Try our new research platform with insights from 80,000+ expert users
Real User
Combines multiple functions into one device and provides the performance I need
Pros and Cons
  • "It is very flexible. I have not found a use case that I could not satisfy with the device."
  • "I would rate pfSense a nine out of ten."
  • "I would prefer being able to click a button that says," I am upgrading, so uninstall everything and store in the configuration file what I had installed.""
  • "It is best practice to remove all installed packages before you do an upgrade because most upgrade failures have to do with having installed packages."

What is our primary use case?

I have Netgate 4100 and pfSense Plus.

My career is in IT, and Netgate is part of my home network, which does hot failover between two ISPs because I work from home a lot and do not want to be disconnected. It handles all my home security, manages remote access to my systems when I am abroad, and hosts some services such as health checks from Route 53, WireGuard, etc.

How has it helped my organization?

I was able to see its benefits immediately. One issue it helped me solve was that I was hitting bandwidth caps from one ISP and did not understand why. It turned out that the ISP was counting all return traffic from outsiders probing my home network. They would find my Linux device and see that there was an open SSH port, and they would hammer at it. This generated an enormous amount of traffic. Installing pfSense allowed me to detect it accurately and shut down this traffic.

It is hard to say if pfSense helped prevent data loss in any way, but unauthorized access to my network and the data I have on my network from the outside is not feasible now.

I can do all the things I want to do from the device. I do not have to set up services on other hosts. I do not have to have any other UI in place. I can just go to pfSense and do all the things I need. The slight caveat to that is that I am not operating AWS or GCP from pfSense. I have set up my health check from Route 53. I have set a couple of very simple things in AWS, but I do the rest of the things from pfSense. It is pretty close to a single pane of glass.

I use pfSense Plus and found pfSense Plus to be more robust than the Community Edition. Any network device needs occasional prophylactic reboots. The frequency of issues, such as the tables being all dirty or memory being scrambled, has significantly reduced with pfSense Plus. The hardware has considerably improved. Because I was running Community Edition on an older Netgate, it is difficult to understand where I am getting the improvement from, but pfSense Plus has certainly been a lot more robust. I have fewer instances where one of the interfaces just stopped working. That used to happen with Community Edition fairly regularly. I have not had that trouble at all here. Upgrades have been a lot smoother. They are down to just a reboot, whereas, with Community Edition, I had to regularly wipe the device, reinstall the operating system on pfSense, and load in my configuration from backup, which I was able to do and usually worked. I spend a lot less time in system maintenance using pfSense Plus than with Community Edition.

Its out-of-the-box performance meets my needs. When I wonder whether my network is a little sluggish, I am able to go in and find out things, such as one of my ISPs being dropped out of my load balancing config because of too many latent pings. It has been very useful and easy to do those sorts of things.

What is most valuable?

It is very flexible. I have not found a use case that I could not satisfy with the device. There are more use cases I am not currently using. For instance, I do not have an HA setup. I use it for my internal home DNS and DHCP services and to split the VLANs so that I have Internet of Things and guest VLANs. I trust the device's VLAN. It helps me deny traffic from large areas of the world that do not need to interact with my firewall.

With such solutions, there is always a learning curve, but with enough foundation, I have never found that curve very hard to climb. Whenever I have tackled a new thing, a little bit of searching on the web and playing with the UI has always gotten me where I wanted to be.

What needs improvement?

It is best practice to remove all installed packages before you do an upgrade because most upgrade failures have to do with having installed packages. These are additional packages that supply functionality above and beyond what comes in the base operating system. We have to remove them one at a time. I would prefer being able to click a button that says," I am upgrading, so uninstall everything and store in the configuration file what I had installed." It already keeps the configuration of all the packages installed. Even if I do not install them again, the configuration for those packages is still there after the upgrade. It would be very nice to have a one-click feature. There can be a check flag on the upgrade screen to remove packages first and then another check flag to reinstall them after the upgrade. This would be extremely handy, particularly when I have a lot of packages. It takes me about 15 to 20 minutes to uninstall and reinstall them all after the upgrade.

A couple of weeks ago, I would have had another area for improvement, even though it was outside their purview. They are switching DHCP providers from ISV to something, but it did not have a feature I wanted, which was client hostname registration for statically served IP addresses. I rely on this for host management inside my trusted network, but that feature has been released now, so I feel more comfortable moving to the new DHCP version they support.

Buyer's Guide
Netgate pfSense
April 2025
Learn what your peers think about Netgate pfSense. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.

For how long have I used the solution?

I have used the solution for at least seven years.

What do I think about the stability of the solution?

Since operating Netgate 4100 and pfSense Plus, anytime I wondered if the device itself was laggy, it was not the device. It was something upstream causing the issue. I have an HA configuration and a load balancer, so if one of the links goes down, the device gets a little laggy as it drops that interface and brings up the other one as the primary. If the ISP is flapping, this will happen continuously, introducing a lot of network lag, but that is trivial now that I understand what is happening. As soon as I start feeling lag, I check the logs to see if that is the cause. The device itself has not ever been latent or lagging. It has been rock solid.

What do I think about the scalability of the solution?

I found it very scalable. I am out of ports on my device because of having multiple ISPs and VLANs. I do not have an HA setup, so the device scaled very well for my needs personally. When we deployed an HA pair in a professional situation, we had a much larger network, and it scaled to cover that easily.

How are customer service and support?

I have only contacted them to get a download of the operating system image ahead of any upgrade attempt just in case I needed to start from scratch.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I have used a number of different solutions. I have used firewall software and hardware of all kinds, both professionally and personally, reaching back to the early 2000s.

How was the initial setup?

