Netgate pfSense Reviews

We are an MSP. We have some customers who have on-prem networks, and they want to have their networks protected by a firewall. They are quite small customers with 10 to 50 users. We use pfSense in order to protect our customers' network, to make some network automation, and especially to make VPNs to some remote branches to enable remote users to get access to the enterprise network.

It is deployed on a private cloud and on-prem.

My technicians find the pfSense's web interface very useful. It is very easy to use. 

pfSense is very reliable and stable. We like the OpenVPN clients that can be deployed using pfSense very much.

I'd like to find something in pfSense that is more specific to URL filtering. We have customers who would like to filter their web traffic. They would like to be able to say to their employees, "You can surf the web, but you cannot get access to Facebook or other social media," or "You can surf the web, but you're not allowed to gamble or watch porn on the web." My technicians say that doing this kind of stuff with pfSense nowadays is not easy. They can implement some filters using IP addresses but not by using the names of the domains and categories. So, we are not able to exclude some categories from the allowed traffic, such as porn, gambling, etc. To do that, we have to use another product and another web filter that uses DNS. I know that there are some third-party products that could work with pfSense, but I'd like the native pfSense solution to do that.

I have been using this solution for five years.

I would rate pfSense a nine out of 10. It is a very good product.

We are using pfSense as a personal firewall for our systems and network protection.

The solution is very easy to use and configure.

I have been using pfSense for approximately five years.

The solution is stable.

I am only using the solution for personal use and have not tried to scale it.

I have not been in contact with the technical support because everything has been easy with the solution and there is clear documentation available.

I have used other firewalls, such as Cisco and Netgate.

The initial setup is very simple and the configuration is user-friendly. It took me one day for the whole process.

I did the implementation of pfSense myself. The solution does not require much maintenance, we require sometimes to reboot the system.

I am using the community version of the solution and it is priced well. There is a cost of learning how to use the solution, if it was free it would be better.

A good firewall has to be easy to install, configure, use, and fit the use case. This solution for my usage is very good.

I would recommend this solution to others.

I rate pfSense a nine out of ten.

We primarily use the solution for security. It's a firewall.

The solution is an excellent open-source product. It has a big community around it as well. Out of those few points, you'll come up to a situation whereby you can avoid the vendor lock-in. Since there is a big community, you can count on reliability. There are lots of installations and lots of people who understand how everything works. 

The solution offers excellent flexibility. You can either install pfSense just on a machine, on your local PC, or you can buy an appliance. You can even buy your own hardware and install it on your own. Of course, if you choose that route, you need to have a technical expert on your team. For us, as a software company, that's not a problem.

There are plugins you can add to the product if you want even more useability. You can even add more security functionality.

The initial setup is straightforward.

We did have a strange issue with an update at one point, however, that was resolved quickly.

If you want to take advantage of all of the solution's options, you need to have a bit of a technical background. It's not for a layperson.

You do get a good solution for free. However, the trade-off is you need to be technical to really take advantage of it.

The installation could potentially be faster.

I haven't been using the solution for very long at this point. It may be somewhere around three to five months. It hasn't been long.

The solution is very stable. There are no bugs or glitches. It doesn't crash or freeze. It's excellent.

The scalability is excellent. We don't have any issues as far as that is concerned.

Prior to pfSense, we used Cisco.

The implementation is not complex. It's very straightforward to initiate. A company should have no problems with the process.

As an open-source solution, it is free to use as you see fit.

I didn't evaluate the solution against other more expensive commercial tools.

We are just customers and end-users.

The solution is an open-source platform. We are a software company and we like open-source. Lots of people say open-source means that you need to install it on your own. They will see that as a limitation, however, we see that as the other way around. 

I'd recommend the solution to other organizations and users. It's open-source, it's flexible, and has a strong community. You can use it in many different ways, either in a small installation, laptop, PC, or on a machine, or you can buy an appliance or you can even buy your own hardware and configure it in a different way. The software as such is free and you have a lot of options as to how you want to use it.

I'd rate the solution at a ten out of ten. It's been very good for us

We use the solution for blocking websites, banking, and malware.

I have found the most valuable features to be antivirus and malware protection.

I have been using the solution for approximately four months.

This solution is good for small businesses but it is not as stable as other competitors such as Fortinet.

We currently have approximately 45 people using the solution.

The support is good when comparing to other solutions.

We have used FortiGate in the past and they tend to be more stable, but lacking in other areas.

The installation was not too complicated. We did have some issues with the port forwarding,  some of the server application were not getting through the firewall but we managed to get it to work.

The whole network deployment took approximately three days.

We are using the open-source version which is free. We are testing the solution to see if we are going to go to the enterprise version which requires a license and is not free.

