Netgate pfSense Reviews

We're primarily using the solution for testing. We're also using it internally at our own site, mostly as a reverse proxy, but also for the speed. Not all firewalls have 2.5 and and ten gig WAN ports.

The format, the layout and the interface are excellent. We really like that it is quite simple to use and straightforward. The quality, in particular, the ones we have is the Netgate unit, is particularly robust in terms of the look and feel as well as their speed and quality.

We appreciate its flexibility. Its usability is great.

We were able to witness positive results from the product pretty much immediately.

Its SD-WAN capabilities are great. The onboard storage is nice for keeping configs and logs, et cetera.

We do get a single pane of glass for management. It's well laid out and provides clear visibility into management features. Everything is easy to find within the menu bars and options. It is all very logical.

We're using the Plus version with Netgate.

pfSense does provide features to help minimize downtime. There's a failover availability, and there are high availability configurations. We don't use that; however, that's good to have if you need it. Having multiple endpoints or configurations on all of the ports is possible. It helps keep up our site and other sites.

With the logging capabilities, the solution provides visibility and enables you to make data-driven decisions. A lot of our clients are smaller, so they are nowhere near the limits of what pfSense can do by any means. 

The ease of changing parameters helps us optimize performance. It's a lot easier than what can be done with competitors, for sure. 

The solution could improve by adding in some sort of user account credentials in the sense of accommodating more levels of users. From what I've found, everybody has basically the same access. 

A formal partnership with some sort of VPN vendor, like OpenVPN, would be nice.

I've been using the solution for a couple of years. 

The stability is very good. there is no lagging or crashing. It's reliable. 

The scalability is good. However, we and our clients aren't too large. 

I've never needed to contact technical support. 

In the past, we have used Fortinet devices. pfSense is definitely easier to configure and use. It doesn't have quite the same feature set. However, that's fine - you don't always need the full feature set. We find that the add-ons that are available are fine. You just have to find them from a third party. 

The initial deployment was easy.

There isn't any maintenance needed beyond updates. The base install probably took ten minutes and to configure it properly takes two to three hours with some internal servers and multiple ISPs. You just need one person to handle the process. 

I'm using pfSense via Netgate devices, which are reasonably priced. The solution seems to be reasonable. It's well-priced for what you get. It's a bit lower than the competition if you are trying to gauge the cost of ownership. And it adapts well to different speeds.

I'm a customer and end-user. 

I'd rate pfSense eight out of ten.

If a person is familiar with firewalls, they'll be fine adopting it. The interface is pretty easy.

I use pfSense as my primary home router and edge gateway. My professional background is primarily in security engineering, though I focus more on pre-sales technical engineering. Due to my extensive experience in direct and security information management over the past decade, I leverage pfSense's capabilities to generate much of the data in my SIM system. This data is essential for laboratory purposes, testing, rule development, and use case creation. As a result, pfSense is a crucial component in securing both my home network and laboratory environment.

I appreciate pfSense's flexibility because I previously encountered issues with hardware reliability. While I'll eventually order dedicated pfSense hardware, I experienced consistent problems with SSD corruption. Frustrated with this, I considered switching to OpenSense. However, I discovered its potential after running pfSense in a virtual environment. The ability to easily create snapshots and recover from mistakes is invaluable. Ultimately, I've decided to continue using pfSense virtually due to its flexibility and convenience.

The ease of adding features and configuring them in pfSense depends on a user's familiarity with FreeBSD and network analytics. While I have extensive experience building firewalls from raw FreeBSD, pfSense offers a user-friendly interface that accelerates setup for newcomers. Its underlying FreeBSD foundation allows advanced users to access and configure low-level features. I appreciate pfSense's intuitive GUI and the secure default configuration provided during initial installation.

After the initial setup process, I immediately recognized the value of pfSense. The straightforward configuration questions provided a solid foundation, making the benefits apparent. While every implementation requires tailored adjustments, pfSense offers a versatile platform to explore various use cases. My primary focus was extracting in-depth information beyond standard firewall logs, such as detailed Suricata events and DNS server activity. As I delved deeper, I discovered pre-built packages that simplified data export to tools like Prometheus and InfluxDB, often meeting most of my requirements without extensive customization.