The initial deployment was done many years ago. I remember it being pretty straightforward back then. One of the things I enjoyed about the device is that the configuration file is like the starter batter where someone gives you a lump of yeast and dough pinched from someone else's. 

I have been able to roll my configuration file forward every time I switched devices or operating systems. This has made it a lot easier to maintain the device. Even when I had to completely wipe the machine and start over, it was pretty trivial in almost all cases. It has certainly been a lot easier since I started using pfSense Plus to get my configuration back up and running again.

What's my experience with pricing, setup cost, and licensing?

When I ran an IT shop a few years ago, we had an off-the-shelf solution where years ago, somebody had built a firewall solution using a couple of rack-mount PCs and some open-source security package. It was a black box. Nobody around understood it anymore, and I needed to replace it. I went to look for hardware that my shop wanted to use, like Cisco, but the price was well out of our budget, so we went with a pair of HA Netgate devices and pfSense. That solved our problem. I thought it was a good price point for a good solution.

Their pricing is quite reasonable. It is very good. Every firewall is a router, but typically, in an enterprise situation, these are separate. My home is essentially a small office. My partner and I work from home a lot, and I am the system administrator, network administrator, and security administrator. The values are high because I am not maintaining two machines. I am not spending my own power on two different devices. For small office or home use, such as mine, pfSense is valuable because it combines multiple functions into one low-power device.

What other advice do I have?

I would rate pfSense a nine out of ten. 

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Eloi Chayer - PeerSpot reviewer
Regional Aftersales Manager at a manufacturing company with 10,001+ employees
Real User
Top 20
Flexible with good plugins and reasonable pricing
Pros and Cons
    • "If I had to change internal providers, I might have some difficult times."

    What is our primary use case?

    It's the main firewall for my household. It's also what I'm using to gain access to my employer's website and VPN. It acts as a gateway to my employers. My wife uses the device as a VPN to do her job as well.

    How has it helped my organization?

    I wanted something that is robust and makes it easy to diagnose if anything goes wrong. I'm also used to the system. I've used it since 2006 or 2007. So it was something that was really familiar with. I used to use the free solution. Last year, I decided to jump into the actual hardware devices that these guys sell. I didn't have time anymore to deal with aftermarket hardware. It saves me some time to have their devices.

    The main benefit is peace of mind and no downtime or minimal downtime as compared to other solutions that I've used before.

    What is most valuable?

    Its ability to put some plug-ins into the system is helpful. There are a couple of packages that I'm using. Since I'm using it mainly as a firewall and sometimes as a VPN endpoint, it's really great.

    The flexibility is good. The fact that you can add packages makes the device quite flexible. Also, it's quite overpowered for my needs right now, so that's a good thing. 

    Price-wise, the quality to price is pretty much up there, especially when you consider that you don't have to tinker with anything. With hardware, you don't know where you know, how long it's going to last or anything like that. However, with pfSense, you have guaranteed support with NetGate, and this is great.

    It's quite easy to configure. It's very intuitive. Maybe that's because I know the interface. There's also tons of of information available online. They have a very good user manual for the software as well. It's very detailed, and it's it's easy to work with. 

    There's a forum where you can ask questions, and people are very friendly. Within a couple of hours, sometimes days, somebody has had the issue that you're having before. So, forum responses are quite quick.

    It's really easy to work with. There's peace of mind and no downtime.

    In terms of preventing data loss, any solution is only as good as its weakest point. And since this is at the very edge of my network, of the outside network, I feel I'm pretty prepared and protected from data breaches. That said, at the end of the day, I'm not opening myself up to many things in the outside world. It's blocking pretty well, and I don't feel threatened. If there's data loss, it's going to be from my end users, not from the device itself.

    It provides us with a single pane of glass management for my household. There's only one device that I use.

    The main advantage to me right now is that I'm using their reboot environment. It's really easy for me to update, and if some things don't go well, I can go to the previous version and be back up in no time. 

    pfSense is just plug-and-play. Performance-wise, once you install the system, it works even when there's been a couple of software updates. It's probably overpowered for what I need. Performance is very good.

    What needs improvement?

    If I had to change internal providers, I might have some difficult times. For example, going from cable to ADSL. Right now, it suits my needs, and as long as they keep it updated, I'm pretty good with that.

    For how long have I used the solution?

    I've used the solution since December 2023.

    What do I think about the stability of the solution?

    The stability is great.

    What do I think about the scalability of the solution?

    I haven't had to scale the solution.

    How are customer service and support?

    I haven't had to contact technical support. 

    Which solution did I use previously and why did I switch?

    I have used other solutions, such as Untangle, D-Link, and Linksys. There were always a lot of limitations if you didn't adopt the commercial licenses, and those would be expensive. pfSense is reliable, especially with the NetGate hardware. It's also predictable. There's never a big software change. pfSense has been very stable since it's based on FreeBSD. However, it is on a lesser-known OS.

    How was the initial setup?

    I use a physical device. For implementation, you have to use a console interface through a serial port and then a TTY from your own computer. For some people, maybe it's a bit more difficult. For me, it was really straightforward. It's as easy as setting up a switch. 

    I loaded it up the first time and the only thing I had to do was modify my previous config, change the interface names, and just throw it back in there. It takes less than an hour.

    There's only maintenance if there's an update. It might be down for a few minutes during that time. It takes maybe five to 10 minutes. Even if something goes wrong, it's pretty easy. You just reimage it and reload the safe configuration. It's much easier than other solutions, like Untangle. 

    What about the implementation team?

    I handled the implementation myself. I did not need the help of third parties. 

    What's my experience with pricing, setup cost, and licensing?

