I use pfSense to provide firewall and VPN services for small businesses. I have a handful of clients using it now and a new one in the works.
Principal at a tech services company with 1-10 employees
You plug it in, set it up, and it works
Pros and Cons
- "What I like about pfSense is that it works well and runs on an inexpensive appliance."
- "I would like to see pfSense integrate WireGuard. Currently, pfSense uses OpenVPN, and there's nothing wrong with it, but WireGuard is a lot leaner and meaner."
What is our primary use case?
What is most valuable?
What I like about pfSense is that it works well and runs on an inexpensive appliance. It's a minimal Intel system that has no fan and is all solid-state. It doesn't have a fan because it doesn't do enough to get hot. It's a box about the size of a Discman. I can download the pfSense software at no cost then connect a keyboard, mouse, monitor, and USB flash drive to the appliance. It's built on top of BSD and managed with a web server. And it's effortless to manage.
What needs improvement?
I would like to see pfSense integrate WireGuard. Currently, pfSense uses OpenVPN, and there's nothing wrong with it, but WireGuard is a lot leaner and meaner. Unfortunately, it's not ready for pfSense, which is built on BSD, and WireGuard is not yet integrated with BSD. The issue is that pfSense is waiting for BSD to add WireGuard support. Once WireGuard is supported on BSD, you can bet pfSense will adopt it.
What do I think about the stability of the solution?
I've never had any problems with stability. You plug it in, set it up, and it works.
Buyer's Guide
Netgate pfSense
December 2024
Learn what your peers think about Netgate pfSense. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
What do I think about the scalability of the solution?
I know a peer who set up pfSense in a Catholic parish school. It's not thousands of devices, but there are several devices in the parish office, the rectory, and throughout the school, as well as three different VPNs. There's a fourth VPN connection to the IT Director's house, where he manages most of it. So that's four locations with VPNs, and that's the biggest one I know. All you have to do is buy a big enough appliance. You can use the minimum appliance in the rectory, where there's a handful of computers, but you need a step up from that in the school, where there are a lot more computers to connect. And I think even the parish office, which is a handful of people, uses the minimum appliance.
How are customer service and support?
I've never needed support. You can find anything you need to know in the pfSense knowledge base online or in the documentation.
How was the initial setup?
You only need a couple of minutes to install pfSense, then it just sits and works. You boot the USB drive and install it. After that, there's no more management. Any IT professional can easily set it up. Business owners who don't know anything about technology might have a hard time, but the average IT person can do it with no problem. There's good documentation online.
What's my experience with pricing, setup cost, and licensing?
The pfSense software is open source, so you only have to pay $90 a year for support. Of course, I could be wrong on that. It was that much when I looked into it a year ago. It might've gone up or down since then. You can buy the minimum appliance for under $300. It has two ethernet ports, one for your WAN and one for your LAN.
What other advice do I have?
I rate pfSense 10 out of 10. The appliance is inexpensive, and the software costs nothing. You plug it in and it works.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technical Presales Consultant/ Engineer at a tech vendor with 10,001+ employees
Provides good security as well as scanning and filtering traffic; web interface could be enhanced
Pros and Cons
- "A free firewall that is a good network security appliance."
- "Web interface could be enhanced and more user friendly."
What is our primary use case?
This solution is for my personal use, I've had a hobby of using it for a long time. I use it to protect my home network. Nothing is bulletproof but I'm happy to have a firewall at home scanning the ins and outs of my network so that I have a degree of security.
What is most valuable?
pfSense is a free firewall that you can download and install on your own hardware and establish a VPN for it. If you have remote users who need to connect securely, pfSense can do that. The solution has multiple use cases. It's good for scanning and filtering traffic. It's a good network security appliance which you can install on your own hardware or on their hardware. Some companies will invest in a really big firewall for their main branch, and will install pfSense in remote sites because they don't see the value of buying an expensive firewall for each branch.
What needs improvement?
