Netgate pfSense Reviews

It is my main firewall into the data center and VPNs for clients. It sets up my DMZ and does a whole bunch of other stuff. I am using the latest version.

We wouldn't be able to function without it.

The intrusion detection feature is the most valuable. It is an open-source firewall, so there is a lot of material on it. I also find the open VPN capability very nice.

It is pretty customizable. The clustering and the high availability are the two biggest things to be able to get out of a firewall. 

Their support could be better in terms of the response time.

It has been pretty rock solid.

Its scalability is good. I have got web users and other kinds of users, so there can be five or thousands of users.

I paid for some support with them, and it was pretty good. They just could be a little quicker in responding. They have custom level support, so if you got something complicated, they get you up to the upper tiers, but it takes a little bit longer to do that. Once you get there, the support is good. I would rate them an eight out of ten.

I used Fortinet previously, and I used Ubiquiti prior to that. We switched partly because of the cost. It also gave me the ability to do the clustering. I can still maintain my VPNs, connections, and other things. I can take down one of the firewalls for maintenance and bring up the other one and not take down my whole user base.

It was not complex. I was able to do it myself, but we had some problems with some of the protocols, and we had to get one of their coders to get in and look at it. Because of that, it was a little complicated to do the high availability stuff.

I did it myself.

I spent a couple of $1,000 on hardware, and the OS was free. A comparable firewall would cost me probably 20 grand. It saved a lot of money.

I would advise others to go for it. I would recommend this solution. It is a good solution. No other solution can beat the price. 

There is so much stuff you can do with it. There are so many features, and I have not even scratched the surface on all of them. If it is something that someone doesn't feel like configuring, you can buy a prebuilt system from them and get support.

I would rate pfSense a nine out of ten because of the cost and flexibility. It has been pretty good.

We just use the solution as a straight-up firewall. There is no VPN access or anything like that. We just use it as a straight-up firewall and we run Suricata on it as a defense.

The built-in open VPN and the VPN Client Export are the solution's most valuable aspects.

I cannot recall any features that are lacking.

There's a bit of a learning curve during the initial implementation.

You do have to pay extra for better customer service.

We've been using the solution for about six months. It hasn't been too long.

The solution is very stable. We've had zero issues. There aren't bugs or glitches. It doesn't crash or freeze. It's been reliable.

I have not tried scaling, therefore, I can't really comment on how easy or hard it would be to expand the service.

There's only one person in the organization using the solution, and that's me.

The tech support is excellent if you have a support subscription. If you didn't have that, you could be lining up for a while. It could be a hit or miss, whether you get someone that's actually going to help you. 

However, we have a subscription and therefore our support is always excellent. We're quite satisfied with the level of service we're getting.

Previously, we used Dell SonicWall. There was just a high cost of licensing all the time, and, with having someone go in and troubleshoot for issues as well, it just wasn't cost-effective anymore. pfSense is simply a better solution.

The initial setup has a bit of a learning curve. It's not complex per se. It just takes some getting used to. After the initial deployment, the other six or seven were easy. I could just copy the configuration of the other ones, change some IP addresses, and I was basically done.

There aren't monthly or yearly licensing costs.

We're just cusomers. We don't have a business relationship with pfSense.

We're using the latest stable version of the solution.

I would 100% recommend the solution to others. On a scale from one to ten, I'd give it a ten.

We use this at all of our locations as our edge device, IPSec site-to-site VPN functionality between our offices and our AWS EC2. No matter what is thrown at this, the system handles it like a champ. We have both dedicated hardware and virtualized versions running in our infrastructure. So far we haven't found a reason why we need to spend thousands for an appliance like Cisco ASA when this handles all of our needs.

We're a small business growing rapidly. We recently overhauled the IT infrastructure, and after looking at a number of other competitors, pfSense has been a lifesaver, allowing us to scale up and provide compliance without the need to purchase additional licenses to offer services to our employees.

