Try our new research platform with insights from 80,000+ expert users
reviewer2510328 - PeerSpot reviewer
Director at a tech vendor with 5,001-10,000 employees
Real User
Top 20
Offers ease of use and a high availability configuration to users
Pros and Cons
  • "It is a resilient product with a very easy-to-use interface."
  • "Strategy and vision of the product are the areas with shortcomings where improvements can be made so that Netgate pfSense can figure out where the product should go in the future."

What is our primary use case?

I use the solution in two of my homes. I have a home in the UK and one more in the US. I have two firewall tools running with a VPN link between them, and it allows me to easily administer and protect both networks, one in the UK and the other in the US.

What is most valuable?

I can discuss the product's most valuable features if you have a playbook for some of the things you want to hear about or expect me to touch upon.

The tool's most valuable features revolve around its ease of use. It is a resilient product with a very easy-to-use interface. The learning curve for the product is very simple. I also like the core packages included in the tool, making my firewall a one-stop shop for stuff like DNS and VPN usage. The tool has a lot of packages available. I like the product's in-built packages. I use WireGuard VPN, and it is very good. I use IPSec, the built-in DNS product in the tool. I can also link the tool with my UPS if the UPS has an outage in the northeast region where people experience electricity cuts. The software I use on Netgate pfSense acts as a kind of choke point and sends messages throughout my network to start shutting down during electricity cuts. My firewall is a ground zero area for me on my edge. All the packages in the tool allow me to protect my network. It serves as a Layer 4 product since Netgate pfSense doesn't do anything like other products offering Layer 7. As a Layer 4 product, Netgate pfSense is very strong since I can easily create very advanced firewall rules, which I wouldn't be able to create as easily with other solutions, especially if they don't come with more than 10,000 or 20,000 USD as the price tag. Palo Alto, Check Point, or FortiGate are expensive firewall products compared to Netgate pfSense. I don't think Netgate pfSense really competes with Palo Alto, Check Point, or FortiGate, but the latter set of tools may make it feel like Netgate is trying to compete with them. I work for a major security firewall vendor, and I don't think Netgate pfSense competes with it. Netgate pfSense provides SMEs with a significant amount of value for not a lot of cash.

It is very easy to add features to Netgate pfSense. Now remember that Netgate pfSense does not attract an average IT person. The tool attracts people with two profiles, including CCNA-certified or very sophisticated firewall administrators, hoping they can help use some of the pretty advanced features in the product. The second profile of the tool's users would consist of those who are getting started or want a better firewall than what their carriers or the provider provides them with so that they can learn about firewall devices. They want to learn about networking by using Netgate pfSense. For both profiles, the tool offers a very linear learning curve. The documentation in Netgate pfSense is very strong.

The benefits related to the product can be experienced immediately after the product is deployed. I wanted to replace EdgeRouters from Ubiquiti for my use cases, which have now gone into a deprecated mode. I wanted a tool that could offer me the functionality of EdgeRouter, and I was happy to pay more for a product that could provide such features. Compared to EdgeRouter, I had to spend 700 to 800 USD on both the final units from Netgate pfSense for both of my homes. I chose Netgate pfSense since I wanted a tool with a set of more updated functionalities and a solution that can be considered an easy replacement product for EdgeRouter. I saw immediate value in Netgate pfSense from day one.

A single pane of glass is a vast term. If I were to define a single pane of glass, I would say that it is something from which you can see everything from everywhere in a single dashboard. The single-pane-of-glass feature within the tool's user interface is one of the core aspects of the product. In my opinion, the tool has a very strong dashboard.

Netgate pfSense can minimize downtime easily since it is easy to put it in a high-availability configuration.

Considering that the tool offers a Layer 4 firewall's functionalities, I can say that Netgate pfSense provides visibility that enables me to make data-driven decisions. For example, the firewall fits into two markets. The north-to-south market is where Netgate fits in with Palo Alto, Check Point, Sophos, and Cisco. There is also the east-to-west market where I work since it is where my employer is currently. When you talk about the visibility of data, you are looking for either north to south or east to west. In terms of the visibility from east to west, which is based on application to application or data center within a data center, Netgate pfSense will not be helpful at all. From north to south, I get visibility over what is coming into my network. For example, I can easily capture dump traffic using the in-built features in the tool and run an SNIP on the traffic. I can see what's coming in and inspect those packets, and I can do that all within the user interface, which is a new feature in the tool that is very strong. I like the tool's new feature. The tool has very easy-to-consume logs, and it is very easy for me to export them into a SIEM server if I want to do some kind of mass data warehousing and sorting.

With the inclusion of firewall, VPN, and router functionalities, if I assess the total cost of ownership of Netgate pfSense, I would say it is very large.

What needs improvement?

I think the tool requires more strategic improvements than we need it to be in the present. With Netgate, considering that I work in a firewall market, I know that its problem is not just in its features. It needs improvements in terms of the strategic vision, where the product should go, and what market it should be for in the future. Netgate needs to figure out if they want to strive for the SMB business and the home market or if they want to attempt to reach out at an enterprise level. 

I don't think Netgate knows where they want to go with or without a plan. I think Netgate is still trying to devise a plan by itself as to which market it wants to fall into, which can make it more profitable for the tool. There is nothing that Netgate pfSense could do to make me feel any better about the product. I love the product, and I will use it until I die. It is a really good product. Improvements are needed in the area of the company's strategic vision and based on where the solution needs to go in the future. I spoke about north to south and east to west since the world is moving towards the concept of zero trust. If you are a CISO or a CIO and you are trying to achieve a zero-trust architecture, you need to check if Netgate is on your list of companies that would help you achieve it. If I consider the CIOs I speak to, Netgate doesn't even get mentioned in our talks.

I do not require improvements in the product. It is feature-complete. As a firewall, Netgate pfSense can be described as a very feature-complete product for the market space in which it currently operates.