The advanced pfSense firewall rules offer significant advantages, such as implementing threat intelligence to block malicious actors from accessing our network. Configuring pfSense for radius or two-factor authentication can enhance security by preventing unauthorized access to our environment. These features are among the reasons I appreciate pfSense.

pfSense offers a centralized view of network data, but its built-in dashboards are sufficient for many users. As a fan of Grafana, I prefer a consolidated approach and could utilize pfSense data through either Prometheus or InfluxDB. However, extracting all data for central aggregation, as I'm accustomed to in threat management, aligns more with my preferred workflow. Nevertheless, the ability to customize dashboards within pfSense to monitor firewalls, DNS, and other critical services is valuable and meets the needs of many users, including those focused on point-of-service operations.

pfSense offers several features designed to minimize downtime, including failover, synchronization between routers, and ZFS snapshotting. While these tools effectively reduce downtime, I believe virtualization snapshotting and backups provide the best solution for my needs. Ideally, I would have multiple pfSense routers with a redundant setup, but budget constraints currently limit me to virtualization. Ultimately, the best approach depends on individual requirements and resources.

pfSense provides visibility that enables me to make data-driven decisions.

pfSense's visibility into system performance enables optimization at various levels. The initial user interface provides valuable information about RAM usage, active services, and general health. In contrast, more advanced users can access in-depth kernel-level data for granular insights into system behavior. By offering tools for novice and experienced users, pfSense empowers practical understanding and management of system resource allocation.

I appreciate pfSense's foundation on FreeBSD, which enables me to leverage additional FreeBSD packages for expanded functionality. WireGuard, a core feature I constantly rely on, facilitates my home and mobile devices' constant connection to my home network, allowing complete traffic monitoring and filtering. I value Pia ad-block's effectiveness in network traffic filtering, ad blocking, and malware prevention. Unbound's flexible DNS server complements the robust firewall, which is user-friendly and flexible for rule creation.

I've encountered persistent issues with the solid-state drives built into pfSense hardware devices. The devices consistently malfunctioned despite repeated attempts to resolve the problem, including complete reinstallation. Power outages significantly contributed to the issue, as frequent system corruption occurred following these events. Even after reformatting, bad sectors persisted on several drives across at least three purchased devices. Unfortunately, this has rendered some units utterly unusable due to recurring disk corruption.

While there seems to be support for virtual environments, I believe some modules specifically support VirtualBox. Unfortunately, I've had to customize my own setup again. To accommodate users on platforms like Proxmox, I need to install the QEMU Guest package to provide native support for such environments, similar to other open-source virtualization solutions like KVM. Out-of-the-box QEMU Guest support would be beneficial. I appreciate the inclusion of Suricata, Snort, WireGuard, and Telegraph, which work well behind the scenes. The Prometheus node exporter is also present. Having used pfSense for a decade, I continually discover new functionalities. Surprisingly, some features I needed were already available, but better discovery mechanisms within the product could help users explore them. I would like to see out-of-the-box QEMU support.

I have been using Netgate pfSense for ten years.

Stability has been a concern for me. Hardware-wise, performance has been inconsistent. Software stability has also been an issue, particularly during significant upgrades. I've encountered various problems that required troubleshooting. However, I've noticed a substantial improvement in stability and ease of use for upgrades and patching over the past year or two. While there have been occasional setbacks, such as with the new packet exporter feature, pfSense has become much more reliable overall.

The scalability is good because I started with a simple network, WAN, and LAN setup and expanded it to multiple LANs, VPNs, and internal networks.

Technical support has been good, especially for hardware issues. Whenever my image was corrupted, I could always count on them to send a new NISO image within a few days without questions. However, I don't need much support for configurations or other technical aspects as I prefer to experiment and learn by trial and error in my lab environment. That's the fun part for me.

Positive

I was going to move to OpenShift, but I never made the jump. Eventually, I think my saving grace was my ability to virtualize pfSense. Once I do that, I can bounce back from misconfigurations or something wrong. I have had no problems with pfSense since I got off the harness.