There are so many packages you can install which extends pfSense's capabilities including consuming from lists such as FireHOL, Pi-Hole, etc. Here are a few packages we use:

• IPSec: pfSense allows for both v1 and v2 IPSec configurations to secure your connections.
• IPS: You can use Snort or Suricata along with Snort packages, even subscribe to commercial packages if you wish. This alone starts making pfSense on par with Cisco.
• Proxy/content filtering: You can install Squid and SquidGuard to act as a proxy and content filter. Yes, it does filter HTTPS, and there's a number of ways you can do it out of the box.

pfSense also reformatted their logs so that they're compliant and standardized. We have our logs shipped to our SIEM and Logstash servers.

While I agree spam filtering is not included or an option with the system, I don't necessarily hold that against the product as there are a number of other services that do it far better than a firewall could. If you use Office 365, Microsoft's implementations are likely to be far superior to what you'll get from a firewall. However, with that said, the one item I wish it included, even if it was a subscription-based service, is the inclusion of an AV and/or threat intelligence. This would elevate the solution well above other alternatives. 

We have not encountered any stability issues and have upgraded to each version over the years. They've really made a rock solid solution.

Extremely high. We tested it on VMs running different configurations from extremely lightweight to overkill. It will run on anything and maintain it's high performance. Obviously the more you give it, the more amazing the solution becomes. 

I had one question, and they got back to me extremely quick. Not only are they knowledgeable about their product, but they're kind and courteous.

Old and outdated infrastructure procured before I joined the company.

Not only was it straightforward, but if you know nothing about firewalls, you can install this. Especially since they recently made their entire guidebook free to use. Not to mention the countless blogs and how to's. Low to intermediate level IT pros should be able to handle this baby.

In-house.

From day one you get a 100% ROI. If all you have is an older server you recently decommissioned, with multiple NICs, I strongly recommend installing this software on it and giving it a shot. Doing that alone will beat out any competitor hands down.

For the cost and what's included, you can't beat it, no way no how. If you're worried about enterprise solutions, the only thing you need to do then is to purchase a support contract, and you have an enterprise solution. You can even purchase hardware from the vendor if you choose.

Cisco, WatchGuard, Sophos, Fortinet, Untangle, Juniper.

I strongly recommend giving pfSense a hard look. I've been in IT for 20+ years, and I've run the gambit on other firewalls. pfSense definitely can hold it's own against any of them. 

It has improved our security. Users can work offsite and connect to the VPN.

• The VPN and the firewall. They are reliable and easy to manage.
• The VPN is valuable for setting up secure remote connections to our network.
• pfSense has the OpenVPN package which is a well-supported VPN software.
• The "OpenVPN Client Export" package is really helpful in exporting the VPN client software on most popular devices: iOS/Android, Windows, Mac, Linux, and a handful of SIP handsets.

Network monitoring and device inventory could use some improvements. I'm using SpiceWorks for this because it never really worked in pfSense.

Network monitoring is a big topic and I realize there is plenty of software out there like SpiceWorks, NTOPNG, PDQ, Zabbix, and Nagios.

I can easily log into pfSense and check "Status > Gateways" to see if the internet connection is online. However, I don't usually know if there's a problem until it's been down for a while and someone tells me about it. I realize this is a tricky problem, because if the pfSense internet goes down, how is it supposed to send out an email that relies on the internet connection?

I guess the only way that would make sense, is if an external monitor was set up in the cloud or something that could check the status of pfSense at given intervals.

As far as clients being up/down is concerned, I can use some alternative software and maybe there's a package in pfSense that I can use for it.

Another idea for pfSense device inventor: What if pfSense collected a list of newly connected clients? For security, it's important to know about all the clients connected to the network. A simple list of new clients that connect would be nice to have.

The alternative would be to lock pfSense down to only make address reservations, but that just creates more work for the Network Admin.

It seems to run stable, as long as the hardware is good. I tried running pfSense on a USB flash drive. After a month, I was having to re-install/re-configure pfSense on a new flash drive. I did that for a couple of months and collected a bunch of broken flash drives.

Even though their online documents claim that pfSense can run on flash drives, it really just breaks the flash drive after a month or less.

I have noticed that pfSense boots up really slowly as more users are connected to it. Occasionally, you have to re-install or delete broken packages that freeze up the system. However, the core pfSense software runs great.

I have never used pfSense technical support so I can't rate them. I used Google and figured everything out on my own. I do my own support.

We did not use a previous solution. I recommend pfSense because it's free, open source software.

