Netgate pfSense Reviews

We currently use pfSense firewalls at our branch offices and central server locations. I have implemented TAC enterprise support on three of these firewalls, with the installation of the third scheduled for this weekend. Our network infrastructure relies on VPN tunnels between sites, and I have successfully deployed an always-on OpenVPN solution that significantly outperforms our previous SonicWall VPN system.

Installing packages on pfSense is straightforward, although the quality of package documentation varies. While I understand this isn't Netgate's responsibility, the installation and configuration process for these packages is remarkably user-friendly, relying almost entirely on the GUI. In my experience, I've rarely needed to resort to the command line, but I'm certainly not averse to it when necessary.

I immediately recognized the advantages of pfSense. Its ability to support custom hardware installations allows me to tailor solutions to the specific needs of each branch location. While I've had excellent results with Netgate's pre-built hardware, the option to construct higher-specification systems myself, all while maintaining support, is incredibly valuable. The difference compared to our outdated SonicWall is night and day. I previously built a pfSense firewall on a Dell server for a business handling high traffic volumes, and its performance was exceptional.

pfSense helps me prevent data loss by utilizing firewall aliases and other DNS-based filtration methods to block access to shadow IT and third-party cloud data transfer sites, providing some control over data movement.

While pfSense doesn't offer a centralized overview of multiple firewalls, it provides extensive customization options for each firewall's homepage. This allows for detailed monitoring of VPN tunnels, interfaces, and other components. I appreciate the ability to add, remove, and customize widgets on the homepage for tailored information display.

Helps minimize downtime. I have set up the high availability with one location, which works flawlessly.

Provides visibility that enables us to make data-driven decisions about network capacity, including throughput and the ability to handle traffic.

pfSense has significantly improved our performance by optimizing our always-on VPN. The recent release of the OpenVPN data channel offload feature, which was quickly adopted and supported by Netgate pfSense, has revolutionized our Windows laptop VPN solution. This new feature is nearly ten times faster than the previous OpenVPN without data channel offload, and its thorough documentation encouraged us to implement our always-on VPN ahead of schedule.

pfSense's greatest strength lies in its customizable package installation, detailed logging capabilities, and ability to manage log history, including sending it to Vault Logs via Syslog. OpenVPN support is exceptional. When I inquired about setting up an always-on VPN, the engineer swiftly and fully understood my needs and provided expert guidance. Netgate support's in-depth knowledge of included features is truly impressive.

I would like clear guidance on supported network interface cards, including detailed performance metrics for various models. While I understand the focus on selling appliances, more comprehensive documentation for those building their own systems would be beneficial. Specific throughput numbers and other statistics for Intel, Broadcom, Mellanox, and other cards are needed. Additionally, reinstating the ability to visualize long-term RRD data through built-in graphs would be valuable, as the current live traffic display offers limited insights.

I have been using Netgate pfSense for ten years.

I have not experienced any crashes in the production systems. The only crashes I've encountered have been while running unstable development builds, which is expected. However, excluding power outages, pfSense itself has been one hundred percent reliable in my experience.

If you invest in hardware capable of handling increased bandwidth, performance remains unaffected. We haven't observed any spikes in CPU utilization or memory usage. Even with a jump from a 50 megabit to a 500 megabit internet connection and approximately 65 active VPN clients, our firewall operates smoothly without any strain. Our small businesses handle the load effortlessly.

I have exceptionally high praise for the Netgate technical support team. In the three or four times I've called support, I've always reached an engineer within 20 minutes, which was the longest wait time. Every time, they've quickly addressed the issue once verifying firewall support. Their knowledge and willingness to assist are impressive.

Positive

I have experience with FortiGate, Dell, SonicWall, Cisco, and numerous consumer-level firewalls. While I am not the most seasoned network engineer, I have worked in the field for a considerable time, encountering a variety of solutions. Among these, pfSense stands out as exceptionally customizable and intuitive. Given the inherent complexity of networking, pfSense has made the subject as accessible as possible.

Deploying a pfSense box is straightforward when I'm physically present. Remotely guiding someone unfamiliar with operating system deployment presents more challenges. However, on-site deployment is remarkably easy, even simpler than installing a Linux server. 

Deploying a Netgate pfSense appliance is straightforward, even for network engineers without experience with the platform. The setup wizard is intuitive, requiring minimal networking knowledge. Subsequently, the configuration interface is user-friendly, allowing those with moderate networking experience to navigate and manage settings efficiently. Building a custom solution would depend on hardware expertise and operating system deployment skills, but utilizing Netgate appliances is notably easier.

The Netgate appliance I recently purchased took less than an hour to install, with most of that time spent gathering necessary information from the internet provider.

pfSense pricing is reasonable. Whether purchasing appliances or support, I hope they're charging enough to sustain their exceptional support services. Whether you opt for a bundled appliance and support or standalone support for a custom-built device, the pricing remains impressively fair.

When considering the total cost of ownership, pfSense is a compelling choice for a solution that incorporates firewall, VPN, and router functionality. Initially, I explored purchasing the OpenVPN access server, which would have required a virtual machine due to the lack of a dedicated physical server. However, integrating the VPN endpoint into the firewall aligns better with our design goals. It eliminates the need for a separate VPN appliance, resulting in significant cost savings and improved performance. Testing pfSense with OpenVPN in a virtual environment confirmed that it operates more efficiently on bare metal hardware. Moreover, the licensing cost for the OpenVPN access server would have been comparable to the support fees for pfSense.

The TAC enterprise support is $800 a year per firewall.

I would rate Netgate pfSense ten out of ten. If I could choose a product that was among the least frustrating and nearly flawless I've used, pfSense would likely be at the top of my list.

In addition to initial configuration tasks like routing and applying patches, minimal maintenance is required. Once the interfaces are set up, we configure firewall rules and are ready to go. Patching will be necessary for all platforms, but no specific requirements exist beyond standard practices.

I use the solution in two of my homes. I have a home in the UK and one more in the US. I have two firewall tools running with a VPN link between them, and it allows me to easily administer and protect both networks, one in the UK and the other in the US.

I can discuss the product's most valuable features if you have a playbook for some of the things you want to hear about or expect me to touch upon.

