Netgate pfSense Reviews

I am using pfSense as a firewall and VPN gateway.

pfSense has helped our organization because we use a data center that needed a firewall, VPN, and other features under a budget. 

The most valuable features of pfSense are security, user-friendliness, and helpful online management.

It was difficult to configure our web printer through the solution. This process could be easier. Additionally, integration with SD-WAN solution.

I have been using pfSense for approximately one year.

I rate the stability of pfSense an eight out of ten.

We have approximately 2,000 people using the solution.

I rate the scalability of pfSense an eight out of ten.

I have not used the support from the vendor. However, I use community support.

The initial setup of pfSense was simple. However, when we install filters or agents it can be difficult.

I rate the initial setup of pfSense an eight out of ten.

I am using the community version of the solution which is free.

The paid version is priced reasonably.

The solution has solved many of our use cases.

I rate pfSense an eight out of ten.

I use pfSense to provide firewall and VPN services for small businesses. I have a handful of clients using it now and a new one in the works. 

What I like about pfSense is that it works well and runs on an inexpensive appliance. It's a minimal Intel system that has no fan and is all solid-state. It doesn't have a fan because it doesn't do enough to get hot. It's a box about the size of a Discman. I can download the pfSense software at no cost then connect a keyboard, mouse, monitor, and USB flash drive to the appliance. It's built on top of BSD and managed with a web server. And it's effortless to manage.

I would like to see pfSense integrate WireGuard. Currently, pfSense uses OpenVPN, and there's nothing wrong with it, but WireGuard is a lot leaner and meaner. Unfortunately, it's not ready for pfSense, which is built on BSD, and WireGuard is not yet integrated with BSD. The issue is that pfSense is waiting for BSD to add WireGuard support. Once WireGuard is supported on BSD, you can bet pfSense will adopt it. 

I've never had any problems with stability. You plug it in, set it up, and it works.

I know a peer who set up pfSense in a Catholic parish school. It's not thousands of devices, but there are several devices in the parish office, the rectory, and throughout the school, as well as three different VPNs. There's a fourth VPN connection to the IT Director's house, where he manages most of it. So that's four locations with VPNs, and that's the biggest one I know. All you have to do is buy a big enough appliance. You can use the minimum appliance in the rectory, where there's a handful of computers, but you need a step up from that in the school, where there are a lot more computers to connect. And I think even the parish office, which is a handful of people, uses the minimum appliance.

I've never needed support. You can find anything you need to know in the pfSense knowledge base online or in the documentation.

You only need a couple of minutes to install pfSense, then it just sits and works. You boot the USB drive and install it. After that, there's no more management. Any IT professional can easily set it up. Business owners who don't know anything about technology might have a hard time, but the average IT person can do it with no problem. There's good documentation online.

The pfSense software is open source, so you only have to pay $90 a year for support. Of course, I could be wrong on that. It was that much when I looked into it a year ago. It might've gone up or down since then. You can buy the minimum appliance for under $300. It has two ethernet ports, one for your WAN and one for your LAN. 

I rate pfSense 10 out of 10. The appliance is inexpensive, and the software costs nothing. You plug it in and it works.

This solution is for my personal use, I've had a hobby of using it for a long time. I use it to protect my home network. Nothing is bulletproof but I'm happy to have a firewall at home scanning the ins and outs of my network so that I have a degree of security.

pfSense is a free firewall that you can download and install on your own hardware and establish a VPN for it. If you have remote users who need to connect securely, pfSense can do that. The solution has multiple use cases. It's good for scanning and filtering traffic. It's a good network security appliance which you can install on your own hardware or on their hardware. Some companies will invest in a really big firewall for their main branch, and will install pfSense in remote sites because they don't see the value of buying an expensive firewall for each branch.

I'd really love to see the web interface enhanced. It's good but it could be clearer and more straightforward. As a FreeBSD fan, I'd love to see a BSD license code, rather than a GPL license code. I'd also love to see a Sandbox and more security features. pfSense is a mature product, but if you compare it to other products in the market, you realize that pfSense is a little behind. 

I've been using this solution for five years. 

This solution is stable. 

The solution is scalable, it has the HA options that other firewalls also have. It's a software-defined solution, so you can pretty much put it inside a virtual machine and scale it up. Or you can load balance, or have an HA set up between two pfSense proxies, it's all possible.