A skilled networking engineer unfamiliar with pfSense can easily configure a firewall. Setting up a NAT barrier between internal and external networks is straightforward; this functionality is included by default. VLAN configuration and other initial setup questions are addressed during the product's initial setup process, the specifics of which depend on the intended use case.

The average time to set up one pfSense box is 15 to 20 minutes.

One person is enough to deploy pfSense. 

I prefer the software licensing model. In contrast, hardware costs can be substantial; I once paid around $400 for a piece of equipment, perhaps two or three years ago. I believe they've made improvements since then, although I can't recall the exact model number, as I moved from the smaller SG 1100 to the SG 2100 to accommodate more advanced features requiring additional RAM. Unfortunately, I encountered another hardware failure with the latter.

The cost of ownership is low, especially when purchasing the pfSense Plus and virtualizing it.

I would rate Netgate pfSense eight out of ten.

I use the paid version of pfSense because I constantly was replacing faulty hardware. The previous physical appliances struggled to handle the network load, so I switched to a virtualized solution.

pfSense can be essentially set and forgotten in basic configurations, but utilizing advanced features like Suricata IDS and TF blocking necessitates regular maintenance to ensure rule updates and system synchronization. Consistent care and attention are required for optimal performance in these scenarios.

I recommend that new users keep things simple with pfSense. While I enjoy pushing my products to their limits, simplicity contributes to a more stable system overall.

I use pfSense to provide IT services for small businesses. They typically have a broadband or fiber connection through a router to the ISP, so they're looking for some additional security. We can get a Netgate appliance with pfSense for a few hundred dollars.

We saw the benefits immediately. I live in Edmonton, and one of my clients is a machine shop in Montreal. We configured the firewall and sent it to the shop with instructions on how to set it up. They set it up, and once it was running, I could remote in and start providing IT services to my client two time zones away.

It can help you prevent data exfiltration from the outside, but you'll always have a problem with employees who want to do bad things. It isn't a completely zero-trust approach. It has logs that will tell you if something seems odd. That requires the owner or IT professional to stay on top of it.   

The stability of the Netgate hardware and pfSense software helps to prevent downtime. At the machine shop in Montreal, we had an older Netgate model running for almost seven years, which we replaced last Christmas. It wasn't failing, but we upgraded it to ensure uptime. We spent about $200 on that device or about a few months of coffee for the office. You can deploy pfSense on your own device, but it gives the client comfort to see an actual device instead of something I cobbled together. 

I don't know if there's a particular dashboard other than the volume of data you are passing through the firewall that we check to ensure it is as expected. All of the businesses we handle are small, so we don't need some of the advanced features, such as VLANs, and I'm not going into them to fiddle with them constantly. If the power is somewhat dodgy, as it is in Montreal, they come back online in the proper configuration.  

One of the main benefits of our use case is pfSense's inclusion of OpenVPN. We can set up a server-client configuration so employees can access the office outside business hours. This enables us to provide secure remote access to their workstations and other devices inside their worksite. OpenVPN is included, so I don't need to purchase an expensive VPN solution with its own client. 

I also value the community on the pfSense website and other forums. If you're trying to set something up, there's invariably someone else who has done it before. It's open source, so the community is massive.

PfSense is quite flexible. You can tune it to meet your needs. If my client has something provisioned to their clients, we can run that through the firewall. We can also set it up so that everything is locked down and all traffic moves through the VPN. Like any other firewall, you can set up rules. I haven't encountered anything that I wanted to do that I couldn't. 

Setting up the VPN is always tricky, but adding features isn't hard overall. OpenVPN is easier to use than any other open-source VPN solution. It does all of the DHCP and DNS forwarding and other firewall tasks out of the box.  

In most of our use cases, the pfSense interface acts like a single pane of glass for me to log in, monitor, and configure. You can use the command line interface, but I use the web interface. I would only use the CLI to review logs because everything is on a text interface rather than a browser window, so it's easier. However, for a business user, the web interface is easier if they don't have any complex needs. 