Strategy and vision of the product are the areas with shortcomings where improvements can be made so that Netgate pfSense can figure out where the product should go in the future. It will provide Netgate with choices like whether it wants to go towards a zero trust architecture if it wants to go towards the east-to-west direction if it wants to go towards big enterprise or go into Layer 7 traffic. My answer regarding the need for improvement in the product is going to be more of a strategic-based one rather than from a technical point of view because the product is excellent.

For how long have I used the solution?

I have been using Netgate pfSense for five years. I am an end user of the solution.

Buyer's Guide
Netgate pfSense
March 2025
Learn what your peers think about Netgate pfSense. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.

What do I think about the stability of the solution?

Stability-wise, I rate the solution a ten out of ten.

What do I think about the scalability of the solution?

The solution's scalability is tricky, and it all depends on the context. It is infinitely scalable for me, and my company has 150 devices in my network, which may be nothing. Suppose a company like J.P. Morgan says they want to use Netgate Netgate as their north-to-south firewall. In that case, you may face big scalability problems because, at such a level, tools like Check Point or Cisco have custom silicon chip designs to support their workloads. For SMBs, the scalability part is not an issue. I don't think Netgate pfSense can offer much scalability for big enterprises.

How are customer service and support?

I have contacted the solution's technical support team. The quality of the answers provided by the technical support team is good, and the responsiveness is exceptional. I rate the technical support a ten out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have used many solutions that can be considered alternatives to Netgate pfSense. I can compare Netgate pfSense with FortiGate since Netgate is priced similarly but falls at a lower end when compared to Fortinet FortiGate. FortiGate is a better product for an enterprise. For home usage and small and medium-sized enterprises, Netgate pfSense can be a stronger choice than FortiGate. For home use, Netgate pfSense is very much preferable.

How was the initial setup?

Even for an unskilled person, the tool's deployment phase would be easy to manage. It is a very easy product to consume because it has a lot of WYSIWYG and built-in wizards, along with a very easy graphical user interface.

Deploying one instance of Netgate pfSense can take around five minutes, and only one person does it. Regarding the other tasks, our company has firewall products that handle more than 100 or 1,000 workloads, and two to three people manage them.

A limited amount of maintenance is required from the end of the tool's users. It is just to adjust the firewall rules as and when necessary to meet the business needs, like in patching, where Netgate pfSense does a very good job while also being very responsible and quick to respond to zero day and CVE alerts. The tool is superb and very impressive, but it can be described as a very low-overhead product because, by nature, firewalls under the north-to-south are for static workloads, which is where Netgate's market is currently. Those workloads are not changing for now. You put Negate pfSense into your system and forget about it, which can be considered as a whole other problem in firewall products, but I won't go too deep into it because that is why there are 20 years of rules in firewalls and no one maintains it because you just set it up and forget it.

What's my experience with pricing, setup cost, and licensing?

I bought Netgate pfSense Plus since I have to use the firewall in both my houses, so I have four solutions. I have made certain payments using a subscription-based model to use Netgate pfSense Plus.

If I were a part of Netgate leadership or running the company, I would clear out a few areas on the strategy side of the business. I work for a major enterprise where an SME or the tool is needed. Netgate's strategy regarding Netgate pfSense Plus for home users or labs was very misleading in nature and handled very badly. I have opted for the tool's subscription-based pricing model. a subscription, and I am very happy to pay the money money, which comes to around 130 USD for two years, which is nothing for me. Netgate handles the tool's subscription-based pricing model very badly.

I think Netgate pfSense's pricing or licensing models are fair enough. I think the way Netgate pfSense handled its previous pricing model with regards to Netgate pfSense Plus was an area that was misleading for users. Overall, what I pay for the product is very reasonable.

What other advice do I have?

There are no features in Netgate pfSense that help prevent data loss. One can use a DLP tool to manage data loss.

The visibility in Netgate pfSense does not help me optimize performance, and I think it is because I am a pretty advanced user on the command line. I wouldn't rely on the visualization part for any advanced performance.

I have never used Netgate pfSense on Amazon EC2 virtual machines.

My suggestion to those who plan to use the product would be that they need to read the solution's documentation, utilize the community forums and shouldn't be afraid to fail. It is easy to recover from failure with Netgate pfSense since it has configuration change logs along with very easy rollback abilities. In the newest version, if you make a change and you reboot, it just snapshots you back to the new change, which is excellent.

I rate the solution a ten out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Eloi Chayer - PeerSpot reviewer
Regional Aftersales Manager at a manufacturing company with 10,001+ employees
Real User
Top 20
Flexible with good plugins and reasonable pricing
Pros and Cons
    • "If I had to change internal providers, I might have some difficult times."

    What is our primary use case?

    It's the main firewall for my household. It's also what I'm using to gain access to my employer's website and VPN. It acts as a gateway to my employers. My wife uses the device as a VPN to do her job as well.

    How has it helped my organization?

    I wanted something that is robust and makes it easy to diagnose if anything goes wrong. I'm also used to the system. I've used it since 2006 or 2007. So it was something that was really familiar with. I used to use the free solution. Last year, I decided to jump into the actual hardware devices that these guys sell. I didn't have time anymore to deal with aftermarket hardware. It saves me some time to have their devices.

    The main benefit is peace of mind and no downtime or minimal downtime as compared to other solutions that I've used before.

    What is most valuable?

    Its ability to put some plug-ins into the system is helpful. There are a couple of packages that I'm using. Since I'm using it mainly as a firewall and sometimes as a VPN endpoint, it's really great.

    The flexibility is good. The fact that you can add packages makes the device quite flexible. Also, it's quite overpowered for my needs right now, so that's a good thing. 

    Price-wise, the quality to price is pretty much up there, especially when you consider that you don't have to tinker with anything. With hardware, you don't know where you know, how long it's going to last or anything like that. However, with pfSense, you have guaranteed support with NetGate, and this is great.

    It's quite easy to configure. It's very intuitive. Maybe that's because I know the interface. There's also tons of of information available online. They have a very good user manual for the software as well. It's very detailed, and it's it's easy to work with. 

