Netgate pfSense Reviews

We primarily use the solution for firewalling, site-to-site VPNs, and VPN management.

We largely needed a good firewall solution. We wanted to find a suitable firewall for our company size and what we're doing with it.

It's open-source and everything is available to me without having to pay subscription fees. 

The support with NetGate probably is the most value I've seen from it. They've been really, really helpful. The open-source nature of pfSense, paired with the amount of support we receive, has been great.

The flexibility is great. It does everything I need it to do. The amount of open apps for it is extensive. I was able to help track some networking issues using the pfSense to scan the network.

It's significantly easier than expected to configure the solution and simple to handle add-ons.

pfSense can help prevent data loss. In our environment, things are fairly strict. However, it makes it easy to manage and configure the firewall and handle inter-VLAN routing and firewalls between them.

We do have access to a single pane of glass management. It's easy to review traffic, usage between VLANs, threat monitoring, and user connectivity. I'd have to monitor items separately without this single pane which would make monitoring difficult. 

We do use pfSense Plus. It provides us with the features we need to minimize downtime. The updates and everything that comes with it have been great.

The visibility provided allows us to make data-driven decisions. The modules I have access to for network monitoring and management have been very helpful.

We've been able to optimize performance. With NetGate support, I've been able to utilize traffic shaping and performance optimizers. 

I'd like to see it become more of a next-gen firewall or deep packet inspection, however, I'm very happy with the way it is as of now. 

I've used the solution personally for about two years. My company has been using it for about eight years now.

The stability is very good. 

We have two locations. I have yet to uncover any scalability limitations. 

Support is quick to respond. For the amount we pay a year, the support has paid for itself. I'm very happy with the level of support we get. 

Positive

I do have experience with Meraki and NetGate devices. I've used FortiGate devices in the past. The expense and support were not near the quality of pfSense.

The initial setup was easy to set up and straightforward to configure. It did take a moment to learn where each tool set was. However, after that, it's really good. I handled the deployment myself. I was able to implement it within 16 hours. 

There isn't really any maintenance; it is pretty much set and forget. I do updates every three months or so and that's it. 

90% of the setup was handled in-house; I referred to NetGate support for a few items along the way. 

We do pay about $600 a year for NetGate support. pfSense is free, however, NetGate, that made the appliance, charges for a support package. I'm very happy with the quality of service that I get for the price. 

We would have paid another $7,000/year for subscription fees if we went anywhere else.

I'd recommend the solution to others. I'd rate it ten out of ten.

We use the solution as a gateway appliance for our own corporate network as well as that for many of our clients. It has become our go-to gateway appliance for clients when they're looking to to have a new network stack installed.

Many of our clients are smaller. However, the big features for them are usually the built-in OpenVPN server for client-based VPN access. The site-to-site links and IPsec site-to-site connectivity are great.

The flexibility is one of the reasons it's become our go-to unit. We don't, unfortunately, get to use so much of its flexibility on a regular basis. That said, I love the fact that it can basically do whatever we need it to do all in one piece of gear.

It's relatively easy to add additional features. They have an application store that already has tools that you can add to pfSense as you need them. At this point, there are 30 or 40 or more of them.

In the long term, when you buy a piece of hardware, you basically get updates for that device for the life of that device. You're not paying for additional licenses throughout the life of that device. You just pay for it once. We do Meraki devices as well, and, every year or few years you need a license. You have to renew. 

There are some features in pfSense that help you to prevent data loss. Even just on the firewall side, you can limit what people are able to reach out to. The outbound filtering has a massive effect on that. They also have some other web filtering tools built-in; however, we don't typically use those. We have other tools for that.

pfSense offers a single pane of glass type of management per client site.

The solution does provide features that help minimize downtime. We don't use these features. However, we know they are available. We have the ability to offer that service. You can hook up two of the gateways in tandem. That way, if one of them ever does fail, it automatically fails over to the other functioning unit. 

pfSense provides visibility that enables users to make data-driven decisions. You can look at the amount of bandwidth used by the device as a whole or as a client. If there's a problem or if Netgate isn't performing per the client's wishes, we can easily make an assessment.

