It is my main firewall into the data center and VPNs for clients. It sets up my DMZ and does a whole bunch of other stuff. I am using the latest version.
Systems Administrator at a tech services company with 51-200 employees
A rock-solid, customizable, and free open-source firewall with useful intrusion detection, clustering, and HA features
Pros and Cons
- "The intrusion detection feature is the most valuable. It is an open-source firewall, so there is a lot of material on it. I also find the open VPN capability very nice. It is pretty customizable. The clustering and the high availability are the two biggest things to be able to get out of a firewall."
- "Their support could be better in terms of the response time."
What is our primary use case?
How has it helped my organization?
We wouldn't be able to function without it.
What is most valuable?
The intrusion detection feature is the most valuable. It is an open-source firewall, so there is a lot of material on it. I also find the open VPN capability very nice.
It is pretty customizable. The clustering and the high availability are the two biggest things to be able to get out of a firewall.
What needs improvement?
Their support could be better in terms of the response time.
Buyer's Guide
Netgate pfSense
December 2024
Learn what your peers think about Netgate pfSense. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
What do I think about the stability of the solution?
It has been pretty rock solid.
What do I think about the scalability of the solution?
Its scalability is good. I have got web users and other kinds of users, so there can be five or thousands of users.
How are customer service and support?
I paid for some support with them, and it was pretty good. They just could be a little quicker in responding. They have custom level support, so if you got something complicated, they get you up to the upper tiers, but it takes a little bit longer to do that. Once you get there, the support is good. I would rate them an eight out of ten.
Which solution did I use previously and why did I switch?
I used Fortinet previously, and I used Ubiquiti prior to that. We switched partly because of the cost. It also gave me the ability to do the clustering. I can still maintain my VPNs, connections, and other things. I can take down one of the firewalls for maintenance and bring up the other one and not take down my whole user base.
How was the initial setup?
It was not complex. I was able to do it myself, but we had some problems with some of the protocols, and we had to get one of their coders to get in and look at it. Because of that, it was a little complicated to do the high availability stuff.
What about the implementation team?
I did it myself.
What's my experience with pricing, setup cost, and licensing?
I spent a couple of $1,000 on hardware, and the OS was free. A comparable firewall would cost me probably 20 grand. It saved a lot of money.
What other advice do I have?
I would advise others to go for it. I would recommend this solution. It is a good solution. No other solution can beat the price.
There is so much stuff you can do with it. There are so many features, and I have not even scratched the surface on all of them. If it is something that someone doesn't feel like configuring, you can buy a prebuilt system from them and get support.
I would rate pfSense a nine out of ten because of the cost and flexibility. It has been pretty good.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Support Specialist with 51-200 employees
Very stable, relatively easy to set up, and offers good technical support
Pros and Cons
- "The built-in open VPN and the VPN Client Export are the solution's most valuable aspects."
- "There's a bit of a learning curve during the initial implementation."
What is our primary use case?
We just use the solution as a straight-up firewall. There is no VPN access or anything like that. We just use it as a straight-up firewall and we run Suricata on it as a defense.
What is most valuable?
The built-in open VPN and the VPN Client Export are the solution's most valuable aspects.
What needs improvement?
I cannot recall any features that are lacking.
There's a bit of a learning curve during the initial implementation.
You do have to pay extra for better customer service.
For how long have I used the solution?
We've been using the solution for about six months. It hasn't been too long.
What do I think about the stability of the solution?
The solution is very stable. We've had zero issues. There aren't bugs or glitches. It doesn't crash or freeze. It's been reliable.
What do I think about the scalability of the solution?
I have not tried scaling, therefore, I can't really comment on how easy or hard it would be to expand the service.
There's only one person in the organization using the solution, and that's me.
How are customer service and technical support?
The tech support is excellent if you have a support subscription. If you didn't have that, you could be lining up for a while. It could be a hit or miss, whether you get someone that's actually going to help you.
However, we have a subscription and therefore our support is always excellent. We're quite satisfied with the level of service we're getting.
Which solution did I use previously and why did I switch?
Previously, we used Dell SonicWall. There was just a high cost of licensing all the time, and, with having someone go in and troubleshoot for issues as well, it just wasn't cost-effective anymore. pfSense is simply a better solution.
How was the initial setup?
The initial setup has a bit of a learning curve. It's not complex per se. It just takes some getting used to. After the initial deployment, the other six or seven were easy. I could just copy the configuration of the other ones, change some IP addresses, and I was basically done.
What's my experience with pricing, setup cost, and licensing?
There aren't monthly or yearly licensing costs.
What other advice do I have?