    The pricing is reasonable. Before I got the 6000, I was on my own devices. They developed a pricing schedule last year. At first, I was worried, however, it's maybe $130 a year and it's very reasonable compared to other solutions. With the 6000, the price is included within the device itself. 

    Compared to other solutions, the total cost of ownership is very good. It's not that it is so much cheaper, it's that it fulfils the needs of more people. With the level of support provided, the price is very reasonable. 

    What other advice do I have?

    I'd advise new users to take the time to read about the device and the software beforehand. Otherwise, you're going to waste a lot of time trying things that you think are going to work. Since it's not necessarily the same thing as, let's say, Untangle, you have to familiarize yourself with the interface and with the system before actually diving in deep.

    I would rate the product ten out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Buyer's Guide
    Netgate pfSense
    April 2025
    Learn what your peers think about Netgate pfSense. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
    848,716 professionals have used our research since 2012.
    Mohmad Saqib - PeerSpot reviewer
    Infrastructure and integration Architect at CommunityForce
    Real User
    Top 10
    A firewall with built-in IDS and IPS, load balancing, and VPN connections
    Pros and Cons
    • "The best feature of the tool is its all-in-one capabilities. It is a firewall with built-in IDS and IPS, load balancing, and VPN connections. The VPN integration, particularly with internal AD environments, provides stable connections. Centralized authentication is a notable benefit as well. We primarily use it for these features on our server level and are planning to expand their use in our complex environment to connect employees and services."
    • "My only suggestion is that Netgate pfSense implement more graphical monitoring. While there are accounts with add-ons for graphical monitoring of data networking, IPS, IDS, and firewall-level events, having more graphical representations like blocks would make the tool more capable. Although it has commercial support and a good GUI, it can still be challenging for someone without firewalls, command lines, and networking knowledge."

    What is our primary use case?

    We use the solution as the main firewall and a proxy for load balancing our web servers.

    What is most valuable?

    The best feature of the tool is its all-in-one capabilities. It is a firewall with built-in IDS and IPS, load balancing, and VPN connections. The VPN integration, particularly with internal AD environments, provides stable connections. Centralized authentication is a notable benefit as well. We primarily use it for these features on our server level and are planning to expand their use in our complex environment to connect employees and services. 

    Netgate pfSense is cost-effective because you can start using it for free. You can research how to install and configure everything, then install it virtually on any device or partition some hardware. This allows you to start using a firewall without any initial cost.

    For larger companies, if you have one or two people skilled with the tool, they can design the complete network using it. That's all you need. You don't have to invest in expensive subscriptions or big hardware setups.

    What needs improvement?

    My only suggestion is that Netgate pfSense implement more graphical monitoring. While there are accounts with add-ons for graphical monitoring of data networking, IPS, IDS, and firewall-level events, having more graphical representations like blocks would make the tool more capable. Although it has commercial support and a good GUI, it can still be challenging for someone without firewalls, command lines, and networking knowledge.

    Adding features to the solution through packages is somewhat limited. The marketplace doesn't have as many options as you might expect.

    One example is the IPS/IDS system. Netgate pfSense still uses Snort 2.9, even though version 3.0 has been out for about a year. Version 3.0 offers important improvements like multi-core support, significantly speeding up processing. The solution seems slow to update to newer versions of these third-party packages.

    The tool should provide beta versions with the latest package updates sooner so users can benefit from new features and improvements.

    Another issue is the lack of a package marketplace. Despite being open source and customized by many developers globally, there isn't a wide selection of community-created packages. The reasons for this aren't clear to me - it could be security concerns or other factors.

    Based on my experience using Netgate pfSense for about four years, I can't say the improvements in our environment are solely due to the product. It's a combination of Netgate pfSense and another monitoring tool we use.

    Monitoring is crucial. The easier the monitoring and user interface, the simpler our team can work on and investigate issues. Accessing data becomes more difficult when you use commands or other complex methods.

    With our third-party tools, log viewing is very straightforward. The tool logs everything important. This was helpful when our site was slow, and we needed to determine why. The logs from Negate pfSense and our IT systems help us identify issues.

    However, the solution's combination with a third-party monitoring tool provides a graphical interface. This makes it much easier to review logs and pinpoint problems.

    If Netgate pfSense had a better graphical interface, it would be one of the best products available. I think the graphical interface should be much better and easier to monitor. For example, I encountered errors when I installed HAProxy, a load balancer available in the solution. It was difficult to determine the errors because the backend wasn't working properly. It took us a long time to identify the exact issue because more detailed error information isn't directly available in the current interface. You must go through different steps to trace and see what errors are coming up.

    If the tool could improve in this area and provide more error details directly in the interface, that would be beneficial. As for packages, if they could update to newer versions of third-party packages more quickly, that would be helpful. I understand they might not be able to use the very latest versions immediately, but if they could provide updates within three to six months of a new package release, users could try new features sooner.

    One additional feature that would be helpful is SAML authentication. Many companies now use Azure or AWS; in our case, we use Office 365 for email and authentication. If SAML authentication was available in pfSense, we could have integrated it with Office 365, allowing users to log in directly using their existing credentials.

    The tool can integrate with Azure AD internally, but SAML or two-factor authentication, such as SMS, would provide better security. Firewalls are usually kept behind the scenes and not exposed, but this feature would be useful in some cases.

    We've offered Netgate pfSense to many clients, managing it for them and migrating them from existing firewalls. They're generally happy with the change. However, some clients were looking for these additional authentication features. While we can integrate with Office 365, a direct connection option would be beneficial.

    For how long have I used the solution?

    I have been working with the product for four years. 