The visibility in pfSense helps optimize performance. There are a lot of different visualization aspects, including some bandwidth charts as well as some other built-in ways of looking at the way the data or information is flowing through the system, which definitely allows for that.

Something that we would really love to see is a real single pane of glass management for multiple clients. Having a reseller portal of some kind that allows us to easily remotely access all the different pfSense gateways that we have out there (like Meraki does with their equipment) would be ideal. Right now, we have to manage client by client and just maintain access per site, basically.

We've been using the solution for the past three or four years. 

They are super stable units. I have not had a single complaint about them.

They are definitely scalable. You can add your own additional storage to them. You can add additional memory to them if need be. They're very scalable, considering what you see in the rest of the gateway appliance market. Those are usually just static boxes where you get what you get, and that's it.

I have contacted support once. I have a Netgate pfSense box that I run as well. I got a little impatient when a firmware update was happening and thought the device locked up and rebooted and ended up having to push the default firmware back. I got help over email, and they were great. They gave me a copy of the factory firmware and I was able to recover the unit.

Positive

We've previously used Meraki. We use their gateways as well. We also used to use some Unify gateways but it was too limited. 

pfSense is great - and more flexible. It's better than both. It just lacks a centralized management portal. 

Initially getting into it, it took took a second or two just to get our team trained up on it. Since it's so flexible, there are some initial configuration assumptions that aren't made. You can do with the device as you wish. There's a lot of network equipment out there that has done a little bit too much hand-holding in terms of the initial configuration, however, those are also devices that are much less configurable. Going in, you want to understand networking a little bit more to make some of those decisions when you're setting up a pfSense box. 

How long it takes to implement depends on what you call fully deploy. We're still in the process of doing that. We have, especially on the Unify or Ubiquiti side, every time we have a client where one of those devices fails, we're putting in a pfSense box at this point. We deployed it on our own corporate network rather quickly. I had it done in a couple of hours, basically. 

There is some maintenance needed. The firmware updates, and we want to make sure that we're watching for when the new firmware is released, especially if it's being released to cover some known vulnerabilities.

We did the implementation all by ourselves in-house.

We are buying the Netgear hardware and we get the license along with it. The total cost of ownership is is extremely low when you compare it to a lot of the other devices or other gateway appliances that are available on the market.

The pricing is great - for the hardware, at least, which is generally what we're paying for. I was very aware of and paid attention to all the noise that went down when they changed their licensing, especially for the community edition. They created a new product called the Plus version of the license. 

For what they charge for it, which is maybe $100 a year, it's still good. If you wanted to build your own router, pfSense is more than worth $100 a year to have all that flexibility and maybe your own piece of custom hardware that you want to run it on. It's definitely a value-driven product.

We're using the Plus version since we buy the Netgate hardware. That comes with pfSense, and we're typically not building our own gateways.

I'd rate the solution nine out of ten.

My advice to new users would be to practice with the product when you get an appliance. It's always easier to start learning with an appliance directly from Netgate. Just set it up and mess around with it maybe on a network that is a test network of some kind. Something that's not in production. It's not a hard device to understand if you understand networking at all. 

We use pfSense for IT security and load balancing the internet traffic across our three lines. We also use a package available in pfSense called pfBlocker that blocks some DNS records. For example, it doesn't allow ads to appear on the website. We have a site-to-site VPN with our different sites. 

The benefits from pfSense were immediate. We tested pfSense on a third-party machine, and soon after, we purchased a Netgate machine. PfSense prevents data loss by blocking malicious sites or apps with pfBlocker and the Suricata package, which acts as an IPS. 

PfSense has multiple WAN ports, helping to reduce downtime. We can set multiple Internet lines. If one line has an issue, we can still access the Internet from the other or communicate with the other sites. We also have a high availability feature with pfSense. For example, if we have two or three pfSense devices, we can have high availability. If one goes down, we can still work with the other one.

The visibility that pfSense has enables us to make data-driven decisions. From the logs, we can see blocked or allowed traffic. We generally see what goes into the firewall and change the rules or configuration. 

From the dashboard, we can see the utilization and how our lines behave during working hours. We can see if we need a higher-performance device, a line upgrade, or a feature.