The setup of pfSense was very straightforward for the most part. Usually, when something isn't working, it's because the "Apply" button wasn't clicked.

Spend at least $300 or more on a good pfSense box. Use a hard drive, and not a USB flash drive for pfSense storage.

We looked at some other solutions, but pricing and licensing was the problem. I looked at Palo Alto and SonicWall.

The learning curve is steep, but once you get the basics down, it's very robust and easy to use. There are plenty of resources online about setting it up.

We had been hit by crypto, and with our existing firewall infrastructure, we found out it didn't have geofiltering without an additional cost. That's still written from SonicWall and I think you have to pay extra for that. pfSense came with geofiltering and with logging as well, which I believe you have to pay extra for with SonicWall. So we didn't realize this until we got hit. We implemented GoIP filtering, and we also activated and stored the log files from within the firewall. I think there are some other feature sets that we used as well. The device seemed to be a little bit simpler to manage and configure through the interface. Of course with it being open source, we were able to stay current with that without having to incur annual purchasing or annual licensing fees like we do with SonicWall.

What I found most valuable is the cost of the platform, the flexibility of the platform, and the fact that the ongoing fees are not there as they are with the competitor. Some people may think you're taking a risk with using open source. I think it just provides the end-user, specifically for us small, medium business providers of services, the flexibility we need at the right cost to provide them a higher-end, almost enterprise-type service. 

In terms of areas of improvement, the interface seemed like it had a lot. The GUI interface that I had gotten into was rather elaborate. I don't know if they could zero in on some markets and potentially for small, medium businesses specifically, give them a stripped-down version of the GUI for pfSense.

I've used this solution for about a year. 

You could scale the pfSense platform to multiple users and bandwidth. With SonicWall, you have to go get a different version of their product because they're going to tie their firmware to their version. pfSense doesn't do that. It seemed to me like the scale of pfSense is easier and it was a non-sales interactive requirement to scale the offering versus with SonicWall.

Technical support was through an online chat. I don't remember us running into any snags. 

The initial setup is pretty straightforward if you have your ducks in a row if you understand the IP engineering and design, and you understand some of the protocols that you want to introduce into the environment. I think one of the biggest things that it allowed us to do also was remote desktop or remote access. We filtered out remote management. We shut those ports down within pfSense, and that seemed pretty straightforward. I think the GUI has a little too much information out there, but if you're a senior engineer, you're going to love all the information because it makes sense to you. If you're a junior or a freshman engineer, you're not going to mind it either because you can use it to teach yourself how to take advantage of that information that's there. 

On the front end of this, I thought it was rather intuitive.

With a firewall, typically we only charge between $25 and $75 a year to manage the firewall. That allows us to keep our price points low, and with minimal administrative overhead, we can maximize our profits.

When compared to other solutions like SonicWall, SonicWall has a built-in administrative burden where you have to go back and make sure your client understands they're going to get hit with another annual fee to keep that device up to date. pfSense is not like that. pfSense is not like that in the sense that if you go out and get the latest update of firmware or software, you're going to get the latest and greatest. You don't have to remember to go to the client and remind them they're going to be charged another fee next year to keep their license current. I hope they keep that model.

If you're a junior or even a beginner engineer, jumping into the interface for pfSense could be overwhelming. There are going to be things in there you just have never heard or seen before, which isn't a bad thing.

On the front end, I would take advantage of any courses that are out there, any introductions to it. It's very intuitive and there are a lot of forums out there that you can go watch and educate yourself on. If you are not that advanced of a network engineer, I think it's a great solution for you because you can go out to some peers and get a lot of direction and guidance from them to set it up in a small environment. The only other thing I would do is just compare. You always have to understand what your customers' needs are. Make sure you understand what your customer's needs are and that it's going to fit into their environment and their budget. I don't know why it wouldn't, but that'd be about the only advice I'd give is just make sure that it is definitely a fit for your customer base. I'm fairly confident, small and medium businesses should be a very good fit. I've been in the enterprise space as well. There may be some things on the enterprise level that you just can't do with pfSense and you might want to go to some other solution set, but I think it's very competitive.

I'd rate this solution a nine, even if I was an experienced engineer because it's easy to have and easy to maintain.