Our customer's IT operations are optimized to go through the pfSense firewall and OpenVPN. It enables us to get work done without constant callouts from the clients. When we upgrade to a new unit, we give them configuration files to install on their workstations. 

They could improve the VPN wizard to make the configuration easier. I don't know what happened last time, but it was a little fiddly. Adding users isn't difficult, but it's a step that's in a different panel from the configuration of the VPN client itself. You need to create the user on the firewall and then associate that with the VPN. They should make it easier to link the firewall configuration with the VPN client.

I have used pfSense for between five to seven years.

PfSense has always been stable, even in an inhospitable environment. A machine shop is bad for devices because of all the dirt and oil, and I had one that continued running for five years without any complaints.  

I always pick a Netgate device that has sufficient hardware for each of my clients, but if I had to expand suddenly, I know Netgate has a range of devices that would work. However, I do think they focus on small and medium-sized enterprises.

I deploy pfSense on Netgate appliances. It's easy for a typical network engineer with no experience with pfSense. If you know about networking, it's an easy device to set up. Coming from a Cisco background, I found it dead simple to install. I have deployed boxes in under an hour. One person is enough to do it. The maintenance and updates are easy. I've never had an issue with updating and fixing bugs. You can do it all remotely. 

I rate Netgate pfSense nine out of 10. Having a basic understanding of networking concepts, like firewalls, routing, and VPN will help you navigate the pfSense interface. 

We use pfSense as the main firewalls coming into most of the companies we support. I work for an MSP. We've used different things. Our higher-end customers even run pfSense high availability clusters, and those work like a champ.

It has made deploying firewalls a faster process due to ease of configuration.

One of the features we use the most is the OpenVPN and IPsec VPN tunneling built within it. We have places that are headquarters and multiple locations where we create tunnels. We support police departments and stuff like that. Part of our use case is one of our police departments that does their own dispatching, so they have software that they run in-house. So we set their points out where the points themselves dial back in through OpenVPN using client certificates to create that always-on tunnel. Prior to us taking that over, they were using FortiGates, and the FortiGate FortiVPN was constantly dropping, and they were constantly having to re-authenticate. They would have to put 2FA back in. Since we've put in pfSense, we have the cradlepoints in cars establish the VPN connection, and we hardly ever hear from them since there seem to be no issues.

pfSense's flexibility is great. If you don't have the money to buy the NetGate hardware, anything works with it. You can toss it on any low-end piece of hardware or virtualize it if you choose to virtualize it. It is super flexible.

It's easy to add features to pfSense or configure them, especially if you're familiar with pfSense. They have a complete repository of apps that you can choose from and different types of monitoring packages you can put on it. They're all very, very straightforward and very easy to set up. I even run a pfSense for my home firewall. I've got AT&T fiber coming into my house. I bridge the public IP through, patch the modem into my pfSense, and have no issues whatsoever. I even run multiple VLANs off of it.  I replaced a FortiGate with this setup.

The benefits are witnessed immediately after you deploy it. Immediately after you deploy it you're no longer having to read articles to figure out what flaw has been found in this version of FortOS or what flaw has been found in this version of SonicWall that's being run. You just you don't seem to have that in the pfSense platform.

pfSense provides with a customizable dashboard landing page.  You can add widgets to show you any piece of information you want to see. I can add in a widget where, from the dashboard, it'll show me, what OpenVPN clients I have connected. It'll show me traffic graphs from LAN, optional ports, uptime, what version of BSD I'm on, what version of pfSense I'm on, whether there's an update available for PFSense, IP information, et cetera. It gives me all this within the main loading dashboard screen.

To manage multiple devices, you would have to subscribe to a third-party service to have the ability to do that.

This is truly set it and forget it. We didn't quite run into that as much with FortiGate. Even with the third-party add-ons, we don't seem to run into issues with the pfSense product where we have to be so hands-on.