We're just cusomers. We don't have a business relationship with pfSense.
We're using the latest stable version of the solution.
I would 100% recommend the solution to others. On a scale from one to ten, I'd give it a ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Netgate pfSense
December 2024
Learn what your peers think about Netgate pfSense. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
IT Manager & Sr. Application Programmer with 11-50 employees
It allows for both v1 and v2 IPSec configurations to secure your connections
What is our primary use case?
We use this at all of our locations as our edge device, IPSec site-to-site VPN functionality between our offices and our AWS EC2. No matter what is thrown at this, the system handles it like a champ. We have both dedicated hardware and virtualized versions running in our infrastructure. So far we haven't found a reason why we need to spend thousands for an appliance like Cisco ASA when this handles all of our needs.
How has it helped my organization?
We're a small business growing rapidly. We recently overhauled the IT infrastructure, and after looking at a number of other competitors, pfSense has been a lifesaver, allowing us to scale up and provide compliance without the need to purchase additional licenses to offer services to our employees.
What is most valuable?
There are so many packages you can install which extends pfSense's capabilities including consuming from lists such as FireHOL, Pi-Hole, etc. Here are a few packages we use:
- IPSec: pfSense allows for both v1 and v2 IPSec configurations to secure your connections.
- IPS: You can use Snort or Suricata along with Snort packages, even subscribe to commercial packages if you wish. This alone starts making pfSense on par with Cisco.
- Proxy/content filtering: You can install Squid and SquidGuard to act as a proxy and content filter. Yes, it does filter HTTPS, and there's a number of ways you can do it out of the box.
pfSense also reformatted their logs so that they're compliant and standardized. We have our logs shipped to our SIEM and Logstash servers.
What needs improvement?
While I agree spam filtering is not included or an option with the system, I don't necessarily hold that against the product as there are a number of other services that do it far better than a firewall could. If you use Office 365, Microsoft's implementations are likely to be far superior to what you'll get from a firewall. However, with that said, the one item I wish it included, even if it was a subscription-based service, is the inclusion of an AV and/or threat intelligence. This would elevate the solution well above other alternatives.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
We have not encountered any stability issues and have upgraded to each version over the years. They've really made a rock solid solution.
What do I think about the scalability of the solution?
Extremely high. We tested it on VMs running different configurations from extremely lightweight to overkill. It will run on anything and maintain it's high performance. Obviously the more you give it, the more amazing the solution becomes.
How are customer service and technical support?
I had one question, and they got back to me extremely quick. Not only are they knowledgeable about their product, but they're kind and courteous.
Which solution did I use previously and why did I switch?
Old and outdated infrastructure procured before I joined the company.
How was the initial setup?
Not only was it straightforward, but if you know nothing about firewalls, you can install this. Especially since they recently made their entire guidebook free to use. Not to mention the countless blogs and how to's. Low to intermediate level IT pros should be able to handle this baby.
What about the implementation team?
In-house.
What was our ROI?
From day one you get a 100% ROI. If all you have is an older server you recently decommissioned, with multiple NICs, I strongly recommend installing this software on it and giving it a shot. Doing that alone will beat out any competitor hands down.
What's my experience with pricing, setup cost, and licensing?
For the cost and what's included, you can't beat it, no way no how. If you're worried about enterprise solutions, the only thing you need to do then is to purchase a support contract, and you have an enterprise solution. You can even purchase hardware from the vendor if you choose.
Which other solutions did I evaluate?
Cisco, WatchGuard, Sophos, Fortinet, Untangle, Juniper.
What other advice do I have?
I strongly recommend giving pfSense a hard look. I've been in IT for 20+ years, and I've run the gambit on other firewalls. pfSense definitely can hold it's own against any of them.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Support Engineer
Users can work offsite through the VPN.
Pros and Cons
- "The "OpenVPN Client Export" package is really helpful in exporting the VPN client software on most popular devices: iOS/Android, Windows, Mac, Linux, and a handful of SIP handsets."
- "Network monitoring and device inventory could use some improvements. I'm using SpiceWorks for this because it never really worked in pfSense."
How has it helped my organization?
It has improved our security. Users can work offsite and connect to the VPN.
What is most valuable?
- The VPN and the firewall. They are reliable and easy to manage.
- The VPN is valuable for setting up secure remote connections to our network.
- pfSense has the OpenVPN package which is a well-supported VPN software.
- The "OpenVPN Client Export" package is really helpful in exporting the VPN client software on most popular devices: iOS/Android, Windows, Mac, Linux, and a handful of SIP handsets.
What needs improvement?
Network monitoring and device inventory could use some improvements. I'm using SpiceWorks for this because it never really worked in pfSense.
