Try our new research platform with insights from 80,000+ expert users
reviewer2509758 - PeerSpot reviewer
Manager, Information Technology Systems at a construction company with 51-200 employees
Real User
Top 20
Open-source, easy to configure, and offers helpful support services
Pros and Cons
  • "The open-source nature of pfSense, paired with the amount of support we receive, has been great."
  • "I'd like to see it become more of a next-gen firewall or deep packet inspection, however, I'm very happy with the way it is as of now."

What is our primary use case?

We primarily use the solution for firewalling, site-to-site VPNs, and VPN management.

How has it helped my organization?

We largely needed a good firewall solution. We wanted to find a suitable firewall for our company size and what we're doing with it.

It's open-source and everything is available to me without having to pay subscription fees. 

What is most valuable?

The support with NetGate probably is the most value I've seen from it. They've been really, really helpful. The open-source nature of pfSense, paired with the amount of support we receive, has been great.

The flexibility is great. It does everything I need it to do. The amount of open apps for it is extensive. I was able to help track some networking issues using the pfSense to scan the network.

It's significantly easier than expected to configure the solution and simple to handle add-ons.

pfSense can help prevent data loss. In our environment, things are fairly strict. However, it makes it easy to manage and configure the firewall and handle inter-VLAN routing and firewalls between them.

We do have access to a single pane of glass management. It's easy to review traffic, usage between VLANs, threat monitoring, and user connectivity. I'd have to monitor items separately without this single pane which would make monitoring difficult. 

We do use pfSense Plus. It provides us with the features we need to minimize downtime. The updates and everything that comes with it have been great.

The visibility provided allows us to make data-driven decisions. The modules I have access to for network monitoring and management have been very helpful.

We've been able to optimize performance. With NetGate support, I've been able to utilize traffic shaping and performance optimizers. 

What needs improvement?

I'd like to see it become more of a next-gen firewall or deep packet inspection, however, I'm very happy with the way it is as of now. 

Buyer's Guide
Netgate pfSense
December 2024
Learn what your peers think about Netgate pfSense. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.

For how long have I used the solution?

I've used the solution personally for about two years. My company has been using it for about eight years now.

What do I think about the stability of the solution?

The stability is very good. 

What do I think about the scalability of the solution?

We have two locations. I have yet to uncover any scalability limitations. 

How are customer service and support?

Support is quick to respond. For the amount we pay a year, the support has paid for itself. I'm very happy with the level of support we get. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I do have experience with Meraki and NetGate devices. I've used FortiGate devices in the past. The expense and support were not near the quality of pfSense.

How was the initial setup?

The initial setup was easy to set up and straightforward to configure. It did take a moment to learn where each tool set was. However, after that, it's really good. I handled the deployment myself. I was able to implement it within 16 hours. 

There isn't really any maintenance; it is pretty much set and forget. I do updates every three months or so and that's it. 

What about the implementation team?

90% of the setup was handled in-house; I referred to NetGate support for a few items along the way. 

What's my experience with pricing, setup cost, and licensing?

We do pay about $600 a year for NetGate support. pfSense is free, however, NetGate, that made the appliance, charges for a support package. I'm very happy with the quality of service that I get for the price. 

We would have paid another $7,000/year for subscription fees if we went anywhere else.

What other advice do I have?

I'd recommend the solution to others. I'd rate it ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
reviewer2511729 - PeerSpot reviewer
Operations Manager at a tech services company with 11-50 employees
Real User
Top 20
Provides visibility that enables users to make data-driven decisions
Pros and Cons
  • "The visibility in pfSense helps optimize performance."
  • "Something that we would really love to see is a real single pane of glass management for multiple clients."

What is our primary use case?

We use the solution as a gateway appliance for our own corporate network as well as that for many of our clients. It has become our go-to gateway appliance for clients when they're looking to to have a new network stack installed.

What is most valuable?

Many of our clients are smaller. However, the big features for them are usually the built-in OpenVPN server for client-based VPN access. The site-to-site links and IPsec site-to-site connectivity are great.

The flexibility is one of the reasons it's become our go-to unit. We don't, unfortunately, get to use so much of its flexibility on a regular basis. That said, I love the fact that it can basically do whatever we need it to do all in one piece of gear.

It's relatively easy to add additional features. They have an application store that already has tools that you can add to pfSense as you need them. At this point, there are 30 or 40 or more of them.