For those who want to implement this solution I would advise it is great for a small enterprise, it is best to get started without having any harm getting to their networks.

I rate pfSense an eight out of ten.

I use pfSense as a home router firewall on enterprise equipment purchased from eBay. I utilize it for personal interests and not in a professional IT capacity, mainly for home setups and maintaining VPNs to family members.

It is very easy. An enterprise person who has been doing this all day long will find it as easy as a command line if not easier than the command line. I would prefer not to have to set up another server to monitor my links and everything else. I like that I can go into my one dashboard. It is all running on that one box. I am happy. A large enterprise will have monitoring services, so this might not be as critical for them. For small and probably medium-sized businesses, having the user interface and being able to import configs is very powerful, but it is probably a mixed bag for larger companies that already have services and other things, and GUI does not matter to them.

It provides a single pane of glass. When I come in, I can immediately look at my gateways, link connections, services, etc. It shows my DNS blocker, CPU usage, and memory usage. I can see that my gateways are online, what traffic graphs I have selected, and all my services are up. That is what I like about it. This is what I will miss if I go to VyOS. I know I will have to set something else up specifically to show me all the monitoring and make sure that I have that warm fuzzy that everything is working.

Being able to see in a single pane of glass what is happening makes it very easy for me to react and know what is going on. For example, I changed some tunnels to my family in upstate New York. I am down in Philadelphia. We were having some connection issues, and through its interface, I was able to easily identify the issue. I had a tunnel configured wrong and changed some settings, and we were back up in ten minutes.

Its ease of use is great. If I do not continue forward with pfSense, it would be going to VyOS, which is all command line. pfSense's user interface is very nice for simpler configs and monitoring. It is very stable, and it works very well. Flexibility is great, and the plug-in model is very nice for pfBlocker and other things. It is a very robust solution that works very well.

They could do better with their licensing in the home use space. For me, that has been a struggle. 

I got three pfSense Plus licenses when they were giving them away to the community for free because pfSense decided that they do not enable the QAT. They do not enable the network acceleration function that is on the Intel Atom CPUs and some of the Xeon D's in the Community edition. IPSec acceleration and OpenVPN acceleration do not work on those smaller boxes because it is going to use the CPU, so I got the three licenses, which worked well. It was all good, but they decided to take that away and are charging $129 a year. Somebody savvy like me is going to pay for it. I will pay for it for myself, but I also maintain the routers of my parents, my mother-in-law, and a friend. I have IPSec tunnels to them, and they need the acceleration technology that is disabled, but they are not willing to pay $129. I wrote to the Netgate salesperson asking to consider a model with a $60 per year subscription because they are putting a barrier on themselves. They have abandoned the Community edition. There has not been an update in a year, but then you hear that they are contributing. They are making updates, but they have not released it. There is an opportunity to make more money in the home user space if they change their licensing model.

The other little hiccup that I see with it is they have it tied to MAC addresses. It generates a license based on the MAC address. If you change any MAC address, you have to issue a new license. They were nice about it for me when they did a one-time change for me, but if I put another Ethernet adapter in the box, it says it needs another license. They should work on that. It seems they are going to change this.

I have probably been using it for more than a decade at this point.

My instance has been up for over two years without a reboot, so it is very good.

It is a mixed bag because I have had 1 gig symmetrical Internet. I have 2 gigs now. As you get further up the stack, it is going to get worse. I do not have options past 2 gigs. I have 25 gigs between some servers. I have 10 gigs with a lot of machines. They have their TNSR project that sits at a thousand dollars a year, but I cannot even try that. They have entirely removed the Community edition for that, but it has been great with 2 gigs and 1 gig.

They are super fast, super nice people, and very accommodating. The quality of support is great. They are better than I would have expected them to be. I would rate them a ten out of ten.

Positive

Previously, I have mainly used VyOS, Cisco ASA, OPNSense, and Fortinet. 

Cisco ASAs are very nice. They compare very well, and they have their single pane of glass. They have GUI and no license fees yearly. Netgate will say the same thing. If you buy their hardware, you get the license for free, but they triple the price of a new piece of equipment.

The initial setup is not easy right now because I have to put my email in, and they send me a link. I would prefer to have separate images for the Community and Plus editions.  

When you go to the installer, it asks you if you want Plus. You have to put a valid license in to get it to install Plus. In my situation, all three of my Plus licenses have expired, and they all continue to work. If I need to reinstall that on a new box, I can only install the Community edition. When I boot it up, I cannot import my config because my config is from Plus. For me, it would make more sense if I could download and install a Plus image, and it gives you a 24-hour period to put in a license and have it activated. Something to that effect would make it easier because I cannot imagine I am the only person who has had this issue.