    There's a forum where you can ask questions, and people are very friendly. Within a couple of hours, sometimes days, somebody has had the issue that you're having before. So, forum responses are quite quick.

    It's really easy to work with. There's peace of mind and no downtime.

    In terms of preventing data loss, any solution is only as good as its weakest point. And since this is at the very edge of my network, of the outside network, I feel I'm pretty prepared and protected from data breaches. That said, at the end of the day, I'm not opening myself up to many things in the outside world. It's blocking pretty well, and I don't feel threatened. If there's data loss, it's going to be from my end users, not from the device itself.

    It provides us with a single pane of glass management for my household. There's only one device that I use.

    The main advantage to me right now is that I'm using their reboot environment. It's really easy for me to update, and if some things don't go well, I can go to the previous version and be back up in no time. 

    pfSense is just plug-and-play. Performance-wise, once you install the system, it works even when there's been a couple of software updates. It's probably overpowered for what I need. Performance is very good.

    What needs improvement?

    If I had to change internal providers, I might have some difficult times. For example, going from cable to ADSL. Right now, it suits my needs, and as long as they keep it updated, I'm pretty good with that.

    For how long have I used the solution?

    I've used the solution since December 2023.

    What do I think about the stability of the solution?

    The stability is great.

    What do I think about the scalability of the solution?

    I haven't had to scale the solution.

    How are customer service and support?

    I haven't had to contact technical support. 

    Which solution did I use previously and why did I switch?

    I have used other solutions, such as Untangle, D-Link, and Linksys. There were always a lot of limitations if you didn't adopt the commercial licenses, and those would be expensive. pfSense is reliable, especially with the NetGate hardware. It's also predictable. There's never a big software change. pfSense has been very stable since it's based on FreeBSD. However, it is on a lesser-known OS.

    How was the initial setup?

    I use a physical device. For implementation, you have to use a console interface through a serial port and then a TTY from your own computer. For some people, maybe it's a bit more difficult. For me, it was really straightforward. It's as easy as setting up a switch. 

    I loaded it up the first time and the only thing I had to do was modify my previous config, change the interface names, and just throw it back in there. It takes less than an hour.

    There's only maintenance if there's an update. It might be down for a few minutes during that time. It takes maybe five to 10 minutes. Even if something goes wrong, it's pretty easy. You just reimage it and reload the safe configuration. It's much easier than other solutions, like Untangle. 

    What about the implementation team?

    I handled the implementation myself. I did not need the help of third parties. 

    What's my experience with pricing, setup cost, and licensing?

    The pricing is reasonable. Before I got the 6000, I was on my own devices. They developed a pricing schedule last year. At first, I was worried, however, it's maybe $130 a year and it's very reasonable compared to other solutions. With the 6000, the price is included within the device itself. 

    Compared to other solutions, the total cost of ownership is very good. It's not that it is so much cheaper, it's that it fulfils the needs of more people. With the level of support provided, the price is very reasonable. 

    What other advice do I have?

    I'd advise new users to take the time to read about the device and the software beforehand. Otherwise, you're going to waste a lot of time trying things that you think are going to work. Since it's not necessarily the same thing as, let's say, Untangle, you have to familiarize yourself with the interface and with the system before actually diving in deep.

    I would rate the product ten out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Netgate pfSense
    March 2025
    Learn what your peers think about Netgate pfSense. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
    842,690 professionals have used our research since 2012.
    Mohmad Saqib - PeerSpot reviewer
    Infrastructure and integration Architect at CommunityForce
    Real User
    Top 10
    A firewall with built-in IDS and IPS, load balancing, and VPN connections
    Pros and Cons
    • "The best feature of the tool is its all-in-one capabilities. It is a firewall with built-in IDS and IPS, load balancing, and VPN connections. The VPN integration, particularly with internal AD environments, provides stable connections. Centralized authentication is a notable benefit as well. We primarily use it for these features on our server level and are planning to expand their use in our complex environment to connect employees and services."
    • "My only suggestion is that Netgate pfSense implement more graphical monitoring. While there are accounts with add-ons for graphical monitoring of data networking, IPS, IDS, and firewall-level events, having more graphical representations like blocks would make the tool more capable. Although it has commercial support and a good GUI, it can still be challenging for someone without firewalls, command lines, and networking knowledge."

    What is our primary use case?

    We use the solution as the main firewall and a proxy for load balancing our web servers.

    What is most valuable?

    The best feature of the tool is its all-in-one capabilities. It is a firewall with built-in IDS and IPS, load balancing, and VPN connections. The VPN integration, particularly with internal AD environments, provides stable connections. Centralized authentication is a notable benefit as well. We primarily use it for these features on our server level and are planning to expand their use in our complex environment to connect employees and services. 

    Netgate pfSense is cost-effective because you can start using it for free. You can research how to install and configure everything, then install it virtually on any device or partition some hardware. This allows you to start using a firewall without any initial cost.

    For larger companies, if you have one or two people skilled with the tool, they can design the complete network using it. That's all you need. You don't have to invest in expensive subscriptions or big hardware setups.

    What needs improvement?

    My only suggestion is that Netgate pfSense implement more graphical monitoring. While there are accounts with add-ons for graphical monitoring of data networking, IPS, IDS, and firewall-level events, having more graphical representations like blocks would make the tool more capable. Although it has commercial support and a good GUI, it can still be challenging for someone without firewalls, command lines, and networking knowledge.

    Adding features to the solution through packages is somewhat limited. The marketplace doesn't have as many options as you might expect.

    One example is the IPS/IDS system. Netgate pfSense still uses Snort 2.9, even though version 3.0 has been out for about a year. Version 3.0 offers important improvements like multi-core support, significantly speeding up processing. The solution seems slow to update to newer versions of these third-party packages.

    The tool should provide beta versions with the latest package updates sooner so users can benefit from new features and improvements.

    Another issue is the lack of a package marketplace. Despite being open source and customized by many developers globally, there isn't a wide selection of community-created packages. The reasons for this aren't clear to me - it could be security concerns or other factors.