In the long term, when you buy a piece of hardware, you basically get updates for that device for the life of that device. You're not paying for additional licenses throughout the life of that device. You just pay for it once. We do Meraki devices as well, and, every year or few years you need a license. You have to renew. 

There are some features in pfSense that help you to prevent data loss. Even just on the firewall side, you can limit what people are able to reach out to. The outbound filtering has a massive effect on that. They also have some other web filtering tools built-in; however, we don't typically use those. We have other tools for that.

pfSense offers a single pane of glass type of management per client site.

The solution does provide features that help minimize downtime. We don't use these features. However, we know they are available. We have the ability to offer that service. You can hook up two of the gateways in tandem. That way, if one of them ever does fail, it automatically fails over to the other functioning unit. 

pfSense provides visibility that enables users to make data-driven decisions. You can look at the amount of bandwidth used by the device as a whole or as a client. If there's a problem or if Netgate isn't performing per the client's wishes, we can easily make an assessment.

The visibility in pfSense helps optimize performance. There are a lot of different visualization aspects, including some bandwidth charts as well as some other built-in ways of looking at the way the data or information is flowing through the system, which definitely allows for that.

What needs improvement?

Something that we would really love to see is a real single pane of glass management for multiple clients. Having a reseller portal of some kind that allows us to easily remotely access all the different pfSense gateways that we have out there (like Meraki does with their equipment) would be ideal. Right now, we have to manage client by client and just maintain access per site, basically.

For how long have I used the solution?

We've been using the solution for the past three or four years. 

What do I think about the stability of the solution?

They are super stable units. I have not had a single complaint about them.

What do I think about the scalability of the solution?

They are definitely scalable. You can add your own additional storage to them. You can add additional memory to them if need be. They're very scalable, considering what you see in the rest of the gateway appliance market. Those are usually just static boxes where you get what you get, and that's it.

How are customer service and support?

I have contacted support once. I have a Netgate pfSense box that I run as well. I got a little impatient when a firmware update was happening and thought the device locked up and rebooted and ended up having to push the default firmware back. I got help over email, and they were great. They gave me a copy of the factory firmware and I was able to recover the unit.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We've previously used Meraki. We use their gateways as well. We also used to use some Unify gateways but it was too limited. 

pfSense is great - and more flexible. It's better than both. It just lacks a centralized management portal. 

How was the initial setup?

Initially getting into it, it took took a second or two just to get our team trained up on it. Since it's so flexible, there are some initial configuration assumptions that aren't made. You can do with the device as you wish. There's a lot of network equipment out there that has done a little bit too much hand-holding in terms of the initial configuration, however, those are also devices that are much less configurable. Going in, you want to understand networking a little bit more to make some of those decisions when you're setting up a pfSense box. 

How long it takes to implement depends on what you call fully deploy. We're still in the process of doing that. We have, especially on the Unify or Ubiquiti side, every time we have a client where one of those devices fails, we're putting in a pfSense box at this point. We deployed it on our own corporate network rather quickly. I had it done in a couple of hours, basically. 

There is some maintenance needed. The firmware updates, and we want to make sure that we're watching for when the new firmware is released, especially if it's being released to cover some known vulnerabilities.

What about the implementation team?

We did the implementation all by ourselves in-house.

What was our ROI?

We are buying the Netgear hardware and we get the license along with it. The total cost of ownership is is extremely low when you compare it to a lot of the other devices or other gateway appliances that are available on the market.

What's my experience with pricing, setup cost, and licensing?

The pricing is great - for the hardware, at least, which is generally what we're paying for. I was very aware of and paid attention to all the noise that went down when they changed their licensing, especially for the community edition. They created a new product called the Plus version of the license. 

For what they charge for it, which is maybe $100 a year, it's still good. If you wanted to build your own router, pfSense is more than worth $100 a year to have all that flexibility and maybe your own piece of custom hardware that you want to run it on. It's definitely a value-driven product.

What other advice do I have?

We're using the Plus version since we buy the Netgate hardware. That comes with pfSense, and we're typically not building our own gateways.

I'd rate the solution nine out of ten.

My advice to new users would be to practice with the product when you get an appliance. It's always easier to start learning with an appliance directly from Netgate. Just set it up and mess around with it maybe on a network that is a test network of some kind. Something that's not in production. It's not a hard device to understand if you understand networking at all. 