I like pfBlocker and the ability to install more packages from the pfSense console. It's easy to add features, but you can check the user communities and videos if you encounter any difficulties. You have the flexibility to choose VPNs with WireGuard or OpenVPN and make firewall rules. It's easy to create a group with multiple IPs, hostnames, or areas and create a rule for that group.

You can make your own configurations on every module and create custom packages, which makes it more flexible. The dashboard is customizable, so you can create your dashboard based on what you would like to see and have all the data there on the dashboard. You can start and stop everything on the dashboard. 

PfSense could better utilize the interface and dashboard and include some packages in the built-in solution. For example, pfSense is sharing some other packages. You have to download and configure them within the package manager of pfSense. Some of those important ones, like the IPS and the monitor, could be installed on the solution's image and configured.

I have used pfSense for four years in business and at home.

I didn't notice any performance issues. 

pfSense is scalable.

I rate Netgate support nine out of 10. I have contacted them twice in the last six months, and they responded and resolved my issue quickly. 

Positive

We used UniFi UDM, Hillstone, and OPNsense, which is similar to pfSense.

Deploying pfSense is straightforward. It took about an hour to install and configure. After deployment, the only maintenance required is periodically checking for new updates or security fixes. 

pfSense's price is excellent and similar to its competitors. It has a low total cost of ownership for all these features. 

I rate Netgate pfSense eight out of 10. 

The tool is partly for home-based usage and partly for business usage. I am in the IT industry, taking care of the security and technology parts. I also run a private business in my spare time when I am not working. I use Netgate pfSense as my firewall to separate those two entities: my home and business. I also participate in providing server space for projects involving Azure Flex and Azure Core, which is kind of like an AWS situation but in a more centralized manner. I use Netgate pfSense to ensure that everything is separate. I use Suricata to weed out any malicious type of activity and to keep an eye on just to ensure that all the other functions, both personal and business-related, remains unaffected, intact, and devoid of any type of attacks or the other type of malicious kind of activity.

The product has helped improve my organization's environment and personal environment since before the use of Netgate pfSense, and I really didn't even have a hardened firewall. With the implementation of Netgate pfSense, I am able to monitor my various network streams, so I have my servers, VLAN, my home VLAN, EMC, my WAN, and the specific VLAN for IoT devices. I even segregate some of my outgoing intranets as well, and I see how Netgate pfSense has allowed me to have a full and high-end visibility of a lot of the traffic that comes and goes, which for me is important because part of the job that I do is crypto related. When dealing with crypto-related business, you need to be careful as far as what you allow in and out of your network.

I wouldn't say the simplicity of the tool is its best feature. In a way, there is a simplicity to it, but I like the expandability of the packages that could be used. I like the data and the information that I can collect while observing network traffic. The whole layout of the application is pretty decent. The tool is not super expensive. It is quite an affordable tool. There used to be the free Netgate pfSense Plus that was provided earlier at one point, and I understand now, of course, that it is based on the yearly licensing model, and I think that took a lot of people aback. There is not a lot of money to be paid for the tool, and you get more than what you paid for, especially if I think about its use and consider what it does.

If I assess the flexibility of Netgate pfSense, I would say that I can not just run a firewall, but I could use HAProxy and run a bunch of other kinds of server-based applications that normally would occupy a different server, so it amalgamates a few services into one package, which is nice single point of contact. I like not having to go to two or three servers to run the services needed, especially the ease of the firewall, as far as the creation of rules and the security aspect are concerned. The updates that come in are pretty decent, and though not too often, they are often enough to keep things secure. I like the tool's flexibility in the sense that you do not have to buy an appliance. You can put it on your own hardware, and it can be very simplistic hardware with simple configurations. There are a lot of abilities to be used in the product, and benefits can be gained from the tool without having to incur a huge upfront cost in purchasing hardware. If you have a computer lying around, you can easily install it, and you can go with it. With the tool's free version, you can use the tool for free. It is quite a friendly tool in the sense that it provides access not only to regular people but also to high-end corporates and business individuals.

Getting extra features or added packages in Netgate pfSense is very easy since the GUI and the menus basically take care of everything. When you go to do the installation, you see the log messages come up, and it's very clear when it is complete. It is a pretty simplistic process.