    What do I think about the stability of the solution?

    I use Netgate pfSense Plus. We mainly chose it for early updates and commercial support, as advertised on their site. I've only used the support once, though. We started with the free version, which worked fine without issues. After three to four months, we upgraded to the Netgate pfSense Plus environment. Since then, it's been very stable. We've never had problems that required rolling back changes after updates. The updates are very stable - we don't have issues when we update the firewall. So overall, it's been quite stable for us.

    I rate the solution's stability a ten out of ten. 

    What do I think about the scalability of the solution?

    My company has five users using the solution in two locations. The solution's documentation shows that it is scalable. 

    How are customer service and support?

    There is a lot of support material available on the Internet. You need to do some research. In my experience, I've only had to contact Netgate pfSense support once in the last four years, and that was because I messed up the operating system in our virtualized environment. 

    Which solution did I use previously and why did I switch?

    We were previously using Cisco ASA 5500. After three years, we needed to upgrade the hardware and the subscription. At that time, we were moving from an on-premise solution to the cloud, so we decided to try Netgate pfSense. Our vendor recommended it. We wanted to get at least six months of experience with it to ensure its features were stable and it could handle higher loads without breaking. That was one of the main reasons we chose the solution.

    How was the initial setup?

    The solution's deployment is straightforward. The basic setup took us just about two to three hours. However, designing our custom network configuration took a bit longer. Overall, we got the tool up and running in about three to four days in my environment. There were three people involved in the deployment process: myself and two other team members.

    Netgate pfSense doesn't require much maintenance on our end. It's pretty smooth. We monitor alerts. When there's a new update, we test it in our staging environment to see if it affects anything. If it's smooth, we upgrade.

    What was our ROI?

    The tool has helped us save money. 

    What's my experience with pricing, setup cost, and licensing?

    The tool is flexible; even the free, open-source version offers many features. From a cost perspective, even the subscription model for commercial support isn't too costly. However, it's important to have someone knowledgeable about Netgate pfSense to take advantage of it. While there are online resources, a professional or someone experienced can get much more out of the solution. I've heard that the IPS/IDS licenses and other features can be costly.

    The solution is very cheap. It's so affordable that even students can use it on their laptops. It's a good, cost-effective product.

    What other advice do I have?

    The solution has a single web interface, which you could consider a container. Within this container, there are multiple interfaces or sections. You must navigate to different settings to manage different aspects of the system.

    So, while it's all contained within one web interface, you can't see or manage everything from a single screen.

    I recommend the tool to our clients. We help them implement and support it. I rate it an eight out of ten. 

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Wes Shaw - PeerSpot reviewer
    Vice President Of Engineering at a tech services company with 11-50 employees
    Real User
    Top 20
    Provides high availability, but should have better logs
    Pros and Cons
    • "The solution's most valuable features are high availability and the VPN options."
    • "It would be great for the solution to have better logs."

    What is most valuable?

    The solution's most valuable features are high availability and the VPN options. Netgate pfSense has the ability to support multiple interfaces and spin up virtual IPs.

    What drew me to Netgate pfSense from the beginning is that it's free, open-source software. I wanted the solution for additional control over firewall routing, and there wasn't really anything else on the market that would do that.

    Netgate pfSense is very flexible. I like that it can run on enterprise bare metal and Raspberry Pi. Obviously, Netgate has a lot of appliances ranging from extremely small to extremely large.

    pfSense Plus is extremely low-cost. Its comparative features include high availability, the ability to tune system variables, and support for hundreds of interfaces.

    What needs improvement?

    It would be great for the solution to have better logs. Some of the solution's graphs that show visibility on system performance or session count lack resolution. For example, you may only be able to see the session count by day if you want to look back more than a month.

    In contrast, we would want to see the session count fluctuate by an hour or five-minute increments. It would be helpful to be able to query larger data sets, even if you had to break them up into smaller subsets.

    For how long have I used the solution?

    I have been using Netgate pfSense for seven years.

    What do I think about the scalability of the solution?

    The solution's scalability is very poor past 5,000 clients and impossible past 10,000 clients.

    How are customer service and support?

    I had a very poor experience with the solution's technical support.

    How would you rate customer service and support?

    Negative

    Which solution did I use previously and why did I switch?

    I switched from Netgate pfSense to Fortinet. Scalability and high availability are significantly better with Fortinet. It took me about 10 to 15 hours to set up high availability in Netgate pfSense just because of the way it works with virtual IPs and CARP.

    On the other hand, it takes about 15 minutes with Fortinet. It's just a completely different experience. Also, the performance availability for appliances is a thousand times better with some of the higher-end offerings at Fortinet versus the highest-end offerings that Netgate has.

    How was the initial setup?

    The solution's initial setup is difficult because of the extensive setup it takes to achieve high availability.

    What about the implementation team?

    In our case, it took us around 40 hours to fully deploy the solution from start to finish.

    What's my experience with pricing, setup cost, and licensing?

    I think Netgate pfSense's TAC or support is a little expensive, considering how inexpensive everything else is. Netgate's most expensive appliance costs around $5,000. However, an annual subscription to TAC costs around $1,000, which is roughly 20% of what you pay for the hardware. It seems a little excessive.

    What other advice do I have?

    I would say it's pretty easy to add and configure features to Netgate pfSense. However, if you add features that Netgate does not officially support, you can run into issues with your support contracts. It's easy to add features, but it's extremely difficult to support something that is not an official Netgate plug-in.

    We saw the benefits of Netgate pfSense pretty immediately after deploying it. We have been scaling, though. As we got to a very large deployment across different sites, we started to see additional problems, but then we also saw additional value added. Initially, there's a lot of value, which increases over time, but eventually, you hit a wall where it's just not that valuable.