The tool's most valuable features revolve around its ease of use. It is a resilient product with a very easy-to-use interface. The learning curve for the product is very simple. I also like the core packages included in the tool, making my firewall a one-stop shop for stuff like DNS and VPN usage. The tool has a lot of packages available. I like the product's in-built packages. I use WireGuard VPN, and it is very good. I use IPSec, the built-in DNS product in the tool. I can also link the tool with my UPS if the UPS has an outage in the northeast region where people experience electricity cuts. The software I use on Netgate pfSense acts as a kind of choke point and sends messages throughout my network to start shutting down during electricity cuts. My firewall is a ground zero area for me on my edge. All the packages in the tool allow me to protect my network. It serves as a Layer 4 product since Netgate pfSense doesn't do anything like other products offering Layer 7. As a Layer 4 product, Netgate pfSense is very strong since I can easily create very advanced firewall rules, which I wouldn't be able to create as easily with other solutions, especially if they don't come with more than 10,000 or 20,000 USD as the price tag. Palo Alto, Check Point, or FortiGate are expensive firewall products compared to Netgate pfSense. I don't think Netgate pfSense really competes with Palo Alto, Check Point, or FortiGate, but the latter set of tools may make it feel like Netgate is trying to compete with them. I work for a major security firewall vendor, and I don't think Netgate pfSense competes with it. Netgate pfSense provides SMEs with a significant amount of value for not a lot of cash.

It is very easy to add features to Netgate pfSense. Now remember that Netgate pfSense does not attract an average IT person. The tool attracts people with two profiles, including CCNA-certified or very sophisticated firewall administrators, hoping they can help use some of the pretty advanced features in the product. The second profile of the tool's users would consist of those who are getting started or want a better firewall than what their carriers or the provider provides them with so that they can learn about firewall devices. They want to learn about networking by using Netgate pfSense. For both profiles, the tool offers a very linear learning curve. The documentation in Netgate pfSense is very strong.

The benefits related to the product can be experienced immediately after the product is deployed. I wanted to replace EdgeRouters from Ubiquiti for my use cases, which have now gone into a deprecated mode. I wanted a tool that could offer me the functionality of EdgeRouter, and I was happy to pay more for a product that could provide such features. Compared to EdgeRouter, I had to spend 700 to 800 USD on both the final units from Netgate pfSense for both of my homes. I chose Netgate pfSense since I wanted a tool with a set of more updated functionalities and a solution that can be considered an easy replacement product for EdgeRouter. I saw immediate value in Netgate pfSense from day one.

A single pane of glass is a vast term. If I were to define a single pane of glass, I would say that it is something from which you can see everything from everywhere in a single dashboard. The single-pane-of-glass feature within the tool's user interface is one of the core aspects of the product. In my opinion, the tool has a very strong dashboard.

Netgate pfSense can minimize downtime easily since it is easy to put it in a high-availability configuration.

Considering that the tool offers a Layer 4 firewall's functionalities, I can say that Netgate pfSense provides visibility that enables me to make data-driven decisions. For example, the firewall fits into two markets. The north-to-south market is where Netgate fits in with Palo Alto, Check Point, Sophos, and Cisco. There is also the east-to-west market where I work since it is where my employer is currently. When you talk about the visibility of data, you are looking for either north to south or east to west. In terms of the visibility from east to west, which is based on application to application or data center within a data center, Netgate pfSense will not be helpful at all. From north to south, I get visibility over what is coming into my network. For example, I can easily capture dump traffic using the in-built features in the tool and run an SNIP on the traffic. I can see what's coming in and inspect those packets, and I can do that all within the user interface, which is a new feature in the tool that is very strong. I like the tool's new feature. The tool has very easy-to-consume logs, and it is very easy for me to export them into a SIEM server if I want to do some kind of mass data warehousing and sorting.

With the inclusion of firewall, VPN, and router functionalities, if I assess the total cost of ownership of Netgate pfSense, I would say it is very large.

I think the tool requires more strategic improvements than we need it to be in the present. With Netgate, considering that I work in a firewall market, I know that its problem is not just in its features. It needs improvements in terms of the strategic vision, where the product should go, and what market it should be for in the future. Netgate needs to figure out if they want to strive for the SMB business and the home market or if they want to attempt to reach out at an enterprise level. 

I don't think Netgate knows where they want to go with or without a plan. I think Netgate is still trying to devise a plan by itself as to which market it wants to fall into, which can make it more profitable for the tool. There is nothing that Netgate pfSense could do to make me feel any better about the product. I love the product, and I will use it until I die. It is a really good product. Improvements are needed in the area of the company's strategic vision and based on where the solution needs to go in the future. I spoke about north to south and east to west since the world is moving towards the concept of zero trust. If you are a CISO or a CIO and you are trying to achieve a zero-trust architecture, you need to check if Netgate is on your list of companies that would help you achieve it. If I consider the CIOs I speak to, Netgate doesn't even get mentioned in our talks.

I do not require improvements in the product. It is feature-complete. As a firewall, Netgate pfSense can be described as a very feature-complete product for the market space in which it currently operates.

Strategy and vision of the product are the areas with shortcomings where improvements can be made so that Netgate pfSense can figure out where the product should go in the future. It will provide Netgate with choices like whether it wants to go towards a zero trust architecture if it wants to go towards the east-to-west direction if it wants to go towards big enterprise or go into Layer 7 traffic. My answer regarding the need for improvement in the product is going to be more of a strategic-based one rather than from a technical point of view because the product is excellent.

I have been using Netgate pfSense for five years. I am an end user of the solution.

Stability-wise, I rate the solution a ten out of ten.

The solution's scalability is tricky, and it all depends on the context. It is infinitely scalable for me, and my company has 150 devices in my network, which may be nothing. Suppose a company like J.P. Morgan says they want to use Netgate Netgate as their north-to-south firewall. In that case, you may face big scalability problems because, at such a level, tools like Check Point or Cisco have custom silicon chip designs to support their workloads. For SMBs, the scalability part is not an issue. I don't think Netgate pfSense can offer much scalability for big enterprises.

I have contacted the solution's technical support team. The quality of the answers provided by the technical support team is good, and the responsiveness is exceptional. I rate the technical support a ten out of ten.

Positive

I have used many solutions that can be considered alternatives to Netgate pfSense. I can compare Netgate pfSense with FortiGate since Netgate is priced similarly but falls at a lower end when compared to Fortinet FortiGate. FortiGate is a better product for an enterprise. For home usage and small and medium-sized enterprises, Netgate pfSense can be a stronger choice than FortiGate. For home use, Netgate pfSense is very much preferable.

Even for an unskilled person, the tool's deployment phase would be easy to manage. It is a very easy product to consume because it has a lot of WYSIWYG and built-in wizards, along with a very easy graphical user interface.

