pfSense Review

It allows for both v1 and v2 IPSec configurations to secure your connections


What is our primary use case?

We use this at all of our locations as our edge device, IPSec site-to-site VPN functionality between our offices and our AWS EC2. No matter what is thrown at this, the system handles it like a champ. We have both dedicated hardware and virtualized versions running in our infrastructure. So far we haven't found a reason why we need to spend thousands for an appliance like Cisco ASA when this handles all of our needs.

How has it helped my organization?

We're a small business growing rapidly. We recently overhauled the IT infrastructure, and after looking at a number of other competitors, pfSense has been a lifesaver, allowing us to scale up and provide compliance without the need to purchase additional licenses to offer services to our employees.

What is most valuable?

There are so many packages you can install which extends pfSense's capabilities including consuming from lists such as FireHOL, Pi-Hole, etc. Here are a few packages we use:

  • IPSec: pfSense allows for both v1 and v2 IPSec configurations to secure your connections.
  • IPS: You can use Snort or Suricata along with Snort packages, even subscribe to commercial packages if you wish. This alone starts making pfSense on par with Cisco.
  • Proxy/content filtering: You can install Squid and SquidGuard to act as a proxy and content filter. Yes, it does filter HTTPS, and there's a number of ways you can do it out of the box.

pfSense also reformatted their logs so that they're compliant and standardized. We have our logs shipped to our SIEM and Logstash servers.

What needs improvement?

While I agree spam filtering is not included or an option with the system, I don't necessarily hold that against the product as there are a number of other services that do it far better than a firewall could. If you use Office 365, Microsoft's implementations are likely to be far superior to what you'll get from a firewall. However, with that said, the one item I wish it included, even if it was a subscription-based service, is the inclusion of an AV and/or threat intelligence. This would elevate the solution well above other alternatives. 

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

We have not encountered any stability issues and have upgraded to each version over the years. They've really made a rock solid solution.

What do I think about the scalability of the solution?

Extremely high. We tested it on VMs running different configurations from extremely lightweight to overkill. It will run on anything and maintain it's high performance. Obviously the more you give it, the more amazing the solution becomes. 

How is customer service and technical support?

I had one question, and they got back to me extremely quick. Not only are they knowledgeable about their product, but they're kind and courteous.

Which solutions did we use previously?

Old and outdated infrastructure procured before I joined the company.

How was the initial setup?

Not only was it straightforward, but if you know nothing about firewalls, you can install this. Especially since they recently made their entire guidebook free to use. Not to mention the countless blogs and how to's. Low to intermediate level IT pros should be able to handle this baby.

What about the implementation team?

In-house.

What was our ROI?

From day one you get a 100% ROI. If all you have is an older server you recently decommissioned, with multiple NICs, I strongly recommend installing this software on it and giving it a shot. Doing that alone will beat out any competitor hands down.

What's my experience with pricing, setup cost, and licensing?

For the cost and what's included, you can't beat it, no way no how. If you're worried about enterprise solutions, the only thing you need to do then is to purchase a support contract, and you have an enterprise solution. You can even purchase hardware from the vendor if you choose.

Which other solutions did I evaluate?

Cisco, WatchGuard, Sophos, Fortinet, Untangle, Juniper.

What other advice do I have?

I strongly recommend giving pfSense a hard look. I've been in IT for 20+ years, and I've run the gambit on other firewalls. pfSense definitely can hold it's own against any of them. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
2 Comments
Sabyasachi SenReal UserTOP 10

Apart from employees we have 10,000 students on campus. It’s really costs a fortune to buy edge security devices. I’m always in favour of Pfsense or onesense but web filtering is a must so as app filtering . Can Pfsense handle ? If yes please enhance my knowledge

22 November 18
IT Manager & Sr. Application Programmer with 11-50 employeesReal UserTOP 5

Yes you can use Squid and SquidGuard to act as your web/content filter. We have it running and are able to filter out HTTP and HTTPS. As far as App Filtering, you can setup Snort to filter out applications. See Netgate's blog for more information: https://www.netgate.com/blog/application-detection-on-pfsense-software.html

11 December 18
Guest

Sign Up with Email