    On the surface, it looks like pfSense Plus provides visibility that enables data-driven decisions. Unfortunately, after many back-and-forths with support, they say that it looks like the firewall has done something, but there's nothing in the log. There's no data to support their theories. On the surface, it looks like it should, but we found in practice that it was missing a lot of data that would help us make decisions that we needed to make.

    The solution's total cost of ownership is good for what it is. I don't think I would ever use it in an enterprise environment anymore. As a value proposition, it's really good for a small business application or a company with multiple sites that you need to be able to interconnect.

    You can set up an entire ecosystem for $ 5,000 to $ 6,000 with top-of-the-line hardware from Netgate. Unfortunately, with our user account, throughput, and bandwidth, we've just outgrown it and can't use it anymore.

    We've bought appliances for Netgate pfSense's deployment, and we've also deployed the solution on separate machines. Most recently, we used the appliances.

    Technically, we never got Netgate pfSense to a good solid state. For the four to six months we had it in production, it was constantly down and needed at least 20 hours of maintenance a week.

    Overall, I rate the solution a six out of ten.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    User
    Top 20
    Highly configurable, extremely affordable, and has fantastic support
    Pros and Cons
    • "I find the overall amount of configuration flexibility to be valuable."
    • "pfSense pricing is extremely competitive, and it delivers exactly what is advertised."
    • "One of the features I know they are working on and would like to see improved is the single pane of glass. They have a beta feature available right now that is good, but I would like to see that more developed and made available to customers sooner rather than later. It is currently very basic."
    • "Currently, you deploy it, and it performs as expected, but there are no analytics or reporting capabilities to extract information from the firewall, generate a report, and engage stakeholders in discussions about network connectivity issues, concerns, or upgrades."

    What is our primary use case?

    I typically use it as an edge firewall.

    How has it helped my organization?

    pfSense is easy to configure. The features I have configured are firewall rules and dynamic routing through FRR. These advanced features are straightforward to configure, and the documentation, if needed, makes things even easier. 

    We are using pfSense Plus. It helps us minimize downtime. There is high availability built into the software. I can deploy two pfSense firewalls, configure them correctly, and they can back up each other in case one of them fails. It is a fantastic free feature integrated into the product, and I utilize it constantly.

    pfSense has been somewhat beneficial in helping to prevent data loss. We were able to see its benefits immediately after the deployment.

    What is most valuable?

    I find the overall amount of configuration flexibility to be valuable. 

    It is fairly maintenance-free. That is one of the strengths of the product. It has no frills and is extremely easy and painless to use. It does not cause any trouble.

    Another strength of pfSense is that the documentation is very digestible and easy to understand.

    What needs improvement?

    One of the features I know they are working on and would like to see improved is the single pane of glass. They have a beta feature available right now that is good, but I would like to see that more developed and made available to customers sooner rather than later. It is currently very basic. When dealing with a fleet of pfSense firewalls, considering them individually is not the most efficient use of time. 

    It does not provide visibility to make data-driven decisions. I cannot derive any analytics or information from the pfSense GUI or software to make data-driven decisions. The visibility that pfSense Plus provides does not help us optimize performance. I want more information and context around the data passing through my firewall to make data-driven decisions. I have used other vendor firewalls that provide some capability to show the traffic or bandwidth passed within the last hour, directly within the firewall software. I need a way to generate a report that I can deliver to my C-suite, allowing us to discuss and determine the best path forward. Currently, you deploy it, and it performs as expected, but there are no analytics or reporting capabilities to extract information from the firewall, generate a report, and engage stakeholders in discussions about network connectivity issues, concerns, or upgrades.

    For how long have I used the solution?

    I have used Netgate pfSense for more than five years.

    What do I think about the stability of the solution?

    I would rate the stability of the product a nine out of ten.

    What do I think about the scalability of the solution?

    When assessing scalability, I would probably give it a seven out of ten.

    How are customer service and support?

    I have interacted with their customer service, and they have been, without a shadow of a doubt, beyond helpful. They are fantastic and truly among the best I have worked with. I would rate them a ten out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I have used Palo Alto Firewalls and Cisco ASAs as my primary solutions. If money was no object, Palo Alto Firewalls get the edge only due to the fact that they provide more visibility and analytics in regard to the data that goes through the firewall.

    How was the initial setup?

    Setting it up is extremely easy. Installing the hardware, configuring the software, and getting it ready to forward and pass traffic takes as little as 45 minutes. It is extremely robust and easy to manage and use.

    What about the implementation team?

    In my case, it definitely involves a team. When we visit on-site, one person can deploy it, but at least in my business, it is accomplished as a team.

    What's my experience with pricing, setup cost, and licensing?

    pfSense is excellent for a low total cost of ownership. pfSense pricing is extremely competitive, and it delivers exactly what is advertised. If you are looking for a firewall with advanced feature sets at a very low cost, you cannot get anything better than pfSense. It does exactly as advertised, and that is one of its biggest strengths.

    It is extremely affordable in relation to TCO. You get everything that other commercial products give but at an extremely affordable rate, so you can deploy en masse to numerous customers and clients.

    What other advice do I have?

    My overall advice would be to read the fantastic documentation. Everything you will ever need to do with the product is explained very easily in the documentation. If you have any troubles, just read it, and you will always find an answer. It is one of the best documentation of a product I have used in a very long time. Nothing is hidden.