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Netgate pfSense
December 2024
Learn what your peers think about Netgate pfSense. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Christos Messios - PeerSpot reviewer
Senior IT Engineer at Channel IT
Reseller
Top 10
I like the built-in blocker and the ability to easily add packages from the console
Pros and Cons
  • "I like pfBlocker and the ability to install more packages from the pfSense console."
  • "PfSense could better utilize the interface and dashboard and include some packages in the built-in solution. For example, pfSense is sharing some other packages. You have to download and configure them within the package manager of pfSense. Some of those important ones, like the IPS and the monitor, could be installed on the solution's image and configured."

What is our primary use case?

We use pfSense for IT security and load balancing the internet traffic across our three lines. We also use a package available in pfSense called pfBlocker that blocks some DNS records. For example, it doesn't allow ads to appear on the website. We have a site-to-site VPN with our different sites. 

How has it helped my organization?

The benefits from pfSense were immediate. We tested pfSense on a third-party machine, and soon after, we purchased a Netgate machine. PfSense prevents data loss by blocking malicious sites or apps with pfBlocker and the Suricata package, which acts as an IPS. 

PfSense has multiple WAN ports, helping to reduce downtime. We can set multiple Internet lines. If one line has an issue, we can still access the Internet from the other or communicate with the other sites. We also have a high availability feature with pfSense. For example, if we have two or three pfSense devices, we can have high availability. If one goes down, we can still work with the other one.

The visibility that pfSense has enables us to make data-driven decisions. From the logs, we can see blocked or allowed traffic. We generally see what goes into the firewall and change the rules or configuration. 

From the dashboard, we can see the utilization and how our lines behave during working hours. We can see if we need a higher-performance device, a line upgrade, or a feature.

What is most valuable?

I like pfBlocker and the ability to install more packages from the pfSense console. It's easy to add features, but you can check the user communities and videos if you encounter any difficulties. You have the flexibility to choose VPNs with WireGuard or OpenVPN and make firewall rules. It's easy to create a group with multiple IPs, hostnames, or areas and create a rule for that group.

You can make your own configurations on every module and create custom packages, which makes it more flexible. The dashboard is customizable, so you can create your dashboard based on what you would like to see and have all the data there on the dashboard. You can start and stop everything on the dashboard. 

What needs improvement?

PfSense could better utilize the interface and dashboard and include some packages in the built-in solution. For example, pfSense is sharing some other packages. You have to download and configure them within the package manager of pfSense. Some of those important ones, like the IPS and the monitor, could be installed on the solution's image and configured.

For how long have I used the solution?

I have used pfSense for four years in business and at home.

What do I think about the stability of the solution?

I didn't notice any performance issues. 

What do I think about the scalability of the solution?

pfSense is scalable.

How are customer service and support?

I rate Netgate support nine out of 10. I have contacted them twice in the last six months, and they responded and resolved my issue quickly. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used UniFi UDM, Hillstone, and OPNsense, which is similar to pfSense.

How was the initial setup?

Deploying pfSense is straightforward. It took about an hour to install and configure. After deployment, the only maintenance required is periodically checking for new updates or security fixes. 

What's my experience with pricing, setup cost, and licensing?

pfSense's price is excellent and similar to its competitors. It has a low total cost of ownership for all these features. 

What other advice do I have?

I rate Netgate pfSense eight out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Christos Adamidis - PeerSpot reviewer
Information Security Manager at a tech services company with 11-50 employees
Real User
Top 10
Affordable, simple to use, and has a fairly straightforward setup phase
Pros and Cons
  • "The whole layout of the application is pretty decent...The product's initial setup phase is fairly straightforward."
  • "I think if you have paid for a year of service, it shouldn't matter how many times you need to request to rekey the license as long as it is not every other day."

What is our primary use case?

The tool is partly for home-based usage and partly for business usage. I am in the IT industry, taking care of the security and technology parts. I also run a private business in my spare time when I am not working. I use Netgate pfSense as my firewall to separate those two entities: my home and business. I also participate in providing server space for projects involving Azure Flex and Azure Core, which is kind of like an AWS situation but in a more centralized manner. I use Netgate pfSense to ensure that everything is separate. I use Suricata to weed out any malicious type of activity and to keep an eye on just to ensure that all the other functions, both personal and business-related, remains unaffected, intact, and devoid of any type of attacks or the other type of malicious kind of activity.

How has it helped my organization?

