What is our primary use case?
I mostly use basic firewall services like blocking unwanted traffic and I use the geolocation tools to predict where potential attacks could come from. That's the main purpose, to protect our business network using pfSense.
Within our organization, with a single installation, about 500 users are covered.
What is most valuable?
The flexibility of adding new kinds of services without spending any money can't be beaten. We can compare services like IP blocking, blacklisting and DNS blocking, content filtering, and even deep packet inspection with other larger enterprise firewalls.
What needs improvement?
The interface is not very shiny and attractive. Most of the people that use pfSense are highly skilled, so they don't even bother to go the extra mile when it comes to configuration or any protection mechanisms. With other firewalls, with just one click or with the assistance of a wizard, the service is already configured. With pfSense, you have to have some time to do your own research regarding how to fine-tune it. If that could be improved, then life would be much easier. This would help any entry-level users to adapt to the platform.
Netgate, the mother organization that manages the pfSense platform, should offer organized security feeds for its users so that they can avoid configuring multiple types of feeds in multiple locations. That could generate extra revenue for the company, too.
For how long have I used the solution?
We have been using pfSense for five years.
What do I think about the stability of the solution?
That's the fun part. It's completely reliable in terms of resources that it needs to run. In terms of stability, once it's configured and properly tuned, it will do its job. Still, with firewalls these days, you can't simply configure and forget — it's not like that. You have to look into it every day or every once in a while and if any new traits or new protection mechanisms need to be built, upgraded, or re-tuned, you have to do that. Otherwise, the platform is rock solid. It doesn't fail.
What do I think about the scalability of the solution?
The expandability and the high availability configuration of the system are good.
How are customer service and technical support?
With pfSense, we've never had to send an email to a Netgate official support organization. We follow the forum discussion — the community. We'd ask an expert in the community. That's how we deal with any issues.
Which solution did I use previously and why did I switch?
One of our clients wants to switch from FortiGate to another comparable solution because FortiGate is not stable when it comes to pricing. Over the past three years, they've increased their pricing to almost double. For this reason, our client wants to explore some other options which will be more predictable in terms of costs.
How was the initial setup?
It's definitely complex compared to other firewalls because you have to configure everything, read a lot of documents, and following a lot of formulas and templates. Everyone has to develop their own recipes to work with. There is no proper way forward.
What's my experience with pricing, setup cost, and licensing?
That is another fun part of this solution. There is no license. You don't have to pay anything. It's completely free. The one thing that you can buy is a security feed like an IP feed or a DNS feed. This kind of thing can be easily bought, but if you have the passion and expertise, you can arrange all of these types of feeds for free. It may be slightly different between how frequently those feeds are updated compared to the paid version. Sometimes, it lags behind for 24 hours or 12 hours, but it works.
What other advice do I have?
We are really happy with the system performance, overall, but it depends. For example, right now we have a client who is trying to switch from FortiGate to another solution that is less costly. We recommended and talked with them about pfSense, but despite it being a cheaper and really rock-solid solution with good performance, they were not comfortable using open source. We also offered them Sophos, SonicWall, and Palo Alto — they finally chose SonicWall. I don't know why. It completely depends on the client.
I would absolutely recommend this solution to others. This is definitely one of the most powerful firewalls for peace of mind. The fact is, as long as you are aware of the challenges that you have to face when implementing and managing the firewall, day-to-day, then this could be the best option for you.
Overall, on a scale from one to ten, I would give this solution a rating of nine.
Which deployment model are you using for this solution?