    Overall, I would rate pfSense a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    Systems Administrator at a consultancy with 11-50 employees
    Real User
    Easy to implement changes and offers great flexibility with the add-ons from third-party
    Pros and Cons
    • "The solution's most valuable feature is that I really like the third-party add-ons, as they give the firewall a ton of flexibility and extra functionalities...The product's initial setup phase was extremely straightforward."
    • "The tool is just a little bit slow to release patches, so it is probably one of the things where the tool can improve."

    How has it helped my organization?

    The benefits I have seen in my organization from the use of Netgate pfSense rewards around the fact of how quickly we can implement changes that are needed with the tool are definitely one of the main things. Overall, we have experienced less downtime with the tool. In my organization, we have had downtime with Cisco. Overall, we have noticed some performance increases as well with the use of Netgate pfSense.

    What is most valuable?

    The solution's most valuable feature is that I really like the third-party add-ons, as they give the firewall a ton of flexibility and extra functionalities.

    My organization plans to solve costs-related problems by using Netgate pfSense. We were using Cisco's firewall products, and the license and hardware costs were just too high. With Netgate pfSense, I think we can get a full firewall tool with support and no need for licensing for under 5,000 USD, saving a ton of money.

    There were no specific security issues or challenges I was trying to address using Netgate pfSense.

    In terms of the overall flexibility offered by the product, I would say that it is very easy to implement, make changes, and adapt to different challenges that we may have with it. It offers a lot of different options, including VPN options for site-to-site client VPNs. Overall, it is a great tool. It is a highly adaptable solution that is, most importantly, very easy to implement.

    It is extremely easy to add features to Netgate pfSense and configure them. If you are talking about third-party stuff, it is something that is within the firewall itself. You can go into the Package Manager and install it.

    From a configuration point of view, it is extremely easy to use the tool. With third-party stuff, it can be a pain, but overall, it is extremely easy to manage Netgate pfSense since it is mainly a GUI-driven tool. It is super easy to configure overall.

    If I assess the solution for helping our organization prevent data loss, I think it has been great for us. Everything has room for improvement, but it has been great right now.

    Netgate pfSense provides our organization with a single pane of glass management. The tool offers great flexibility and is awesome. In our organization, we haven't had any issues with it. It just makes changes that need to be done extremely quickly and efficiently by the end of the day.

    I have worked with Netgate pfSense Plus. I buy the hardware from Netgate, and it comes with pfSense Plus.

    Netgate pfSense Plus provides 100 percent features that help minimize downtime. In extreme situations, implementing connections that were super helpful in the past and just the ease of deployment, the product offers is helpful since even if something happens to the firewall itself, I can have a virtualized firewall doing the same thing within less than an hour. It can help with that downtime. I know that Netgate pfSense is extremely reliable and a great tool.

    Netgate pfSense provides 100 percent visibility, enabling my organization to make data-driven decisions. Netgate pfSense is very much configurable. It gives you 100 percent of everything you need to make decisions. It gives you details of all kinds of different graphs, traffic, and firewall rules, along with the things that you definitely need in the form of the data that you need to be able to just make quick data-driven decisions.

    Netgate pfSense visibility helps me optimize performance. The data is just so easily accessible that you can make decisions very quickly. It also helps improve performance. In our organization, we have noticed a very noticeable performance increase since we shifted from the old firewall from Cisco to Netgate pfSense.

    If I were to assess the total cost of ownership of Netgate pfSense, I would say it is extremely low and affordable. I think it is a really very simple and extremely budget-friendly tool.

    What needs improvement?

    In our organization, we have had such a good experience with Netgate pfSense over the last four years. In terms of improvements, I have not really thought much, to be quite honest. Maybe faster releases for the software or the firewall itself can be areas where improvements are possible. The tool is just a little bit slow to release patches, so it is probably one of the things where the tool can improve. In general, the tool is not bad at all at the end of the day.

    Speaking about whether any enhancements are required in the tool, I would say that the tool has everything that we need for our usage. We have an extremely complex environment, the most complex of which is how we use Netgate's BGP to connect to our ISP. Netgate pfSense is extremely feature-rich for our specific use scenarios, and we have not encountered any shortcomings in the solution.

    For how long have I used the solution?

    I have been using Netgate pfSense for around four years. The box itself says Netgate pfSense XG-1540. I don't remember the software version we are using right now, but all I know is that I keep it up to date. In my organization, it will be the latest version of the product.

    What do I think about the stability of the solution?

    I have not faced any issues with the stability of the product. I have one firewall in a very bad physical environment. It was very dusty, but it has been 100 percent reliable.

    What do I think about the scalability of the solution?

    It is an extremely scalable solution.

    In our school, we have close to 1,800 students and 210 teaching staff overall. With administrative staff, I think there are about 50 people.

    I have the tool in different locations and on different campuses.

    How are customer service and support?

    If I can call someone from the product's technical support team, l can have a technical person on the phone with me in less than five minutes. If you have any questions for them, they will come and try to give you the answer as quickly as they can, and if they don't have a reply, they will reply to you later via email. For the amount that it costs per year, the level of service that you get is unbeatable, honestly. I rate the technical support a ten out of ten.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The product's initial setup phase was extremely straightforward.

    When we deployed the product for the first time, we went through its documentation and how to do things. Otherwise, the strategy is usually based on the fact that we have four campuses, and they run in a similar manner. At least for us, we have a master configuration sort of thing, which we can kind of load into Netgate pfSense and make the small changes that we need, like VLAN changes and small things that apply to the location that the device will be deployed to, and it takes less than probably an hour or two to kind of have a firewall deployed working with the bare minimum, which is extremely fast compared to what it takes with Cisco.