The product has helped improve my organization's environment and personal environment since before the use of Netgate pfSense, and I really didn't even have a hardened firewall. With the implementation of Netgate pfSense, I am able to monitor my various network streams, so I have my servers, VLAN, my home VLAN, EMC, my WAN, and the specific VLAN for IoT devices. I even segregate some of my outgoing intranets as well, and I see how Netgate pfSense has allowed me to have a full and high-end visibility of a lot of the traffic that comes and goes, which for me is important because part of the job that I do is crypto related. When dealing with crypto-related business, you need to be careful as far as what you allow in and out of your network.

What is most valuable?

I wouldn't say the simplicity of the tool is its best feature. In a way, there is a simplicity to it, but I like the expandability of the packages that could be used. I like the data and the information that I can collect while observing network traffic. The whole layout of the application is pretty decent. The tool is not super expensive. It is quite an affordable tool. There used to be the free Netgate pfSense Plus that was provided earlier at one point, and I understand now, of course, that it is based on the yearly licensing model, and I think that took a lot of people aback. There is not a lot of money to be paid for the tool, and you get more than what you paid for, especially if I think about its use and consider what it does.

If I assess the flexibility of Netgate pfSense, I would say that I can not just run a firewall, but I could use HAProxy and run a bunch of other kinds of server-based applications that normally would occupy a different server, so it amalgamates a few services into one package, which is nice single point of contact. I like not having to go to two or three servers to run the services needed, especially the ease of the firewall, as far as the creation of rules and the security aspect are concerned. The updates that come in are pretty decent, and though not too often, they are often enough to keep things secure. I like the tool's flexibility in the sense that you do not have to buy an appliance. You can put it on your own hardware, and it can be very simplistic hardware with simple configurations. There are a lot of abilities to be used in the product, and benefits can be gained from the tool without having to incur a huge upfront cost in purchasing hardware. If you have a computer lying around, you can easily install it, and you can go with it. With the tool's free version, you can use the tool for free. It is quite a friendly tool in the sense that it provides access not only to regular people but also to high-end corporates and business individuals.

Getting extra features or added packages in Netgate pfSense is very easy since the GUI and the menus basically take care of everything. When you go to do the installation, you see the log messages come up, and it's very clear when it is complete. It is a pretty simplistic process.

As per my assessment regarding Netgate pfSense's role in helping prevent data loss, I would say that as far as data loss is concerned, I think part of it is the firewall preventing access to my network shares aside from the typical kind of blocking ports and not allowing traffic. I think very much the segregation of the VLANs is possible, and my server VLAN will have all kinds of data, information, databases, and file repositories, and all of that is completely segregated from my DMZ. Any kind of the shared services that I offer or kind of crypto-based services that I do, the connections, both incoming and outgoing, can't gain access to my server VLAN at all, and such segregation really protects my data aside from some of the built-in, immutable type of services that the kind of network repositories that I have that do outside of Netgate pfSense. The key thing actually is just keeping things separate and being able to get alerts if something funky is happening.

Netgate pfSense gives a single pane of glass management view since the dashboard is always the first thing that I look at, and I have got to configure it in a way where I see my traffic graphs. I have the gateways and interfaces that I look at, along with the interface statistics, services, and a lot of other functions that I can quickly just glance at, including my Suricata alerts, the filtering, and other alerts. I can look at the UPS and the run time for the battery. I could take a quick glance and kinda see all the information I need without getting too deep, making the tool's dashboard a pretty cool feature. It really saves a lot of time.

I use Netgate pfSense Plus. I generally have experienced zero downtime with the tool. If there is some downtime, it is because of my own doings. As far as the benefits of Netgate pfSense are taken into consideration, I can see it has a lot of the extras that you get, and it worked. At a certain point in time, Netgate pfSense Plus was free to upgrade. I don't remember how much Netgate pfSense Plus and pfSense CE software differ from each other, but I know they differ quite a bit. The one thing I will say is the major difference that I have used is the boot environment. If I am doing an upgrade, I will basically take a snapshot of my current boot environment. Even though it does it automatically when you do an upgrade, I just take another backup. If I do something that is a very specific change that makes me a little nervous, I take a snapshot, and then I always have something that I could boot back into if things go horribly wrong, which is a big plus and one way of eliminating downtime since you can go back to a previous instance that is fully functioning.

Speaking of whether the tool provides visibility that enables our company to make data-driven decisions, I can check my graph, and through monitoring, I will be able to check my WAN and see the quality of the WAN to the point I was utilizing a router or modem provided by my service provider I was able to through the graph when there was a drop in the traffic and the quality of the connectivity, and that led me to basically scrap the modem and actually configure my own setup to get the internet into my home.