Deploying one instance of Netgate pfSense can take around five minutes, and only one person does it. Regarding the other tasks, our company has firewall products that handle more than 100 or 1,000 workloads, and two to three people manage them.

A limited amount of maintenance is required from the end of the tool's users. It is just to adjust the firewall rules as and when necessary to meet the business needs, like in patching, where Netgate pfSense does a very good job while also being very responsible and quick to respond to zero day and CVE alerts. The tool is superb and very impressive, but it can be described as a very low-overhead product because, by nature, firewalls under the north-to-south are for static workloads, which is where Netgate's market is currently. Those workloads are not changing for now. You put Negate pfSense into your system and forget about it, which can be considered as a whole other problem in firewall products, but I won't go too deep into it because that is why there are 20 years of rules in firewalls and no one maintains it because you just set it up and forget it.

I bought Netgate pfSense Plus since I have to use the firewall in both my houses, so I have four solutions. I have made certain payments using a subscription-based model to use Netgate pfSense Plus.

If I were a part of Netgate leadership or running the company, I would clear out a few areas on the strategy side of the business. I work for a major enterprise where an SME or the tool is needed. Netgate's strategy regarding Netgate pfSense Plus for home users or labs was very misleading in nature and handled very badly. I have opted for the tool's subscription-based pricing model. a subscription, and I am very happy to pay the money money, which comes to around 130 USD for two years, which is nothing for me. Netgate handles the tool's subscription-based pricing model very badly.

I think Netgate pfSense's pricing or licensing models are fair enough. I think the way Netgate pfSense handled its previous pricing model with regards to Netgate pfSense Plus was an area that was misleading for users. Overall, what I pay for the product is very reasonable.

There are no features in Netgate pfSense that help prevent data loss. One can use a DLP tool to manage data loss.

The visibility in Netgate pfSense does not help me optimize performance, and I think it is because I am a pretty advanced user on the command line. I wouldn't rely on the visualization part for any advanced performance.

I have never used Netgate pfSense on Amazon EC2 virtual machines.

My suggestion to those who plan to use the product would be that they need to read the solution's documentation, utilize the community forums and shouldn't be afraid to fail. It is easy to recover from failure with Netgate pfSense since it has configuration change logs along with very easy rollback abilities. In the newest version, if you make a change and you reboot, it just snapshots you back to the new change, which is excellent.

I rate the solution a ten out of ten.

I use pfSense as my primary home router and edge gateway. My professional background is primarily in security engineering, though I focus more on pre-sales technical engineering. Due to my extensive experience in direct and security information management over the past decade, I leverage pfSense's capabilities to generate much of the data in my SIM system. This data is essential for laboratory purposes, testing, rule development, and use case creation. As a result, pfSense is a crucial component in securing both my home network and laboratory environment.

I appreciate pfSense's flexibility because I previously encountered issues with hardware reliability. While I'll eventually order dedicated pfSense hardware, I experienced consistent problems with SSD corruption. Frustrated with this, I considered switching to OpenSense. However, I discovered its potential after running pfSense in a virtual environment. The ability to easily create snapshots and recover from mistakes is invaluable. Ultimately, I've decided to continue using pfSense virtually due to its flexibility and convenience.

The ease of adding features and configuring them in pfSense depends on a user's familiarity with FreeBSD and network analytics. While I have extensive experience building firewalls from raw FreeBSD, pfSense offers a user-friendly interface that accelerates setup for newcomers. Its underlying FreeBSD foundation allows advanced users to access and configure low-level features. I appreciate pfSense's intuitive GUI and the secure default configuration provided during initial installation.

After the initial setup process, I immediately recognized the value of pfSense. The straightforward configuration questions provided a solid foundation, making the benefits apparent. While every implementation requires tailored adjustments, pfSense offers a versatile platform to explore various use cases. My primary focus was extracting in-depth information beyond standard firewall logs, such as detailed Suricata events and DNS server activity. As I delved deeper, I discovered pre-built packages that simplified data export to tools like Prometheus and InfluxDB, often meeting most of my requirements without extensive customization.

The advanced pfSense firewall rules offer significant advantages, such as implementing threat intelligence to block malicious actors from accessing our network. Configuring pfSense for radius or two-factor authentication can enhance security by preventing unauthorized access to our environment. These features are among the reasons I appreciate pfSense.

pfSense offers a centralized view of network data, but its built-in dashboards are sufficient for many users. As a fan of Grafana, I prefer a consolidated approach and could utilize pfSense data through either Prometheus or InfluxDB. However, extracting all data for central aggregation, as I'm accustomed to in threat management, aligns more with my preferred workflow. Nevertheless, the ability to customize dashboards within pfSense to monitor firewalls, DNS, and other critical services is valuable and meets the needs of many users, including those focused on point-of-service operations.

pfSense offers several features designed to minimize downtime, including failover, synchronization between routers, and ZFS snapshotting. While these tools effectively reduce downtime, I believe virtualization snapshotting and backups provide the best solution for my needs. Ideally, I would have multiple pfSense routers with a redundant setup, but budget constraints currently limit me to virtualization. Ultimately, the best approach depends on individual requirements and resources.

pfSense provides visibility that enables me to make data-driven decisions.

pfSense's visibility into system performance enables optimization at various levels. The initial user interface provides valuable information about RAM usage, active services, and general health. In contrast, more advanced users can access in-depth kernel-level data for granular insights into system behavior. By offering tools for novice and experienced users, pfSense empowers practical understanding and management of system resource allocation.

I appreciate pfSense's foundation on FreeBSD, which enables me to leverage additional FreeBSD packages for expanded functionality. WireGuard, a core feature I constantly rely on, facilitates my home and mobile devices' constant connection to my home network, allowing complete traffic monitoring and filtering. I value Pia ad-block's effectiveness in network traffic filtering, ad blocking, and malware prevention. Unbound's flexible DNS server complements the robust firewall, which is user-friendly and flexible for rule creation.

I've encountered persistent issues with the solid-state drives built into pfSense hardware devices. The devices consistently malfunctioned despite repeated attempts to resolve the problem, including complete reinstallation. Power outages significantly contributed to the issue, as frequent system corruption occurred following these events. Even after reformatting, bad sectors persisted on several drives across at least three purchased devices. Unfortunately, this has rendered some units utterly unusable due to recurring disk corruption.

