where someone with decent firewall knowledge can get it up and running in a very short time, you need to be a fairly skilled security worker for this product.

Configuring the interface can be a bit hard.

We've found working with SAP networks challenging. The model that they have in terms of partner networks works very well in the US. However, it's very challenging in our part of the world. What works very well here (Kenya) is a distributor-reseller model, where you have the vendor appoint a distributor. Then the reseller can quickly serve the client. The partner support could be better here.

We've been selling the product for two or three years. 

The solution is quite stable. I'd rate stability nine out of ten. I rarely have a failure.

We largely work with SMBs. 

Support is excellent. 

Positive

We have used other products as well in the past. For example, I do have knowledge of Sophos. We are a reseller.  We've had it longer than pfSense. Sophos is a bit easier to set up. pfSense pricing is very good, however. It does need a more friendly UI.

The initial setup is a bit complex. There are other products that are easier to set up. The installation is not a problem, however, the complexity comes in with the configuration. The installation itself, which is basic, won't take long. The configuration process is longer since it can be from challenging to quite complex. 

There is some maintenance required. There are updates every quarter. Previous to the last update, you couldn't do an update without breaking. It's easier now, however, there is still maintenance. 

The solution is cost-effective, however, that does come at a cost to the client. They do have to buy the product in the US and ship it to Kenya. The total cost of ownership, including acquisition and support, can be quite competitive. 

We are resellers. 

I'd recommend the solution to other users.

I'd rate the product seven out of ten. There are a few challenges. However, it is stable and offers good support. 

We use our Netgate appliance in our office and resell Netgate appliances and services.

We realized the benefits of pfSense immediately. For example, we needed to connect two ISP connections to use them simultaneously in the office without separating the network. We immediately saw the benefit upon installation. Otherwise, we would have two different connection lines and need to separate the users between the two networks. With pfSense, we could get that benefit instantly. 

Some applications also deliver benefits over time in addition to the immediate benefit on the routing side of an installation. Eventually, you will see other benefits in creating certain policies that apply to users, such as the firewall's filtering capabilities.

In terms of data loss, the ability to create policies that would be a step toward intrusion prevention or malware blocking would be a secondary benefit. As I understand, pfSense per se is Netgate and we have a data loss feature in itself. As a layer of protection, then that creates a layer of protection against data loss.

PfSense offers single-pane-of-glass management. When you log into the system, you immediately see this dashboard, which shows the resources and utilization of the pfSense device. The most important information is in that dashboard. In our case, we have a standby monitor where IT support would look at it. If something is created there, that gives them an idea of how that something is set up. 

The pfSense Plus edition has features that prevent downtime, such as load balancing. We can automatically route traffic to another ISP should the primary or the secondary be down. It's the most important feature for some of our clients. It prevents downtime because it will automatically route to the active connection. 

We have to go through a step that gives you visibility into certain alarms that indicate a possible security issue. That feature provides visibility into potential network security issues. We run servers with applications that are critical to office operations. When monitoring the network, the server is the priority.  Having clear protection ensures productivity because sometimes issues inside the application impact the use inside the office and those outside the office. PfSense is able to add a layer of protection to these application servers.

The most valuable feature is the routing capability. We're primarily using the appliance as a router to provide DNS and multi-WAN routing. Flexibility is also critical. The solution provides flexibility in terms of creating firewall rules. It's extensive, which means you can create several rules with different elements involving firewall policies.

It's easy to add features to pfSense. When I started, I didn't have a networking background, but I was able to follow the materials and learn through hands-on practice. The interface is easy to navigate and understandable.

The intrusion protection system is provided by a third-party provider that's verified by pfSense. It would be best to have an option for IPS because when you deploy pfSense to a SOC, you have to subscribe to another IPS provider.  The IPS should be a default feature. On the other hand, that's also the benefit of pfSense because you can also acquire another IPS solution. 

We started using Netgate in 2016, so we have used it for almost nine years.

I can only think of one instance where stability would be a problem, and that's the power supply. We have tested the hardware for a single power supply, so if it was deployed in a location where the power supply is unstable and without the proper UPS, then it will cause problems. That is not due to pfSense per se. It requires a redundant power supply on the end user side to provide sufficient UPS or some sort of backup. On the software side, I don't recall a major incident where the software got corrupted.

Sometimes, it could get corrupted in the course of maintenance. For example, if the logs are not cleared, and the storage becomes full over time. 

The hardware is not scalable. Normally, we ask clients to project where they will be in two or three years and advise them to buy a model that fits their requirements. If you already have fixed hardware but you haven't factored in the number of users, you will hit a wall. PfSense has some scalability, but it depends on your hardware. 

