pfSense Review

Easy to manage: A mid-level employee conversant with firewalls can take care of it

What is our primary use case?

It's our primary firewall and routing solution. It has performed in an outstanding fashion.

Our company has been utilizing pfSense for almost a decade as the primary firewall solution for two data center locations and two commercial offices, each with approximately 300 end users. The system is running on top of a BSD/OS and is extremely stable. There are close to 70 additional packages which can be added such as Snort, Squid, and Suricata to name a few. When two chassis are paired together in an HA (High Availability) configuration utilizing CARP (Common Address Resolution Protocol), the system uptime is perfect. In addition to firewall duty, we utilize it for all our routing as well. 

How has it helped my organization?

The web management interface is ridiculously easy to utilize, even for the junior engineers on staff. Given the ease of use, this solution has minimized staff and training costs considerably. The ability to integrate packages, such as OpenRADIUS, Snort, and Squidguard has minimized server sprawl. The capability to run as a VM on a hypervisor, such as ESXi, makes this solution easy to implement and manage.

What is most valuable?

The most valuable feature: It is easy to manage. I don't have to have highly trained engineers. A mid-level employee who is conversant with firewalls can take care of managing it. It's the 90 percent/10 percent equation. They can perform 90 percent of the required tasks with 10 percent of the knowledge.

The IPsec and VPN services, as well as the interoperability with other solutions such as Cisco, Juniper, and Palo Alto have been invaluable.

What needs improvement?

They need to take care of a few issues with the GUI. Occasionally, they don't update the configurations properly. I would also like them to firm up the VPN aspect of the software a bit and provide better monitoring software.

When a carrier that supports a VPN or IPsec tunnel bounces, the recovery time can take a few minutes. Reducing that time would be greatly appreciated in future releases.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It's very stable. It's based on BSD, which is a very stable operating system.

What do I think about the scalability of the solution?

It scales very well. We handle several thousand end users with only a few boxes.

How is customer service and technical support?

They have a good support channel through the commercial side, Netgate. Their third-level engineers are very sophisticated, and they're very responsive to both phone and email support requests.

Which solutions did we use previously?

It's not that we thought that we needed to invest in a new solution. You reach a certain point where you have to go out and review what you have in place and see if it still is the best solution available for the amount of money being spent. We're much larger than we used to be, and we needed to make sure that this is still the best solution for us.

The most criteria for me when selecting a vendor are 

  • Responsiveness
  • Expense
  • Performance of the product.

How was the initial setup?

It was very straightforward and was implemented within a few hours. That's why we've been using it for the last eight years.

What's my experience with pricing, setup cost, and licensing?

In comparison to a lot of other solutions, it's very inexpensive. It is a great solution that is economical. It scales so the cost per protected MB is almost free.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email