In terms of the total cost of ownership of Netgate pfSense, I think that for somebody like me who uses it in a cozy home corporate business environment, it is quite an affordable option. The tool is not expensive, and when it comes to the cost of ownership, if you have something lying around, like an old server that I repaired for Netgate pfSense. The benefit is that I am able to put it on an older server, so there are no hardware costs. The tool is not something that would go into a landfill. I think that the tool has been quite affordable and has paid itself over quite a few times. You could go cheap and use an ASUS router at home, which a lot of people do, but it may not have the stability, and it doesn't have the kind of horsepower on your engine speed or expandability of a polished product like Netgate pfSense.

The maintenance that is needed in the tool is just to make sure that the tool is up to date. It's not necessary to do the maintenance, and it's not just about updating Netgate pfSense but also updating the packages. It is great that you have a good product that can keep your environment safe. If you don't patch or have unknown vulnerabilities that surface, then you will end up wasting your money. I do have a patch process, so I check at least once a week for new installs or packages or if there is a version released and apply them shortly after. The total time to install the tool is probably a couple of hours in a month.

I

What needs improvement?

There are a lot of features I want to see simplified in the product. I want to see the licensing model part to be improved in the product. Those who need to do certain functions from their house would purchase Netgate pfSense Plus while configuring their machine, but if they have another network added to it, then it would basically change the ID of the device, and they have to go and request to get relicensed. Netgate pfSense will help you with the relicensing part for one time, but if you need to do it a second time, then you will have to pay for a new license, and that, to me, is not very fair. I think if you have paid for a year of service, it shouldn't matter how many times you need to request to rekey the license as long as it is not every other day. Two to three requests in a year shouldn't be an issue, and if I add another network card, why should I pay for a new license when there is not much of a difference.

The only thing that I would like to get some better utilization of is the ability to do free switching. If I need to go between different VLANs, I have VLAN 19.1 and VLAN 19.2, and I strictly use Netgate pfSense, but it doesn't route very efficiently and works quite slowly. I understand that it is not the router, but a lot of times, Netgate pfSense advertises it as a tool that is able to route traffic. I had to go in and purchase a separate router to manage my internal VLANs because Netgate pfSense was just choosing between the VLANs I had.

For how long have I used the solution?

I have been using Netgate pfSense for a year and a half. I am just a customer of the tool.

What do I think about the stability of the solution?

Stability-wise, I rate the solution a nine out of ten.

I haven't had an instance where the tool has gone down, and if it has, then that wasn't my fault. The stability is there in the tool. I have had the tool p and running a few times, and the only time I have had to reboot it is when there was a new release.

What do I think about the scalability of the solution?

The scalability is really dependent on your hardware. If I want to scale it up, I can throw in network adapters, more memory, more CPU, and scale it up. It is quite a scalable tool, and it is really just dependent on what you throw at it. Scalability-wise, I rate the solution an eight out of ten.

How are customer service and support?

The solution's technical support is not bad, and they are pretty quick to respond. It is quite average as far as the technical part goes. There has been no bad experience with the support team. I rate the technical support a seven out of ten.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I tried using OPNsense but I didn't like the whole approach, the menu system and the way it was configured. Netgate pfSense made more sense to me in a logical manner.

How was the initial setup?

The product's initial setup phase is fairly straightforward. If you install an operating system, then you can install Netgate pfSense, so there is nothing to it.

The solution is deployed on an on-premises model.

The basic installation of the tool takes less than an hour. The configuration part is something that you figure out as you go ahead with the tool, which obviously takes a bit longer. The basic installation is quite quick and can be done in less than an hour.

What was our ROI?

For me, considering how much I put into the tool, right now, I would say that the ROI is around 25 percent.

What's my experience with pricing, setup cost, and licensing?

When it comes to Netgate pfSense, I use the basic TAC Lite license, which comes for about 100 USD. I don't think Netgate pfSense is expensive at all. You could look at other services that offer similar types of configurations, and you can see it may cost in the thousands range. Even though I want something for free, I think it is quite a reasonable tool. The only qualm I have with the tool is that it is a little stingy on how many times they have to rekey a license.

What other advice do I have?

I would recommend the tool to others since for me, it is simple, the low cost of ownership, expandability, just the way it looks, I like the numbers, and when the data is there, you throttle how much information you want to see or collect. For somebody who likes to tinker or likes to see the numbers or wants to harden their network or has a corporate business and wants to ensure things are operating smoothly, the tool is worth it.