Network monitoring is a big topic and I realize there is plenty of software out there like SpiceWorks, NTOPNG, PDQ, Zabbix, and Nagios.
I can easily log into pfSense and check "Status > Gateways" to see if the internet connection is online. However, I don't usually know if there's a problem until it's been down for a while and someone tells me about it. I realize this is a tricky problem, because if the pfSense internet goes down, how is it supposed to send out an email that relies on the internet connection?
I guess the only way that would make sense, is if an external monitor was set up in the cloud or something that could check the status of pfSense at given intervals.
As far as clients being up/down is concerned, I can use some alternative software and maybe there's a package in pfSense that I can use for it.
Another idea for pfSense device inventor: What if pfSense collected a list of newly connected clients? For security, it's important to know about all the clients connected to the network. A simple list of new clients that connect would be nice to have.
The alternative would be to lock pfSense down to only make address reservations, but that just creates more work for the Network Admin.
What do I think about the stability of the solution?
It seems to run stable, as long as the hardware is good. I tried running pfSense on a USB flash drive. After a month, I was having to re-install/re-configure pfSense on a new flash drive. I did that for a couple of months and collected a bunch of broken flash drives.
Even though their online documents claim that pfSense can run on flash drives, it really just breaks the flash drive after a month or less.
What do I think about the scalability of the solution?
I have noticed that pfSense boots up really slowly as more users are connected to it. Occasionally, you have to re-install or delete broken packages that freeze up the system. However, the core pfSense software runs great.
How are customer service and technical support?
I have never used pfSense technical support so I can't rate them. I used Google and figured everything out on my own. I do my own support.
Which solution did I use previously and why did I switch?
We did not use a previous solution. I recommend pfSense because it's free, open source software.
How was the initial setup?
The setup of pfSense was very straightforward for the most part. Usually, when something isn't working, it's because the "Apply" button wasn't clicked.
What's my experience with pricing, setup cost, and licensing?
Spend at least $300 or more on a good pfSense box. Use a hard drive, and not a USB flash drive for pfSense storage.
Which other solutions did I evaluate?
We looked at some other solutions, but pricing and licensing was the problem. I looked at Palo Alto and SonicWall.
What other advice do I have?
The learning curve is steep, but once you get the basics down, it's very robust and easy to use. There are plenty of resources online about setting it up.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Great flexibility without the ongoing fees
Pros and Cons
- "What I found most valuable is the cost of the platform, the flexibility of the platform, and the fact that the ongoing fees are not there as they are with the competitor. Some people may think you're taking a risk with using Opensource. I think it just provides the end user, specifically for us small, medium business providers of services, the flexibility we need at the right cost to provide them a higher end, almost enterprise type service."
- "In terms of areas of improvement, the interface seemed like it had a lot. The GUI interface that I had gotten into was rather elaborate. I don't know if they could zero in on some markets and potentially for small, medium businesses specifically, give them a stripped-down version of the GUI for pfSense."
What is our primary use case?
We had been hit by crypto, and with our existing firewall infrastructure, we found out it didn't have geofiltering without an additional cost. That's still written from SonicWall and I think you have to pay extra for that. pfSense came with geofiltering and with logging as well, which I believe you have to pay extra for with SonicWall. So we didn't realize this until we got hit. We implemented GoIP filtering, and we also activated and stored the log files from within the firewall. I think there are some other feature sets that we used as well. The device seemed to be a little bit simpler to manage and configure through the interface. Of course with it being open source, we were able to stay current with that without having to incur annual purchasing or annual licensing fees like we do with SonicWall.
What is most valuable?
What I found most valuable is the cost of the platform, the flexibility of the platform, and the fact that the ongoing fees are not there as they are with the competitor. Some people may think you're taking a risk with using open source. I think it just provides the end-user, specifically for us small, medium business providers of services, the flexibility we need at the right cost to provide them a higher-end, almost enterprise-type service.
What needs improvement?
In terms of areas of improvement, the interface seemed like it had a lot. The GUI interface that I had gotten into was rather elaborate. I don't know if they could zero in on some markets and potentially for small, medium businesses specifically, give them a stripped-down version of the GUI for pfSense.
For how long have I used the solution?
I've used this solution for about a year.
What do I think about the scalability of the solution?
You could scale the pfSense platform to multiple users and bandwidth. With SonicWall, you have to go get a different version of their product because they're going to tie their firmware to their version. pfSense doesn't do that. It seemed to me like the scale of pfSense is easier and it was a non-sales interactive requirement to scale the offering versus with SonicWall.
How are customer service and support?