I rate Netgate support 10 out of 10. When you acquire Netgate hardware, you gain access to online support. We've had some issues that couldn't be resolved, so we had to raise a ticket to online support. The feedback was quick, and we didn't have any major issues left unresolved because the online support was effective.

Positive

We deployed certain prescribed network equipment, like the Fortinet firewall. We started using pfSense Community Edition because it's free and highly available, but we saw the benefit of the commercial version, which is more stable, so we decided to upgrade to that. 

When we started, we were already using the community version. It took some time because we have some IT personnel. Sometimes, when we have just hired an IT staff member, and we introduce them to pfSense, I see that they can easily adapt or understand the features and how to manage the firewall. They can install the community version and play with it. The installation is easy and staff can learn it hands-on.

We deployed it in-house, but when we hire some IT support, we require them to have some exposure to pfSense. The pfSense community edition is pretty popular, so we don't have much use for consultants. We provide the service because we understand pfSense.

PfSense is easy to maintain. You only need to modify the configuration when there are additions to the network or you need to change the firewall rules. Other than that, the features and systems don't require much maintenance. 

In the Philippines, most users are small or medium-sized enterprises. Small businesses also need a level of protection, so sometimes, what they need is basic protection. For example, they must protect their ports so they cannot be scanned from outside and layered protection and filtering. They would like something without a recurring cost, which pfSense can provide for basic features. 

PfSense offers solid value for small and medium enterprises, so it's highly applicable. It serves our purpose even in our use case. We have certain critical applications that must be protected, and the pricing is good for us. The good thing about pfSense is that it supports layer three or IPSec VPN at no additional cost. That in itself is a good feature for small and medium enterprises, and we can deploy VPN at no additional cost. We can deploy other applications, adding a layer of VPN without much expense.

I rate Netgate pfSense eight out of 10. 

We're using pfSense as a firewall and for web filtering.

The firewall sensor is highly effective, and it's easy to deploy. You can deploy pfSense with limited hardware resources. It's not necessary to have an appliance with much RAM to make it work. It's cost-effective and performs well.

The solution could be more user-friendly, and the graphical interface needs some work so that someone without an IT background can use the application. I would like the ability to manage the on-premise appliance from the cloud. When I'm not in the office, it would be great to connect to the pfSense server and administer the network remotely.

I've used pfSense for two and a half years.

pfSense is stable. 

You can scale up pfSense with multiple clusters for higher availability. It has that capability. It gives you that flexibility to set up a hybrid with part of the deployment in the cloud and a mural copy or to grow your network. 

At my previous company, we used a Cisco firewall and a router, but they kept having issues with the firewall and the device.  When I joined this company,  we introduced pfSense and haven't had any issues since. 

Setting up pfSense is easy, but it depends on your experience level. The average person with an IT background who is grounded in ICT can do install and configure pfSense in 15 to 30 minutes. 

PfSense is an open-source product, but you need to buy a license to get some features. 

I rate pfSense eight out of 10. It's an open-source solution that you can deploy on data warehouses with various resources. You're not tied to specific hardware. It's easier to manage and use.

Before deploying, you should find out the details about the environment where you will install pfSense. I would recommend pfSense for an enterprise environment with around 1,000 to 2,500 users.

The product makes our business more secure. It has increased the security of our business. We are using the two solutions. The first one is from Cisco, and the second is from pfSense.

A few months back, we were attacked, however, the attackers used the wrong software. We decided then it was important to start prioritizing our security, which is why we brought on this product. 

The solution is very flexible.

I find the product very easy to use. 

The initial setup is not complex. 

The solution has been very stable so far.

We can scale the solution if we need to.

The process can be challenging. We do not have one security team. We need a team that can guarantee the security of our company and we're not there yet. We only have the client's equipment, and one guy managing this equipment. This isn't necessarily a problem with the product, it's more about our own internal structure. 

Ultimately, we'd like something stronger, and something that can handle threats better in real-time. 

I've been using the solution for about five years now. 

The stability has been great so far. there are no bugs or glitches. It doesn't crash or freeze. Its performance has been great.

The scalability of the product is very good. If we want to expand, we can do so. 

We have 3,000 people on the solution right now. There are people from various teams that utilize it. It's not just IT. 

We previously used OpenBSD, a Linux solution. 

We switched to this product as it is free and open-source. It also increased the level of security we had on hand, even though OpenBSD was more user-friendly. 

When it comes to setting up the solution, it's not a complex process. It's pretty straightforward in general. 

The deployment took maybe a month and a half. 

We have two teams that handle deployment and maintenance tasks. One team is internal and the other is external. They're mostly engineers and they work together. 

We used an outside integrator to help us and we were pretty happy with the results. 

