Netgate pfSense Reviews

We primarily use the solution for security purposes. We use it for a firewall.

The solution is quite stable. The performance is very good.

We've found the solution to be very easy to use. It's user-friendly.

The scalability potential of the product is quite good. 

We like the fact that the product is open-source. It's free to use. There are no costs associated with it.

The solution is very easy to install.

The solution is quite fast.

It does a good job of monitoring our systems.

The solution could always work at being more secure. It's a good idea to continue to work on security features and capabilities in order to ensure they can keep clients safe.

I've been using the solution for a while. It's been about six years or so.

The stability of the solution is very good. There are no bugs or glitches. it doesn't crash or freeze. Its performance is reliable. It's been very good over the years.

The solution scales quite well. If a company needs to expand it, it can do so with relative ease.

We have a few hundred users at this time.

We do have plans to continue to use the product.

We have used technical support in the past. They have always been very helpful and responsive. They are knowledgeable. We have no complaints. We're quite satisfied with their level of service. 

The installation of the solution is not overly complex or difficult. It's easy. It's straightforward. e didn't have any issues with eh implementation process. A company should find the setup very simple. 

The deployment was very fast. It only took a few minutes.

The solution is an open-source product. It's free to use. It's extremely affordable.

I'd rate the solution at a ten out of ten. It's been very good in terms of its overall capabilities.

I would recommend this solution to other companies and users. It's very fast and very easy to use.

I primarily use the solution for monitoring and learning about how to operate a firewall. I also use it for monitoring my home network as well as adblocking.

The solution is 100% free to use.

The product offers a lot of helpful plugins.

The solution is easy to use and has a elaborate GUI.

The initial setup is quite simple and straightforward.

The integration of the plugins into the GUI could be better. It's sometimes hard to find where a setting can be found or how it might interact with other settings. Some documentation is outdate and plugins sometime have no documentation. Information can always be found on the fora but for novice users this can be a challenge.

I've been using the solution for five years or so. It's been a while.

The solution is stable. Since last upgrade there hasn't been a crash, freeze or need for reboort. It's quite reliable.

I've tried to scale the solution previously. I've got two hardware platforms running. I wasn't quite able to run everything I wanted on a small ARM based device. Therefore,  I build my own Super-micro platform based on Intel Denverton.

It's actually easy to scale. It's just moving over most of the configuration: exporting, importing, or even going right into the original XML export file.

There are six users, 3 dozen of devices and a homelab server with VM running behind the solution at this time.

With what I am running now, I haven't had to reach out to technical support. However, an upgrade failed two years ago and I needed to contact technical support to get me the new image for the device. They were very efficient. I was satisfied with the level of support I received.

I've been switching back and forth between pfSense, OPNsense, and Untangle in the last five years or so.

OPNsense and Untangled are more integrated, however, more and more of the plugins are becoming paid offerings. OPNsense misses a plugin that pfSense has, Untangled it's adblocking is easy but not free.

The initial setup is not to complex.

It's good to have the basic information before attempting to set everything up. They've got a wiki with all basic information and there are the fora for questions.

I've got a CCNA certificate and that some comes in handy. For me, it works without any documentation, however, for a complete novice user you probably need some documentation to get you through the process.

Getting everything up and running only took about 30 minutes. You then have a complete firewall solution up-and-running.

There is some maintenance required. You do need to check for updates from time to time, for example. If you install more plugins more maintenance might be required to get everything tuned.

I handled the implementation myself. I have some knowledge about IP routing.

The solution is free to use. There are (currently) no licensing costs.

I'm just a home lab user.

I'd advise those considering the solution for your business to get a service contract.

It works great for someone with enough knowledge and time to get his head around everything. Otherwise, you need to look for a solution that offers support and can work with you on issues. It's nice to try to balance between open-source and support that costs money.

In general, I'd rate the solution at an eight out of ten.

We have all sorts of users. We have admins, we have the finance guys, and we have salespeople using it. We created a captive portal for our teams as well as a guest portal. So in general, we are more or less happy.

Right now, I use it not only for intrusion detection but also for ETLs. We are a telephony integrator. We use it for applications and radius, etc. I use it as much more than a firewall. I use it for telephony applications as a certificate authority. 

