Netgate pfSense Reviews

It has improved our security. Users can work offsite and connect to the VPN.

• The VPN and the firewall. They are reliable and easy to manage.
• The VPN is valuable for setting up secure remote connections to our network.
• pfSense has the OpenVPN package which is a well-supported VPN software.
• The "OpenVPN Client Export" package is really helpful in exporting the VPN client software on most popular devices: iOS/Android, Windows, Mac, Linux, and a handful of SIP handsets.

Network monitoring and device inventory could use some improvements. I'm using SpiceWorks for this because it never really worked in pfSense.

Network monitoring is a big topic and I realize there is plenty of software out there like SpiceWorks, NTOPNG, PDQ, Zabbix, and Nagios.

I can easily log into pfSense and check "Status > Gateways" to see if the internet connection is online. However, I don't usually know if there's a problem until it's been down for a while and someone tells me about it. I realize this is a tricky problem, because if the pfSense internet goes down, how is it supposed to send out an email that relies on the internet connection?

I guess the only way that would make sense, is if an external monitor was set up in the cloud or something that could check the status of pfSense at given intervals.

As far as clients being up/down is concerned, I can use some alternative software and maybe there's a package in pfSense that I can use for it.

Another idea for pfSense device inventor: What if pfSense collected a list of newly connected clients? For security, it's important to know about all the clients connected to the network. A simple list of new clients that connect would be nice to have.

The alternative would be to lock pfSense down to only make address reservations, but that just creates more work for the Network Admin.

It seems to run stable, as long as the hardware is good. I tried running pfSense on a USB flash drive. After a month, I was having to re-install/re-configure pfSense on a new flash drive. I did that for a couple of months and collected a bunch of broken flash drives.

Even though their online documents claim that pfSense can run on flash drives, it really just breaks the flash drive after a month or less.

I have noticed that pfSense boots up really slowly as more users are connected to it. Occasionally, you have to re-install or delete broken packages that freeze up the system. However, the core pfSense software runs great.

I have never used pfSense technical support so I can't rate them. I used Google and figured everything out on my own. I do my own support.

We did not use a previous solution. I recommend pfSense because it's free, open source software.

The setup of pfSense was very straightforward for the most part. Usually, when something isn't working, it's because the "Apply" button wasn't clicked.

Spend at least $300 or more on a good pfSense box. Use a hard drive, and not a USB flash drive for pfSense storage.

We looked at some other solutions, but pricing and licensing was the problem. I looked at Palo Alto and SonicWall.

The learning curve is steep, but once you get the basics down, it's very robust and easy to use. There are plenty of resources online about setting it up.

We had been hit by crypto, and with our existing firewall infrastructure, we found out it didn't have geofiltering without an additional cost. That's still written from SonicWall and I think you have to pay extra for that. pfSense came with geofiltering and with logging as well, which I believe you have to pay extra for with SonicWall. So we didn't realize this until we got hit. We implemented GoIP filtering, and we also activated and stored the log files from within the firewall. I think there are some other feature sets that we used as well. The device seemed to be a little bit simpler to manage and configure through the interface. Of course with it being open source, we were able to stay current with that without having to incur annual purchasing or annual licensing fees like we do with SonicWall.

What I found most valuable is the cost of the platform, the flexibility of the platform, and the fact that the ongoing fees are not there as they are with the competitor. Some people may think you're taking a risk with using open source. I think it just provides the end-user, specifically for us small, medium business providers of services, the flexibility we need at the right cost to provide them a higher-end, almost enterprise-type service. 

In terms of areas of improvement, the interface seemed like it had a lot. The GUI interface that I had gotten into was rather elaborate. I don't know if they could zero in on some markets and potentially for small, medium businesses specifically, give them a stripped-down version of the GUI for pfSense.

I've used this solution for about a year. 

You could scale the pfSense platform to multiple users and bandwidth. With SonicWall, you have to go get a different version of their product because they're going to tie their firmware to their version. pfSense doesn't do that. It seemed to me like the scale of pfSense is easier and it was a non-sales interactive requirement to scale the offering versus with SonicWall.

Technical support was through an online chat. I don't remember us running into any snags. 

