Netgate pfSense Reviews

We're using pfSense as a firewall and for web filtering.

The firewall sensor is highly effective, and it's easy to deploy. You can deploy pfSense with limited hardware resources. It's not necessary to have an appliance with much RAM to make it work. It's cost-effective and performs well.

The solution could be more user-friendly, and the graphical interface needs some work so that someone without an IT background can use the application. I would like the ability to manage the on-premise appliance from the cloud. When I'm not in the office, it would be great to connect to the pfSense server and administer the network remotely.

I've used pfSense for two and a half years.

pfSense is stable. 

You can scale up pfSense with multiple clusters for higher availability. It has that capability. It gives you that flexibility to set up a hybrid with part of the deployment in the cloud and a mural copy or to grow your network. 

At my previous company, we used a Cisco firewall and a router, but they kept having issues with the firewall and the device.  When I joined this company,  we introduced pfSense and haven't had any issues since. 

Setting up pfSense is easy, but it depends on your experience level. The average person with an IT background who is grounded in ICT can do install and configure pfSense in 15 to 30 minutes. 

PfSense is an open-source product, but you need to buy a license to get some features. 

I rate pfSense eight out of 10. It's an open-source solution that you can deploy on data warehouses with various resources. You're not tied to specific hardware. It's easier to manage and use.

Before deploying, you should find out the details about the environment where you will install pfSense. I would recommend pfSense for an enterprise environment with around 1,000 to 2,500 users.

On-premises

We have one Head Office and two main offices and other small branches. We want to secure our network from external and internal threats and block all unnecessary ports. We want to create a WAN with firewalls installed at all other offices and branches to connect to Head Office directly.

Overall, our experience with pfSense has been good. We're satisfied with what we're doing, but we have to move forward. It's covering what we require now, but maybe we might need something else in the future. For example, we are implementing ISO 2701, and the regulators could demand something else for compliance if they conduct an audit. And if we're following the policies required by ISO 2701 best practices, then perhaps we need to implement new hardware too because we can't do everything with our existing hardware infrastructure. 

For instance, say I want to block USB access, but I don't have the software. Currently, we use our antivirus software, which is a proper endpoint management tool. We can use it to modify the Windows registry and block everything, I can do whatever I want with the PC on the endpoints. We need to have that, but not everything works without the hardware infrastructure. 

The GUI is easy to understand. 

We had one issue with hardware support. The department head who was managing the solution became the director of the company, but he still has administrator access. And usually, whenever a WAN goes down, we always have a backup, but the hardware doesn't support more than one WAN. And then, if he wants to switch, he doesn't know how to reconfigure it. So we have to wait for the ISP to resume their services, which is not professional.

Also, the GUI is helpful, but it's not user-friendly. It's complicated. It should be more intuitive for the average user and have an excellent graphical view. Of course, the user will typically know about network administration, but it still should be easy to understand. A user should be able to find the feature they're looking for easily, but pfSense isn't so good in that sense.

We're using a flavor of pfSense. It's called XNET. It's a flavor of the pfSense main pfSense build because it's open-source, but it's basically similar to the pfSense build, and we've been using it since 2008.

Not very stable.

Scalable but only if one has expertise of open source configuration of software such as pfsense.

Customer support for any open source product is mostly based on the individuals who have expert knowledge while otherwise we have to resort to other internet sources.

I've used TMG by Microsoft, and it's much easier to manage domains and websites. For example, pfSense has IP-based blocking, but websites like YouTube and Facebook keep using different IPs. TMG blocks the actual domain name. That is one downside to pfSense I've noticed as a basic user.

It was complex and done by the vendor.

We implemented it through a vendor who had build upon the pfsense open source to create a package titled Xnet firewall.

We only paid for the hardware and savings were quite high.

This is a good option. If a vendor is trying to sell Fortinet and Sangfor, but the customer's requirements are basic, they'll have a hard time convincing someone who believes in free, open-source software that pfSense is not suitable for them. The only cost is the hardware. But pfSense doesn't have after-sales support or some of the other features you might find in a commercial solution. 

I've heard that Fortinet is slightly more expensive than Sangfor. Then again, if Sangfor comes into the picture, maybe you would consider Sangfor.

I rate pfSense six out of 10. We want a product that has at least two WANs as well as fault tolerance or load balancing features, which pfSense also has, but we don't have the hardware or support. That's why we need to switch. However, if cost is a big issue, then I recommend pfSense for customers who can't afford a paid hardware and software solution. That was our issue because we're a government company, so our assets belong to the government. We have to think about where we want to spend money because it's the taxpayers' money. If your management doesn't understand the need to invest in IT, then you can consider this alternative.