Well, we do have the versatility of a fully functional firewall at practically no cost impact... So its a good investment for us in terms of the time spent on it... Most of all, we can see where our Internet etc can be well managed from the real time graphs that we see...

It's quite an awesome product with so many good things packed into it. I am happy with the EPLS, the radius, and I am happy with the captive portal. All in all, it's a good product. And considering that I get it for paying nothing, it's really worth the time invested in it.

As I said, the product is fantastic. It could use a little bit of improvement in the reporting — the reporting is virtually non-existent. Something like a reporting module would be a benefit. Otherwise, in terms of the performance, at least for my organization, I don't see much of a problem.

By this, I mean that we cant generate reports of trends etc that could be exported out of PFSense in terms of a PDF etc to see how the firewall is functioning...

Though I must say that the work around for this could be to use the pfsense zabbix plugin and integrate to a Zabbix platform and then use the Zabbix reporting capabilities to get the required reports... Not much of an effort for the technically sound persons but definitely not in the scope of those from a non technical perspective... 

I have been using this solution for roughly 10 months. I started with version 2.4, but about four days ago, I upgraded to version 2.5. It's been a good product so far.

Stability-wise, it's fine. I've only experienced one issue in the last 10 months. But in general, I am happy with it. Scalability-wise, as I said, our organization is just about 10 to 15 people, so we have not had much of a problem. I can't comment on how it would scale up with hundreds of VLANs and tens of thousands of people operating on it. But in general, for a small organization, I think it's very stable.

As we are in SMB, I cant comment on big traffic situations but for a small organization like ours (10 to 20 users) and with various integrations that we need (e.g., OpenVPN, WireGuard, LDAP authentications, Tens of VLANS, Captive portal, DHCP Relay, EAP-TLS, IDS, Adblocks etc.) We are ok with it...

I think the documentation is good enough because I've never had the need to contact technical support. I just use Google to get the information that I need.

We used to use Fortinet in our office in Dubai. But where I am right now, I thought an open-source was the option for me because I'm very involved in open-source projects. It came down to pfSense and OPNsense — the first one we downloaded was pfSense and I stuck by it.

The initial setup was straightforward. I come from the IT industry, so I had no issues. Within 20 minutes, I had it up and running.

I implemented it myself.

Too early to comment... Though all I needed to invest was a small desktop and ofcourse, time and effort to configure it... 

Well, its opensource... So for the tech-minded, its not so difficult but yes, the configuration is understandable for those with good prior firewall knowledge... 

If you can get it working, its great... But yes, thats the first part... Get it working... 

Oncw working, all licenses etc are not a problem as it is opensource... So no restrictions there... so far...

I did use Sophos-XG free but I stick to pfsense as it is free and open source...

I would recommend pfSense for the simple reason that it's open-source and it's free. Anything for free is good. I personally got much more out of it than I expected. I never expected this product to be so worth the time. It's a good product. For my needs at least.

Overall, on a scale from one to ten, I would give this solution a rating of eight. I have not used it for thousands of users, but for our usage, for an SMB organization, I would give it a rating of eight.

I mostly use basic firewall services like blocking unwanted traffic and I use the geolocation tools to predict where potential attacks could come from. That's the main purpose, to protect our business network using pfSense.

Within our organization, with a single installation, about 500 users are covered.

The flexibility of adding new kinds of services without spending any money can't be beaten. We can compare services like IP blocking, blacklisting and DNS blocking, content filtering, and even deep packet inspection with other larger enterprise firewalls.

The interface is not very shiny and attractive. Most of the people that use pfSense are highly skilled, so they don't even bother to go the extra mile when it comes to configuration or any protection mechanisms. With other firewalls, with just one click or with the assistance of a wizard, the service is already configured. With pfSense, you have to have some time to do your own research regarding how to fine-tune it. If that could be improved, then life would be much easier. This would help any entry-level users to adapt to the platform. 

Netgate, the mother organization that manages the pfSense platform, should offer organized security feeds for its users so that they can avoid configuring multiple types of feeds in multiple locations. That could generate extra revenue for the company, too.

We have been using pfSense for five years.