There are two versions of pfSense, the community edition, which is free, and the paid version, Plus. We run both. We're getting more away from the community edition since we're starting to just purchase NetGate appliances. We're buying it strictly through NetGate. At this point, we're even starting to add on the tech support, which is top-notch.

pfSense can help to minimize downtime. You can set them up in a high-availability cluster, and that pretty much minimizes all downtime. Your secondary appliance picks up if your primary appliance goes down. It makes it really easy to apply updates or reboot the one firewall. It switches over so seamlessly. Your users never know the difference. When the primary firewall comes back up, it'll take over the primary function again, and then you can reboot your secondary firewall.

The visibility in pfSense enables us to make data-driven decisions. You can use traffic graphs and the historical data of those traffic graphs, especially if you're monitoring your WAN connection, to know whether you're oversaturating your line and whether you need to update your bandwidth coming into your building or not. That way, if you're seeing slowdowns on the internet, you can go back to your traffic graphs and figure out if you are seeing the slowdown from your provider or just oversaturating the line. If that's the case, I just need to call and order some more bandwidth.

As far as optimizing the performance goes, I like the fact that you can take interfaces within pfSense and put bandwidth limits on them. If I have a guest network, I can put a throttle limit on it to make sure that somebody doesn't hook to my guest and eat up so much bandwidth that my primary network can't function.

They're very affordable for what they offer. However, they should become more MSP-centric. They could design a centralized dashboard that I, as an MSP provider, can create sites and load my pfSense in there. That way, I can schedule updates to run after hours and things along those lines. They need to design for MSPs that are using their products and make centralized management easier.

I've been using pfSense for at least a decade. 

pfSense doesn't ever crash. If I had any gripe about these things, it's the fact that sometimes the update process will break the appliance. I'm not sure what causes it. I've had a few appliances where they've been running fine, and I go to apply an update, and then they just don't boot back normally. At that point, I reach out to support. They give me the reload file that I need. I reload the appliance. I dump the config back on it, and then it's good to go.

As long as you're buying an appliance that will support the bandwidth that you need to push through it, scalability is fine.We've got some of them running 10 to 12 VLANs. We've got one particular one that has no less than five different OpenVPN setups depending upon the department you're in.

Their paid support is top-notch.

With the community edition, and this probably is one of my gripes to pfSense, and this is more on the NetGate side, is that they don't make their images readily available to you. So you have to open a support ticket. You have to give them the hardware ID. You have to give them the serial number of the appliance, and then they will send you the file that you need to reload the operating system. Even so, we're talking about less than an hour of waiting time, and somebody will respond to the ticket and give you a link where you can download the software to reload it.

Positive

We've used SonicWall. We've used FortiGate. We always seem to go back to the Netgate and the PS pfSense just due to the fact being open source, they seem to have fewer security flaws in them than running something that is a closed proprietary system. With FortiGate, you constantly need to update, since they're constantly finding flaws in the FortiOS, and we just don't seem to have that from pfSense and the NetGate supply of products.

There was more hands-on work with FortiGate. If you're doing any type of web filtering, they would come out with an update where a website that did work would start getting miscategorized. And then all of a sudden, it would stop working. And you would have to go in and make a white list and an exception for it.

We buy the appliances and then install the appliances on our customer sites.

The initial deployment is easy. How long it takes depends on how simple or how complicated it is. As far as just a simple firewall goes, I can have one of them up and running in 15 to 20 minutes.

Even if you are not too knowledgeable, it would be very easy. When you first boot into it and go to the web interface, it has a wizard that walks you through setting the IP address on your LAN and configuring whether you're using DHCP or static on the LAN. That wizard that walks you right through what to do right out of the box.

Just one person is generally needed for deployment. 

After the deployment, it's pretty much set it and forget it. I will go in and I will check quarterly if an update needs to be applied, however, they don't come up with updates that often. Maybe once a quarter, once every six months, an update has to be applied to the appliance. Other than that, I am only logging into these appliances if I need to make rule changes or if I need to bring up an additional VLAN in the network.

The licensing model is good. It's probably a little expensive for the hardware that you get. However, a part of that price is the support. And their support is top-notch. Even if you're only using the community support, and you're not paying for the extra support, they probably pad the hardware prices a little bit to help offset their support people. 