    In terms of maintenance, it has been pretty much like we do the setup and then forget it. The firmware updates, or physical maintenance, like cleaning the device, are there. From a greater overview, it is just kind of a set-it-up-and-forget kind of solution for us.

    What about the implementation team?

    The product's deployment was done in-house, and it involved just me. The enterprise-level support from Netgate helped my organization a lot, especially during the first two deployments, but after that, it was easy.

    What was our ROI?

    Personally, I do not have any metrics or data points associated with the ROI that I can share with anyone. My CFO is the person who has information related to ROI.

    Which other solutions did I evaluate?

    In our organization, the whole point of moving to Netgate pfSense was that we wanted something that wasn't hard to use or where the licensing wasn't so expensive. We looked at different open-source options, but I can't remember their names. We also looked at UniFi's firewall, but Netgate pfSense came on top for us, considering the support provided and the fact that Netgate's team is the main set of people that keep up with pfSense's open-source project. With Netgate, we work directly with people who use Netgate pfSense, and it is great. We did look at other options, one of which was UniFi, but I cannot remember the name of the other alternative to Netgate pfSense. I think it is called OPNsense.

    Suppose I compare the other tools I evaluated with Netgate pfSense, and I feel that the pros of pfSense revolve around the area associated with the product's cost in terms of hardware requirements and licensing. There are no existing costs for the licensing or the hardware. You can deal with the licensing part yourself and get it at a cheap rate from elsewhere or buy it from Netgate's boxes directly from the solution company. Another pro would be the ease of management the tool offers since it is possible to have everything that you need in the GUI, which is a little bit controversial because a lot of people like CLI, but sometimes you need to get something quickly without having to have hundreds of different things.

    I haven't come across any cons in the product since most of our company's scenarios are simple and small since we are just a school compared to what other big companies have. Everything that Cisco's firewall was doing for us, Netgate pfSense's firewall does for us for a fraction of the cost and even offers a better performance. I would not know the tool's cons since I do not have anything on my mind right now.

    What other advice do I have?

    I do not use Negate pfSense Plus on Amazon EC2 VMs. In our organization, we are using Negate pfSense Plus on Netgate's hardware. We use Netgate pfSense XG-1540.

    To others who plan to use the solution, I would say that the support offered by the product is 100 percent worth it. The enterprise support is also extremely worth it. In a general sense, if people don't know much about implementation, they just need to read the documentation because many things, like the GUI part, could throw some people off. If you come from a CLI-based tool, the GUI aspect can throw you off, and I know it since it threw me off a little bit initially, but we were able to get through the implementation phase very thoroughly as the tool offers great documentation. By thoroughly going through the documentation, you will have a fairly easy time configuring the tool very methodologically. I really don't think I would recommend anything else apart from the fact that others need to read the documentation and take their time.

    I rate the tool a nine out of ten.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Jeff Markowski - PeerSpot reviewer
    Managing Director at Ranchlands Business Group Inc.
    Real User
    Top 10
    Provides features to help minimize downtime
    Pros and Cons
    • "We really like that it is quite simple to use and straightforward."
    • "The solution could improve by adding in some sort of user account credentials in in the sense of accommodating more levels of users. From what I've found, everybody has basically the same access."

    What is our primary use case?

    We're primarily using the solution for testing. We're also using it internally at our own site, mostly as a reverse proxy, but also for the speed. Not all firewalls have 2.5 and and ten gig WAN ports.

    What is most valuable?

    The format, the layout and the interface are excellent. We really like that it is quite simple to use and straightforward. The quality, in particular, the ones we have is the Netgate unit, is particularly robust in terms of the look and feel as well as their speed and quality.

    We appreciate its flexibility. Its usability is great.

    We were able to witness positive results from the product pretty much immediately.

    Its SD-WAN capabilities are great. The onboard storage is nice for keeping configs and logs, et cetera.

    We do get a single pane of glass for management. It's well laid out and provides clear visibility into management features. Everything is easy to find within the menu bars and options. It is all very logical.

    We're using the Plus version with Netgate.

    pfSense does provide features to help minimize downtime. There's a failover availability, and there are high availability configurations. We don't use that; however, that's good to have if you need it. Having multiple endpoints or configurations on all of the ports is possible. It helps keep up our site and other sites.

    With the logging capabilities, the solution provides visibility and enables you to make data-driven decisions. A lot of our clients are smaller, so they are nowhere near the limits of what pfSense can do by any means. 

    The ease of changing parameters helps us optimize performance. It's a lot easier than what can be done with competitors, for sure. 

    What needs improvement?

    The solution could improve by adding in some sort of user account credentials in the sense of accommodating more levels of users. From what I've found, everybody has basically the same access. 

    A formal partnership with some sort of VPN vendor, like OpenVPN, would be nice.

    For how long have I used the solution?

    I've been using the solution for a couple of years. 

    What do I think about the stability of the solution?

    The stability is very good. there is no lagging or crashing. It's reliable. 

    What do I think about the scalability of the solution?

    The scalability is good. However, we and our clients aren't too large. 

    How are customer service and support?

    I've never needed to contact technical support. 

    Which solution did I use previously and why did I switch?

    In the past, we have used Fortinet devices. pfSense is definitely easier to configure and use. It doesn't have quite the same feature set. However, that's fine - you don't always need the full feature set. We find that the add-ons that are available are fine. You just have to find them from a third party. 

    How was the initial setup?

    The initial deployment was easy.

    There isn't any maintenance needed beyond updates. The base install probably took ten minutes and to configure it properly takes two to three hours with some internal servers and multiple ISPs. You just need one person to handle the process. 

    What's my experience with pricing, setup cost, and licensing?