The licensing model needs improvement, especially for home users. There should be more flexibility to change licenses with hardware changes. The pricing model could be more accessible for home users.

The license is locked to a specific device. There are other services where you can buy a pfSense, and you get that license for a year. You can put it on any single device, and it moves with you. I do not want to have to call them to get the license changed. I would prefer that when I put it on a new device, they know it is registered to this new device. It is not on the old one. They should handle licensing differently for home users. They should try to differentiate it from enterprise.

There should be a cheaper tier of pfSense Plus for home users. They need to improve the pricing for a home user. They can look at the numbers. They know how many installs they have.

I would rate it an eight out of ten. It is a great product, but they have sold it in a way that does not align with the way I need to use it or the people that I have it with are going to use it. It practically does not make sense versus what else is out there. VyOS is free. Its Community edition is free, and they update their Community edition first. It is the opposite of what pfSense is doing. They are updating the Plus edition first and the Community edition comes second.

I primarily install and test the solution. I'm not an expert in the solution; I mainly put them in place.

The pricing is good.

I have a good understanding of the underlying firewall which I find to be easy to use and comprehend. Some of the terminologies were more familiar to me than they were when I first encountered Cisco.

The initial setup is pretty easy.

The solution has been stable. 

From what I can tell, the solution can scale. 

I can't speak to if there are missing features. I'm not that familiar with it. 

The critical issue there for us was the lack of FIPs compliance, however, I don't know if that's something that they would consider adjusting for.

The product is stable. There are no issues with bugs and glitches. It doesn't crash or freeze. It's reliable. 

While it's my understanding that scaling wouldn't be a problem, I myself have never actually tried to do so. Therefore, I can't speak from personal experience. 

I've never dealt with technical support before. I can't speak to how helpful or responsive they are in terms of answering support-related queries. 

I also have an understanding Cisco, which is a bit harder to understand. This product is more straightforward. 

In terms of the initial setup, pfSense seems pretty easy. I'd say it's been a few years since we played with it and I don't really remember too much about it other than using it and thinking it was okay. It's just not listed as FIPS compliant for where we're at now in government, which is an issue. 

The solution doesn't come at a high cost. That makes it a very attractive option.

I'd rate the solution at an eight out of ten. I've been pretty satisfied with the product overall.

We are a customer and an end-user. We don't have any business relationship with the solution.

It has a very nice web interface, and it is very simple to use. The way policies are working is also good.

I have been using WireGuard VPN because it is a lot faster and more secure than an open VPN. However, in the latest version of pfSense, they have removed this feature, which is one of the main features that I need. They should include this feature.

I have been using this solution for probably ten years. As the head of IT, I have used pfSense for the French infrastructure for around ten years.

It is working fine for me. I never had any problem with this firewall.

I never had to contact their support because everything has been working fine.

I have a lot of experience with pfSense but not much with OPNsense. Both OPNsense and pfSense are very easy, but pfSense is a bit more friendly. pfSense is simple to use with a nice web interface. OPNsense is more tricky.

OPNsense has the remote access functionality, which is the main functionality that I need. OPNsense is very easy to set up and very easy to manage. It is also very fast.

Its initial setup is very easy. 

In France, we have less than five engineers. That's why we try to do everything by ourselves. We chose pfSense because it is user-friendly.

Its price is pretty fair.

If you don't need WireGuard VPN, pfSense is better because it is easier to use than OPNsense. It is a very good platform. Its web administration interface has been working fine.

I would rate pfSense an eight out of ten. A couple of months ago, I would have rated it a ten out of ten because of the WireGuard VPN feature.

I was working for a firm that has 70 employees. They are mostly working from home, so I needed a very well-structured VPN for remote working. We put it on Supermicro, and it worked fine, and it was above their needs.

I like the connectivity to the open VPN. It's very smooth. All the encryption in the open VPN is very good. The structure of the pfSense software works out very well. The PF work cuts and the snorts and whatever we put on the console for spyware and attack prevention seem to work very nicely. 

They can improve the dynamic of the input of IPs from outside. Determining the IPs that are outside would be another way to identifying potential threats. We can treat it or identify and then block it or determine the rules to work with that IPs from the outside and inside the network. 

I have been using pfSense for the past three years. 

Back in the day, I was using Fortinet, and it was very tricky to get it working without spending more money. pfSense is exactly what we paid for, and it's still working very well. We've been working with it for two or three years, and it's a very good solution, and I didn't have to spend any more money on it.

Cisco VSL and Fortinet are tricky when it comes to improving the firewall rules or creating rules above older rules. In pfSense, it's very logical. It's simple.

The initial setup is very linear and very smooth.

On a scale from one to ten, I would give pfSense a nine.