I rate the tool an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Chief Technology Officer at Dcomm
Real User
Top 20
Plug-and-play, easy to use, and responsive support
Pros and Cons
  • "The solution is very stable. Issues are rare unless a box gets hit with a power surge or something."
  • "If we had, for example, ten pfSense routers deployed, it would be nice to have one console where you could see all ten devices, update the, and keep them all central. A management portal would be very nice."

What is our primary use case?

We're using our offices including the main endpoint VPN connections from the main office to our seller offices.

What is most valuable?

The ability to load third-party apps, et cetera,  into the firewall is pretty useful for a commercial-grade router and file, which is very customizable.

Out of the box, it's about 90% plug-and-play. The last piece, you do need to know how you're setting the firewall up for your environment. It varies on what you're trying to do with it. It can be really easy or difficult, depending on your knowledge base for the application.

We were able to witness the benefits of the product pretty much immediately.

Once you've navigated around it, it's pretty self-explanatory as to where to go. Compared to other products out there, it's pretty easy.

What needs improvement?

We do have a sort of single pane of glass for management purposes. You do have to dig around. If we had, for example, ten pfSense routers deployed, it would be nice to have one console where you could see all ten devices, update them, and keep them all central. A management portal would be very nice.

For how long have I used the solution?

I've been using the solution for seven years. 

What do I think about the stability of the solution?

The solution is very stable. Issues are rare unless a box gets hit with a power surge or something. 

What do I think about the scalability of the solution?

I found the solution very scalable. I can load multiple VMs on it and add a second port onto it. Depending on your deployment, it is very scalable. 

How are customer service and support?

I've only contacted support for corrupted systems. If the unit loses power and comes back on every once in a while, the file system gets corrupted, or it won't boot the device, and you have to reimage the whole thing, in those instances, I've had to reach out to them. They are pretty quick. I can get help within an hour even with just the free version. I imagine the paid version has good support. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used to use Ubiquiti, which was not a great solution. We also used something previously to that. Their interface was very clunky. You'd have to go through multiple different routes to get to the same thing that pfSense has on a single drop-down. pfSense has a more user-friendly setup. Plus, it has CLI integration, which is great. You can make configurations in the command prompt too, which is a lot easier.

How was the initial setup?

To me, the setup is fairly easy. That said, I already knew what I was doing to set it up. If I were coming fresh out into the network and environment, I'd never switch one of the firewalls; there may be a challenge to go through and figure out what the router can do to make the deployment work. When you get the box, you plug it in. There are a lot of features that are ported in that don't come pre-installed. However, they have a complete database listed in their browser. You just go down and pick what services you need. If you don't know what is there, it may take you a while to figure out what the unit is capable of. 

There is no maintenance beyond occasional updates. They don't push those out too often. However, when they do come out, you have to go through them one by one to make sure the update is successful. It would be easier if you could do everything all at once and be done with it.

How long it takes to deploy varies as each office is different. If I'm building three or four VLANs, that's going to take time. In my role, I built one base configuration that contains the VLANs IP servers that I want to use. I've extracted that as a file that I can modify and push to different boxes. So if I get 100 2100 or 4100, it doesn't matter. All I have to do is change the interface names and push it back to the box. So to me, it's pretty fast, and it already has my settings ready to go.

What about the implementation team?

I handled the initial setup myself. 

What's my experience with pricing, setup cost, and licensing?

I use the community version. For configurations and troubleshooting, you do need to pay. I'm not sure what the pricing is for Plus.

What other advice do I have?

I'd rate the solution ten out of ten. 

I'm a customer and end-user. 

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
DevOps Engineer at Vogel Communications Group GmbH & Co. KG
User
Has good performance optimization documentation
Pros and Cons
  • "The performance optimization documentation has improved our organization. The base setup is great but with higher bandwidth, it is really hard to find good documentation on how to tweak the setup to get the most out of your connection."
  • "Performance Optimization Documentation could use improvement. The base setup is great but with higher bandwidth, it is really hard to find good documentation on how to tweak the setup to get the most out of your connection."

What is our primary use case?

We use it as a firewall within our public cloud infrastructure. We use it in particular for IPSec, VPN, and Reverse Proxying HTTP Traffic. We have deployed multiple pfSenses and most of them are configured as HA/Failover.

We wanted to secure traffic between our main office and multiple public cloud data centers and providers. We also wanted to have access to our cloud components via VPN.

We have multiple websites that are proxied via HAProxy and secured via Let’s Encrypt TLS Certificates (generated via the ACME Plugin).