I don't have contact with technical support. If you have an issue, you can go to the online community and wait for someone to respond. There's no SLAs for that. The only way I would have access to their support is if I actually purchased a Netgate appliance.

I've previously used vendor-based firewalls, like Sophos. They have Sophos XG and Sophos XG, UTMs. Those are the firewalls that I have the most expertise with and I also have some experience with Fortinet. pfSense is normally installed on x86 hardware which uses CISC architecture, a complex instruction set that runs on laptops and computers. They generally make calculations much slower than what we call risk architecture. As a result, firewalls with a risk-based architecture or reduced instruction set architecture are preferred because they provide better throughput. That's the case with FortiGate. They are very well known in the market to have the highest IPS throughput and that's one of the major factors for choosing a firewall.

The initial setup is very easy, it takes about 15 minutes. 

I would recommend this solution, it's one of those technologies anyone should at least try out. If you want to protect your home network, and don't want to invest in a firewall, pfSense will do the job. It's good for home use and for small businesses or remote sites of large companies. It's a good strategy because it's generally more critical to invest in defending your main data centers. It's important to choose the hardware wisely, make sure it's compatible. Netgate, the company sponsoring pfSense, manufactures hardware that is really optimized towards it. For small or medium businesses it's not a big deal. But for enterprises, this is important. 

I rate this solution a seven out of 10.

We are using the solution for a firewall and other operations, such as traffic shaping.

The features I have found best are ease of use, GUI, and performance.

The hotspot and the portal feature in this solution are not stable for WiFi access. We use it at least once or twice every day and it crashes. Some modules can be better by improving detection and having new updates. Additionally, we have some issues with clustering and load balancing that could improve.

In a future release, they could redesign the policies because we need to write inbound and outbound simultaneous policies. They could change it to one policy, such as in FortiGate, Sophos, and Cyberoam. In these firewalls, we add rules in one way, and they add rules automatically. However, in this solution, we need to write every policy manually. 

They can improve in site-to-site tunnels with other devices, such as Cisco or FortiGate. It is not very easy to set up VPNs for site-to-site tunnels.

There have been some problems we have been facing with BGP routing that needs to be improved.

I have been using the solution for approximately two years.

The stability could improve.

Since this solution is software-based it is easy to scale. We can extend the UIs by adding some hardware, such as CPUs and memory discs. We would not be able to match this type of scalability with a hardware-based solution, for example as FortiGate.

This solution is best suited for small to midsize networks. When there is heavy traffic in larger-scale businesses it becomes less reliable.

I have used FortiGate previously and this solution is cheaper and more reliable.

The solution is easy to deploy.

The solution is free. However, you need to pay for support.

I rate pfSense a five out of ten.

We use it for small businesses, and most of my clients are using pfSense.

It works. I put pfSense in, and it works. I can't think of any trouble I ever had with it. It runs on heat-sensitive appliances. They don't need a fan, so they don't overheat. 

It is affordable, fast, and very high-speed. It is built on BSD Unix, and it pretty much runs on any Intel processor. 

I've never tried it in large environments. All my clients are small businesses with a handful of employees, so I am not sure how it works in large environments. I keep up with recent versions, and there's nothing I'm waiting for, and nothing breaks when I get a new version.

I have been using this solution for maybe five years.

It just works.

I've never challenged it. All of my clients are small businesses. It is open-source software, and it runs on whatever appliance you run it on, so whatever computer you run it on, it'll scale up pretty high.

Their technical support is excellent. They do have good support service. I don't use it because I've never had any problems with it, but the people I know who use it in bigger environments love it. You can even search their knowledge base and learn anything you want to know pretty quickly. 

Some of my businesses just use the built-in firewall in the ISP modem. I replaced an old SonicWall that couldn't keep up with a faster internet service. I've replaced a couple of Cisco solutions that were just getting old to run modern software, but the hardware was working. They just died of old age, and I replaced them with pfSense. It has been great. I'm sure a lot of people know how to configure Cisco solutions, but I don't. pfSense is very easy to configure.

It was very simple. You download and boot a USB stick or a CD to install it. From then on, it is managed by its own webpage. The deployment takes a few minutes.

It has almost zero cost, and it is open to us. It runs on a small appliance just for a couple of 100 bucks, and I've never had an appliance burn out on me yet. 