    Based on my experience using Netgate pfSense for about four years, I can't say the improvements in our environment are solely due to the product. It's a combination of Netgate pfSense and another monitoring tool we use.

    Monitoring is crucial. The easier the monitoring and user interface, the simpler our team can work on and investigate issues. Accessing data becomes more difficult when you use commands or other complex methods.

    With our third-party tools, log viewing is very straightforward. The tool logs everything important. This was helpful when our site was slow, and we needed to determine why. The logs from Negate pfSense and our IT systems help us identify issues.

    However, the solution's combination with a third-party monitoring tool provides a graphical interface. This makes it much easier to review logs and pinpoint problems.

    If Netgate pfSense had a better graphical interface, it would be one of the best products available. I think the graphical interface should be much better and easier to monitor. For example, I encountered errors when I installed HAProxy, a load balancer available in the solution. It was difficult to determine the errors because the backend wasn't working properly. It took us a long time to identify the exact issue because more detailed error information isn't directly available in the current interface. You must go through different steps to trace and see what errors are coming up.

    If the tool could improve in this area and provide more error details directly in the interface, that would be beneficial. As for packages, if they could update to newer versions of third-party packages more quickly, that would be helpful. I understand they might not be able to use the very latest versions immediately, but if they could provide updates within three to six months of a new package release, users could try new features sooner.

    One additional feature that would be helpful is SAML authentication. Many companies now use Azure or AWS; in our case, we use Office 365 for email and authentication. If SAML authentication was available in pfSense, we could have integrated it with Office 365, allowing users to log in directly using their existing credentials.

    The tool can integrate with Azure AD internally, but SAML or two-factor authentication, such as SMS, would provide better security. Firewalls are usually kept behind the scenes and not exposed, but this feature would be useful in some cases.

    We've offered Netgate pfSense to many clients, managing it for them and migrating them from existing firewalls. They're generally happy with the change. However, some clients were looking for these additional authentication features. While we can integrate with Office 365, a direct connection option would be beneficial.

    For how long have I used the solution?

    I have been working with the product for four years. 

    What do I think about the stability of the solution?

    I use Netgate pfSense Plus. We mainly chose it for early updates and commercial support, as advertised on their site. I've only used the support once, though. We started with the free version, which worked fine without issues. After three to four months, we upgraded to the Netgate pfSense Plus environment. Since then, it's been very stable. We've never had problems that required rolling back changes after updates. The updates are very stable - we don't have issues when we update the firewall. So overall, it's been quite stable for us.

    I rate the solution's stability a ten out of ten. 

    What do I think about the scalability of the solution?

    My company has five users using the solution in two locations. The solution's documentation shows that it is scalable. 

    How are customer service and support?

    There is a lot of support material available on the Internet. You need to do some research. In my experience, I've only had to contact Netgate pfSense support once in the last four years, and that was because I messed up the operating system in our virtualized environment. 

    Which solution did I use previously and why did I switch?

    We were previously using Cisco ASA 5500. After three years, we needed to upgrade the hardware and the subscription. At that time, we were moving from an on-premise solution to the cloud, so we decided to try Netgate pfSense. Our vendor recommended it. We wanted to get at least six months of experience with it to ensure its features were stable and it could handle higher loads without breaking. That was one of the main reasons we chose the solution.

    How was the initial setup?

    The solution's deployment is straightforward. The basic setup took us just about two to three hours. However, designing our custom network configuration took a bit longer. Overall, we got the tool up and running in about three to four days in my environment. There were three people involved in the deployment process: myself and two other team members.

    Netgate pfSense doesn't require much maintenance on our end. It's pretty smooth. We monitor alerts. When there's a new update, we test it in our staging environment to see if it affects anything. If it's smooth, we upgrade.

    What was our ROI?

    The tool has helped us save money. 

    What's my experience with pricing, setup cost, and licensing?

    The tool is flexible; even the free, open-source version offers many features. From a cost perspective, even the subscription model for commercial support isn't too costly. However, it's important to have someone knowledgeable about Netgate pfSense to take advantage of it. While there are online resources, a professional or someone experienced can get much more out of the solution. I've heard that the IPS/IDS licenses and other features can be costly.

    The solution is very cheap. It's so affordable that even students can use it on their laptops. It's a good, cost-effective product.

    What other advice do I have?

    The solution has a single web interface, which you could consider a container. Within this container, there are multiple interfaces or sections. You must navigate to different settings to manage different aspects of the system.

    So, while it's all contained within one web interface, you can't see or manage everything from a single screen.

    I recommend the tool to our clients. We help them implement and support it. I rate it an eight out of ten. 

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    Wes Shaw - PeerSpot reviewer
    Vice President Of Engineering at a tech services company with 11-50 employees
    Real User
    Top 20
    Provides high availability, but should have better logs
    Pros and Cons
    • "The solution's most valuable features are high availability and the VPN options."
    • "It would be great for the solution to have better logs."

    What is most valuable?

    The solution's most valuable features are high availability and the VPN options. Netgate pfSense has the ability to support multiple interfaces and spin up virtual IPs.

    What drew me to Netgate pfSense from the beginning is that it's free, open-source software. I wanted the solution for additional control over firewall routing, and there wasn't really anything else on the market that would do that.

    Netgate pfSense is very flexible. I like that it can run on enterprise bare metal and Raspberry Pi. Obviously, Netgate has a lot of appliances ranging from extremely small to extremely large.

    pfSense Plus is extremely low-cost. Its comparative features include high availability, the ability to tune system variables, and support for hundreds of interfaces.

    What needs improvement?

    It would be great for the solution to have better logs. Some of the solution's graphs that show visibility on system performance or session count lack resolution. For example, you may only be able to see the session count by day if you want to look back more than a month.

    In contrast, we would want to see the session count fluctuate by an hour or five-minute increments. It would be helpful to be able to query larger data sets, even if you had to break them up into smaller subsets.

    For how long have I used the solution?

    I have been using Netgate pfSense for seven years.

    What do I think about the scalability of the solution?