While there seems to be support for virtual environments, I believe some modules specifically support VirtualBox. Unfortunately, I've had to customize my own setup again. To accommodate users on platforms like Proxmox, I need to install the QEMU Guest package to provide native support for such environments, similar to other open-source virtualization solutions like KVM. Out-of-the-box QEMU Guest support would be beneficial. I appreciate the inclusion of Suricata, Snort, WireGuard, and Telegraph, which work well behind the scenes. The Prometheus node exporter is also present. Having used pfSense for a decade, I continually discover new functionalities. Surprisingly, some features I needed were already available, but better discovery mechanisms within the product could help users explore them. I would like to see out-of-the-box QEMU support.

I have been using Netgate pfSense for ten years.

Stability has been a concern for me. Hardware-wise, performance has been inconsistent. Software stability has also been an issue, particularly during significant upgrades. I've encountered various problems that required troubleshooting. However, I've noticed a substantial improvement in stability and ease of use for upgrades and patching over the past year or two. While there have been occasional setbacks, such as with the new packet exporter feature, pfSense has become much more reliable overall.

The scalability is good because I started with a simple network, WAN, and LAN setup and expanded it to multiple LANs, VPNs, and internal networks.

Technical support has been good, especially for hardware issues. Whenever my image was corrupted, I could always count on them to send a new NISO image within a few days without questions. However, I don't need much support for configurations or other technical aspects as I prefer to experiment and learn by trial and error in my lab environment. That's the fun part for me.

Positive

I was going to move to OpenShift, but I never made the jump. Eventually, I think my saving grace was my ability to virtualize pfSense. Once I do that, I can bounce back from misconfigurations or something wrong. I have had no problems with pfSense since I got off the harness.

A skilled networking engineer unfamiliar with pfSense can easily configure a firewall. Setting up a NAT barrier between internal and external networks is straightforward; this functionality is included by default. VLAN configuration and other initial setup questions are addressed during the product's initial setup process, the specifics of which depend on the intended use case.

The average time to set up one pfSense box is 15 to 20 minutes.

One person is enough to deploy pfSense. 

I prefer the software licensing model. In contrast, hardware costs can be substantial; I once paid around $400 for a piece of equipment, perhaps two or three years ago. I believe they've made improvements since then, although I can't recall the exact model number, as I moved from the smaller SG 1100 to the SG 2100 to accommodate more advanced features requiring additional RAM. Unfortunately, I encountered another hardware failure with the latter.

The cost of ownership is low, especially when purchasing the pfSense Plus and virtualizing it.

I would rate Netgate pfSense eight out of ten.

I use the paid version of pfSense because I constantly was replacing faulty hardware. The previous physical appliances struggled to handle the network load, so I switched to a virtualized solution.

pfSense can be essentially set and forgotten in basic configurations, but utilizing advanced features like Suricata IDS and TF blocking necessitates regular maintenance to ensure rule updates and system synchronization. Consistent care and attention are required for optimal performance in these scenarios.

I recommend that new users keep things simple with pfSense. While I enjoy pushing my products to their limits, simplicity contributes to a more stable system overall.

I am using pfSense for its firewall, gateway, and intrusion detection. I used the Community Edition for years and then switched to the pfSense Plus free-from-home edition. There was a bit of turmoil when IXSystems announced that they would no longer offer the free-from-home edition

We immediately realized the power when we deployed it a few years ago. It exceeded our expectations. As time went on, I discovered more features in the different packages they provide and whether they fit my needs. Over time, it's been a learning process, and I've been greatly impressed with almost every aspect of this product. It has all the things I wanted but found lacking in other products.

All of the features work together to prevent data loss or any compromise of your data. It all boils down to the rule set. I have mine configured so that all the data goes out depending on my Netgate device. Some machines go through a particular VPN connection. If that connection goes down, I've got the rule set configured like a dead man's switch. It's cut off from the outside world, and I get an alarm, and it allows no more attempts to let traffic pass through that connection.

It helps to prevent downtime. Whenever there is an issue, it's the first place I look because I can check the statuses of various interfaces to check whether they're up and then zoom further out to see if it's something in my internet provider, like a faulty cable. It enables me to reduce downtime by quickly determining where the problem might be.

PfSense provides the visibility I need to make data-driven decisions. For example, if I have a spike in bandwidth usage, it shows me which devices on my network are suddenly eating more bandwidth. I can see what's causing that. It also greatly reduces the time spent maintaining my network, so there's a productivity boost.

PfSense has a learning curve, but once you've mastered that, it isn't that difficult. It's very flexible, and you can do almost anything necessary to secure a home network. It has packages that expand its capabilities. For example, you can install Snort if you want intrusion detection. If that's unimportant to you, you can use it to check the bandwidth of all the machines in your network.

Adding features is simple. You go into the menu to check which ones are available and click on the ones you want to install. If you've done your research on the packages you want and the settings you'd like to use, it's a matter of walking through the configuration in the menu. When removing the package, it will revert the settings 99 percent of the time. 

I like the interface. You can arrange the windows to see the important information and put them in the order you want. You can see the various interfaces you have at a glance in a single pane of glass. I have certain bits of information I want to see first, and there are secondary or tertiary pieces of information. If you are using VPN connections, you can see their statuses. You can see hacking attempts, which are logged. 

It's powerful. You can get quite granular in setting up a highly topical application of pfSense, but if you want just basic protection, you can do that easily. It depends on your needs and how brave you are. You can go deep into the system and do some cool things with it or set up the bare protection you would get from any firewall.

I'm trying to set up a gaming server for multiplayer games like 7 Days to Die. I spent three or four days trying to publish a private IP address through pfSense to the outside world. Some commercial and consumer-grade routers can do this, specifically gaming routers, but pfSense is not intended for this usage. 

That's a feature I'd like to see added, where you can go into a submenu, turn it on, and specify which machine or IP address you want to publish. It's not a must-have, but it would be nice to have. I spent a long time trying to figure that out. Ultimately, I was successful, but it was not intuitive.  

I have used pfSense since 2016.

I rate Netgate support 10 out of 10. You must have a license for pfSense Plus, and I called them about an unexpected hardware issue that caused me to switch machines. I emailed explaining the situation and got a response the same day. I provided all the information on the new box, and they gave me a license. It was a pleasant, non-stressful experience. 

I have used Smoothwall and a few other things that have been abandoned. I liked the look and performance of Smoothwall's interface. It had many of the same features as pfSense, but its capabilities weren't deep enough. I've also used basic Linux distros set up as firewalls, but pfSense is oriented toward an enterprise-level deployment, and I find myself between hobby and enterprise. I also like the added features pfSense provides. 