I'd really love to see the web interface enhanced. It's good but it could be clearer and more straightforward. As a FreeBSD fan, I'd love to see a BSD license code, rather than a GPL license code. I'd also love to see a Sandbox and more security features. pfSense is a mature product, but if you compare it to other products in the market, you realize that pfSense is a little behind.
For how long have I used the solution?
I've been using this solution for five years.
What do I think about the stability of the solution?
This solution is stable.
What do I think about the scalability of the solution?
The solution is scalable, it has the HA options that other firewalls also have. It's a software-defined solution, so you can pretty much put it inside a virtual machine and scale it up. Or you can load balance, or have an HA set up between two pfSense proxies, it's all possible.
How are customer service and technical support?
I don't have contact with technical support. If you have an issue, you can go to the online community and wait for someone to respond. There's no SLAs for that. The only way I would have access to their support is if I actually purchased a Netgate appliance.
Which solution did I use previously and why did I switch?
I've previously used vendor-based firewalls, like Sophos. They have Sophos XG and Sophos XG, UTMs. Those are the firewalls that I have the most expertise with and I also have some experience with Fortinet. pfSense is normally installed on x86 hardware which uses CISC architecture, a complex instruction set that runs on laptops and computers. They generally make calculations much slower than what we call risk architecture. As a result, firewalls with a risk-based architecture or reduced instruction set architecture are preferred because they provide better throughput. That's the case with FortiGate. They are very well known in the market to have the highest IPS throughput and that's one of the major factors for choosing a firewall.
How was the initial setup?
The initial setup is very easy, it takes about 15 minutes.
What other advice do I have?
I would recommend this solution, it's one of those technologies anyone should at least try out. If you want to protect your home network, and don't want to invest in a firewall, pfSense will do the job. It's good for home use and for small businesses or remote sites of large companies. It's a good strategy because it's generally more critical to invest in defending your main data centers. It's important to choose the hardware wisely, make sure it's compatible. Netgate, the company sponsoring pfSense, manufactures hardware that is really optimized towards it. For small or medium businesses it's not a big deal. But for enterprises, this is important.
I rate this solution a seven out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Netgate pfSense
December 2024
Learn what your peers think about Netgate pfSense. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Head Of Infrastructure at a transportation company with 201-500 employees
Hotspot and overall stability needs improvement but easy to use and has high performance
Pros and Cons
- "The features I have found best are ease of use, GUI, and performance."
- "The hotspot and the portal feature in this solution are not stable for WiFi access. We use it at least once or twice every day and it crashes. Some modules can be better by improving detection and having new updates. Additionally, we have some issues with clustering and load balancing that could improve."
What is our primary use case?
We are using the solution for a firewall and other operations, such as traffic shaping.
What is most valuable?
The features I have found best are ease of use, GUI, and performance.
What needs improvement?
The hotspot and the portal feature in this solution are not stable for WiFi access. We use it at least once or twice every day and it crashes. Some modules can be better by improving detection and having new updates. Additionally, we have some issues with clustering and load balancing that could improve.
In a future release, they could redesign the policies because we need to write inbound and outbound simultaneous policies. They could change it to one policy, such as in FortiGate, Sophos, and Cyberoam. In these firewalls, we add rules in one way, and they add rules automatically. However, in this solution, we need to write every policy manually.
They can improve in site-to-site tunnels with other devices, such as Cisco or FortiGate. It is not very easy to set up VPNs for site-to-site tunnels.
There have been some problems we have been facing with BGP routing that needs to be improved.
For how long have I used the solution?
I have been using the solution for approximately two years.
What do I think about the stability of the solution?
The stability could improve.
What do I think about the scalability of the solution?
Since this solution is software-based it is easy to scale. We can extend the UIs by adding some hardware, such as CPUs and memory discs. We would not be able to match this type of scalability with a hardware-based solution, for example as FortiGate.
This solution is best suited for small to midsize networks. When there is heavy traffic in larger-scale businesses it becomes less reliable.
Which solution did I use previously and why did I switch?