    The solution's scalability is very poor past 5,000 clients and impossible past 10,000 clients.

    How are customer service and support?

    I had a very poor experience with the solution's technical support.

    How would you rate customer service and support?

    Negative

    Which solution did I use previously and why did I switch?

    I switched from Netgate pfSense to Fortinet. Scalability and high availability are significantly better with Fortinet. It took me about 10 to 15 hours to set up high availability in Netgate pfSense just because of the way it works with virtual IPs and CARP.

    On the other hand, it takes about 15 minutes with Fortinet. It's just a completely different experience. Also, the performance availability for appliances is a thousand times better with some of the higher-end offerings at Fortinet versus the highest-end offerings that Netgate has.

    How was the initial setup?

    The solution's initial setup is difficult because of the extensive setup it takes to achieve high availability.

    What about the implementation team?

    In our case, it took us around 40 hours to fully deploy the solution from start to finish.

    What's my experience with pricing, setup cost, and licensing?

    I think Netgate pfSense's TAC or support is a little expensive, considering how inexpensive everything else is. Netgate's most expensive appliance costs around $5,000. However, an annual subscription to TAC costs around $1,000, which is roughly 20% of what you pay for the hardware. It seems a little excessive.

    What other advice do I have?

    I would say it's pretty easy to add and configure features to Netgate pfSense. However, if you add features that Netgate does not officially support, you can run into issues with your support contracts. It's easy to add features, but it's extremely difficult to support something that is not an official Netgate plug-in.

    We saw the benefits of Netgate pfSense pretty immediately after deploying it. We have been scaling, though. As we got to a very large deployment across different sites, we started to see additional problems, but then we also saw additional value added. Initially, there's a lot of value, which increases over time, but eventually, you hit a wall where it's just not that valuable.

    On the surface, it looks like pfSense Plus provides visibility that enables data-driven decisions. Unfortunately, after many back-and-forths with support, they say that it looks like the firewall has done something, but there's nothing in the log. There's no data to support their theories. On the surface, it looks like it should, but we found in practice that it was missing a lot of data that would help us make decisions that we needed to make.

    The solution's total cost of ownership is good for what it is. I don't think I would ever use it in an enterprise environment anymore. As a value proposition, it's really good for a small business application or a company with multiple sites that you need to be able to interconnect.

    You can set up an entire ecosystem for $ 5,000 to $ 6,000 with top-of-the-line hardware from Netgate. Unfortunately, with our user account, throughput, and bandwidth, we've just outgrown it and can't use it anymore.

    We've bought appliances for Netgate pfSense's deployment, and we've also deployed the solution on separate machines. Most recently, we used the appliances.

    Technically, we never got Netgate pfSense to a good solid state. For the four to six months we had it in production, it was constantly down and needed at least 20 hours of maintenance a week.

    Overall, I rate the solution a six out of ten.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    User
    Top 20
    Highly configurable, extremely affordable, and has fantastic support
    Pros and Cons
    • "I find the overall amount of configuration flexibility to be valuable."
    • "pfSense pricing is extremely competitive, and it delivers exactly what is advertised."
    • "One of the features I know they are working on and would like to see improved is the single pane of glass. They have a beta feature available right now that is good, but I would like to see that more developed and made available to customers sooner rather than later. It is currently very basic."
    • "Currently, you deploy it, and it performs as expected, but there are no analytics or reporting capabilities to extract information from the firewall, generate a report, and engage stakeholders in discussions about network connectivity issues, concerns, or upgrades."

    What is our primary use case?

    I typically use it as an edge firewall.

    How has it helped my organization?

    pfSense is easy to configure. The features I have configured are firewall rules and dynamic routing through FRR. These advanced features are straightforward to configure, and the documentation, if needed, makes things even easier. 

    We are using pfSense Plus. It helps us minimize downtime. There is high availability built into the software. I can deploy two pfSense firewalls, configure them correctly, and they can back up each other in case one of them fails. It is a fantastic free feature integrated into the product, and I utilize it constantly.

    pfSense has been somewhat beneficial in helping to prevent data loss. We were able to see its benefits immediately after the deployment.

    What is most valuable?

    I find the overall amount of configuration flexibility to be valuable. 

    It is fairly maintenance-free. That is one of the strengths of the product. It has no frills and is extremely easy and painless to use. It does not cause any trouble.

    Another strength of pfSense is that the documentation is very digestible and easy to understand.

    What needs improvement?

    One of the features I know they are working on and would like to see improved is the single pane of glass. They have a beta feature available right now that is good, but I would like to see that more developed and made available to customers sooner rather than later. It is currently very basic. When dealing with a fleet of pfSense firewalls, considering them individually is not the most efficient use of time. 

    It does not provide visibility to make data-driven decisions. I cannot derive any analytics or information from the pfSense GUI or software to make data-driven decisions. The visibility that pfSense Plus provides does not help us optimize performance. I want more information and context around the data passing through my firewall to make data-driven decisions. I have used other vendor firewalls that provide some capability to show the traffic or bandwidth passed within the last hour, directly within the firewall software. I need a way to generate a report that I can deliver to my C-suite, allowing us to discuss and determine the best path forward. Currently, you deploy it, and it performs as expected, but there are no analytics or reporting capabilities to extract information from the firewall, generate a report, and engage stakeholders in discussions about network connectivity issues, concerns, or upgrades.

    For how long have I used the solution?

    I have used Netgate pfSense for more than five years.

    What do I think about the stability of the solution?

    I would rate the stability of the product a nine out of ten.

    What do I think about the scalability of the solution?

    When assessing scalability, I would probably give it a seven out of ten.

    How are customer service and support?

    I have interacted with their customer service, and they have been, without a shadow of a doubt, beyond helpful. They are fantastic and truly among the best I have worked with. I would rate them a ten out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I have used Palo Alto Firewalls and Cisco ASAs as my primary solutions. If money was no object, Palo Alto Firewalls get the edge only due to the fact that they provide more visibility and analytics in regard to the data that goes through the firewall.

    How was the initial setup?