On-premises

We have a client who's got a number of VMs on a single piece of hardware. They needed to have access over a VPN to those VMs from inside their network. We use pfSense to provide the VPN link using the IPsec.

In others, let's say smaller organizations, we will put a Mini ITX system that then connects into their broadband - typically sort of fiber or something like that - and just gives protection. 

The solution also allows us then to manage port forwarding and things like that.

The firewall aspect of the solution is very valuable to us. We had so many limitations with the Dre tech, however, it's the firewall and the port forwarding that is the most interesting due to the fact it allows us to restrict IP addresses and move things from different ports and things like that.

I'm the expert when it comes to Linux systems, however, with the pfSense, due to the web interface, the rest of the staff can actually make changes to it as required without me worrying about whether they've opened up ports incorrectly or not. The ease of use for non-expert staff is very good. 

The solution is easy to use in general, for everyone.

The product is very powerful.

It's the type of device that does one thing well. There isn't much I would want to change.

We are at the moment looking to use it as a proxy service so that we can limit what websites people go and view and that sort of thing. That's an area I've struggled with a little bit at the moment and it could be a bit easier to set up.

The only other thing I might look at would be some sort of antivirus type of aspect to check traffic coming in and out of the network. If they offered unified threat management, that would be an ideal outcome for us.

I have been looking at it as a sort of an appliance, rather than installing it on an actual PC. However, that's for future research first.

pfSense is only a small part of what we do. The majority of our systems are full-blown Linux systems and we use that firewall as a system. It's only recently we've started switching some clients to pfSense where we think we need to have slightly different things. Maybe they haven't got a server and this is just replacing their sort of existing TP-link or router, et cetera.

I've had no issues with stability whatsoever. I'm quite happy letting it run for days, months, weeks, et cetera. We have no requirements to actively manage it. In terms of performance, we just need to go in and make changes as required by the customer. Other than that, it's set and forget. There are no bugs and glitches to navigate. It doesn't crash or freeze.

It's not been extensively used at the moment as we've already got a Linux server in place. If we can justify it for the customer, we tend to use that. That said, we are looking to increase usage of that as it would say it takes some of the work away from me and allows me to farm that out to the staff.

We've never had to use technical support. Therefore, I can't speak to their level of knowledge or how helpful they are. We've always just been able to find the answers we need without their help, and therefore have never really had to use them.

We're still using Linux servers that are running IP tables, et cetera. Prior to that, we were using, something called IPCop. Before that, I can't remember what it was. We've always used sort of Linux old BSD-based solutions for our firewalls. That's just what we've always done.

The initial setup is not overly complex or difficult. It is very straightforward. We connect and we just have got a couple of standard procedures to setup once it's complete. We could probably get one up and running between half an hour to an hour. The deployment is fast and the whole process is pretty seamless at this point.

We did not use any integrator or anything like that. We're offering our client's the installation process as part of our services. I find it very, very straightforward, however, that's due to my previous experience with Linux setups. 

We use the open-source version, which is free to use. 

I say we've always used the community edition as I've never felt a need for support or anything like that and our clients have never insisted on it. I know where to go to look for answers if we run into problems, so paying for that extra support isn't something we need to worry about. 

We are just end-users and customers.

I cannot speak to the exact version we are using. Ours may be slightly out of date. We may not be using the absolute latest version. Version 2.51 is available soon and we'll likely upgrade to that.

It's good for where people have outgrown their existing broadband routers, such as the TP-link, the Dre Tech, and that sort of thing. Often, it doesn't justify putting in a full system. We tend to use a Mini ITX PC, multiple LAN network cards, and then install the opensource version and configure it appropriately.

You need to be slightly more tactical than just plugging in a Dre tech or similar Nokia device. I don't think you need to be incredibly technical to set this up. 

I like it, I'd recommend it to most people to at least give it a try, and to spend a few hours initially to work their way around it.

I'll definitely give it at least a nine out of ten for its general ease of use for me and my staff. It does pretty much everything that we ask of it and the required resources for the hardware are minimal as well.

On-premises

pfSense is a nice product, and I find that there's a lot of information out there. There are some good tutorials on YouTube and other websites with helpful information.

pfSense could improve by having a sandboxing feature that I have seen in SonicWall. However, maybe it is available I am not aware of it.

I have been using pfSense for approximately three years.

I have used the SonicWall solution. 

Sometimes firewalls can get a little complicated. I think some of the things about the setup could be a little bit clearer. Maybe something like a configuration wizard or something that would guide you on more in-depth projects.

I'm running pfSense on old hardware, it takes all of 10 minutes to install.

I did the implementation of the solution, it is not difficult.