• Open source
• Proximity security
• Content filtering

It has provided us with a low cost security solution using a quality router at a fraction of the cost of our previous solution.

• Testing prior to deployment
• Packages need better support

I've used it for eight years.

Rarely as long as the right precautions are taken during migration.

Sometimes there are issues with package deployment and one must refer to the forums for support.

Being open source, scalability is not limited. The limits in place, are only set by available resources and time.

Customer service is available at a rate of $399 for 2 incidents, $899 for 5 incidents and $1,699 for 10 incidents. Most people refer to the forum and/or chat room.

Over 10/10.

Yes, I have used many other routers but nothing offers the options pfSense does without spending a fortune. pfSense is constantly being improved on.

I switched due to router limitations and vulnerabilities.

It's straight forward for anyone that's installed an OS before, however, I wouldn't recommend it for the novice.

It has been implemented in house and at client locations. If implemented at client locations it does require some care if Snort (The proximity security system) is used as it needs to be fine tuned and touched up from time to time due to newly found vulnerabilities that cause legitimate sites to be blocked.

You can invest as little or as much as you want. Granted, some features require more hardware than others but some end users use old machines that no longer have a purpose.

It's between US$50 to US$1500 depending on the hardware that is used.

We also looked at -

• Smoothwall
• Moonwall
• SonicWall
• Netgear
• IPCop

Become familiar with the router before implementing it at customer sites. Realize that basic features require a basic amount of hardware. Advanced features require more RAM and if using an SSD, use the embedded installer to reduce wear and tear on your drive.

I would recommend having the following hardware as a minimum:

• At least 8GB for storage
• 256MB+ RAM
• A dual core 1.8Ghz CPU for single typical Internet connection
• The faster the internet connection, a faster CPU and more RAM are required
• If you run Snort and Squid it is recommended you have between 4GB to 8GB of RAM

It has a very nice web interface, and it is very simple to use. The way policies are working is also good.

I have been using WireGuard VPN because it is a lot faster and more secure than an open VPN. However, in the latest version of pfSense, they have removed this feature, which is one of the main features that I need. They should include this feature.

I have been using this solution for probably ten years. As the head of IT, I have used pfSense for the French infrastructure for around ten years.

It is working fine for me. I never had any problem with this firewall.

I never had to contact their support because everything has been working fine.

I have a lot of experience with pfSense but not much with OPNsense. Both OPNsense and pfSense are very easy, but pfSense is a bit more friendly. pfSense is simple to use with a nice web interface. OPNsense is more tricky.

OPNsense has the remote access functionality, which is the main functionality that I need. OPNsense is very easy to set up and very easy to manage. It is also very fast.

Its initial setup is very easy. 

In France, we have less than five engineers. That's why we try to do everything by ourselves. We chose pfSense because it is user-friendly.

Its price is pretty fair.

If you don't need WireGuard VPN, pfSense is better because it is easier to use than OPNsense. It is a very good platform. Its web administration interface has been working fine.

I would rate pfSense an eight out of ten. A couple of months ago, I would have rated it a ten out of ten because of the WireGuard VPN feature.

I was working for a firm that has 70 employees. They are mostly working from home, so I needed a very well-structured VPN for remote working. We put it on Supermicro, and it worked fine, and it was above their needs.

I like the connectivity to the open VPN. It's very smooth. All the encryption in the open VPN is very good. The structure of the pfSense software works out very well. The PF work cuts and the snorts and whatever we put on the console for spyware and attack prevention seem to work very nicely. 

They can improve the dynamic of the input of IPs from outside. Determining the IPs that are outside would be another way to identifying potential threats. We can treat it or identify and then block it or determine the rules to work with that IPs from the outside and inside the network. 

I have been using pfSense for the past three years. 

Back in the day, I was using Fortinet, and it was very tricky to get it working without spending more money. pfSense is exactly what we paid for, and it's still working very well. We've been working with it for two or three years, and it's a very good solution, and I didn't have to spend any more money on it.

Cisco VSL and Fortinet are tricky when it comes to improving the firewall rules or creating rules above older rules. In pfSense, it's very logical. It's simple.

The initial setup is very linear and very smooth.

On a scale from one to ten, I would give pfSense a nine.