We are using the free version of the solution. We are not paying anything for it at this time. 

We're reading up on other solutions every day. We likely won't stay with this solution. It's good for now, however, we'd like something more robust further down the line. 

We are a customer and an end-user. 

We're using either version 5.3 or 5.4 at this time. 

While this is a good solution, we're looking for something stronger in the future. I'd recommend others also look for something strong, that fits their security needs. 

I would rate the solution at a nine out of ten. 

We have a client who's got a number of VMs on a single piece of hardware. They needed to have access over a VPN to those VMs from inside their network. We use pfSense to provide the VPN link using the IPsec.

In others, let's say smaller organizations, we will put a Mini ITX system that then connects into their broadband - typically sort of fiber or something like that - and just gives protection. 

The solution also allows us then to manage port forwarding and things like that.

The firewall aspect of the solution is very valuable to us. We had so many limitations with the Dre tech, however, it's the firewall and the port forwarding that is the most interesting due to the fact it allows us to restrict IP addresses and move things from different ports and things like that.

I'm the expert when it comes to Linux systems, however, with the pfSense, due to the web interface, the rest of the staff can actually make changes to it as required without me worrying about whether they've opened up ports incorrectly or not. The ease of use for non-expert staff is very good. 

The solution is easy to use in general, for everyone.

The product is very powerful.

It's the type of device that does one thing well. There isn't much I would want to change.

We are at the moment looking to use it as a proxy service so that we can limit what websites people go and view and that sort of thing. That's an area I've struggled with a little bit at the moment and it could be a bit easier to set up.

The only other thing I might look at would be some sort of antivirus type of aspect to check traffic coming in and out of the network. If they offered unified threat management, that would be an ideal outcome for us.

I have been looking at it as a sort of an appliance, rather than installing it on an actual PC. However, that's for future research first.

pfSense is only a small part of what we do. The majority of our systems are full-blown Linux systems and we use that firewall as a system. It's only recently we've started switching some clients to pfSense where we think we need to have slightly different things. Maybe they haven't got a server and this is just replacing their sort of existing TP-link or router, et cetera.

I've had no issues with stability whatsoever. I'm quite happy letting it run for days, months, weeks, et cetera. We have no requirements to actively manage it. In terms of performance, we just need to go in and make changes as required by the customer. Other than that, it's set and forget. There are no bugs and glitches to navigate. It doesn't crash or freeze.

It's not been extensively used at the moment as we've already got a Linux server in place. If we can justify it for the customer, we tend to use that. That said, we are looking to increase usage of that as it would say it takes some of the work away from me and allows me to farm that out to the staff.

We've never had to use technical support. Therefore, I can't speak to their level of knowledge or how helpful they are. We've always just been able to find the answers we need without their help, and therefore have never really had to use them.

We're still using Linux servers that are running IP tables, et cetera. Prior to that, we were using, something called IPCop. Before that, I can't remember what it was. We've always used sort of Linux old BSD-based solutions for our firewalls. That's just what we've always done.

The initial setup is not overly complex or difficult. It is very straightforward. We connect and we just have got a couple of standard procedures to setup once it's complete. We could probably get one up and running between half an hour to an hour. The deployment is fast and the whole process is pretty seamless at this point.

We did not use any integrator or anything like that. We're offering our client's the installation process as part of our services. I find it very, very straightforward, however, that's due to my previous experience with Linux setups. 

We use the open-source version, which is free to use. 

I say we've always used the community edition as I've never felt a need for support or anything like that and our clients have never insisted on it. I know where to go to look for answers if we run into problems, so paying for that extra support isn't something we need to worry about. 

We are just end-users and customers.

I cannot speak to the exact version we are using. Ours may be slightly out of date. We may not be using the absolute latest version. Version 2.51 is available soon and we'll likely upgrade to that.

It's good for where people have outgrown their existing broadband routers, such as the TP-link, the Dre Tech, and that sort of thing. Often, it doesn't justify putting in a full system. We tend to use a Mini ITX PC, multiple LAN network cards, and then install the opensource version and configure it appropriately.

You need to be slightly more tactical than just plugging in a Dre tech or similar Nokia device. I don't think you need to be incredibly technical to set this up. 

I like it, I'd recommend it to most people to at least give it a try, and to spend a few hours initially to work their way around it.

I'll definitely give it at least a nine out of ten for its general ease of use for me and my staff. It does pretty much everything that we ask of it and the required resources for the hardware are minimal as well.

I use the solution in my home network as the main firewall before all data heads out to the internet. I use it for DNS resolution as well.

I noticed the benefits of pfSense immediately after deployment. I was able to take complete control of my security to my house, and it gave me all the things that I needed in order to secure my home network.