I have used FortiGate previously and this solution is cheaper and more reliable.
How was the initial setup?
The solution is easy to deploy.
What's my experience with pricing, setup cost, and licensing?
The solution is free. However, you need to pay for support.
What other advice do I have?
I rate pfSense a five out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Principal at a tech services company with 1-10 employees
A great solution that just works and is fast and affordable
Pros and Cons
- "It works. I put pfSense in, and it works. I can't think of any trouble I ever had with it. It runs on heat-sensitive appliances. They don't need a fan, so they don't overheat. It is affordable, fast, and very high-speed. It is built on BSD Unix, and it pretty much runs on any Intel processor."
- "I've never tried it in large environments. All my clients are small businesses with a handful of employees, so I am not sure how it works in large environments. I keep up with recent versions, and there's nothing I'm waiting for, and nothing breaks when I get a new version."
What is our primary use case?
We use it for small businesses, and most of my clients are using pfSense.
What is most valuable?
It works. I put pfSense in, and it works. I can't think of any trouble I ever had with it. It runs on heat-sensitive appliances. They don't need a fan, so they don't overheat.
It is affordable, fast, and very high-speed. It is built on BSD Unix, and it pretty much runs on any Intel processor.
What needs improvement?
I've never tried it in large environments. All my clients are small businesses with a handful of employees, so I am not sure how it works in large environments. I keep up with recent versions, and there's nothing I'm waiting for, and nothing breaks when I get a new version.
For how long have I used the solution?
I have been using this solution for maybe five years.
What do I think about the stability of the solution?
It just works.
What do I think about the scalability of the solution?
I've never challenged it. All of my clients are small businesses. It is open-source software, and it runs on whatever appliance you run it on, so whatever computer you run it on, it'll scale up pretty high.
How are customer service and technical support?
Their technical support is excellent. They do have good support service. I don't use it because I've never had any problems with it, but the people I know who use it in bigger environments love it. You can even search their knowledge base and learn anything you want to know pretty quickly.
Which solution did I use previously and why did I switch?
Some of my businesses just use the built-in firewall in the ISP modem. I replaced an old SonicWall that couldn't keep up with a faster internet service. I've replaced a couple of Cisco solutions that were just getting old to run modern software, but the hardware was working. They just died of old age, and I replaced them with pfSense. It has been great. I'm sure a lot of people know how to configure Cisco solutions, but I don't. pfSense is very easy to configure.
How was the initial setup?
It was very simple. You download and boot a USB stick or a CD to install it. From then on, it is managed by its own webpage. The deployment takes a few minutes.
What's my experience with pricing, setup cost, and licensing?
It has almost zero cost, and it is open to us. It runs on a small appliance just for a couple of 100 bucks, and I've never had an appliance burn out on me yet.
What other advice do I have?
It is just great. Give it a try. It just works.
I would rate pfSense a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Engineer at TLCWEB S.R.L.
Sometimes updates can mess up the running configuration but it is a powerful tool.
What is most valuable?
First of all scalability of this solution. It's an all-in-one solution useful for every kind of company. It's also very easy to set up rules and NAT, and it has several modules like transparent proxy, VPN, and traffic shaping which are the daily modules for me.
How has it helped my organization?
pfSense software was designed to be a customizable platform that can be hardware agnostic. This allows the engineer to meet the needs of a project with a device that's got the right I/O and specifications, and then customize the pfSense settings to their needs.
So power consumption and less hardware requirement can save our money!
What needs improvement?
Compatibility with virtualization system (like VMWare, Proxmox and so on and so forth); in some cases, it can create conflicts with virtualized hardware, and configuration export (sometimes the XML file creates a conflict with the hardware network MAC address).
For how long have I used the solution?
I've been using it for three years.
What was my experience with deployment of the solution?
- Compatibility with some virtualized system
- Configuration export in some cases
- Sometimes updates can mess up the running configuration
What do I think about the stability of the solution?
Never had any issues. In fact, I've had a pfSense firewall with the uptime of a year.