I like pfSense and I have deployed a number of them. I have approximately four of them in the area that I'm using. I have replaced SonicWall with a pfSense unit. It's a more economical way of using a firewall, and the protection it provides is second to none.

Lonnie Buchmann:
I would say give it a serious look. And especially a lot of times when you're in a small business, this is a really good solution that doesn't kill you with all the technology overhead that you deal with nowadays.

I rate pfSense a ten out of ten.

On-premises

I had an appliance that died six months ago. Then I didn't want that hardware anymore, so I bought two new servers. A single power supply but dual on a network with three times four network cards. On that, I installed the pfSense (Community Edition).

From inside to outside, I have about 15 to 20 node servers and users going outside. From outside to inside, I have only three tech support people, myself and two other ones. With regard to clients using the platform from outside to inside, on the servers inside, I have about 1000.

I had some outages in the network and we provide services for our company. We sell mobile credits. The terminal gets access to our own server inside the network and if one internet fails, then the other one is still up and we have a back-up link on the devices. 

If the devices cannot send the first IP address, they make use of the second IP address, which is the back-up link to access the servers. In terms of outages, ever since I used pfSense, I have that feature. 

In terms of experiencing delays, the server has the primary IP and the secondary IP configured on the client terminals. The total solution works.

I'm still experimenting with some new features. I want to do a high availability configuration. I haven't done that yet, but I'm using OpenVPN, it's very handy. 

Some suggestions for improvement of pfSense are:

• Adjustment in the interfaces: I had to adjust those interfaces manually and of course that is a great feature that you can restore it but it is immediately also one point for improvement. If you don't have to adjust, if it's just stamped and it works, that's great.
• With regard to the Community Edition, when I installed it, we use Proxmox as an equivalent of PMWorks and I installed the Community Edition in Proxmox. That was very difficult to get to work at first. A lot of tweaking. That is very, very not easy.
• When I'm inside of my network and I go to a URL, the URL points to a server inside my network. It doesn't hang, but I don't get a response. It just stays blank. 
• I can imagine that inside my network, I am going outside, and it points to the public address, so I can reach it. With eSoft, without any adjustment, it worked, and I was able to do that. I went to search pfSense for an option, and I had some documents open to read about how it is done, but it isn't clear enough. It's not that easy. I would appreciate it if I could get easy help on that.

One to three years.

pfSense is very stable. My own disappointment is the appliance only worked for a year and two months. It might be just bad luck, but that was very disappointing.

I had to use pfSense Community Edition on a general desktop. That was done within three hours. It took me three hours just to get the hardware, download the software, and then set it up to get everything working again. 

After that, I ordered the new server with two servers: one has to be active and the other standby. I am going to try higher scalability on it using pfSense. 

The configuration is already on the servers. I did all this myself because of my experience. The utilization of the CPU, etc., it's very low. 

I like pfSense. It doesn't take too many resources and it's very stable.

I did not utilize pfSense customer support. You have documentation, there is enough documentation online to get you through. I haven't actually used tech support. When I bought the appliance, I was entitled to one year of tech support. I never used it, it wasn't needed. 

I previously evaluated eSoft by Untangle. Untangle is an open source company but you have to buy custom add-on's to get it to work. I bought eSoft and it's very good.

I am also the CEO of my company. This technical part, it's not my profession, but I get less and less time to invest, and more time playing around with this stuff. 

When we were growing, a small company, eSoft was small, so I needed a bigger one. I had to reset eSoft every week because of the growing traffic over it. I wanted a bigger one and it was not available. 

What I wanted to do was not possible with Untangle. Untangle was basic stuff. I bought the pfSense appliance and it's open source, but I support the project. 

I bought it and I got disappointed because I again wanted a bigger one. My first choice would be Cisco because of my background but Cisco is expensive.

eSoft was good. Before switching from eSoft to pfSense, Cisco at that time was not an option. 

Every software in our company, every desktop, every server, is open source. If it isn't CentOS then it's Red Hat or Ubuntu. 

Open source was preferred and pfSense was number one on the list.

Ever since the first time I used it, it's very straightforward, it's very easy.

My strategy was to get it connected to the internet first, then apply some rules for forwarding and VPN. 

The first one was very easy to set setup. VPN was not that straightforward but there is enough documentation to get you through it and that helped. 

In terms of time, the Community Edition took very long to install but once installed, to configure, it took around 15 to 20 minutes.

I did the setup all by myself. There is documentation online and that is sufficient. It's good enough, very good support in the documents.

If you haven't invested a lot of money, you will definitely see the return on investment with pfSense because you hardly spend anything, except for the hardware. 

With the appliances, pfSense should look into longevity issues. Your hardware should take, like Cisco's and others, years before they break. In terms of other retailer equipment, it's a safe bet towards pfSense.

