pfSense Review

Kernel support for laptop features need to be updated, but it offers true processor power at low energy cost.


What is most valuable?

  • Battery backup
  • True processor power at low energy cost
  • Expansion possibilities
  • Low noise emission

How has it helped my organization?

We like it mostly for being able to use BSD compiled software inside it. It is flexible, fast, powerful and full of features, such as an easy proxy filter, and clustering along with an easy and well developed web based interface.

What needs improvement?

Kernel support for laptop features, USB/Firewire ethernet cards, and specially built in WLAN cards. If the WLAN functions work properly, pfSense makes a perfect "repeater" or controlled and robust accessed point with built in QoS and firewall. Wider support for 3G and 4G USB cards as backup networks would be nice too. It was impossible to get some USB stuff to work.

For how long have I used the solution?

We've used it for two years, with an HP Elitebooks 8350 for battery backup.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

I got terrible kernel crashes on HP laptops while trying to setup WLAN, but it worked better on Fujitsu ones.

What do I think about the scalability of the solution?

It has worked as expected so far.

How are customer service and technical support?

Customer Service:

I have never needed it.

Technical Support:

I have never used it.

Which solution did I use previously and why did I switch?

We have mostly used Cisco products. Their products feels like we are back in the stoneage when compared to pfSense. We switched as we needed more power (as traffic, bandwidth and user accounts grew). pfSense was one good clear substitute, and Cisco is too expensive if you want real throughput power, and it was too hard to administrate when we compared it with pfSense. also, anyone can learn pfSense pretty fast because of the intuitive web interface), and there is never trouble with invalid licenses. The features like IPS (snort/suricata) are well developed and can be used for free or at a small cost for extra security. The most valuable of all though, is that we could recycle old hardware to make our perfect firewalls, reducing the hardware cost.

How was the initial setup?

It was easy.

What about the implementation team?

We implemented these ourselves.

What's my experience with pricing, setup cost, and licensing?

It's hard to say. The setup goes pretty fast and, once you know the hardware to be used, it will work, so there was no significant amount of time there. The laptops used in this project were already recycled and had enough power for us to make a cluster and be happy with them, so it pretty much only cost us the price of some 3G modems and some USB network interfaces. Maybe not more than 200 Euros per machine.

Which other solutions did I evaluate?

We evaluated IPCop and m0n0wall. We took a vote on our team and pfSense won the deal.

What other advice do I have?

If you are unsure, do a labtest before you implement it. If you are still stuck on the traditional "stoneage" products, you may get amazing results.


Disclosure: I am a real user, and this review is based on my own experience and opinions.

Add a Comment
Guest
2 Comments

author avatar
Consultant

In my initial trials of PfSense, i have found it to be a very versatile efficient and reliable firewall that is a swiss knife in its own class and competing in an ever evolving and strong security market.

author avatar
Consultant

Long time pfSense user here... to counter on your comment about Laptop support, it's not meant to be ran on Laptops, hence the lack of features you were looking for concerning the laptops you had it installed on. Throw it on a NUC, Server, Atom, a Desktop or even a VM and it's going to be perfect. Pushing two servers at work with dual - dual 10G Chelsio cards. (2 10G ports for WAN and 2 10G ports for LAN in LACP each).