I love the TCO (Total Cost of Ownership) of pfSense. That's one of our selling points to our customers. You can buy this, buy once, or, you can look at going to Meraki or FortiGate or something like that, but, be paying licensing fees every single year to keep that product up and running.

I'm an MSP.

I'd rate the solution ten out of ten.

If you're going with the NetGate appliance, I'd let new users know that they are already optimized for pfSense. If it's something that you're looking to virtualize or if you're looking to use a community edition on your own hardware, my recommendation would be just to make sure that you use Intel network cards. I have never had a problem out of an Intel NIC for getting the OpenBSD underlying platform to recognize those network cards and load the proper drivers for them. That way, they show up within the pfSense software.

I'm an independent IT consultant specializing in pfSense router deployments. I use pfSense not only in my home and my parents' homes but also at ten of my clients' locations.

The pfSense router can be deployed on-premises, in the cloud, or on a hybrid platform, but I only deploy it on-premise.

pfSense's flexibility overall is excellent. I can't think of a feature that it doesn't have.

Once I got the hang of it, pfSense became easy to use to add new features. However, there are occasional complexities, like configuring a RADIUS server, which initially seemed overly complicated. Thankfully, the documentation helped me navigate the process successfully.

I immediately saw the benefits of pfSense based on the cost savings alone. The routers are low-cost, to begin with, and there are no annual licensing fees like those required by Cisco routers and other brands. I have replaced many Cisco routers with pfSense because of the ridiculous licensing fees.

pfSense, as long as it is properly configured, is excellent at helping us prevent data loss.

Netgate hardware devices come pre-installed with pfSense Plus, which means all of our installations benefit from pfSense Plus because they run on Netgate hardware.

pfSense provides visibility that enables us to make data-driven decisions. The package manager lets us add a lot more visibility. I use the softflowd add-on package, and there are a few other add-ons if we need more visibility.

The visibility provided by pfSense helps optimize performance. The data flows across the different subnets, which is helpful if there is a performance issue.

pfSense stands out for its full features and adherence to industry standards. Unlike competitors introducing proprietary variations like UniFi or Omada, pfSense prioritizes compliance. This is crucial in manufacturing environments where diverse systems need to integrate seamlessly. In such multi-brand settings, standard compliance becomes a critical factor for successful system interaction.

pfSense doesn't offer a central management system for multiple sites, which wouldn't be a big deal for most of my customers, who typically manage just one site. However, for larger companies with many sites, logging into each pfSense router individually to manage them could become cumbersome.

Previously, we were able to download an offline installer for our firmware. For example, if our router crashes, we must reinstall the OS. We would have it on a USB stick that is available to reinstall. Now, with the current version of pfSense, they are no longer providing an offline installer. We have to be connected to the internet to download the OS in real time, which, in some cases, is not possible. Some routers need to be air-gapped for compliance controls. They are not supposed to have access to the internet. In other cases, we can't disconnect the company's internet to connect the replacement router because that would take down the company. So we don't have a way to install the OS. I went back and forth with Netgate's support, trying to get that through their heads, and eventually, a manager gave me the offline installer but told me this would be the last one and not to expect this ever again. They have provided offline installers for 15 years, so I don't understand why they would remove them now. They are not considering all of the use cases. If we have a large company and the router goes down, we could be losing thousands of dollars an hour, and we don't want to sit there trying to troubleshoot an internet connection when we could use a USB stick to reinstall it in two seconds and restore the config. This is an essential need for some organizations and an area where Netgate pfSense can improve.

I've been a Netgate pfSense user for nearly 15 years, practically since its launch.

Netgate pfSense has been excellent in terms of stability. I have never had an issue with any of the business-grade routers. Their lowest-end model runs on MMC storage instead of regular hard drive storage, and I have had some of those crash.

Netgate pfSense has different tiers, so the higher we scale, the more expensive it gets, but as long as we match it appropriately, it works great.

I have never paid for Netgate support, but when we purchase a new router, they allow us to send a config of the old router and provide one-time support for free. So, I have interacted with them a few times under these terms. The results have been mixed. Sometimes, I can tell I am speaking to a competent person, and others don't understand what I'm saying. In the past 15 years, I have been working with pfSense routers. I have contacted the support team 15 times, and the results have been 50/50.