That's the fun part. It's completely reliable in terms of resources that it needs to run. In terms of stability, once it's configured and properly tuned, it will do its job. Still, with firewalls these days, you can't simply configure and forget — it's not like that. You have to look into it every day or every once in a while and if any new traits or new protection mechanisms need to be built, upgraded, or re-tuned, you have to do that. Otherwise, the platform is rock solid. It doesn't fail.

The expandability and the high availability configuration of the system are good.

With pfSense, we've never had to send an email to a Netgate official support organization. We follow the forum discussion — the community. We'd ask an expert in the community. That's how we deal with any issues.

One of our clients wants to switch from FortiGate to another comparable solution because FortiGate is not stable when it comes to pricing. Over the past three years, they've increased their pricing to almost double. For this reason, our client wants to explore some other options which will be more predictable in terms of costs.

It's definitely complex compared to other firewalls because you have to configure everything, read a lot of documents, and following a lot of formulas and templates. Everyone has to develop their own recipes to work with. There is no proper way forward.

That is another fun part of this solution. There is no license. You don't have to pay anything. It's completely free. The one thing that you can buy is a security feed like an IP feed or a DNS feed. This kind of thing can be easily bought, but if you have the passion and expertise, you can arrange all of these types of feeds for free. It may be slightly different between how frequently those feeds are updated compared to the paid version. Sometimes, it lags behind for 24 hours or 12 hours, but it works.

We are really happy with the system performance, overall, but it depends. For example, right now we have a client who is trying to switch from FortiGate to another solution that is less costly. We recommended and talked with them about pfSense, but despite it being a cheaper and really rock-solid solution with good performance, they were not comfortable using open source. We also offered them Sophos, SonicWall, and Palo Alto — they finally chose SonicWall. I don't know why. It completely depends on the client. 

I would absolutely recommend this solution to others. This is definitely one of the most powerful firewalls for peace of mind. The fact is, as long as you are aware of the challenges that you have to face when implementing and managing the firewall, day-to-day, then this could be the best option for you.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

We are a solution provider and deploy this product for our customers. We also use it in our organization. We use both Cisco and pfSense but for our customers we mainly use Sophos and pfSense. I'm the CEO of our company. 

The solution has assisted us by preventing unwanted access. If the solution is configured properly, then you'll be protected to some degree, although you may also need other products. 

Content protection, content inspection, and the application level firewall are all good features. 

There's always room for improvement. In general terms, for someone who is not familiar with the product I think ease of use could be improved. When you're connecting, the interface is very difficult for an inexperienced user in the sense of setting everything up, as it all has to be set manually. I've also found that the more features you use influences performance and the drop can be drastic when you use advanced features. I want to achieve a certain level of security and at the same time maintain good performance.

The solution is feature rich enough, but one of the things usually outside the UTM system or gateway system is SIEM. It's an advanced system for managing the possibilities and it would be nice to have a kind of interface in the UTM, to enable connectivity with most SIEM systems.

pfSense is rated as one of the good solutions in it's field and stability is good. 

The solution is scalable to a degree but we never use it for big companies. We use it for mid-range companies. Our company has a data center and we have companies that are hooked to our data center. We're doing this on-premise for our customers so if the customer has an on-prem information system, we will implement the firewall and UTM at their location. We have plans to increase use because we have good feedback for the product and we have good experience with it. So we are increasing use of pfSense. Actually we are moving away from Sophos and more towards pfSense.

Technical support is well organized. Most of it is in-house, but in the case there's also a we have access to a second level if necessary. 

We were one of the first companies here making UTMs (before they were known as UTMs). We were the first partner of Cobalt, the first appliance creator. When Cobalt was bought from Sun, we made our first network defender line. It was the first appliance that had a firewall, content inspection, constant protection, intrusion prevention, intrusion detection, antivirus, and mail and web server in one box. Our line was mainly distributed all over the Middle East, Asia, and some parts of Europe. We expanded and worked with companies such as Palo Alto, Cisco, Sophos and pfSense. In some areas pfSense is better than Sophos which didn't make the advances they should have. They now have XG, so they have two totally different products in the same area which is one of the reasons I prefer pfSense.

If you carry out a straightforward setup, then you will have straightforward, basic protection, nothing else. It's more complex if you want other things included. We usually start with some research, carry out a basic setup and make the initial monitoring. From there we make additions based on the results of the complete monitoring. Then it's ongoing monitoring all the time and setting or adjusting to the situation.