The initial setup is pretty straightforward if you have your ducks in a row if you understand the IP engineering and design, and you understand some of the protocols that you want to introduce into the environment. I think one of the biggest things that it allowed us to do also was remote desktop or remote access. We filtered out remote management. We shut those ports down within pfSense, and that seemed pretty straightforward. I think the GUI has a little too much information out there, but if you're a senior engineer, you're going to love all the information because it makes sense to you. If you're a junior or a freshman engineer, you're not going to mind it either because you can use it to teach yourself how to take advantage of that information that's there. 

On the front end of this, I thought it was rather intuitive.

With a firewall, typically we only charge between $25 and $75 a year to manage the firewall. That allows us to keep our price points low, and with minimal administrative overhead, we can maximize our profits.

When compared to other solutions like SonicWall, SonicWall has a built-in administrative burden where you have to go back and make sure your client understands they're going to get hit with another annual fee to keep that device up to date. pfSense is not like that. pfSense is not like that in the sense that if you go out and get the latest update of firmware or software, you're going to get the latest and greatest. You don't have to remember to go to the client and remind them they're going to be charged another fee next year to keep their license current. I hope they keep that model.

If you're a junior or even a beginner engineer, jumping into the interface for pfSense could be overwhelming. There are going to be things in there you just have never heard or seen before, which isn't a bad thing.

On the front end, I would take advantage of any courses that are out there, any introductions to it. It's very intuitive and there are a lot of forums out there that you can go watch and educate yourself on. If you are not that advanced of a network engineer, I think it's a great solution for you because you can go out to some peers and get a lot of direction and guidance from them to set it up in a small environment. The only other thing I would do is just compare. You always have to understand what your customers' needs are. Make sure you understand what your customer's needs are and that it's going to fit into their environment and their budget. I don't know why it wouldn't, but that'd be about the only advice I'd give is just make sure that it is definitely a fit for your customer base. I'm fairly confident, small and medium businesses should be a very good fit. I've been in the enterprise space as well. There may be some things on the enterprise level that you just can't do with pfSense and you might want to go to some other solution set, but I think it's very competitive.

I'd rate this solution a nine, even if I was an experienced engineer because it's easy to have and easy to maintain.

• Open source
• Proximity security
• Content filtering

It has provided us with a low cost security solution using a quality router at a fraction of the cost of our previous solution.

• Testing prior to deployment
• Packages need better support

I've used it for eight years.

Rarely as long as the right precautions are taken during migration.

Sometimes there are issues with package deployment and one must refer to the forums for support.

Being open source, scalability is not limited. The limits in place, are only set by available resources and time.

Customer service is available at a rate of $399 for 2 incidents, $899 for 5 incidents and $1,699 for 10 incidents. Most people refer to the forum and/or chat room.

Over 10/10.

Yes, I have used many other routers but nothing offers the options pfSense does without spending a fortune. pfSense is constantly being improved on.

I switched due to router limitations and vulnerabilities.

It's straight forward for anyone that's installed an OS before, however, I wouldn't recommend it for the novice.

It has been implemented in house and at client locations. If implemented at client locations it does require some care if Snort (The proximity security system) is used as it needs to be fine tuned and touched up from time to time due to newly found vulnerabilities that cause legitimate sites to be blocked.

You can invest as little or as much as you want. Granted, some features require more hardware than others but some end users use old machines that no longer have a purpose.

It's between US$50 to US$1500 depending on the hardware that is used.

We also looked at -

• Smoothwall
• Moonwall
• SonicWall
• Netgear
• IPCop

Become familiar with the router before implementing it at customer sites. Realize that basic features require a basic amount of hardware. Advanced features require more RAM and if using an SSD, use the embedded installer to reduce wear and tear on your drive.

I would recommend having the following hardware as a minimum:

• At least 8GB for storage
• 256MB+ RAM
• A dual core 1.8Ghz CPU for single typical Internet connection
• The faster the internet connection, a faster CPU and more RAM are required
• If you run Snort and Squid it is recommended you have between 4GB to 8GB of RAM

I primarily use the solution for monitoring and learning about how to operate a firewall. I also use it for monitoring my home network as well as adblocking.

The solution is 100% free to use.

The product offers a lot of helpful plugins.

The solution is easy to use and has a elaborate GUI.

The initial setup is quite simple and straightforward.

The integration of the plugins into the GUI could be better. It's sometimes hard to find where a setting can be found or how it might interact with other settings. Some documentation is outdate and plugins sometime have no documentation. Information can always be found on the fora but for novice users this can be a challenge.

I've been using the solution for five years or so. It's been a while.