Neutral

I have used Cisco routers, which were a real hassle to manage. I have also used Linksys and Apple AirPort routers.

The initial deployment for a new user is moderate. It all depends on their experience level. The documentation on their website is suitable for beginners. For a basic deployment, there are many articles from other people and YouTube videos on how to deploy.

Compared to other business routers, pfSense's pricing is reasonable. It also offers a free community version that can't be beaten.

With the inclusion of firewall, VPN, and router functionality, pfSense's total cost of ownership is low compared to other routers like SonicWall, which licenses the VPN feature. 

When I compare pfSense to other routers like TP-Link and Omada, I see that it has all the standard network features, whereas the others are missing a few. The challenge with pfSense is learning to use it because of all the features it includes. I have never felt like I needed to change brands because pfSense was missing a required feature.

I would rate Netgate pfSense eight out of ten. It is a great product.

I recommend new users do a test setup on their home network first to understand how it works before moving it into their business.

We use Netgate pfSense to deploy to our customers.

Netgate pfSense has a lot of different applications you can use for VPN and multi-way traffic. It's very simple as far as firewall rules and NAT rules go. It's an overall solid application and product. We don't really have too many RMAs, and there are no monthly fees associated with it.

Netgate pfSense is extremely flexible due to the nature of the multi packages that you can use for different VPNs. You can do the same thing in multiple different ways, and it's very handy when you're trying to troubleshoot problems.

You can add packages to pfSense with Snort and pfBlocker to keep hackers out. We've been using pfSense by creating rules that only allow our IP addresses into those devices. That way, they are never open to the outside world, and we've been doing that for almost 20 years.

Netgate pfSense has a high-availability application called CARP that allows you to put two devices in failover mode.

The visibility that pfSense Plus provides helps us optimize performance because that's all in the updates they push out.

We use pfSense Plus on Amazon EC2 VMs, and it's been pretty good and fairly quick in testing.

The solution should provide a single pane of glass and a management console for all devices.

I have been using Netgate pfSense for 20 years.

The solution is fairly stable unless there's an environmental issue.

I rate the solution's stability an eight out of ten.

I rate the solution a nine out of ten for scalability.

We have previously used SonicWall. SonicWall has all the packages prebuilt. With Netgate pfSense, you have to download and install the packages and then configure everything. These include antivirus and anti-spam, which you have to turn on, but they cost money.

It's really just a configuration setup. SonicWall and Netgate pfSense are two very different firewalls. It's very difficult to compare them other than monthly and yearly licensing versus buying at once.

The solution's initial setup is super easy. I've taught several people with little knowledge of how to do it, and it's been very simple to explain and set up.

From start to finish, the solution's deployment can be done by one person in probably an hour.

I think Netgate needs to charge a nominal fee for the actual software so that it gets paid for because a lot of people skirt the licensing and use the community edition. Netgate should charge something nominal like $50 a year for the community edition to deter people from using it for everything.

Depending on the specifics, adding and configuring features to pfSense could take three or four hours for a RADIUS server with a VPN or less than two minutes to set up a NAT rule.

We were embedded with pfSense in 2023. It took us some time after we deployed the solution to see the benefits.

I have 236 devices in production. Some of the cheaper models are more susceptible to power outages, which cause them to fail. However, some of the more robust models are expensive, but they last for many, many years, and there's very little interaction that we have to do with them.

The only maintenance the solution needs is just updates to the device as required.

New users should do some basic research before configuring Netgate pfSense. There's lots of information about the tool on the web, and it's very easy to get the answers to your questions because somebody's already probably run into that issue. There are tutorials on basic configuration on YouTube.

Overall, I rate the solution an eight out of ten.

I use pfSense as a firewall for a university client with 10,000 to 12,000 users. I'm a consultant to the client, and they haven't introduced the product to their IT team. They are only starting to train themselves and use it to secure their environment from end to end. 