    I'm using pfSense via Netgate devices, which are reasonably priced. The solution seems to be reasonable. It's well-priced for what you get. It's a bit lower than the competition if you are trying to gauge the cost of ownership. And it adapts well to different speeds.

    What other advice do I have?

    I'm a customer and end-user. 

    I'd rate pfSense eight out of ten.

    If a person is familiar with firewalls, they'll be fine adopting it. The interface is pretty easy.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Dallas Haselhorst - PeerSpot reviewer
    Founder & Principal Consultant at TreeTops Security
    Consultant
    Top 10
    Easy to use, versatile, and adapts to any complex environment
    Pros and Cons
    • "The solution's most valuable features are its ease of use and versatility."
    • "The solution's internal logging could be improved."

    What is our primary use case?

    We use Netgate pfSense as the next-gen firewall because it has a lot of additional capabilities.

    What is most valuable?

    The solution's most valuable features are its ease of use and versatility. You can do anything you want with it. We implemented the solution for better security at better prices.

    Netgate pfSense is extremely robust and stable compared to other firewalls.

    You can use Netgate pfSense as a very basic firewall or with next-generation capabilities and full monitoring. With the command line and the openness of the platform, you can do a lot of things with the tool.

    It is extremely easy to add features to the solution and to configure them. We have extensive monitoring capabilities that we have configured into Netgate pfSense so that we can probably monitor any firewall available. We have also utilized the solution's DNS black holes features.

    When configured properly, the solution's data loss prevention capability is absolutely top-notch. We use the solution to monitor and detect users' odd or anomalous behaviors on the network, which are usually malware-related. We also use the tool to protect against various blacklists.

    We use Netgate on Amazon and have one of their firewalls. Using pfSense Plus on Amazon EC2 has helped simplify our EC2 network. It has definitely helped us with Amazon and tightening things down there.

    With the inclusion of firewall, VPN, and router functionalities, Netgate pfSense's total cost of ownership has been very good. For your infrastructure, you're typically looking at five to seven years. Netgate pfSense is definitely punching above its weight in that sense because it comes at a lower cost.

    Based on our experience, it lives that long and longer than what you would expect. The solution's ROI and longevity do shine in that sense.

    What needs improvement?

    The solution's internal logging could be improved. However, it does have some external logging capabilities. It would be more problematic if you didn't have a very robust environment. We developed our own internal API about five to six years ago, but I hear all the time on newsgroups that one of the solution's biggest problems is API.

    For how long have I used the solution?

    I have been using Netgate pfSense for over 15 years.

    What do I think about the stability of the solution?

    I rate the solution a nine out of ten for stability.

    What do I think about the scalability of the solution?

    Netgate pfSense is a highly scalable solution. I would say there are at least three of us who are fairly proficient with the solution, almost at an expert level. We have a few others who utilize it, but they're limited in what they can do. Most of our clients for Netgate pfSense are small and medium-sized businesses, but we also have some larger businesses.

    I rate the solution’s scalability ten out of ten.

    How are customer service and support?

    The times I've worked with the solution's technical support, they've been excellent.

    I rate the solution’s technical support a ten out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We are in the managed IT space and constantly deal with numerous, big name firewall vendors. Aside from the cost alone, Netgate pfSense provides a lot of benefits. Even if Netgate were the same price as the rest of the other vendors, I would still prefer to use Netgate just because of its ease of use.

    How was the initial setup?

    The solution's initial setup is very straightforward. There's even a built-in wizard that will take you from out of the box to basic firewall setup in about 9 steps.

    What about the implementation team?

    The solution's deployment time depends on the complexity of the environment that you're going into. On average, the deployment takes probably less than a day. We have a team involved in the solution's deployment.

    What was our ROI?

    We have seen a return on investment with Netgate pfSense. We've won some bids for firewall replacement jobs based on the cost alone.

    What's my experience with pricing, setup cost, and licensing?

    I think Netgate pfSense is very fairly priced. I think it's a great way to get people locked in by being a little bit cheaper than many other solutions. Once they see it, they wonder why they would use anything else.

    What other advice do I have?

    One of the features of pfSense Plus is backup capabilities, which didn't really help us because we had our own backup solution built in for several years. We also keep additional firewalls available if something like a storm comes through so that we can restore the configuration in five to ten minutes without too much trouble.

    pfSense Plus doesn't provide a lot of features and benefits, but we use it because we want to see them continuing to develop the solution.

    Netgate pfSense gives us a single pane of glass management, but we don't live in the firewall itself. We monitor it from our single pane of glass, which we're pulling about 20 other security stack solutions into as well. We're pulling in a lot of other enterprise-level solutions, including EDR, vulnerability scans, domain filtering, etc.

    Since we have a few hundred clients, we have both cloud and on-premises deployments of Netgate pfSense.

    Any product requires some care and feeding. It goes back to our monitoring aspect. As a general rule, you have some firmware updates about every six months. You definitely have a few things to maintain here and there in Netgate pfSense, but it's minimal compared to other solutions.

    The solution's cost alone is well worth it. I would recommend it for its adaptability to any complex environment with added security features. You can start off by just doing a standard firewall and then grow from there and really expand on its security features. I really can't think of any reasons why you wouldn't use it. Netgate pfSense is pretty much all we use, and we use a lot of different vendors when we go to different places.

    Overall, I rate the solution ten out of ten.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
    PeerSpot user
    Buyer's Guide
    Download our free Netgate pfSense Report and get advice and tips from experienced pros sharing their opinions.
    Updated: April 2025
    Product Categories
    Firewalls
    Buyer's Guide
    Download our free Netgate pfSense Report and get advice and tips from experienced pros sharing their opinions.