pfSense Review

Feature-rich, well documented, and there is good support available online

What is our primary use case?

We are solution providers and this is one of the products that we deploy for our customers. This is not a product that we use ourselves.

How has it helped my organization?

pfSense prevents unwanted access. If you configured things properly then you'll be protected to some level. There is still a need for products like a SIEM, but the UTMs like pfSense or Sophos, prevent most of the problems.

What is most valuable?

The classic features such as content inspection, content protection, and the application-level firewall, are the most important.

This is a feature-rich product.

The documentation is good.

What needs improvement?

Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually. It would be more user-friendly if things were set automatically. 

The drop in performance can be drastic when you use more advanced techniques. There is some trade-off between having a certain level of security and maintaining acceptable performance.

One of the things that are usually outside of the UTM, or system on the gateway, is the SIEM. It is an advanced system for managing the possibility of threats. It is not normally part of such devices but it would be nice if the pfSense interface were integrated with it.

For how long have I used the solution?

We have more than a year of experience with pfSense.

What do I think about the stability of the solution?

The stability of pfSense is standard. It is rated as one of the good solutions in this area.

What do I think about the scalability of the solution?

This product is scalable to some point, although we have never used it for large companies. We use it for small to medium-sized organizations. For big companies, we more often implement Palo Alto.

In our company, we have a data center and some of our clients are hooked to it. This is something that we have on-premises for our customers.

We have plans to increase our usage with pfSense because we have had good feedback from our customers. In fact, with the good experience we have had, our sales have been slightly increasing. Our sales are shifting from Sophos to pfSense.

How are customer service and technical support?

The technical support is organized well. We do most of the technical support for our customers in-house but there is a second level of outside support available. It is okay. 

Which solution did I use previously and why did I switch?

We currently resell products from both pfSense and Sophos. In some areas, pfSense is better than Sophos. I have been a bit disappointed with Sophos because I know their history, and I don't think that they have advanced as well as they should have in that time. Also, they have two different products, being XG and UTM. This is another reason that I prefer pfSense, at least a little bit, over Sophos.

In the past, we were the developers of a product called Network Defender, but it has reached end-of-life. We were pioneers in the area and were one of the first who was making UTMs. The name "UTM" didn't exist at that point. We were partners with Cobalt, who was the first appliance creator. Their appliances include web servers and email servers. When Cobalt was bought by Sun, we made our first Network Defender line. That became the first appliance, which had firewall content inspection, content protection, intrusion prevention, intrusion detection, antivirus, and email and web servers at that time, all in one box.

From that point on, we had our line, which was distributed all over the Middle East, Asia, and some parts of Europe. We then worked with Palo Alto, we were a Cisco partner the entire time, and we worked with both Sophos and pfSense.

In our organization, with have Cisco ASA for certain things, and we have a firewall by Palo Alto.

How was the initial setup?

The initial setup is complex. If you have a straightforward setup then you will have straightforward, basic protection and nothing else.

It takes a few months to adjust where you start by setting it up, and then you have to monitor it and see what's happening. It's ongoing work because, after this, you have to keep monitoring and adjusting to the situation. This is part of the service that we perform for our customers.

What about the implementation team?

We are the integrators for our customers and deploy with our in-house team. We have people in the company who are specialized in this area.

What was our ROI?

The return on investment depends on the predicted cost of failures of the system, or intrusion of the system, which is hard to give a straight answer on. In part, this is because different companies put a different value on their data.

For example, with medicine, if somebody were to steal the data related to the latest CORONA vaccine then the cost would be tremendous. On the other hand, if there is a company that is making chairs, stealing the design of the chair probably wouldn't be as high when compared to an application in medicine. So, there is not a straight answer for that.

Return on investment, in any case, I think for every company, this is a must. Put in a straightforward way, they can count just the possibilities of having an attack on their system with a cryptovirus. If they can save their data from attackers then it would save them at least two days of not working plus the cost of recovery, which would be much more than the cost of the system and maintenance.

What's my experience with pricing, setup cost, and licensing?

The price of the licensing depends on the size of the deployment. pfSense is open-source, but the support is something that the customer pays for. We charge them for the first line of support and if they want, they can purchase the second line of support. Typically, they take the first-line option.

The term of licensing also depends on the contract. The firewall doesn't always have a contract but rather, there is a contract in place for the network, which includes UTM.

In addition to the licensing fees, there are costs for hardware, installation, and maintenance. We use HPE servers, and the cost depends on how large the installation is. The price of setup is approximately €500 to €800, which also includes the initial monitoring.

The maintenance cost isn't really included in the network fees.

For smaller companies, we charge them a few hours a month for monitoring. It takes longer if the client is bigger.

What other advice do I have?

It is important to remember that you can't just leave the device to do everything. You still have to know what you're doing.

I recommend the product. It's well-balanced and one with a long history, so it doesn't have child's diseases. There is a lot of online support available online, which they can consult themselves. But, in the case that they need support, they can hire a professional support line and that is highly recommended.

I say this because usually, people look at the UTM as something that should be put in the system, set up, and left alone. But, this is not the case with this type of solution. Therefore, I strongly suggest making an outside agreement with a specialized company that will take care of their security from that point on.

The biggest lesson that I have learned from using this kind of product is that you can't assume that the internet is a big place and nobody will find you. There is always a good possibility that robots will search your system for holes, and they are probably doing so this instant. This means that users should be aware and have decent protection.

In summary, this is a good product but there is always room for improvement.

I would rate this solution a nine out of ten.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More pfSense reviews from users
...who work at a Comms Service Provider
...who compared it with Sophos XG
Learn what your peers think about pfSense. Get advice and tips from experienced pros sharing their opinions. Updated: February 2021.
465,891 professionals have used our research since 2012.
Add a Comment