For any compnay, ROI can be seen even if they look at the basic possibility of a crypto virus or the like. The savings on that would be at least two days of lost work and the cost would be more than the cost of the whole system plus maintenance. 

Licensing costs depend on company size. pfSense is an open source solution, so there's a charge for support. We offer a first line of support and a second line if required. Payment depends on the contract, because usually it's only covers the firewall. We offer a contract for the network which includes UTM. There's a hardware cost for HP servers and, again, depending on the size of the company, installation cost is about 500-800 Euro. There's an annual maintenance fee included in the networking agreement. 

I recommend this product, it's well-balanced, has a longer history than other solutions so it's not lacking in maturity. There is a lot of online support available via YouTube or blogs but professional support is available if required. I highly recommend taking the support because usually people look at the UTM as something which should be set up in the system and left, but that's not the case with these devices. I strongly suggest making an external agreement with a specialized company to deal with security. Users need to have decent protection, not just protection.

I would rate this solution a nine out of 10. 

It is my main firewall into the data center and VPNs for clients. It sets up my DMZ and does a whole bunch of other stuff. I am using the latest version.

We wouldn't be able to function without it.

The intrusion detection feature is the most valuable. It is an open-source firewall, so there is a lot of material on it. I also find the open VPN capability very nice.

It is pretty customizable. The clustering and the high availability are the two biggest things to be able to get out of a firewall. 

Their support could be better in terms of the response time.

It has been pretty rock solid.

Its scalability is good. I have got web users and other kinds of users, so there can be five or thousands of users.

I paid for some support with them, and it was pretty good. They just could be a little quicker in responding. They have custom level support, so if you got something complicated, they get you up to the upper tiers, but it takes a little bit longer to do that. Once you get there, the support is good. I would rate them an eight out of ten.

I used Fortinet previously, and I used Ubiquiti prior to that. We switched partly because of the cost. It also gave me the ability to do the clustering. I can still maintain my VPNs, connections, and other things. I can take down one of the firewalls for maintenance and bring up the other one and not take down my whole user base.

It was not complex. I was able to do it myself, but we had some problems with some of the protocols, and we had to get one of their coders to get in and look at it. Because of that, it was a little complicated to do the high availability stuff.

I did it myself.

I spent a couple of $1,000 on hardware, and the OS was free. A comparable firewall would cost me probably 20 grand. It saved a lot of money.

I would advise others to go for it. I would recommend this solution. It is a good solution. No other solution can beat the price. 

There is so much stuff you can do with it. There are so many features, and I have not even scratched the surface on all of them. If it is something that someone doesn't feel like configuring, you can buy a prebuilt system from them and get support.

I would rate pfSense a nine out of ten because of the cost and flexibility. It has been pretty good.

We are solution providers and this is one of the products that we deploy for our customers. We replaced old Cisco ASA with pfSense and it proves as a good choice.

PfSense gives tools to protect the network. If you configured things properly then you'll be protected to the distant level. PFsense gives a solid set of functionalities that work perfectly. VPN services are stable and easy to deploy.

The classic features such as content inspection, content protection, and the application-level firewall, and VPN Are most common. This is a feature-rich product and the documentation is good.

Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually. It would be more user-friendly if things were set automatically. 

The drop in performance can be drastic when you use more advanced techniques. There is some trade-off between having a certain level of security and maintaining acceptable performance.

We have more than ten years of experience with pfSense.

The stability of pfSense is standard. It is rated as one of the good solutions in this area.

This product is scalable to some point, although we have never used it for large companies. We use it for small to medium-sized organizations. For big companies, we more often implement Palo Alto.

In our company, we have a data center and some of our clients are hooked to it. This is something that we have on-premises for our customers.

We have plans to increase our usage with pfSense because we have had good feedback from our customers. In fact, with the good experience we have had, our sales have been slightly increasing. Our sales are shifting from Sophos to pfSense.

The technical support is organized well. We do most of the technical support for our customers in-house but there is a second level of outside support available. It is okay. 