As per my assessment regarding Netgate pfSense's role in helping prevent data loss, I would say that as far as data loss is concerned, I think part of it is the firewall preventing access to my network shares aside from the typical kind of blocking ports and not allowing traffic. I think very much the segregation of the VLANs is possible, and my server VLAN will have all kinds of data, information, databases, and file repositories, and all of that is completely segregated from my DMZ. Any kind of the shared services that I offer or kind of crypto-based services that I do, the connections, both incoming and outgoing, can't gain access to my server VLAN at all, and such segregation really protects my data aside from some of the built-in, immutable type of services that the kind of network repositories that I have that do outside of Netgate pfSense. The key thing actually is just keeping things separate and being able to get alerts if something funky is happening.

Netgate pfSense gives a single pane of glass management view since the dashboard is always the first thing that I look at, and I have got to configure it in a way where I see my traffic graphs. I have the gateways and interfaces that I look at, along with the interface statistics, services, and a lot of other functions that I can quickly just glance at, including my Suricata alerts, the filtering, and other alerts. I can look at the UPS and the run time for the battery. I could take a quick glance and kinda see all the information I need without getting too deep, making the tool's dashboard a pretty cool feature. It really saves a lot of time.

I use Netgate pfSense Plus. I generally have experienced zero downtime with the tool. If there is some downtime, it is because of my own doings. As far as the benefits of Netgate pfSense are taken into consideration, I can see it has a lot of the extras that you get, and it worked. At a certain point in time, Netgate pfSense Plus was free to upgrade. I don't remember how much Netgate pfSense Plus and pfSense CE software differ from each other, but I know they differ quite a bit. The one thing I will say is the major difference that I have used is the boot environment. If I am doing an upgrade, I will basically take a snapshot of my current boot environment. Even though it does it automatically when you do an upgrade, I just take another backup. If I do something that is a very specific change that makes me a little nervous, I take a snapshot, and then I always have something that I could boot back into if things go horribly wrong, which is a big plus and one way of eliminating downtime since you can go back to a previous instance that is fully functioning.

Speaking of whether the tool provides visibility that enables our company to make data-driven decisions, I can check my graph, and through monitoring, I will be able to check my WAN and see the quality of the WAN to the point I was utilizing a router or modem provided by my service provider I was able to through the graph when there was a drop in the traffic and the quality of the connectivity, and that led me to basically scrap the modem and actually configure my own setup to get the internet into my home.

In terms of the total cost of ownership of Netgate pfSense, I think that for somebody like me who uses it in a cozy home corporate business environment, it is quite an affordable option. The tool is not expensive, and when it comes to the cost of ownership, if you have something lying around, like an old server that I repaired for Netgate pfSense. The benefit is that I am able to put it on an older server, so there are no hardware costs. The tool is not something that would go into a landfill. I think that the tool has been quite affordable and has paid itself over quite a few times. You could go cheap and use an ASUS router at home, which a lot of people do, but it may not have the stability, and it doesn't have the kind of horsepower on your engine speed or expandability of a polished product like Netgate pfSense.

The maintenance that is needed in the tool is just to make sure that the tool is up to date. It's not necessary to do the maintenance, and it's not just about updating Netgate pfSense but also updating the packages. It is great that you have a good product that can keep your environment safe. If you don't patch or have unknown vulnerabilities that surface, then you will end up wasting your money. I do have a patch process, so I check at least once a week for new installs or packages or if there is a version released and apply them shortly after. The total time to install the tool is probably a couple of hours in a month.

I

There are a lot of features I want to see simplified in the product. I want to see the licensing model part to be improved in the product. Those who need to do certain functions from their house would purchase Netgate pfSense Plus while configuring their machine, but if they have another network added to it, then it would basically change the ID of the device, and they have to go and request to get relicensed. Netgate pfSense will help you with the relicensing part for one time, but if you need to do it a second time, then you will have to pay for a new license, and that, to me, is not very fair. I think if you have paid for a year of service, it shouldn't matter how many times you need to request to rekey the license as long as it is not every other day. Two to three requests in a year shouldn't be an issue, and if I add another network card, why should I pay for a new license when there is not much of a difference.