The solution is stable. Since last upgrade there hasn't been a crash, freeze or need for reboort. It's quite reliable.

I've tried to scale the solution previously. I've got two hardware platforms running. I wasn't quite able to run everything I wanted on a small ARM based device. Therefore,  I build my own Super-micro platform based on Intel Denverton.

It's actually easy to scale. It's just moving over most of the configuration: exporting, importing, or even going right into the original XML export file.

There are six users, 3 dozen of devices and a homelab server with VM running behind the solution at this time.

With what I am running now, I haven't had to reach out to technical support. However, an upgrade failed two years ago and I needed to contact technical support to get me the new image for the device. They were very efficient. I was satisfied with the level of support I received.

I've been switching back and forth between pfSense, OPNsense, and Untangle in the last five years or so.

OPNsense and Untangled are more integrated, however, more and more of the plugins are becoming paid offerings. OPNsense misses a plugin that pfSense has, Untangled it's adblocking is easy but not free.

The initial setup is not to complex.

It's good to have the basic information before attempting to set everything up. They've got a wiki with all basic information and there are the fora for questions.

I've got a CCNA certificate and that some comes in handy. For me, it works without any documentation, however, for a complete novice user you probably need some documentation to get you through the process.

Getting everything up and running only took about 30 minutes. You then have a complete firewall solution up-and-running.

There is some maintenance required. You do need to check for updates from time to time, for example. If you install more plugins more maintenance might be required to get everything tuned.

I handled the implementation myself. I have some knowledge about IP routing.

The solution is free to use. There are (currently) no licensing costs.

I'm just a home lab user.

I'd advise those considering the solution for your business to get a service contract.

It works great for someone with enough knowledge and time to get his head around everything. Otherwise, you need to look for a solution that offers support and can work with you on issues. It's nice to try to balance between open-source and support that costs money.

In general, I'd rate the solution at an eight out of ten.

I was working for a firm that has 70 employees. They are mostly working from home, so I needed a very well-structured VPN for remote working. We put it on Supermicro, and it worked fine, and it was above their needs.

I like the connectivity to the open VPN. It's very smooth. All the encryption in the open VPN is very good. The structure of the pfSense software works out very well. The PF work cuts and the snorts and whatever we put on the console for spyware and attack prevention seem to work very nicely. 

They can improve the dynamic of the input of IPs from outside. Determining the IPs that are outside would be another way to identifying potential threats. We can treat it or identify and then block it or determine the rules to work with that IPs from the outside and inside the network. 

I have been using pfSense for the past three years. 

Back in the day, I was using Fortinet, and it was very tricky to get it working without spending more money. pfSense is exactly what we paid for, and it's still working very well. We've been working with it for two or three years, and it's a very good solution, and I didn't have to spend any more money on it.

Cisco VSL and Fortinet are tricky when it comes to improving the firewall rules or creating rules above older rules. In pfSense, it's very logical. It's simple.

The initial setup is very linear and very smooth.

On a scale from one to ten, I would give pfSense a nine.

We have internet limitations here in Sudan. The financial institutions that I am working with do not have a lot of services on the internet.

It is difficult but at the same time, we are safer and are not faced with any kind of compromised data.

This solution is suitable for small businesses and charity organizations. Security is not just about the firewall, you need policies and procedures in place.

The developers of pfSense follow the principles of open-source.

They keep it simple. It's simple and good.

The problem with open-source is that no one can take responsibility.

It needs to be more secure. Security needs improvement.

It's always better to have an agreement, an SLA regarding security. You should outsource your security to another company.

I have been using pfSense in my home environment since 2010. I have a small lab, a small environment.

We have also deployed it in my workplace.

It's a stable solution.

pfSense is scalable.

At our peak time, we have reached more than 5,000 concurrent connections.

I do not have experience with technical support.

I am also using IPFire. It's also open-source.

It's very stable, and it meets my business needs.

The initial setup is straightforward.

If you have solid knowledge and experience in IP tables, then it will be easy for you to deal with this product or any firewall. For example, Palo Alto or Fortinet. It's the same concept.

Depending on your activities, it can take a long time to deploy if you are new to this solution. For me, it takes less than one hour.

You have to understand the network technology and you have to understand what you are going to protect, and what service are you looking to protect. If you address these questions correctly, the installation is just a matter of a couple of clicks.

I completed the implementation myself.