Positive

We currently resell products from both pfSense, Sophos and Cisco. In some areas, pfSense is better than Sophos. I have been a bit disappointed with Sophos because I know their history, and I don't think that they have advanced as well as they should have in that time. Also, they have two different products, XG and UTM. This is another reason that I prefer pfSense, at least a little bit, over Sophos.

The initial setup is complex. If you have a straightforward setup then you will have straightforward, basic protection and nothing else.

It takes a few months to adjust where you start by setting it up, and then you have to monitor it and see what's happening. It's ongoing work because, after this, you have to keep monitoring and adjusting to the situation. This is part of the service that we perform for our customers.

We are the integrators for our customers and deploy with our in-house team. We have people in the company who are specialized in this area.

The return on investment depends on the predicted cost of failures of the system, or intrusion of the system, which is hard to give a straight answer on. In part, this is because different companies put a different value on their data.

For example, with medicine, if somebody were to steal the data related to the latest CORONA vaccine then the cost would be tremendous. On the other hand, if there is a company that is making chairs, stealing the design of the chair probably wouldn't be as high when compared to an application in medicine. So, there is not a straight answer for that.

Return on investment, in any case, I think for every company, this is a must. Put in a straightforward way, they can count just the possibilities of having an attack on their system with a cryptovirus. If they can save their data from attackers then it would save them at least two days of not working plus the cost of recovery, which would be much more than the cost of the system and maintenance.

The price of the licensing depends on the size of the deployment. pfSense is open-source, but the support is something that the customer pays for. We charge them for the first line of support and if they want, they can purchase the second line of support. Typically, they take the first-line option.

The term of licensing also depends on the contract. The firewall doesn't always have a contract but rather, there is a contract in place for the network, which includes UTM.

In addition to the licensing fees, there are costs for hardware, installation, and maintenance. We use HPE servers, and the cost depends on how large the installation is. The price of setup is approximately €500 to €800, which also includes the initial monitoring.

The maintenance cost isn't really included in the network fees.

For smaller companies, we charge them a few hours a month for monitoring. It takes longer if the client is bigger.

Palo Alto, Fortinet, Sophos, Cisco

It is important to remember that you can't just leave the device to do everything. You still have to know what you're doing.

I recommend the product. It's well-balanced and one with a long history, so it doesn't have child's diseases. There is a lot of online support available online, which they can consult themselves. But, in the case that they need support, they can hire a professional support line and that is highly recommended.

I say this because usually, people look at the UTM as something that should be put in the system, set up, and left alone. But, this is not the case with this type of solution. Therefore, I strongly suggest making an outside agreement with a specialized company that will take care of their security from that point on.

The biggest lesson that I have learned from using this kind of product is that you can't assume that the internet is a big place and nobody will find you. There is always a good possibility that robots will search your system for holes, and they are probably doing so this instant. This means that users should be aware and have decent protection.

In summary, this is a good product but there is always room for improvement.

I would rate this solution a nine out of ten.

I primarily install and test the solution. I'm not an expert in the solution; I mainly put them in place.

The pricing is good.

I have a good understanding of the underlying firewall which I find to be easy to use and comprehend. Some of the terminologies were more familiar to me than they were when I first encountered Cisco.

The initial setup is pretty easy.

The solution has been stable. 

From what I can tell, the solution can scale. 

I can't speak to if there are missing features. I'm not that familiar with it. 

The critical issue there for us was the lack of FIPs compliance, however, I don't know if that's something that they would consider adjusting for.

The product is stable. There are no issues with bugs and glitches. It doesn't crash or freeze. It's reliable. 

While it's my understanding that scaling wouldn't be a problem, I myself have never actually tried to do so. Therefore, I can't speak from personal experience. 

I've never dealt with technical support before. I can't speak to how helpful or responsive they are in terms of answering support-related queries. 

I also have an understanding Cisco, which is a bit harder to understand. This product is more straightforward. 

In terms of the initial setup, pfSense seems pretty easy. I'd say it's been a few years since we played with it and I don't really remember too much about it other than using it and thinking it was okay. It's just not listed as FIPS compliant for where we're at now in government, which is an issue. 

The solution doesn't come at a high cost. That makes it a very attractive option.

I'd rate the solution at an eight out of ten. I've been pretty satisfied with the product overall.

We are a customer and an end-user. We don't have any business relationship with the solution.