The only thing that I would like to get some better utilization of is the ability to do free switching. If I need to go between different VLANs, I have VLAN 19.1 and VLAN 19.2, and I strictly use Netgate pfSense, but it doesn't route very efficiently and works quite slowly. I understand that it is not the router, but a lot of times, Netgate pfSense advertises it as a tool that is able to route traffic. I had to go in and purchase a separate router to manage my internal VLANs because Netgate pfSense was just choosing between the VLANs I had.

I have been using Netgate pfSense for a year and a half. I am just a customer of the tool.

Stability-wise, I rate the solution a nine out of ten.

I haven't had an instance where the tool has gone down, and if it has, then that wasn't my fault. The stability is there in the tool. I have had the tool p and running a few times, and the only time I have had to reboot it is when there was a new release.

The scalability is really dependent on your hardware. If I want to scale it up, I can throw in network adapters, more memory, more CPU, and scale it up. It is quite a scalable tool, and it is really just dependent on what you throw at it. Scalability-wise, I rate the solution an eight out of ten.

The solution's technical support is not bad, and they are pretty quick to respond. It is quite average as far as the technical part goes. There has been no bad experience with the support team. I rate the technical support a seven out of ten.

Neutral

I tried using OPNsense but I didn't like the whole approach, the menu system and the way it was configured. Netgate pfSense made more sense to me in a logical manner.

The product's initial setup phase is fairly straightforward. If you install an operating system, then you can install Netgate pfSense, so there is nothing to it.

The solution is deployed on an on-premises model.

The basic installation of the tool takes less than an hour. The configuration part is something that you figure out as you go ahead with the tool, which obviously takes a bit longer. The basic installation is quite quick and can be done in less than an hour.

For me, considering how much I put into the tool, right now, I would say that the ROI is around 25 percent.

When it comes to Netgate pfSense, I use the basic TAC Lite license, which comes for about 100 USD. I don't think Netgate pfSense is expensive at all. You could look at other services that offer similar types of configurations, and you can see it may cost in the thousands range. Even though I want something for free, I think it is quite a reasonable tool. The only qualm I have with the tool is that it is a little stingy on how many times they have to rekey a license.

I would recommend the tool to others since for me, it is simple, the low cost of ownership, expandability, just the way it looks, I like the numbers, and when the data is there, you throttle how much information you want to see or collect. For somebody who likes to tinker or likes to see the numbers or wants to harden their network or has a corporate business and wants to ensure things are operating smoothly, the tool is worth it.

I rate the tool an eight out of ten.

We're using our offices including the main endpoint VPN connections from the main office to our seller offices.

The ability to load third-party apps, et cetera,  into the firewall is pretty useful for a commercial-grade router and file, which is very customizable.

Out of the box, it's about 90% plug-and-play. The last piece, you do need to know how you're setting the firewall up for your environment. It varies on what you're trying to do with it. It can be really easy or difficult, depending on your knowledge base for the application.

We were able to witness the benefits of the product pretty much immediately.

Once you've navigated around it, it's pretty self-explanatory as to where to go. Compared to other products out there, it's pretty easy.

We do have a sort of single pane of glass for management purposes. You do have to dig around. If we had, for example, ten pfSense routers deployed, it would be nice to have one console where you could see all ten devices, update them, and keep them all central. A management portal would be very nice.

I've been using the solution for seven years. 

The solution is very stable. Issues are rare unless a box gets hit with a power surge or something. 

I found the solution very scalable. I can load multiple VMs on it and add a second port onto it. Depending on your deployment, it is very scalable. 

I've only contacted support for corrupted systems. If the unit loses power and comes back on every once in a while, the file system gets corrupted, or it won't boot the device, and you have to reimage the whole thing, in those instances, I've had to reach out to them. They are pretty quick. I can get help within an hour even with just the free version. I imagine the paid version has good support. 

Positive

We used to use Ubiquiti, which was not a great solution. We also used something previously to that. Their interface was very clunky. You'd have to go through multiple different routes to get to the same thing that pfSense has on a single drop-down. pfSense has a more user-friendly setup. Plus, it has CLI integration, which is great. You can make configurations in the command prompt too, which is a lot easier.