    Setting it up is extremely easy. Installing the hardware, configuring the software, and getting it ready to forward and pass traffic takes as little as 45 minutes. It is extremely robust and easy to manage and use.

    What about the implementation team?

    In my case, it definitely involves a team. When we visit on-site, one person can deploy it, but at least in my business, it is accomplished as a team.

    What's my experience with pricing, setup cost, and licensing?

    pfSense is excellent for a low total cost of ownership. pfSense pricing is extremely competitive, and it delivers exactly what is advertised. If you are looking for a firewall with advanced feature sets at a very low cost, you cannot get anything better than pfSense. It does exactly as advertised, and that is one of its biggest strengths.

    It is extremely affordable in relation to TCO. You get everything that other commercial products give but at an extremely affordable rate, so you can deploy en masse to numerous customers and clients.

    What other advice do I have?

    My overall advice would be to read the fantastic documentation. Everything you will ever need to do with the product is explained very easily in the documentation. If you have any troubles, just read it, and you will always find an answer. It is one of the best documentation of a product I have used in a very long time. Nothing is hidden.

    Overall, I would rate pfSense a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    Systems Administrator at a consultancy with 11-50 employees
    Real User
    Easy to implement changes and offers great flexibility with the add-ons from third-party
    Pros and Cons
    • "The solution's most valuable feature is that I really like the third-party add-ons, as they give the firewall a ton of flexibility and extra functionalities...The product's initial setup phase was extremely straightforward."
    • "The tool is just a little bit slow to release patches, so it is probably one of the things where the tool can improve."

    How has it helped my organization?

    The benefits I have seen in my organization from the use of Netgate pfSense rewards around the fact of how quickly we can implement changes that are needed with the tool are definitely one of the main things. Overall, we have experienced less downtime with the tool. In my organization, we have had downtime with Cisco. Overall, we have noticed some performance increases as well with the use of Netgate pfSense.

    What is most valuable?

    The solution's most valuable feature is that I really like the third-party add-ons, as they give the firewall a ton of flexibility and extra functionalities.

    My organization plans to solve costs-related problems by using Netgate pfSense. We were using Cisco's firewall products, and the license and hardware costs were just too high. With Netgate pfSense, I think we can get a full firewall tool with support and no need for licensing for under 5,000 USD, saving a ton of money.

    There were no specific security issues or challenges I was trying to address using Netgate pfSense.

    In terms of the overall flexibility offered by the product, I would say that it is very easy to implement, make changes, and adapt to different challenges that we may have with it. It offers a lot of different options, including VPN options for site-to-site client VPNs. Overall, it is a great tool. It is a highly adaptable solution that is, most importantly, very easy to implement.

    It is extremely easy to add features to Netgate pfSense and configure them. If you are talking about third-party stuff, it is something that is within the firewall itself. You can go into the Package Manager and install it.

    From a configuration point of view, it is extremely easy to use the tool. With third-party stuff, it can be a pain, but overall, it is extremely easy to manage Netgate pfSense since it is mainly a GUI-driven tool. It is super easy to configure overall.

    If I assess the solution for helping our organization prevent data loss, I think it has been great for us. Everything has room for improvement, but it has been great right now.

    Netgate pfSense provides our organization with a single pane of glass management. The tool offers great flexibility and is awesome. In our organization, we haven't had any issues with it. It just makes changes that need to be done extremely quickly and efficiently by the end of the day.

    I have worked with Netgate pfSense Plus. I buy the hardware from Netgate, and it comes with pfSense Plus.

    Netgate pfSense Plus provides 100 percent features that help minimize downtime. In extreme situations, implementing connections that were super helpful in the past and just the ease of deployment, the product offers is helpful since even if something happens to the firewall itself, I can have a virtualized firewall doing the same thing within less than an hour. It can help with that downtime. I know that Netgate pfSense is extremely reliable and a great tool.

    Netgate pfSense provides 100 percent visibility, enabling my organization to make data-driven decisions. Netgate pfSense is very much configurable. It gives you 100 percent of everything you need to make decisions. It gives you details of all kinds of different graphs, traffic, and firewall rules, along with the things that you definitely need in the form of the data that you need to be able to just make quick data-driven decisions.

    Netgate pfSense visibility helps me optimize performance. The data is just so easily accessible that you can make decisions very quickly. It also helps improve performance. In our organization, we have noticed a very noticeable performance increase since we shifted from the old firewall from Cisco to Netgate pfSense.

    If I were to assess the total cost of ownership of Netgate pfSense, I would say it is extremely low and affordable. I think it is a really very simple and extremely budget-friendly tool.

    What needs improvement?

    In our organization, we have had such a good experience with Netgate pfSense over the last four years. In terms of improvements, I have not really thought much, to be quite honest. Maybe faster releases for the software or the firewall itself can be areas where improvements are possible. The tool is just a little bit slow to release patches, so it is probably one of the things where the tool can improve. In general, the tool is not bad at all at the end of the day.

    Speaking about whether any enhancements are required in the tool, I would say that the tool has everything that we need for our usage. We have an extremely complex environment, the most complex of which is how we use Netgate's BGP to connect to our ISP. Netgate pfSense is extremely feature-rich for our specific use scenarios, and we have not encountered any shortcomings in the solution.

    For how long have I used the solution?

    I have been using Netgate pfSense for around four years. The box itself says Netgate pfSense XG-1540. I don't remember the software version we are using right now, but all I know is that I keep it up to date. In my organization, it will be the latest version of the product.

    What do I think about the stability of the solution?

    I have not faced any issues with the stability of the product. I have one firewall in a very bad physical environment. It was very dusty, but it has been 100 percent reliable.

    What do I think about the scalability of the solution?

    It is an extremely scalable solution.

    In our school, we have close to 1,800 students and 210 teaching staff overall. With administrative staff, I think there are about 50 people.

    I have the tool in different locations and on different campuses.

    How are customer service and support?