We deploy across multiple virtual data centers that are in different physical locations. Multiple teams have their own deployment. One HA / Failover cluster is the entry point to our websites so there are millions of HTTP requests per month. We also have around 20 to 30 users (Dev and Ops) who use the VPN feature. Behind the pfSense firewalls, there are around 100+ servers and no end users.

How has it helped my organization?

We replaced a Sophos UTM 9 Failover Cluster with a pfSense Failover Cluster and we can now make config and certificate changes without downtime. Also, the TLS certificates are rotated automatically.

The performance optimization documentation has improved our organization. The base setup is great but with higher bandwidth, it is really hard to find good documentation on how to tweak the setup to get the most out of your connection.

pfSense sort of gives us a single pane of glass management. We use the same product multiple times so we only need to know one product but it also does not offer a single management platform for all deployments. Whether this is good or bad depends on the point of view. On the one hand, we need to manage multiple setups, but on the other hand, we have a clear separation of concerns and risk zones (if the user account on one system is breached not all systems are affected).

What is most valuable?

It is hard to pinpoint a specific feature that is the most valuable. I think the big community is a major benefit. Most problems we encounter were already encountered and mostly solved by someone else. Most of the components are open-source tools, so the error messages have hits on Google which makes debugging easier.

pfSense has Plugins and is open source so everybody can add features or improve the product. For example, HAProxy, ACME Plugin, Prometheus-node-exporter, Nmap, etc. I see it as a relatively flexible product. If something is not working via the WebUI, SSH or WebKVM is always there.

Most of the time it is very straightforward to use a feature or plugin, the documentation is great and has examples that are very helpful. If something is a bit tricky, pfSense luckily has a big community. 

What needs improvement?

Performance Optimization Documentation could use improvement. The base setup is great but with higher bandwidth, it is really hard to find good documentation on how to tweak the setup to get the most out of your connection.

For how long have I used the solution?

We have been using pfSense for eight years. 

What do I think about the stability of the solution?

pfSense is a very stable solution. In all the years I had around three instabilities.

What do I think about the scalability of the solution?

Two people handle the maintenance of all pfSense Firewalls.

It can be used in small to big deployments. If the bandwidth hits more than 10GBs or 20GBs you need to optimize it to get good results. I would also not recommend it in very big ISP deployments with TBs of traffic.

How are customer service and support?

I have never used the support for any technical issue. The community forums and Google always were enough.

I rate the support an eight out of ten. I had an issue with a pfSense Plus License and the support was helpful and got my problem resolved within a day.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

In one of our virtual data centers, we had a Sophos UTM 9 as failover but it had some very annoying problems (Let’s Encrypt TLS Cert generation or WAF config reloads resulted in a two-minute downtime).

How was the initial setup?

The old installation was straightforward, but the new installer has some bugs and does not really work.

What about the implementation team?

We implemented it ourselves. 

Previous deployments were done by a System Engineer and the current deployments are done by me (DevOps Engineer) and a System Engineer. It was a one-person job.

What was our ROI?

We have better uptimes and lower support costs in comparison to the Sophos firewall and we are also saving on licensing fees.

What's my experience with pricing, setup cost, and licensing?

The licensing seems fair. We owned the TAC Lite License for some time. The problem was, that the license is bound to a device ID which does not really work well with VMs where this ID changes sometimes.

We use pfSense Community Edition as our firewall within our public cloud so we only pay for the VM and the traffic.

What other advice do I have?

I would rate it an eight out of ten. It is very good but has some fields in which it can improve.

You need to have an interest in the topic and also (like any security product) it needs regular attention. But it is a reliable firewall and the combination of BSD and ZFS makes it pretty solid.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Director at sst360
    User
    Makes everything easier compared to other products
    Pros and Cons
    • "pfSense makes everything easier compared to Cisco or Fortinet."
    • "Evaluation and contracting could be improved."

    What is our primary use case?

    We use it for home solutions and 200+ enterprises. We use it to address routing issues (NATing issues through VPNs).

    Our environment consists of many enterprises with many subnets.

    How has it helped my organization?

    pfSense makes everything easier compared to Cisco or Fortinet.

    What is most valuable?

    Policy-based firewall rules are the most valuable feature because every other brand it is 200% more complicated to accomplish the same operation.

    The flexibility is easy. We can implant in small businesses for less than 500 CAD and in 5k users enterprises. The only part that needs to be improved is the hardware, everything else is out of the box.