I am not using a Netgate appliance. I deployed pfSense on a very small machine that has plenty of RAM for the overhead, logs, and speeds I want for my network. 

When I first installed pfSense, there was a bit of a learning curve. I had to sit down with the documentation and figure out what to do. It wasn't difficult— just time-consuming. That information has carried forward with me. Other people look at me like I'm some kind of expert but I'm really a few pages ahead of them in the manual. 

PfSense isn't something you can turn on and forget about. You need to configure the solution and test it. Then you can turn it on and let it run. From time to time, you have to come back periodically to make sure everything is still fine. The initial deployment takes about 30 minutes. It was a one-person job.

I would like to see the price of pfSense lowered by about $50, or maybe they could create a category for home lab users like me with one device. I'm not running a business or profiting from it. I realize that people need to get paid for the work that they do, so I can't complain. They decided that they needed to change their model after providing the product for free for many years. 

Before they changed and started to charge for pfSense, the total cost of ownership was phenomenal. It still offers tremendous value, but that was an adjustment. You can choose to go back to the community edition or just pony up the money.

I rate Netgate pfSense nine out of 10. I only give it a nine due to that recent issue setting up the game server. I eventually figured it out and published my solution to the forums. Otherwise, it would be a perfect 10. 

We primarily use the solution as a replacement for commercial firewalls. We use it as an Internet Gateway Firewall product and use the VPN features.

pfSense helped solve the limitations of proprietary software. I find it frustrating when the hardware capabilities of a particular piece of equipment are doled out piecemeal for a fee. For example, when certain features are locked until you pay for them. The proprietary nature and the extra computing power that's used to basically enforce the copyright on some of the competitive products I resent. I like that this has a community option. I'm an open-source advocate. I started using Linux in 1999, and I prefer that developer model.

There are many capabilities within pfSense, that I've never used, and that's true of a lot of products. It's very flexible, and they have plug-ins.  You can add features to pfSense. It is moderately difficult. That said, the web interface is great.

I like that I can use it with OpenVPN. It's not licensed and is not run by some corporation that watches you.

It has an advanced file system so that you can configure it with multiple drives and have redundancy within the router itself. I've never used it as a file server. I've never used it as a data store. It's really more about security and not reliability.

It's keeping the bad guys out and allowing connectivity when you need it.

The configuration could be a little more intuitive. It's a little trickier to set up - things like the OpenVPN - than it should be. However, once you get this configured, it seems solid as a rock, and it just works. 

The solution needs better error messages in the VPN. It's kind of a bear to configure. That could be streamlined or smoothed out. That said, I do not do this 40 hours a week like some people. I wear a lot of different hats. Still, when it comes to configuring, it always seems to be a little more involved. 

I've been using the solution for three or four years. 

The solution has been very solid.The BSD file system is a little more fragile than a Linux file system. I've had situations where a power failure causes a hard drive not to get corrupted but to need to run maintenance on it when it reboots. However, that's not a pfSense issue. Overall, it's been great.

I'm not a power user. For me, the capabilities are fine. It runs pretty fast even on modest hardware. 

Technical support was good. It was way better than the twenty-four hours that the contract said. They usually get back to me in a matter of a few minutes. 

They are very good at answering and solving specific problems. If something doesn't work, you can give them access. They can figure it out and make it work. 

I was less satisfied when I tried to ask a question like, "Is this the best way to have this configured?" It's a slippery slope of going beyond the typical tech support and actually getting consulting on it. I understand that maybe that's not their problem. However, it did seem like there's this hard wall where they will answer specific questions, but they are not going to give you general consulting advice about how to use the product. That is a little frustrating. 

Positive

I've used SonicWall and I've used various commercial firewalls, for example, Cisco. However, I haven't evaluated other things in the same category based on open source. There are a lot of them; I haven't looked at anything else, to be honest.

It's easy to get it going as a firewall. It's moderately difficult to get the VPN features running. I was able to deploy it within a couple of days. 

Maintenance is needed for upgrades or renewal of certificates.

I managed the setup myself with the help of the pfSense support staff. 

I use the community version, although there is a paid version as well. I've also downloaded it, registered myself, and paid for it to get support. I'm not sure of the exact features that differ between free and paid. 

I'd rate the solution eight out of ten.

The only shortcomings are somewhat obscure configuration issues. However, the scope of what they're trying to do is very good. While there could be more polish on some configurations, it's very capable and very flexible. 

If I had to do it over again, I would probably have actually gotten the hardware from NetGate. You're paying for the support, and bundling the hardware and support together might be better. I sense that you'd kick yourself up a notch in terms of the priority that they give you. Not that there's ever been a problem. Getting the hardware directly from pfSense might cut out the middleman and reduce the possibility of issues when something goes south. Other than that, I'm a pretty fairly satisfied customer.

We use pfSense as the main firewalls coming into most of the companies we support. I work for an MSP. We've used different things. Our higher-end customers even run pfSense high availability clusters, and those work like a champ.

It has made deploying firewalls a faster process due to ease of configuration.

One of the features we use the most is the OpenVPN and IPsec VPN tunneling built within it. We have places that are headquarters and multiple locations where we create tunnels. We support police departments and stuff like that. Part of our use case is one of our police departments that does their own dispatching, so they have software that they run in-house. So we set their points out where the points themselves dial back in through OpenVPN using client certificates to create that always-on tunnel. Prior to us taking that over, they were using FortiGates, and the FortiGate FortiVPN was constantly dropping, and they were constantly having to re-authenticate. They would have to put 2FA back in. Since we've put in pfSense, we have the cradlepoints in cars establish the VPN connection, and we hardly ever hear from them since there seem to be no issues.

pfSense's flexibility is great. If you don't have the money to buy the NetGate hardware, anything works with it. You can toss it on any low-end piece of hardware or virtualize it if you choose to virtualize it. It is super flexible.

It's easy to add features to pfSense or configure them, especially if you're familiar with pfSense. They have a complete repository of apps that you can choose from and different types of monitoring packages you can put on it. They're all very, very straightforward and very easy to set up. I even run a pfSense for my home firewall. I've got AT&T fiber coming into my house. I bridge the public IP through, patch the modem into my pfSense, and have no issues whatsoever. I even run multiple VLANs off of it.  I replaced a FortiGate with this setup.