One of the biggest benefits is cost savings. It has reduced operating costs compared to Sophos by more than 50 percent. PfSense Plus helped us minimize downtime. I can configure it for high availability, and the machines are simple and reliable. The Netgear devices work well. They stay up. I built a cluster, and they work seamlessly. 

I like how affordable and flexible pfSense is. I can achieve the protection I need in a flexible manner. I enjoy using pfSense. It's effective and solid.

Two key areas need improvement: the traffic profile and better centralized management. It would be great if we could have a single pane of glass for managing multiple appliances running in different locations. Sophos has much better centralized management, but you're paying an arm and a leg for it.

The management is good, but it's quite basic. If I have multiple instances deployed, I can't manage the information like I would when I use something like Sophos Central to manage multiple devices in different locations. 

The portal is still not well-tuned. There are still issues regarding implementation and its effectiveness. But besides that, everything else is great, from the purchase to implementation, setup, etc. Only the portal needs a lot of work.

I rate pfSense 10 out of 10 for stability.

I rate pfSense 10 out of 10 for scalability. It's highly scalable. 

I have not contacted Netgate support yet, but I've heard that the technical support is excellent. I can't afford it.

We were using Sophos but switched due to the price. I was looking for a more affordable firewall solution, which brought me to pfSense. I sought something to replace our existing device. We needed something to do the same thing I was doing, including firewall, IPS, etc., but that wouldn't cost me as much as Sophos did.

PfSense isn't very easy, but if you know what you're doing and know what you're looking for, you can get it done. It's technical compared to Sophos. It's not difficult. It's just more technical.

PfSense was straightforward. The infrastructure is complex, but the implementation was straightforward for me. Maybe that's because I've had years of experience in IT infrastructure deployment. 

The deployment time depends on the features you want to implement. It took me about a week. The initial setup took less than two hours, but it took me about a week to finish the tune-up. I mostly deployed it by myself. I just looked up online videos from experts and understood what to do next. After deployment, it requires the occasional firmware update. That's it.

I rate pfSense 10 out of 10 for affordability. The company did the price review of Sophos and just took it out of the wall. Most of our clients have recommended Netgate. The total cost of ownership is excellent. It makes a lot of sense for SMEs. I pay a little bit on top. The Netgate infrastructure is much easier to approach. 

I rate Netgate pfSense eight out of 10. I recommend it to others. It's affordable and not that difficult to set up or manage. You need to be certified to use Sophos, but we don't need any specific certifications to own or manage pfSense.

I have three firewalls running my entire county and 11 smaller versions of the firewalls doing OpenVPN tunnels to my remote sites through StarLink. 

PfSense has been highly flexible, and it's worked out great for us for the most part. The Plus version has support, which we will pay for since it is our edge firewall. I have not had an issue with adding features.

We're doing a lot of OpenVPN tunnels, and some of the fields in the OpenVPN setup on the server side do not lend themselves to multiple sites. It's kind of ugly. It's a big list of allowed IP addresses. I'd much rather see that via the table individually. 

The individual firewalls have a single pane of glass view, but we have so many of them. You need to log into each to manage them.

 I'm officially about two years into using pfSense and one year in production.

I have not had any crashes happen. 

Overall, I've been happy with these firewalls.

I rate Netgate support eight out of 10. They were highly responsive. It was strictly email support. I didn't buy phone support.

We were running a Sophos firewall as the edge router of everything we did, and it wasn't meeting our expectations. I've used Cisco firewalls for most of my career. The Sophos firewall was underpowered and overburdened. It was constantly causing issues, such as filling up the logs and crashing the firewall in the middle of the day. I have not had that issue with the pfSense.

It was harder to order them than it was to deploy them. As a county government, we ran into purchasing issues, but we ultimately managed to make it happen. It took us about three months to deploy all of them. After deployment, you need to update the firewall codes and back it up. That's pretty typical.

PfSense was quite a bit less expensive than some other alternatives, and it's worked as well as we could hope. We have three 1500s and 11 of the 4100s. The total cost of ownership has been pretty beneficial.

We looked at some other options. I'm a Cisco guy, but pfSense firewalls provide more bang for your buck. 

I rate Netgate pfSense eight out of 10.