To me, the setup is fairly easy. That said, I already knew what I was doing to set it up. If I were coming fresh out into the network and environment, I'd never switch one of the firewalls; there may be a challenge to go through and figure out what the router can do to make the deployment work. When you get the box, you plug it in. There are a lot of features that are ported in that don't come pre-installed. However, they have a complete database listed in their browser. You just go down and pick what services you need. If you don't know what is there, it may take you a while to figure out what the unit is capable of. 

There is no maintenance beyond occasional updates. They don't push those out too often. However, when they do come out, you have to go through them one by one to make sure the update is successful. It would be easier if you could do everything all at once and be done with it.

How long it takes to deploy varies as each office is different. If I'm building three or four VLANs, that's going to take time. In my role, I built one base configuration that contains the VLANs IP servers that I want to use. I've extracted that as a file that I can modify and push to different boxes. So if I get 100 2100 or 4100, it doesn't matter. All I have to do is change the interface names and push it back to the box. So to me, it's pretty fast, and it already has my settings ready to go.

I handled the initial setup myself. 

I use the community version. For configurations and troubleshooting, you do need to pay. I'm not sure what the pricing is for Plus.

I'd rate the solution ten out of ten. 

I'm a customer and end-user. 

We have a tiny business that uses pfSense to create a secure VPN between our two locations. 

It's a reliable platform. We also value pfSense's security features because we have to comply with PCI for credit card payments. We need to be confident that we'll have the security. PfSense offers that.

We realized the benefits of pfSense almost immediately. I read about a company using it and thought it would be the most secure thing. It's a bit daunting at first because you have to configure it. However, they create ISP versions, so you can leave those alone and not configure them. This does the whole thing in one box, whereas, with the ISP thing, you have to think about how many different appliances you'll need to make it work.

I like how easy it is to access VPNs and stuff like that. It's so simple to set up a site-to-site VPN. The solution is flexible enough to do just about anything.  It's super easy to configure the features as long as you have the details you need, or you can build out stuff if it lacks what you're after because it has a plugin architecture.

It depends on how you run it, but pfSense can help you prevent data loss. Still, it's more about preventing people from getting in and having the confidence that you won't be compromised. And if you need those extra features, you can always add them and all those things that can monitor what's happening in your website or organization.

The web interface allows you to see bandwidth, how things connect, and much more. PfSense Plus prevents downtime. It has a feature that records everything you do so that if a unit fails, you can swap it out and enter your details, and then it loads your configuration on a new device. PeerSpot Plus provides visibility that enables data-driven decisions. You can set it up to do that if you want it. 

They could always make pfSense slightly more user-friendly and modernize the interface a little. 

I have used pfSense since 2015, so it's been around nine years.

I've never seen pfSense crash.

It's at the scale that I need it, but you can certainly scale it up to the enterprise level if you want to have a better product. It depends on the hardware. 

I rate Netgate support 10 out of 10. I only contacted them once. It was very quick and efficient. I had a sensible solution within five minutes. I couldn't imagine having better support.

Positive

I used some Netgear hardware, but I don't remember the model because it was eight years ago. When I switched to pfSense, I stuck with it because it works reliably. 

Deploying pfSense was pretty easy. I'm an IT guy, so I did it myself. After deployment, you need to do some routine maintenance, like upgrading occasionally and checking your file logs. Apart from that, it does everything for you.

They have a free community version and a paid version. The free version works if you are a home user who needs a fixed cost, but that's not my use case. 

I rate Netgate pfSense 10 out of 10. I can't think of a way to make it better. Before deploying pfSense, prepare your area and your network. Understand your entire network and what you want to do before you start doing anything then follow the documentation. 

We use it as a firewall within our public cloud infrastructure. We use it in particular for IPSec, VPN, and Reverse Proxying HTTP Traffic. We have deployed multiple pfSenses and most of them are configured as HA/Failover.

We wanted to secure traffic between our main office and multiple public cloud data centers and providers. We also wanted to have access to our cloud components via VPN.

We have multiple websites that are proxied via HAProxy and secured via Let’s Encrypt TLS Certificates (generated via the ACME Plugin).

We deploy across multiple virtual data centers that are in different physical locations. Multiple teams have their own deployment. One HA / Failover cluster is the entry point to our websites so there are millions of HTTP requests per month. We also have around 20 to 30 users (Dev and Ops) who use the VPN feature. Behind the pfSense firewalls, there are around 100+ servers and no end users.