The benefits are witnessed immediately after you deploy it. Immediately after you deploy it you're no longer having to read articles to figure out what flaw has been found in this version of FortOS or what flaw has been found in this version of SonicWall that's being run. You just you don't seem to have that in the pfSense platform.

pfSense provides with a customizable dashboard landing page.  You can add widgets to show you any piece of information you want to see. I can add in a widget where, from the dashboard, it'll show me, what OpenVPN clients I have connected. It'll show me traffic graphs from LAN, optional ports, uptime, what version of BSD I'm on, what version of pfSense I'm on, whether there's an update available for PFSense, IP information, et cetera. It gives me all this within the main loading dashboard screen.

To manage multiple devices, you would have to subscribe to a third-party service to have the ability to do that.

This is truly set it and forget it. We didn't quite run into that as much with FortiGate. Even with the third-party add-ons, we don't seem to run into issues with the pfSense product where we have to be so hands-on.

There are two versions of pfSense, the community edition, which is free, and the paid version, Plus. We run both. We're getting more away from the community edition since we're starting to just purchase NetGate appliances. We're buying it strictly through NetGate. At this point, we're even starting to add on the tech support, which is top-notch.

pfSense can help to minimize downtime. You can set them up in a high-availability cluster, and that pretty much minimizes all downtime. Your secondary appliance picks up if your primary appliance goes down. It makes it really easy to apply updates or reboot the one firewall. It switches over so seamlessly. Your users never know the difference. When the primary firewall comes back up, it'll take over the primary function again, and then you can reboot your secondary firewall.

The visibility in pfSense enables us to make data-driven decisions. You can use traffic graphs and the historical data of those traffic graphs, especially if you're monitoring your WAN connection, to know whether you're oversaturating your line and whether you need to update your bandwidth coming into your building or not. That way, if you're seeing slowdowns on the internet, you can go back to your traffic graphs and figure out if you are seeing the slowdown from your provider or just oversaturating the line. If that's the case, I just need to call and order some more bandwidth.

As far as optimizing the performance goes, I like the fact that you can take interfaces within pfSense and put bandwidth limits on them. If I have a guest network, I can put a throttle limit on it to make sure that somebody doesn't hook to my guest and eat up so much bandwidth that my primary network can't function.

They're very affordable for what they offer. However, they should become more MSP-centric. They could design a centralized dashboard that I, as an MSP provider, can create sites and load my pfSense in there. That way, I can schedule updates to run after hours and things along those lines. They need to design for MSPs that are using their products and make centralized management easier.

I've been using pfSense for at least a decade. 

pfSense doesn't ever crash. If I had any gripe about these things, it's the fact that sometimes the update process will break the appliance. I'm not sure what causes it. I've had a few appliances where they've been running fine, and I go to apply an update, and then they just don't boot back normally. At that point, I reach out to support. They give me the reload file that I need. I reload the appliance. I dump the config back on it, and then it's good to go.

As long as you're buying an appliance that will support the bandwidth that you need to push through it, scalability is fine.We've got some of them running 10 to 12 VLANs. We've got one particular one that has no less than five different OpenVPN setups depending upon the department you're in.

Their paid support is top-notch.

With the community edition, and this probably is one of my gripes to pfSense, and this is more on the NetGate side, is that they don't make their images readily available to you. So you have to open a support ticket. You have to give them the hardware ID. You have to give them the serial number of the appliance, and then they will send you the file that you need to reload the operating system. Even so, we're talking about less than an hour of waiting time, and somebody will respond to the ticket and give you a link where you can download the software to reload it.

Positive

We've used SonicWall. We've used FortiGate. We always seem to go back to the Netgate and the PS pfSense just due to the fact being open source, they seem to have fewer security flaws in them than running something that is a closed proprietary system. With FortiGate, you constantly need to update, since they're constantly finding flaws in the FortiOS, and we just don't seem to have that from pfSense and the NetGate supply of products.

There was more hands-on work with FortiGate. If you're doing any type of web filtering, they would come out with an update where a website that did work would start getting miscategorized. And then all of a sudden, it would stop working. And you would have to go in and make a white list and an exception for it.

We buy the appliances and then install the appliances on our customer sites.

The initial deployment is easy. How long it takes depends on how simple or how complicated it is. As far as just a simple firewall goes, I can have one of them up and running in 15 to 20 minutes.

Even if you are not too knowledgeable, it would be very easy. When you first boot into it and go to the web interface, it has a wizard that walks you through setting the IP address on your LAN and configuring whether you're using DHCP or static on the LAN. That wizard that walks you right through what to do right out of the box.

Just one person is generally needed for deployment. 

After the deployment, it's pretty much set it and forget it. I will go in and I will check quarterly if an update needs to be applied, however, they don't come up with updates that often. Maybe once a quarter, once every six months, an update has to be applied to the appliance. Other than that, I am only logging into these appliances if I need to make rule changes or if I need to bring up an additional VLAN in the network.

The licensing model is good. It's probably a little expensive for the hardware that you get. However, a part of that price is the support. And their support is top-notch. Even if you're only using the community support, and you're not paying for the extra support, they probably pad the hardware prices a little bit to help offset their support people. 

I love the TCO (Total Cost of Ownership) of pfSense. That's one of our selling points to our customers. You can buy this, buy once, or, you can look at going to Meraki or FortiGate or something like that, but, be paying licensing fees every single year to keep that product up and running.

I'm an MSP.

I'd rate the solution ten out of ten.

If you're going with the NetGate appliance, I'd let new users know that they are already optimized for pfSense. If it's something that you're looking to virtualize or if you're looking to use a community edition on your own hardware, my recommendation would be just to make sure that you use Intel network cards. I have never had a problem out of an Intel NIC for getting the OpenBSD underlying platform to recognize those network cards and load the proper drivers for them. That way, they show up within the pfSense software.

The tool is partly for home-based usage and partly for business usage. I am in the IT industry, taking care of the security and technology parts. I also run a private business in my spare time when I am not working. I use Netgate pfSense as my firewall to separate those two entities: my home and business. I also participate in providing server space for projects involving Azure Flex and Azure Core, which is kind of like an AWS situation but in a more centralized manner. I use Netgate pfSense to ensure that everything is separate. I use Suricata to weed out any malicious type of activity and to keep an eye on just to ensure that all the other functions, both personal and business-related, remains unaffected, intact, and devoid of any type of attacks or the other type of malicious kind of activity.

The product has helped improve my organization's environment and personal environment since before the use of Netgate pfSense, and I really didn't even have a hardened firewall. With the implementation of Netgate pfSense, I am able to monitor my various network streams, so I have my servers, VLAN, my home VLAN, EMC, my WAN, and the specific VLAN for IoT devices. I even segregate some of my outgoing intranets as well, and I see how Netgate pfSense has allowed me to have a full and high-end visibility of a lot of the traffic that comes and goes, which for me is important because part of the job that I do is crypto related. When dealing with crypto-related business, you need to be careful as far as what you allow in and out of your network.