Technical support was through an online chat. I don't remember us running into any snags.
How was the initial setup?
The initial setup is pretty straightforward if you have your ducks in a row if you understand the IP engineering and design, and you understand some of the protocols that you want to introduce into the environment. I think one of the biggest things that it allowed us to do also was remote desktop or remote access. We filtered out remote management. We shut those ports down within pfSense, and that seemed pretty straightforward. I think the GUI has a little too much information out there, but if you're a senior engineer, you're going to love all the information because it makes sense to you. If you're a junior or a freshman engineer, you're not going to mind it either because you can use it to teach yourself how to take advantage of that information that's there.
On the front end of this, I thought it was rather intuitive.
What was our ROI?
With a firewall, typically we only charge between $25 and $75 a year to manage the firewall. That allows us to keep our price points low, and with minimal administrative overhead, we can maximize our profits.
What's my experience with pricing, setup cost, and licensing?
When compared to other solutions like SonicWall, SonicWall has a built-in administrative burden where you have to go back and make sure your client understands they're going to get hit with another annual fee to keep that device up to date. pfSense is not like that. pfSense is not like that in the sense that if you go out and get the latest update of firmware or software, you're going to get the latest and greatest. You don't have to remember to go to the client and remind them they're going to be charged another fee next year to keep their license current. I hope they keep that model.
What other advice do I have?
If you're a junior or even a beginner engineer, jumping into the interface for pfSense could be overwhelming. There are going to be things in there you just have never heard or seen before, which isn't a bad thing.
On the front end, I would take advantage of any courses that are out there, any introductions to it. It's very intuitive and there are a lot of forums out there that you can go watch and educate yourself on. If you are not that advanced of a network engineer, I think it's a great solution for you because you can go out to some peers and get a lot of direction and guidance from them to set it up in a small environment. The only other thing I would do is just compare. You always have to understand what your customers' needs are. Make sure you understand what your customer's needs are and that it's going to fit into their environment and their budget. I don't know why it wouldn't, but that'd be about the only advice I'd give is just make sure that it is definitely a fit for your customer base. I'm fairly confident, small and medium businesses should be a very good fit. I've been in the enterprise space as well. There may be some things on the enterprise level that you just can't do with pfSense and you might want to go to some other solution set, but I think it's very competitive.
I'd rate this solution a nine, even if I was an experienced engineer because it's easy to have and easy to maintain.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Support Specialist at Tech Solutions
It has provided us with a low cost security solution but their testing prior to deployment needs to be improved.
What is most valuable?
- Open source
- Proximity security
- Content filtering
How has it helped my organization?
It has provided us with a low cost security solution using a quality router at a fraction of the cost of our previous solution.
What needs improvement?
- Testing prior to deployment
- Packages need better support
For how long have I used the solution?
I've used it for eight years.
What was my experience with deployment of the solution?
Rarely as long as the right precautions are taken during migration.
What do I think about the stability of the solution?
Sometimes there are issues with package deployment and one must refer to the forums for support.
What do I think about the scalability of the solution?
Being open source, scalability is not limited. The limits in place, are only set by available resources and time.
How are customer service and technical support?
Customer Service:
Customer service is available at a rate of $399 for 2 incidents, $899 for 5 incidents and $1,699 for 10 incidents. Most people refer to the forum and/or chat room.
Technical Support:Over 10/10.
Which solution did I use previously and why did I switch?
Yes, I have used many other routers but nothing offers the options pfSense does without spending a fortune. pfSense is constantly being improved on.
I switched due to router limitations and vulnerabilities.
How was the initial setup?
It's straight forward for anyone that's installed an OS before, however, I wouldn't recommend it for the novice.
What about the implementation team?
It has been implemented in house and at client locations. If implemented at client locations it does require some care if Snort (The proximity security system) is used as it needs to be fine tuned and touched up from time to time due to newly found vulnerabilities that cause legitimate sites to be blocked.
What was our ROI?
You can invest as little or as much as you want. Granted, some features require more hardware than others but some end users use old machines that no longer have a purpose.
What's my experience with pricing, setup cost, and licensing?
It's between US$50 to US$1500 depending on the hardware that is used.
Which other solutions did I evaluate?
We also looked at -
- Smoothwall
- Moonwall
- SonicWall
- Netgear
- IPCop
What other advice do I have?
Become familiar with the router before implementing it at customer sites. Realize that basic features require a basic amount of hardware. Advanced features require more RAM and if using an SSD, use the embedded installer to reduce wear and tear on your drive.