    If I can call someone from the product's technical support team, l can have a technical person on the phone with me in less than five minutes. If you have any questions for them, they will come and try to give you the answer as quickly as they can, and if they don't have a reply, they will reply to you later via email. For the amount that it costs per year, the level of service that you get is unbeatable, honestly. I rate the technical support a ten out of ten.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The product's initial setup phase was extremely straightforward.

    When we deployed the product for the first time, we went through its documentation and how to do things. Otherwise, the strategy is usually based on the fact that we have four campuses, and they run in a similar manner. At least for us, we have a master configuration sort of thing, which we can kind of load into Netgate pfSense and make the small changes that we need, like VLAN changes and small things that apply to the location that the device will be deployed to, and it takes less than probably an hour or two to kind of have a firewall deployed working with the bare minimum, which is extremely fast compared to what it takes with Cisco.

    In terms of maintenance, it has been pretty much like we do the setup and then forget it. The firmware updates, or physical maintenance, like cleaning the device, are there. From a greater overview, it is just kind of a set-it-up-and-forget kind of solution for us.

    What about the implementation team?

    The product's deployment was done in-house, and it involved just me. The enterprise-level support from Netgate helped my organization a lot, especially during the first two deployments, but after that, it was easy.

    What was our ROI?

    Personally, I do not have any metrics or data points associated with the ROI that I can share with anyone. My CFO is the person who has information related to ROI.

    Which other solutions did I evaluate?

    In our organization, the whole point of moving to Netgate pfSense was that we wanted something that wasn't hard to use or where the licensing wasn't so expensive. We looked at different open-source options, but I can't remember their names. We also looked at UniFi's firewall, but Netgate pfSense came on top for us, considering the support provided and the fact that Netgate's team is the main set of people that keep up with pfSense's open-source project. With Netgate, we work directly with people who use Netgate pfSense, and it is great. We did look at other options, one of which was UniFi, but I cannot remember the name of the other alternative to Netgate pfSense. I think it is called OPNsense.

    Suppose I compare the other tools I evaluated with Netgate pfSense, and I feel that the pros of pfSense revolve around the area associated with the product's cost in terms of hardware requirements and licensing. There are no existing costs for the licensing or the hardware. You can deal with the licensing part yourself and get it at a cheap rate from elsewhere or buy it from Netgate's boxes directly from the solution company. Another pro would be the ease of management the tool offers since it is possible to have everything that you need in the GUI, which is a little bit controversial because a lot of people like CLI, but sometimes you need to get something quickly without having to have hundreds of different things.

    I haven't come across any cons in the product since most of our company's scenarios are simple and small since we are just a school compared to what other big companies have. Everything that Cisco's firewall was doing for us, Netgate pfSense's firewall does for us for a fraction of the cost and even offers a better performance. I would not know the tool's cons since I do not have anything on my mind right now.

    What other advice do I have?

    I do not use Negate pfSense Plus on Amazon EC2 VMs. In our organization, we are using Negate pfSense Plus on Netgate's hardware. We use Netgate pfSense XG-1540.

    To others who plan to use the solution, I would say that the support offered by the product is 100 percent worth it. The enterprise support is also extremely worth it. In a general sense, if people don't know much about implementation, they just need to read the documentation because many things, like the GUI part, could throw some people off. If you come from a CLI-based tool, the GUI aspect can throw you off, and I know it since it threw me off a little bit initially, but we were able to get through the implementation phase very thoroughly as the tool offers great documentation. By thoroughly going through the documentation, you will have a fairly easy time configuring the tool very methodologically. I really don't think I would recommend anything else apart from the fact that others need to read the documentation and take their time.

    I rate the tool a nine out of ten.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    Jeff Markowski - PeerSpot reviewer
    Managing Director at Ranchlands Business Group Inc.
    Real User
    Top 10
    Provides features to help minimize downtime
    Pros and Cons
    • "We really like that it is quite simple to use and straightforward."
    • "The solution could improve by adding in some sort of user account credentials in in the sense of accommodating more levels of users. From what I've found, everybody has basically the same access."

    What is our primary use case?

    We're primarily using the solution for testing. We're also using it internally at our own site, mostly as a reverse proxy, but also for the speed. Not all firewalls have 2.5 and and ten gig WAN ports.

    What is most valuable?

    The format, the layout and the interface are excellent. We really like that it is quite simple to use and straightforward. The quality, in particular, the ones we have is the Netgate unit, is particularly robust in terms of the look and feel as well as their speed and quality.

    We appreciate its flexibility. Its usability is great.

    We were able to witness positive results from the product pretty much immediately.

    Its SD-WAN capabilities are great. The onboard storage is nice for keeping configs and logs, et cetera.

    We do get a single pane of glass for management. It's well laid out and provides clear visibility into management features. Everything is easy to find within the menu bars and options. It is all very logical.

    We're using the Plus version with Netgate.

    pfSense does provide features to help minimize downtime. There's a failover availability, and there are high availability configurations. We don't use that; however, that's good to have if you need it. Having multiple endpoints or configurations on all of the ports is possible. It helps keep up our site and other sites.

    With the logging capabilities, the solution provides visibility and enables you to make data-driven decisions. A lot of our clients are smaller, so they are nowhere near the limits of what pfSense can do by any means. 

    The ease of changing parameters helps us optimize performance. It's a lot easier than what can be done with competitors, for sure. 

    What needs improvement?

    The solution could improve by adding in some sort of user account credentials in the sense of accommodating more levels of users. From what I've found, everybody has basically the same access. 

    A formal partnership with some sort of VPN vendor, like OpenVPN, would be nice.

    For how long have I used the solution?

    I've been using the solution for a couple of years. 

    What do I think about the stability of the solution?

    The stability is very good. there is no lagging or crashing. It's reliable. 

    What do I think about the scalability of the solution?

    The scalability is good. However, we and our clients aren't too large. 

    How are customer service and support?

    I've never needed to contact technical support. 

    Which solution did I use previously and why did I switch?