I wouldn't say the simplicity of the tool is its best feature. In a way, there is a simplicity to it, but I like the expandability of the packages that could be used. I like the data and the information that I can collect while observing network traffic. The whole layout of the application is pretty decent. The tool is not super expensive. It is quite an affordable tool. There used to be the free Netgate pfSense Plus that was provided earlier at one point, and I understand now, of course, that it is based on the yearly licensing model, and I think that took a lot of people aback. There is not a lot of money to be paid for the tool, and you get more than what you paid for, especially if I think about its use and consider what it does.

If I assess the flexibility of Netgate pfSense, I would say that I can not just run a firewall, but I could use HAProxy and run a bunch of other kinds of server-based applications that normally would occupy a different server, so it amalgamates a few services into one package, which is nice single point of contact. I like not having to go to two or three servers to run the services needed, especially the ease of the firewall, as far as the creation of rules and the security aspect are concerned. The updates that come in are pretty decent, and though not too often, they are often enough to keep things secure. I like the tool's flexibility in the sense that you do not have to buy an appliance. You can put it on your own hardware, and it can be very simplistic hardware with simple configurations. There are a lot of abilities to be used in the product, and benefits can be gained from the tool without having to incur a huge upfront cost in purchasing hardware. If you have a computer lying around, you can easily install it, and you can go with it. With the tool's free version, you can use the tool for free. It is quite a friendly tool in the sense that it provides access not only to regular people but also to high-end corporates and business individuals.

Getting extra features or added packages in Netgate pfSense is very easy since the GUI and the menus basically take care of everything. When you go to do the installation, you see the log messages come up, and it's very clear when it is complete. It is a pretty simplistic process.

As per my assessment regarding Netgate pfSense's role in helping prevent data loss, I would say that as far as data loss is concerned, I think part of it is the firewall preventing access to my network shares aside from the typical kind of blocking ports and not allowing traffic. I think very much the segregation of the VLANs is possible, and my server VLAN will have all kinds of data, information, databases, and file repositories, and all of that is completely segregated from my DMZ. Any kind of the shared services that I offer or kind of crypto-based services that I do, the connections, both incoming and outgoing, can't gain access to my server VLAN at all, and such segregation really protects my data aside from some of the built-in, immutable type of services that the kind of network repositories that I have that do outside of Netgate pfSense. The key thing actually is just keeping things separate and being able to get alerts if something funky is happening.

Netgate pfSense gives a single pane of glass management view since the dashboard is always the first thing that I look at, and I have got to configure it in a way where I see my traffic graphs. I have the gateways and interfaces that I look at, along with the interface statistics, services, and a lot of other functions that I can quickly just glance at, including my Suricata alerts, the filtering, and other alerts. I can look at the UPS and the run time for the battery. I could take a quick glance and kinda see all the information I need without getting too deep, making the tool's dashboard a pretty cool feature. It really saves a lot of time.

I use Netgate pfSense Plus. I generally have experienced zero downtime with the tool. If there is some downtime, it is because of my own doings. As far as the benefits of Netgate pfSense are taken into consideration, I can see it has a lot of the extras that you get, and it worked. At a certain point in time, Netgate pfSense Plus was free to upgrade. I don't remember how much Netgate pfSense Plus and pfSense CE software differ from each other, but I know they differ quite a bit. The one thing I will say is the major difference that I have used is the boot environment. If I am doing an upgrade, I will basically take a snapshot of my current boot environment. Even though it does it automatically when you do an upgrade, I just take another backup. If I do something that is a very specific change that makes me a little nervous, I take a snapshot, and then I always have something that I could boot back into if things go horribly wrong, which is a big plus and one way of eliminating downtime since you can go back to a previous instance that is fully functioning.

Speaking of whether the tool provides visibility that enables our company to make data-driven decisions, I can check my graph, and through monitoring, I will be able to check my WAN and see the quality of the WAN to the point I was utilizing a router or modem provided by my service provider I was able to through the graph when there was a drop in the traffic and the quality of the connectivity, and that led me to basically scrap the modem and actually configure my own setup to get the internet into my home.

In terms of the total cost of ownership of Netgate pfSense, I think that for somebody like me who uses it in a cozy home corporate business environment, it is quite an affordable option. The tool is not expensive, and when it comes to the cost of ownership, if you have something lying around, like an old server that I repaired for Netgate pfSense. The benefit is that I am able to put it on an older server, so there are no hardware costs. The tool is not something that would go into a landfill. I think that the tool has been quite affordable and has paid itself over quite a few times. You could go cheap and use an ASUS router at home, which a lot of people do, but it may not have the stability, and it doesn't have the kind of horsepower on your engine speed or expandability of a polished product like Netgate pfSense.

The maintenance that is needed in the tool is just to make sure that the tool is up to date. It's not necessary to do the maintenance, and it's not just about updating Netgate pfSense but also updating the packages. It is great that you have a good product that can keep your environment safe. If you don't patch or have unknown vulnerabilities that surface, then you will end up wasting your money. I do have a patch process, so I check at least once a week for new installs or packages or if there is a version released and apply them shortly after. The total time to install the tool is probably a couple of hours in a month.

I

There are a lot of features I want to see simplified in the product. I want to see the licensing model part to be improved in the product. Those who need to do certain functions from their house would purchase Netgate pfSense Plus while configuring their machine, but if they have another network added to it, then it would basically change the ID of the device, and they have to go and request to get relicensed. Netgate pfSense will help you with the relicensing part for one time, but if you need to do it a second time, then you will have to pay for a new license, and that, to me, is not very fair. I think if you have paid for a year of service, it shouldn't matter how many times you need to request to rekey the license as long as it is not every other day. Two to three requests in a year shouldn't be an issue, and if I add another network card, why should I pay for a new license when there is not much of a difference.

The only thing that I would like to get some better utilization of is the ability to do free switching. If I need to go between different VLANs, I have VLAN 19.1 and VLAN 19.2, and I strictly use Netgate pfSense, but it doesn't route very efficiently and works quite slowly. I understand that it is not the router, but a lot of times, Netgate pfSense advertises it as a tool that is able to route traffic. I had to go in and purchase a separate router to manage my internal VLANs because Netgate pfSense was just choosing between the VLANs I had.