What do I think about the scalability of the solution?
No, and it doesn't matter how many rules or not that you have. It can manage different network interfaces (virtual and physical) without a problem.
How are customer service and technical support?
Customer Service:
We never use it, but it has a large community so you can find whatever you need in the pfSense forum.
Technical Support:We never use it, but it has a large community so you can find whatever you need in the pfSense forum.
Which solution did I use previously and why did I switch?
Previously we've used hardware firewalling solutions like SonicWall, Zyxel and others but they're not powerful like this solution. Also, they are hardware so the cost is much higher than software. I've also used IPtables which is a software Linux solution but it's complicated to setup when you need to manage several rules.
How was the initial setup?
It's easy to setup the solution because there's a wizard that guides you through it, and therefore, you cannot make mistakes. Then, you can configure the different aspects to fit your needs.
What about the implementation team?
We have become experts in this solution. We installed it in our lab and tested the solution. After that we implemented it throughout our company, and then began using the solution with our customers.
What was our ROI?
We've a strong know how, and we've use this solution with our customers so we can be more competitive than hardware solutions.
What's my experience with pricing, setup cost, and licensing?
It's a software solution, and also open source, so it's cost is zero!
Which other solutions did I evaluate?
We tested IPCop, Smoothwall, IPTables and others. When we have an OS project, we want to test so we can compare it to our technology, and if it's better, we build it!
What other advice do I have?
Test, test, test and...test! It's powerful but only with testing will you realize what you need.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
National IT Coordenator at a government with 51-200 employees
Stable open-source solution for a small company or a startup with a tight budget
Pros and Cons
- "I like pfSense's reports and how I can control access to the policies on the firewall."
- "The user interface can be improved to make it easier to add more features. And pfSense could be better integrated with other solutions, like antivirus."
What is our primary use case?
I use pfSense as a proxy and a firewall to monitor all the traffic to my network. It allows me to shape the traffic and eliminate bottlenecks that cause the network to slow down. You can use pfSense to catch some websites or make the network faster because we have applications connected remotely all over the country. We need to have a network with a reliable speed and no hiccups on the way because all our applications are on-premise, and the entire country goes to the same data center to get information.
What is most valuable?
I like pfSense's reports and how I can control access to the policies on the firewall.
What needs improvement?
The user interface can be improved to make it easier to add more features. And pfSense could be better integrated with other solutions, like antivirus. For example, pfSense could add templates with firewall policies that a user can customize. I haven't tried to integrate pfSense with Microsoft Active Directory, but in Mozambique, we use many Kaspersky antivirus solutions. If pfSense integrated with these antivirus solutions, everything would be much more stable because most of the companies here have a different kind of security solution. Within a single company, you might find two or three different antivirus suites. So, for example, there could be an open-source solution that you get for free, but you can pay for the support if you want it. So for solutions like that, it would be great.
What do I think about the stability of the solution?
Companies in Africa have issues with budgeting for IT. An open-source solution like pfSense gives us stability and provides us with good reports. It's amazing. It makes the solution reliable.
What do I think about the scalability of the solution?
I haven't tried yet scaling up pfSense. But my setup is Windows based, and I have some Windows-based applications, so I want it to integrate with the Microsoft Active Directory. I haven't done it yet, but I think it would be good to have that integration.
How are customer service and support?
I contacted pfSense support only once when I was installing it and had only configured one network tab. I had to get in touch with them, and the support was terrific. I was impressed. I can't complain about their support.
How was the initial setup?
I have some experience with Linux distributions, so setting up pfSense was a bit easier for me, and I have been working with security for quite some time. It was fast for me, but part of my team is not used to a Linux environment, so it was tricky for them to implement add-ons to the appliance.
What other advice do I have?
I rate pfSense eight out of 10. I would recommend it for a small business or a startup as a starting point. It's also good for companies that are on a tight budget.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
HTS Engineering - Heat Transfer Solutions at a construction company with 201-500 employees
Any new hire straight out of school who has network knowledge is able to operate the software without the complication of a CLI.