It is just great. Give it a try. It just works.

I would rate pfSense a ten out of ten.

First of all scalability of this solution. It's an all-in-one solution useful for every kind of company. It's also very easy to set up rules and NAT, and it has several modules like transparent proxy, VPN, and traffic shaping which are the daily modules for me.

pfSense software was designed to be a customizable platform that can be hardware agnostic. This allows the engineer to meet the needs of a project with a device that's got the right I/O and specifications, and then customize the pfSense settings to their needs.
So power consumption and less hardware requirement can save our money!

Compatibility with virtualization system (like VMWare, Proxmox and so on and so forth); in some cases, it can create conflicts with virtualized hardware, and configuration export (sometimes the XML file creates a conflict with the hardware network MAC address).

I've been using it for three years.

• Compatibility with some virtualized system
• Configuration export in some cases
• Sometimes updates can mess up the running configuration

Never had any issues. In fact, I've had a pfSense firewall with the uptime of a year.

No, and it doesn't matter how many rules or not that you have. It can manage different network interfaces (virtual and physical) without a problem.

We never use it, but it has a large community so you can find whatever you need in the pfSense forum.

We never use it, but it has a large community so you can find whatever you need in the pfSense forum.

Previously we've used hardware firewalling solutions like SonicWall, Zyxel and others but they're not powerful like this solution. Also, they are hardware so the cost is much higher than software. I've also used IPtables which is a software Linux solution but it's complicated to setup when you need to manage several rules.

It's easy to setup the solution because there's a wizard that guides you through it, and therefore, you cannot make mistakes. Then, you can configure the different aspects to fit your needs.

We have become experts in this solution. We installed it in our lab and tested the solution. After that we implemented it throughout our company, and then began using the solution with our customers.

We've a strong know how, and we've use this solution with our customers so we can be more competitive than hardware solutions.

It's a software solution, and also open source, so it's cost is zero!

We tested IPCop, Smoothwall, IPTables and others. When we have an OS project, we want to test so we can compare it to our technology, and if it's better, we build it!

Test, test, test and...test! It's powerful but only with testing will you realize what you need.

The easy to use GUI. Less training is required for the newcomers in IT.

Any new hire straight out of school who has network knowledge is able to operate the software without the complication of a CLI.

There were some bugs in the version we used.

We have been using the solution for one year.

We had a stability issue. A handful of times the firewall box froze and needed a power cycle.

We had a scalability issue. The fail over did not work automatically.

Our infrastructure manager tried contacting their support but it was not helpful. Response time was bad as expected for an open source software.

FreeBSD box was an old setup from 1998, so it was time to upgrade without it being costly.

The setup was straightforward.

It's open source so it's free. We did not buy their hardware.

We evaluated Cisco .

If your organization has the budget, go with a paid solution. We've had our days with it and went with a paid solution (another firewall) due to the company growing and we couldn't have any downtime. It would likely cost the company more money with downtime than to purchase a good quality firewall.

Increasing customer satisfaction by not having to ask for license fees any time a new feature is needed. The redundancy and scalability is very nice too.

Most valuable is a 50/50 between no licensing (cough Cisco) and being able to actually repair a firewall instead of replace since pfSense can be loaded to any x86/x64 PC or Server.

The GUI could use more “bells and whistles”. It's got plenty of info for a Sysadmin but some people like shiny things.

Rarely and almost always due to bad configuration or failing hardware.

No, pfSense can be installed on a decommissioned PC or a brand new 4U quad CPU server. If you need better hardware from the first install it's easy to either simply move the drive to the new firewall or backup/restore to new disks.

I've only ever used community-based support and it's very solid with thousands of knowledgeable people on their forums.

NETGEAR or Cisco. Switched because NETGEAR didn’t always offer the functionality and Cisco was very complicated and expensive.

Simple if you just want a firewall up and going to NAT your network. It can be as complex as you need it to be. Just run the install from an ISO and it's like any other out-of-the-box SMB router.

Unless they have specific requirements that demand a particular device, I always suggest pfSense specifically because of the absence of pricing and licensing.

Monowall, Tomato, DD-WRT.

Stop googling and head over to pfSense to download the ISO and get started. It will do almost everything the most expensive Cisco device will.