That's why I purchased it but I have to look into the high availability. There is documentation of people that I know that are going to get it to work. I'm going to test it because that is our business that we are talking about also.

It should work because of the resale mobile credit for our customers. Another thing I will definitely try is the virtual IP because the virtual IP feature can bridge the two interfaces. The SSL certification is from Google. 

That was it for me, I'm 100% happy.

I prefer appliance licensing with pfSense (Community Edition). 

1. It's free. 
2. It's very stable. 
3. It's only on the hardware, it can be very fast.

Choose the appliances because it is nice to have the hardware cut out for it, i.e. the right hardware for the right software. 

I used to be a Cisco network expert. I used to train people and I've done some Cisco projects myself. I know Cisco by heart but I was less excited about Microsoft, so I went researching for open source solutions and I came across pfSense.

I was able to compare pfSense with Cisco. I used it for a client of mine as well, and it was interesting. After that, I started my own company and I came across pfSense again. 

I looked into pfSense. You have OPNsense from the Dutch and then you have pfSense. I've tried both and I like pfSense more.

I definitely plan to increase using pfSense. I am going for a higher capacity. If power fails or one server dies, or one gateway dies, the other servers will take over seamlessly. That's the ultimate for us.

I would definitely rate pfSense an eight and a half out of ten. Definitely eight and a half, not lower, could be a bit higher. Because it's stable, it's good. If the small issues I've mentioned are worked on then I would go to a 10.

We use it for the backup line for the internet. When the internet is disconnected, we transfer to pfSense.

We only use it for the backup internet connection. It is effective. We have not had any problems.

We have not had any problems with it, and we also do not have a need for any new features. If anything, its reporting can be better. Sophos has better reporting than pfSense. Sophos has more detailed information. pfSense is not as detailed. It is summarized.

I have been using pfSense for six months.

It is stable. I would rate it an eight out of ten for stability.

It is scalable. I would rate it a seven out of ten for scalability.

I have not used their support.

The installation of pfSense is very easy. It took two to three hours.

It is easy to maintain. We did not have to do any maintenance of pfSense since we installed it.

It is free. It is open source.

We have not used the VPN capabilities of pfSense. We also did not have a need to integrate pfSense with any service.

I would rate pfSense a nine out of ten.

We use the product as a perimeter firewall.

We can run it on any hardware.

The product must provide integration with other solutions.

We have been using the solution for ten years.

The tool is stable.

The tool is not very scalable. That is why we are planning to switch to a different product. The solution is used by one administrator and 75 end users in our organization.

I have used SonicWall, Sophos, FortiGate, and Cisco Meraki. The choice of product depends on the context. Netgate pfSense is suitable for small businesses and homes. It is not the best solution for large deployments or branch offices. Sophos and FortiGate would be suitable for large companies.

It is easy to install the tool. We need two weeks to deploy it. One person can deploy the solution. It is also easy to maintain. One person can maintain the solution.

It is an open-source solution.

Overall, I rate the product an eight out of ten.

On-premises

We use it for its firewall features and VPN.

I provide it to my customers, and I also use it in my office. It is a very good solution for enterprises that need a VPN for their employees. It is the best way to provide a remote work facility to employees at a very low cost. Other solutions that I have had in the past were very expensive. Enterprises don't always have that kind of money to invest.

Its firewall ability is very good. It is very good and smooth at stopping attacks. It is better than others because we have to perform quite a bit of programming.

It is a very good and affordable solution for enterprises.

Other solutions provide more scope for growth. For instance, we can have only 10 to 20 employees on VPN, but other solutions can support more users. We also have more capabilities to increase the performance of the solution.

I have been using this solution for four years. I am using it now, and I have also used it in the past.

It is very stable. Both pfSense and Netgate appliances are very stable. I have had some of these solutions working non-stop for about a year and a half.

It is very scalable. It is being used in an enterprise with 70 employees and about 30 terabytes of communication per month. I also have other small enterprises with 10 to 20 employees. In my office, I have four users. 

I usually use community forums for any tech support. I get very good information there.

I have also worked with Netgate appliances in the past. Both Netgate and pfSense are very stable.

It is not very easy, but it is straightforward. We have an agreement with the clients to have the equipment and install the appliance in three or four days.

It is very suitable in terms of the price. If a client cannot acquire a Netgate appliance, I provide a custom-made appliance, and I install the Community edition of pfSense. It is a very good and affordable solution for enterprises. Some of the clients pay monthly but usually, it is annually.

The maintenance cost varies depending on the kind of solution we have implemented. It could be €100 per month or around €800 per year.

I would absolutely recommend this solution. I would rate it a nine out of 10.

On-premises