The GUI and the user interface have been very clean, understandable, and feature-rich across the board.

The flexibility of pfSense is great. 

It is very easy to add features. 

There are features that help to prevent data loss. The rules engine of pfSense, a traditional firewall rule structure, has always been the same.

There's definitely a single pane of glass. There's definitely a lot there in front of you. 

pfSense provides visibility that enables users to make data-driven decisions. I'd rate the capabilities seven out of ten. 

Sometimes it's a bit of a challenge to know how to do something when you want to do something, for instance, setting up a point to point VPN.

Configuration is sometimes a challenge just due to a lack of knowledge on my side. I find that if I don't set up the rules correctly, and this goes to lack of knowledge of being an expert in the firewall space, it's a bit of a challenge sometimes in setting that up.

I would ask them to update it to a more modern interface, as it does look a little tired compared to GUIs today. However, the features are there. A redesign would be greatly appreciated, just from a human engineering aspect.

It might be easier if they separated things out a little bit more instead of putting all the aspects of what pfSense can do for you in a single menu. For instance, they have services, and they have all the services that you could have on your system. It's a lot.

Sometimes I find it difficult to find the data visibility that I would need in the interface to then go make a data-driven decision.

pfSense helps optimize performance. From a performance standpoint, setting up firewall rules does a great job of laying out exactly what those rules are. The layout of the firewall rules makes it easy to create a secure environment on my home network, albeit not very big. However, all the features are within the firewall, and I can create individual rules and organize the rules.

I've used the solution for six years. 

I have never experienced downtime from my pfSense device. I'd rate stability ten out of ten.

The scalability is very good. I'd rate it a ten out of ten.

I contacted technical support when there was a major upgrade a few years back, and I needed some assistance.

The quality was perfect. They were fast and very helpful. Even though I wasn't a paying customer for support, they still gave me great guidance and helped me focus on the issues at hand.

Positive

I've always had my service provider, Verizon, with their main router, and that router usually has a firewall built into it. I've never used anybody else besides pfSense outside of that.

The initial setup is straightforward. I've done it for my son at college in a matter of two hours, from unboxing to operation. It's easy to deploy a box. I can deploy it by myself.

It does not require any maintenance.

The ROI and the TCO are significant. You get a lot of features under one product. However, I don't use it as a router. I only use it for firewall and VPN capabilities and DNS.

The pricing and licensing are spot on. It's well below the industry average.

I did not look into other options. I knew of pfSense as being a leader in the industry, and that it is utilized by major corporations in large environments. To that end, I assumed it wouldn't hurt for me to have familiarity with the product and use it at home.

I'm an end-user.

I use the Plus version of pfSense. However, I do not pay for support.

I would rate the solution eight out of ten.

I build my own firewalls, and I use pfSense.

It is very easy to use. The interface is quite understandable. There is a good community, and I can take over at any time I want. If there is anything wrong with it, I could just reinstall the whole thing and start all over again, and I'll be up again in less than a few minutes.

More documentation would be great, especially on new features because sometimes, when new features come out, you don't get to understand them right off the bat. You have to really spend a lot of time understanding them. So, more documentation would be awesome.

In terms of features, for my use, I don't see anything wrong with it. I basically get what I need from it by default. I build my firewall, so I only rely on the software. On the software side, there is not much to improve right now. So, at this point in time, I don't see anything, but I always welcome any kind of upgrades that they do. I always try them out and see if I can use them in the company or not, but so far, there are no complaints on my end.

I have been using this solution for more than eight years.

It is a very stable product.

It is quite scalable.

I don't have any experience dealing with technical support directly from the makers of pfSense. I am using its Community Edition. That's why when it comes to technical support, I rely on myself, the community, and the information on the internet, especially from those who are more adept at it than me.

It is quite easy. It is up in a few minutes even though I reinstalled the whole thing. For me, it is as straightforward as it can get. I'm a long-time user, and I don't see any problems with the configuration.

We are using its Community Edition, which is free. My company is a government school, and we don't have much budget.

There is a steep learning curve and you have to spend a lot of time with it to understand how you're going to use it and how you're going to customize it yourself. That's where you're going to have to spend a lot of time, but by the time you're done with everything and you have played with all the features you want, you will understand everything you need. You will always be up in minutes, even if it gets "destroyed" during the night, you can come back to it and reinstall the whole thing, and everything will be good.

I would rate it a 9 out of 10. It cannot get a 10 right now because it changes every day. It might be 10 today, but in a few seconds, it won't be a 10 because the whole internet changes in a few seconds, and the whole way of serving your clients can change in a few seconds. So, it can't get that perfect 10.