    In the past, we have used Fortinet devices. pfSense is definitely easier to configure and use. It doesn't have quite the same feature set. However, that's fine - you don't always need the full feature set. We find that the add-ons that are available are fine. You just have to find them from a third party. 

    How was the initial setup?

    The initial deployment was easy.

    There isn't any maintenance needed beyond updates. The base install probably took ten minutes and to configure it properly takes two to three hours with some internal servers and multiple ISPs. You just need one person to handle the process. 

    What's my experience with pricing, setup cost, and licensing?

    I'm using pfSense via Netgate devices, which are reasonably priced. The solution seems to be reasonable. It's well-priced for what you get. It's a bit lower than the competition if you are trying to gauge the cost of ownership. And it adapts well to different speeds.

    What other advice do I have?

    I'm a customer and end-user. 

    I'd rate pfSense eight out of ten.

    If a person is familiar with firewalls, they'll be fine adopting it. The interface is pretty easy.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    Dallas Haselhorst - PeerSpot reviewer
    Founder & Principal Consultant at TreeTops Security
    Consultant
    Top 10
    Easy to use, versatile, and adapts to any complex environment
    Pros and Cons
    • "The solution's most valuable features are its ease of use and versatility."
    • "The solution's internal logging could be improved."

    What is our primary use case?

    We use Netgate pfSense as the next-gen firewall because it has a lot of additional capabilities.

    What is most valuable?

    The solution's most valuable features are its ease of use and versatility. You can do anything you want with it. We implemented the solution for better security at better prices.

    Netgate pfSense is extremely robust and stable compared to other firewalls.

    You can use Netgate pfSense as a very basic firewall or with next-generation capabilities and full monitoring. With the command line and the openness of the platform, you can do a lot of things with the tool.

    It is extremely easy to add features to the solution and to configure them. We have extensive monitoring capabilities that we have configured into Netgate pfSense so that we can probably monitor any firewall available. We have also utilized the solution's DNS black holes features.

    When configured properly, the solution's data loss prevention capability is absolutely top-notch. We use the solution to monitor and detect users' odd or anomalous behaviors on the network, which are usually malware-related. We also use the tool to protect against various blacklists.

    We use Netgate on Amazon and have one of their firewalls. Using pfSense Plus on Amazon EC2 has helped simplify our EC2 network. It has definitely helped us with Amazon and tightening things down there.

    With the inclusion of firewall, VPN, and router functionalities, Netgate pfSense's total cost of ownership has been very good. For your infrastructure, you're typically looking at five to seven years. Netgate pfSense is definitely punching above its weight in that sense because it comes at a lower cost.

    Based on our experience, it lives that long and longer than what you would expect. The solution's ROI and longevity do shine in that sense.

    What needs improvement?

    The solution's internal logging could be improved. However, it does have some external logging capabilities. It would be more problematic if you didn't have a very robust environment. We developed our own internal API about five to six years ago, but I hear all the time on newsgroups that one of the solution's biggest problems is API.

    For how long have I used the solution?

    I have been using Netgate pfSense for over 15 years.

    What do I think about the stability of the solution?

    I rate the solution a nine out of ten for stability.

    What do I think about the scalability of the solution?

    Netgate pfSense is a highly scalable solution. I would say there are at least three of us who are fairly proficient with the solution, almost at an expert level. We have a few others who utilize it, but they're limited in what they can do. Most of our clients for Netgate pfSense are small and medium-sized businesses, but we also have some larger businesses.

    I rate the solution’s scalability ten out of ten.

    How are customer service and support?

    The times I've worked with the solution's technical support, they've been excellent.

    I rate the solution’s technical support a ten out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We are in the managed IT space and constantly deal with numerous, big name firewall vendors. Aside from the cost alone, Netgate pfSense provides a lot of benefits. Even if Netgate were the same price as the rest of the other vendors, I would still prefer to use Netgate just because of its ease of use.

    How was the initial setup?

    The solution's initial setup is very straightforward. There's even a built-in wizard that will take you from out of the box to basic firewall setup in about 9 steps.

    What about the implementation team?

    The solution's deployment time depends on the complexity of the environment that you're going into. On average, the deployment takes probably less than a day. We have a team involved in the solution's deployment.

    What was our ROI?

    We have seen a return on investment with Netgate pfSense. We've won some bids for firewall replacement jobs based on the cost alone.

    What's my experience with pricing, setup cost, and licensing?

    I think Netgate pfSense is very fairly priced. I think it's a great way to get people locked in by being a little bit cheaper than many other solutions. Once they see it, they wonder why they would use anything else.

    What other advice do I have?

    One of the features of pfSense Plus is backup capabilities, which didn't really help us because we had our own backup solution built in for several years. We also keep additional firewalls available if something like a storm comes through so that we can restore the configuration in five to ten minutes without too much trouble.

    pfSense Plus doesn't provide a lot of features and benefits, but we use it because we want to see them continuing to develop the solution.

    Netgate pfSense gives us a single pane of glass management, but we don't live in the firewall itself. We monitor it from our single pane of glass, which we're pulling about 20 other security stack solutions into as well. We're pulling in a lot of other enterprise-level solutions, including EDR, vulnerability scans, domain filtering, etc.

    Since we have a few hundred clients, we have both cloud and on-premises deployments of Netgate pfSense.

    Any product requires some care and feeding. It goes back to our monitoring aspect. As a general rule, you have some firmware updates about every six months. You definitely have a few things to maintain here and there in Netgate pfSense, but it's minimal compared to other solutions.

    The solution's cost alone is well worth it. I would recommend it for its adaptability to any complex environment with added security features. You can start off by just doing a standard firewall and then grow from there and really expand on its security features. I really can't think of any reasons why you wouldn't use it. Netgate pfSense is pretty much all we use, and we use a lot of different vendors when we go to different places.

    Overall, I rate the solution ten out of ten.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Netgate pfSense Report and get advice and tips from experienced pros sharing their opinions.
    Updated: March 2025
    Product Categories
    Firewalls
    Buyer's Guide
    Download our free Netgate pfSense Report and get advice and tips from experienced pros sharing their opinions.