I have been using Netgate pfSense for a year and a half. I am just a customer of the tool.

Stability-wise, I rate the solution a nine out of ten.

I haven't had an instance where the tool has gone down, and if it has, then that wasn't my fault. The stability is there in the tool. I have had the tool p and running a few times, and the only time I have had to reboot it is when there was a new release.

The scalability is really dependent on your hardware. If I want to scale it up, I can throw in network adapters, more memory, more CPU, and scale it up. It is quite a scalable tool, and it is really just dependent on what you throw at it. Scalability-wise, I rate the solution an eight out of ten.

The solution's technical support is not bad, and they are pretty quick to respond. It is quite average as far as the technical part goes. There has been no bad experience with the support team. I rate the technical support a seven out of ten.

Neutral

I tried using OPNsense but I didn't like the whole approach, the menu system and the way it was configured. Netgate pfSense made more sense to me in a logical manner.

The product's initial setup phase is fairly straightforward. If you install an operating system, then you can install Netgate pfSense, so there is nothing to it.

The solution is deployed on an on-premises model.

The basic installation of the tool takes less than an hour. The configuration part is something that you figure out as you go ahead with the tool, which obviously takes a bit longer. The basic installation is quite quick and can be done in less than an hour.

For me, considering how much I put into the tool, right now, I would say that the ROI is around 25 percent.

When it comes to Netgate pfSense, I use the basic TAC Lite license, which comes for about 100 USD. I don't think Netgate pfSense is expensive at all. You could look at other services that offer similar types of configurations, and you can see it may cost in the thousands range. Even though I want something for free, I think it is quite a reasonable tool. The only qualm I have with the tool is that it is a little stingy on how many times they have to rekey a license.

I would recommend the tool to others since for me, it is simple, the low cost of ownership, expandability, just the way it looks, I like the numbers, and when the data is there, you throttle how much information you want to see or collect. For somebody who likes to tinker or likes to see the numbers or wants to harden their network or has a corporate business and wants to ensure things are operating smoothly, the tool is worth it.

I rate the tool an eight out of ten.

I'm an independent IT consultant specializing in pfSense router deployments. I use pfSense not only in my home and my parents' homes but also at ten of my clients' locations.

The pfSense router can be deployed on-premises, in the cloud, or on a hybrid platform, but I only deploy it on-premise.

pfSense's flexibility overall is excellent. I can't think of a feature that it doesn't have.

Once I got the hang of it, pfSense became easy to use to add new features. However, there are occasional complexities, like configuring a RADIUS server, which initially seemed overly complicated. Thankfully, the documentation helped me navigate the process successfully.

I immediately saw the benefits of pfSense based on the cost savings alone. The routers are low-cost, to begin with, and there are no annual licensing fees like those required by Cisco routers and other brands. I have replaced many Cisco routers with pfSense because of the ridiculous licensing fees.

pfSense, as long as it is properly configured, is excellent at helping us prevent data loss.

Netgate hardware devices come pre-installed with pfSense Plus, which means all of our installations benefit from pfSense Plus because they run on Netgate hardware.

pfSense provides visibility that enables us to make data-driven decisions. The package manager lets us add a lot more visibility. I use the softflowd add-on package, and there are a few other add-ons if we need more visibility.

The visibility provided by pfSense helps optimize performance. The data flows across the different subnets, which is helpful if there is a performance issue.

pfSense stands out for its full features and adherence to industry standards. Unlike competitors introducing proprietary variations like UniFi or Omada, pfSense prioritizes compliance. This is crucial in manufacturing environments where diverse systems need to integrate seamlessly. In such multi-brand settings, standard compliance becomes a critical factor for successful system interaction.

pfSense doesn't offer a central management system for multiple sites, which wouldn't be a big deal for most of my customers, who typically manage just one site. However, for larger companies with many sites, logging into each pfSense router individually to manage them could become cumbersome.

Previously, we were able to download an offline installer for our firmware. For example, if our router crashes, we must reinstall the OS. We would have it on a USB stick that is available to reinstall. Now, with the current version of pfSense, they are no longer providing an offline installer. We have to be connected to the internet to download the OS in real time, which, in some cases, is not possible. Some routers need to be air-gapped for compliance controls. They are not supposed to have access to the internet. In other cases, we can't disconnect the company's internet to connect the replacement router because that would take down the company. So we don't have a way to install the OS. I went back and forth with Netgate's support, trying to get that through their heads, and eventually, a manager gave me the offline installer but told me this would be the last one and not to expect this ever again. They have provided offline installers for 15 years, so I don't understand why they would remove them now. They are not considering all of the use cases. If we have a large company and the router goes down, we could be losing thousands of dollars an hour, and we don't want to sit there trying to troubleshoot an internet connection when we could use a USB stick to reinstall it in two seconds and restore the config. This is an essential need for some organizations and an area where Netgate pfSense can improve.

I've been a Netgate pfSense user for nearly 15 years, practically since its launch.

Netgate pfSense has been excellent in terms of stability. I have never had an issue with any of the business-grade routers. Their lowest-end model runs on MMC storage instead of regular hard drive storage, and I have had some of those crash.

Netgate pfSense has different tiers, so the higher we scale, the more expensive it gets, but as long as we match it appropriately, it works great.

I have never paid for Netgate support, but when we purchase a new router, they allow us to send a config of the old router and provide one-time support for free. So, I have interacted with them a few times under these terms. The results have been mixed. Sometimes, I can tell I am speaking to a competent person, and others don't understand what I'm saying. In the past 15 years, I have been working with pfSense routers. I have contacted the support team 15 times, and the results have been 50/50.

Neutral

I have used Cisco routers, which were a real hassle to manage. I have also used Linksys and Apple AirPort routers.

The initial deployment for a new user is moderate. It all depends on their experience level. The documentation on their website is suitable for beginners. For a basic deployment, there are many articles from other people and YouTube videos on how to deploy.

Compared to other business routers, pfSense's pricing is reasonable. It also offers a free community version that can't be beaten.

With the inclusion of firewall, VPN, and router functionality, pfSense's total cost of ownership is low compared to other routers like SonicWall, which licenses the VPN feature. 

When I compare pfSense to other routers like TP-Link and Omada, I see that it has all the standard network features, whereas the others are missing a few. The challenge with pfSense is learning to use it because of all the features it includes. I have never felt like I needed to change brands because pfSense was missing a required feature.

I would rate Netgate pfSense eight out of ten. It is a great product.

I recommend new users do a test setup on their home network first to understand how it works before moving it into their business.