We are using the open-source version, not the commercial one. 

It's very affordable.

I would continue to use pfSense if the decision was mine, but it is out of my area. It depends on the CIO.

I would recommend this solution to others who are interested in using it.

pfSense will not cost you any money.

It depends on your business needs. You have to address your business needs correctly.

I would say to go with pfSense. If you feel that it is not compatible, you have other purchase options such as Palo Alto.

I would rate this solution a ten out of ten.

I am using pfSense as a secondary firewall and network management.

The most valuable features of pfSense are the reports, monitoring, filtration, and blocking incoming and outgoing traffic.

The usage reports can be better.

I have been using pfSense for approximately six years.

The solution is stable.

I had 20 to 30 users using the solution.

I have used Sophos and Cyberoam solutions.

The installation is very easy.

I did the implementation of the solution.

I am using the free version of pfSense.

I would recommend this solution to others.

I have been 100% satisfied with the solution.

I rate pfSense an eight out of ten.

We have all sorts of users. We have admins, we have the finance guys, and we have salespeople using it. We created a captive portal for our teams as well as a guest portal. So in general, we are more or less happy.

Right now, I use it not only for intrusion detection but also for ETLs. We are a telephony integrator. We use it for applications and radius, etc. I use it as much more than a firewall. I use it for telephony applications as a certificate authority. 

Well, we do have the versatility of a fully functional firewall at practically no cost impact... So its a good investment for us in terms of the time spent on it... Most of all, we can see where our Internet etc can be well managed from the real time graphs that we see...

It's quite an awesome product with so many good things packed into it. I am happy with the EPLS, the radius, and I am happy with the captive portal. All in all, it's a good product. And considering that I get it for paying nothing, it's really worth the time invested in it.

As I said, the product is fantastic. It could use a little bit of improvement in the reporting — the reporting is virtually non-existent. Something like a reporting module would be a benefit. Otherwise, in terms of the performance, at least for my organization, I don't see much of a problem.

By this, I mean that we cant generate reports of trends etc that could be exported out of PFSense in terms of a PDF etc to see how the firewall is functioning...

Though I must say that the work around for this could be to use the pfsense zabbix plugin and integrate to a Zabbix platform and then use the Zabbix reporting capabilities to get the required reports... Not much of an effort for the technically sound persons but definitely not in the scope of those from a non technical perspective... 

I have been using this solution for roughly 10 months. I started with version 2.4, but about four days ago, I upgraded to version 2.5. It's been a good product so far.

Stability-wise, it's fine. I've only experienced one issue in the last 10 months. But in general, I am happy with it. Scalability-wise, as I said, our organization is just about 10 to 15 people, so we have not had much of a problem. I can't comment on how it would scale up with hundreds of VLANs and tens of thousands of people operating on it. But in general, for a small organization, I think it's very stable.

As we are in SMB, I cant comment on big traffic situations but for a small organization like ours (10 to 20 users) and with various integrations that we need (e.g., OpenVPN, WireGuard, LDAP authentications, Tens of VLANS, Captive portal, DHCP Relay, EAP-TLS, IDS, Adblocks etc.) We are ok with it...

I think the documentation is good enough because I've never had the need to contact technical support. I just use Google to get the information that I need.

We used to use Fortinet in our office in Dubai. But where I am right now, I thought an open-source was the option for me because I'm very involved in open-source projects. It came down to pfSense and OPNsense — the first one we downloaded was pfSense and I stuck by it.

The initial setup was straightforward. I come from the IT industry, so I had no issues. Within 20 minutes, I had it up and running.

I implemented it myself.

Too early to comment... Though all I needed to invest was a small desktop and ofcourse, time and effort to configure it... 

Well, its opensource... So for the tech-minded, its not so difficult but yes, the configuration is understandable for those with good prior firewall knowledge... 

If you can get it working, its great... But yes, thats the first part... Get it working... 

Oncw working, all licenses etc are not a problem as it is opensource... So no restrictions there... so far...

I did use Sophos-XG free but I stick to pfsense as it is free and open source...

I would recommend pfSense for the simple reason that it's open-source and it's free. Anything for free is good. I personally got much more out of it than I expected. I never expected this product to be so worth the time. It's a good product. For my needs at least.

Overall, on a scale from one to ten, I would give this solution a rating of eight. I have not used it for thousands of users, but for our usage, for an SMB organization, I would give it a rating of eight.