I would recommend having the following hardware as a minimum:
- At least 8GB for storage
- 256MB+ RAM
- A dual core 1.8Ghz CPU for single typical Internet connection
- The faster the internet connection, a faster CPU and more RAM are required
- If you run Snort and Squid it is recommended you have between 4GB to 8GB of RAM
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Manager at a marketing services firm with 1,001-5,000 employees
Stable, fair price, and user-friendly with a very nice web interface
Pros and Cons
- "It has a very nice web interface, and it is very simple to use. The way policies are working is also good."
- "I have been using WireGuard VPN because it is a lot faster and more secure than an open VPN. However, in the latest version of pfSense, they have removed this feature, which is one of the main features that I need. They should include this feature."
What is most valuable?
It has a very nice web interface, and it is very simple to use. The way policies are working is also good.
What needs improvement?
I have been using WireGuard VPN because it is a lot faster and more secure than an open VPN. However, in the latest version of pfSense, they have removed this feature, which is one of the main features that I need. They should include this feature.
For how long have I used the solution?
I have been using this solution for probably ten years. As the head of IT, I have used pfSense for the French infrastructure for around ten years.
What do I think about the stability of the solution?
It is working fine for me. I never had any problem with this firewall.
How are customer service and technical support?
I never had to contact their support because everything has been working fine.
Which solution did I use previously and why did I switch?
I have a lot of experience with pfSense but not much with OPNsense. Both OPNsense and pfSense are very easy, but pfSense is a bit more friendly. pfSense is simple to use with a nice web interface. OPNsense is more tricky.
OPNsense has the remote access functionality, which is the main functionality that I need. OPNsense is very easy to set up and very easy to manage. It is also very fast.
How was the initial setup?
Its initial setup is very easy.
What about the implementation team?
In France, we have less than five engineers. That's why we try to do everything by ourselves. We chose pfSense because it is user-friendly.
What's my experience with pricing, setup cost, and licensing?
Its price is pretty fair.
What other advice do I have?
If you don't need WireGuard VPN, pfSense is better because it is easier to use than OPNsense. It is a very good platform. Its web administration interface has been working fine.
I would rate pfSense an eight out of ten. A couple of months ago, I would have rated it a ten out of ten because of the WireGuard VPN feature.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
An open source firewall solution with a useful encryption feature
Pros and Cons
- "I like the connectivity to the open VPN. It's very smooth."
- "They can improve the dynamic of the input of IPs from outside."
What is our primary use case?
I was working for a firm that has 70 employees. They are mostly working from home, so I needed a very well-structured VPN for remote working. We put it on Supermicro, and it worked fine, and it was above their needs.
What is most valuable?
I like the connectivity to the open VPN. It's very smooth. All the encryption in the open VPN is very good. The structure of the pfSense software works out very well. The PF work cuts and the snorts and whatever we put on the console for spyware and attack prevention seem to work very nicely.
What needs improvement?
They can improve the dynamic of the input of IPs from outside. Determining the IPs that are outside would be another way to identifying potential threats. We can treat it or identify and then block it or determine the rules to work with that IPs from the outside and inside the network.
For how long have I used the solution?
I have been using pfSense for the past three years.
Which solution did I use previously and why did I switch?
Back in the day, I was using Fortinet, and it was very tricky to get it working without spending more money. pfSense is exactly what we paid for, and it's still working very well. We've been working with it for two or three years, and it's a very good solution, and I didn't have to spend any more money on it.
Cisco VSL and Fortinet are tricky when it comes to improving the firewall rules or creating rules above older rules. In pfSense, it's very logical. It's simple.
How was the initial setup?
The initial setup is very linear and very smooth.
What other advice do I have?
On a scale from one to ten, I would give pfSense a nine.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Netgate pfSense Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
FirewallsPopular Comparisons
Fortinet FortiGate
OPNsense
Cisco Secure Firewall
Sophos XG
Palo Alto Networks NG Firewalls
Azure Firewall
Check Point NGFW
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Untangle NG Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Fortinet FortiOS
Buyer's Guide
Download our free Netgate pfSense Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Sophos and pfSense?
- How do I choose between Fortinet FortiGate and pfSense?
- How do I deploy anti-spam in pfSense or SonicWall TZ?
- What are the differences between Fortinet FortiGate and pfSense?
- Comparison between Sophos XG and pfSense as firewalls
- What is the difference between PfSense and OPNsense?
- Why is pfSense's firewall better than OPNsense's?
- Which solution do you prefer: pfSense or KerioControl?
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
Yes you can use Squid and SquidGuard to act as your web/content filter. We have it running and are able to filter out HTTP and HTTPS. As far as App Filtering, you can setup Snort to filter out applications. See Netgate's blog for more information: www.netgate.com