- The VPN and the firewall. They are reliable and easy to manage.
- The VPN is valuable for setting up secure remote connections to our network.
- pfSense has the OpenVPN package which is a well-supported VPN software.
- The "OpenVPN Client Export" package is really helpful in exporting the VPN client software on most popular devices: iOS/Android, Windows, Mac, Linux, and a handful of SIP handsets.
Improvements to My Organization
It has improved our security. Users can work offsite and connect to the VPN.
Room for Improvement
Network monitoring and device inventory could use some improvements. I'm using SpiceWorks for this because it never really worked in pfSense.
Network monitoring is a big topic and I realize there is plenty of software out there like SpiceWorks, NTOPNG, PDQ, Zabbix, and Nagios.
I can easily log into pfSense and check "Status > Gateways" to see if the internet connection is online. However, I don't usually know if there's a problem until it's been down for a while and someone tells me about it. I realize this is a tricky problem, because if the pfSense internet goes down, how is it supposed to send out an email that relies on the internet connection?
I guess the only way that would make sense, is if an external monitor was set up in the cloud or something that could check the status of pfSense at given intervals.
As far as clients being up/down is concerned, I can use some alternative software and maybe there's a package in pfSense that I can use for it.
Another idea for pfSense device inventor: What if pfSense collected a list of newly connected clients? For security, it's important to know about all the clients connected to the network. A simple list of new clients that connect would be nice to have.
The alternative would be to lock pfSense down to only make address reservations, but that just creates more work for the Network Admin.
Use of Solution
We have been using the solution for more than four years.
It seems to run stable, as long as the hardware is good. I tried running pfSense on a USB flash drive. After a month, I was having to re-install/re-configure pfSense on a new flash drive. I did that for a couple of months and collected a bunch of broken flash drives.
Even though their online documents claim that pfSense can run on flash drives, it really just breaks the flash drive after a month or less.
I have noticed that pfSense boots up really slowly as more users are connected to it. Occasionally, you have to re-install or delete broken packages that freeze up the system. However, the core pfSense software runs great.
Customer Service and Technical Support
I have never used pfSense technical support so I can't rate them. I used Google and figured everything out on my own. I do my own support.
We did not use a previous solution. I recommend pfSense because it's free, open source software.
The setup of pfSense was very straightforward for the most part. Usually, when something isn't working, it's because the "Apply" button wasn't clicked.
Pricing, Setup Cost and Licensing
Spend at least $300 or more on a good pfSense box. Use a hard drive, and not a USB flash drive for pfSense storage.
Other Solutions Considered
We looked at some other solutions, but pricing and licensing was the problem. I looked at Palo Alto and SonicWall.
The learning curve is steep, but once you get the basics down, it's very robust and easy to use. There are plenty of resources online about setting it up.
Disclosure: I am a real user, and this review is based on my own experience and opinions.