    I would rate the ease of adding features a ten out of ten. With telecom knowledge, the product is crystal clear easy.

    What needs improvement?

    Evaluation and contracting could be improved. 

    For how long have I used the solution?

    I have been using pfSense since 2016.

    What do I think about the scalability of the solution?

    The scalability is good, they should offer filtration or a next-gen firewall.

    How are customer service and support?

    From my experience, their support is very quick. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I haven't evaluated any solutions since 2016. With pfSense you get the bang for your buck. pfSense routing, VPN, policy rules, NAT forwarding, everything is better.

    How was the initial setup?

    The initial setup is straightforward. It was easy. We have 16 years of experience. I did the deployment, it only required one person. 

    What's my experience with pricing, setup cost, and licensing?

    It is cheaper than other options. 


    What other advice do I have?

    I would rate it a 9.5 out of 10. My advice would be to take the time to do an online course if you find using the solution a bit hard. It is worth it.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Senior Project Engineer at a manufacturing company with 1-10 employees
    Real User
    You can install whatever plugins you need and get a lot of community support
    Pros and Cons
    • "The automated backup is great."
    • "From the hardware perspective, it seems like there has been a lot of turnover at Netgate. It comes with the territory because processors and other boards change so fast. But I'd like to see more continuity in the product line and a longer lifespan for a specific series. The operating system side of it has been rock solid, and the appliances have been great. I just want to not support many different appliances. I want one we can standardize for several years."

    What is our primary use case?

    We deploy Netgate pfSense primarily as enterprise-grade routers and VPN endpoints or VPN servers.

    How has it helped my organization?

    It's a firewall that provides frontline defense for any network. We saw the benefits of pfSense immediately upon the first deployment. It has several features that prevent data loss. For example, it allows automated backups of the configurations. It's nice to know that any changes are captured, and we can easily be pulled back to a new device should the current one fail. It also helps to optimize performance. We get good real-time statistics that Netgate can use to optimize performance. 

    What is most valuable?

    The automated backup is great. PfSense is an incredibly flexible platform. You can install whatever plugins you need and get lots of community support. There is tons of built-in logging, and the add-on packages you can use to analyze your traffic have been handy. That can generate a ton of data for us to look at how the network is being utilized and what changes need to be made or where we can improve.

    What needs improvement?

    From the hardware perspective, it seems like there has been a lot of turnover at Netgate. It comes with the territory because processors and other boards change so fast. But I'd like to see more continuity in the product line and a longer lifespan for a specific series. The operating system side of it has been rock solid, and the appliances have been great. I just want to not support many different appliances. I want one we can standardize for several years.

    For how long have I used the solution?

    I have used pfSense for around 10 years.

    What do I think about the stability of the solution?

    The stability of pfSense is rock-solid.

    What do I think about the scalability of the solution?

    The scalability of pfSense is also excellent, assuming you purchase the right hardware on the front end. In our case, we're doing physical deployments, not cloud-based.

    How are customer service and support?

    I rate Netgate support 10 out of 10.  Their in-house support team is excellent. Each appliance comes with the minimum support needed to get a network connection. The support is knowledgeable and responds quickly, so the questions are addressed professionally and accurately.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We've used some Cisco products. I prefer the pfSense licensing model. You can get ongoing support and updates continuously. I don't need to pay again to patch a system. Cisco licenses connections. It's such a licensing problem at Cisco that I prefer dealing with pfSense.

    How was the initial setup?

    We deployed pfSense on physical appliances. I think it's fairly easy for the average IT technician with no prior experience if they understand that it's primarily configured through a web portal instead of a command line configuration. PfSense can be deployed on one instance in 15 to 30 minutes.  

    The documentation and community support are great, so many answers can be found without reaching out to their support. It requires no maintenance aside from regular updates and patches. 

    What's my experience with pricing, setup cost, and licensing?

    The pricing is fantastic, and the market bears it easily. The total cost of ownership is so low because the license and the hardware are remarkably good. You don't have any recurring fees or licenses to maintain. With pfSense, you pay the upfront cost and that's it. The upfront cost is reasonable.

    What other advice do I have?

    I rate Netgate pfSense 10 out of 10. I love using pfSense firewalls. 

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Netgate pfSense Report and get advice and tips from experienced pros sharing their opinions.
    Updated: December 2024
    Product Categories
    Firewalls
    Buyer's Guide
    Download our free Netgate pfSense Report and get advice and tips from experienced pros sharing their opinions.