We replaced a Sophos UTM 9 Failover Cluster with a pfSense Failover Cluster and we can now make config and certificate changes without downtime. Also, the TLS certificates are rotated automatically.

The performance optimization documentation has improved our organization. The base setup is great but with higher bandwidth, it is really hard to find good documentation on how to tweak the setup to get the most out of your connection.

pfSense sort of gives us a single pane of glass management. We use the same product multiple times so we only need to know one product but it also does not offer a single management platform for all deployments. Whether this is good or bad depends on the point of view. On the one hand, we need to manage multiple setups, but on the other hand, we have a clear separation of concerns and risk zones (if the user account on one system is breached not all systems are affected).

It is hard to pinpoint a specific feature that is the most valuable. I think the big community is a major benefit. Most problems we encounter were already encountered and mostly solved by someone else. Most of the components are open-source tools, so the error messages have hits on Google which makes debugging easier.

pfSense has Plugins and is open source so everybody can add features or improve the product. For example, HAProxy, ACME Plugin, Prometheus-node-exporter, Nmap, etc. I see it as a relatively flexible product. If something is not working via the WebUI, SSH or WebKVM is always there.

Most of the time it is very straightforward to use a feature or plugin, the documentation is great and has examples that are very helpful. If something is a bit tricky, pfSense luckily has a big community. 

Performance Optimization Documentation could use improvement. The base setup is great but with higher bandwidth, it is really hard to find good documentation on how to tweak the setup to get the most out of your connection.

We have been using pfSense for eight years. 

pfSense is a very stable solution. In all the years I had around three instabilities.

Two people handle the maintenance of all pfSense Firewalls.

It can be used in small to big deployments. If the bandwidth hits more than 10GBs or 20GBs you need to optimize it to get good results. I would also not recommend it in very big ISP deployments with TBs of traffic.

I have never used the support for any technical issue. The community forums and Google always were enough.

Positive

In one of our virtual data centers, we had a Sophos UTM 9 as failover but it had some very annoying problems (Let’s Encrypt TLS Cert generation or WAF config reloads resulted in a two-minute downtime).

The old installation was straightforward, but the new installer has some bugs and does not really work.

We implemented it ourselves. 

Previous deployments were done by a System Engineer and the current deployments are done by me (DevOps Engineer) and a System Engineer. It was a one-person job.

We have better uptimes and lower support costs in comparison to the Sophos firewall and we are also saving on licensing fees.

The licensing seems fair. We owned the TAC Lite License for some time. The problem was, that the license is bound to a device ID which does not really work well with VMs where this ID changes sometimes.

We use pfSense Community Edition as our firewall within our public cloud so we only pay for the VM and the traffic.

I would rate it an eight out of ten. It is very good but has some fields in which it can improve.

You need to have an interest in the topic and also (like any security product) it needs regular attention. But it is a reliable firewall and the combination of BSD and ZFS makes it pretty solid.

We use it for home solutions and 200+ enterprises. We use it to address routing issues (NATing issues through VPNs).

Our environment consists of many enterprises with many subnets.

pfSense makes everything easier compared to Cisco or Fortinet.

Policy-based firewall rules are the most valuable feature because every other brand it is 200% more complicated to accomplish the same operation.

The flexibility is easy. We can implant in small businesses for less than 500 CAD and in 5k users enterprises. The only part that needs to be improved is the hardware, everything else is out of the box.

I would rate the ease of adding features a ten out of ten. With telecom knowledge, the product is crystal clear easy.

Evaluation and contracting could be improved. 

I have been using pfSense since 2016.

The scalability is good, they should offer filtration or a next-gen firewall.

From my experience, their support is very quick. 

Positive

I haven't evaluated any solutions since 2016. With pfSense you get the bang for your buck. pfSense routing, VPN, policy rules, NAT forwarding, everything is better.

The initial setup is straightforward. It was easy. We have 16 years of experience. I did the deployment, it only required one person. 

It is cheaper than other options. 

I would rate it a 9.5 out of 10. My advice would be to take the time to do an online course if you find using the solution a bit hard. It is worth it.