What is most valuable?
The easy to use GUI. Less training is required for the newcomers in IT.
How has it helped my organization?
Any new hire straight out of school who has network knowledge is able to operate the software without the complication of a CLI.
What needs improvement?
There were some bugs in the version we used.
For how long have I used the solution?
We have been using the solution for one year.
What do I think about the stability of the solution?
We had a stability issue. A handful of times the firewall box froze and needed a power cycle.
What do I think about the scalability of the solution?
We had a scalability issue. The fail over did not work automatically.
How are customer service and technical support?
Our infrastructure manager tried contacting their support but it was not helpful. Response time was bad as expected for an open source software.
Which solution did I use previously and why did I switch?
FreeBSD box was an old setup from 1998, so it was time to upgrade without it being costly.
How was the initial setup?
The setup was straightforward.
What's my experience with pricing, setup cost, and licensing?
It's open source so it's free. We did not buy their hardware.
Which other solutions did I evaluate?
We evaluated Cisco .
What other advice do I have?
If your organization has the budget, go with a paid solution. We've had our days with it and went with a paid solution (another firewall) due to the company growing and we couldn't have any downtime. It would likely cost the company more money with downtime than to purchase a good quality firewall.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Director
Most valuable feature is a 50/50 between no licensing and ability to repair a firewall
Pros and Cons
- "The redundancy and scalability ARE very nice."
- "The GUI could use more “bells and whistles”. It's got plenty of info for a Sysadmin but some people like shiny things."
How has it helped my organization?
Increasing customer satisfaction by not having to ask for license fees any time a new feature is needed. The redundancy and scalability is very nice too.
What is most valuable?
Most valuable is a 50/50 between no licensing (cough Cisco) and being able to actually repair a firewall instead of replace since pfSense can be loaded to any x86/x64 PC or Server.
What needs improvement?
The GUI could use more “bells and whistles”. It's got plenty of info for a Sysadmin but some people like shiny things.
What do I think about the stability of the solution?
Rarely and almost always due to bad configuration or failing hardware.
What do I think about the scalability of the solution?
No, pfSense can be installed on a decommissioned PC or a brand new 4U quad CPU server. If you need better hardware from the first install it's easy to either simply move the drive to the new firewall or backup/restore to new disks.
How are customer service and technical support?
I've only ever used community-based support and it's very solid with thousands of knowledgeable people on their forums.
Which solution did I use previously and why did I switch?
NETGEAR or Cisco. Switched because NETGEAR didn’t always offer the functionality and Cisco was very complicated and expensive.
How was the initial setup?
Simple if you just want a firewall up and going to NAT your network. It can be as complex as you need it to be. Just run the install from an ISO and it's like any other out-of-the-box SMB router.
What's my experience with pricing, setup cost, and licensing?
Unless they have specific requirements that demand a particular device, I always suggest pfSense specifically because of the absence of pricing and licensing.
Which other solutions did I evaluate?
Monowall, Tomato, DD-WRT.
What other advice do I have?
Stop googling and head over to pfSense to download the ISO and get started. It will do almost everything the most expensive Cisco device will.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Netgate pfSense Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
FirewallsPopular Comparisons
Fortinet FortiGate
OPNsense
Cisco Secure Firewall
Sophos XG
Palo Alto Networks NG Firewalls
Azure Firewall
Check Point NGFW
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Untangle NG Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Fortinet FortiOS
Buyer's Guide
Download our free Netgate pfSense Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between Sophos and pfSense?
- How do I choose between Fortinet FortiGate and pfSense?
- How do I deploy anti-spam in pfSense or SonicWall TZ?
- What are the differences between Fortinet FortiGate and pfSense?
- Comparison between Sophos XG and pfSense as firewalls
- What is the difference between PfSense and OPNsense?
- Why is pfSense's firewall better than OPNsense's?
- Which solution do you prefer: pfSense or KerioControl?
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet