pfSense Room for Improvement
Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually. It would be more user-friendly if things were set automatically.
The drop in performance can be drastic when you use more advanced techniques. There is some trade-off between having a certain level of security and maintaining acceptable performance.
One of the things that are usually outside of the UTM, or system on the gateway, is the SIEM. It is an advanced system for managing the possibility of threats. It is not normally part of such devices but it would be nice if the pfSense interface were integrated with it.View full review »
Managing Director at Midgard IT
We are at the moment looking to use it as a proxy service so that we can limit what websites people go and view and that sort of thing. That's an area I've struggled with a little bit at the moment and it could be a bit easier to set up.
The only other thing I might look at would be some sort of antivirus type of aspect to check traffic coming in and out of the network. If they offered unified threat management, that would be an ideal outcome for us.
I have been looking at it as a sort of an appliance, rather than installing it on an actual PC. However, that's for future research first.View full review »
As I said, the product is fantastic. It could use a little bit of improvement in the reporting — the reporting is virtually non-existent. Something like a reporting module would be a benefit. Otherwise, in terms of the performance, at least for my organization, I don't see much of a problem.
By this, I mean that we cant generate reports of trends etc that could be exported out of PFSense in terms of a PDF etc to see how the firewall is functioning...
Though I must say that the work around for this could be to use the pfsense zabbix plugin and integrate to a Zabbix platform and then use the Zabbix reporting capabilities to get the required reports... Not much of an effort for the technically sound persons but definitely not in the scope of those from a non technical perspective...View full review »
There's always room for improvement. In general terms, for someone who is not familiar with the product I think ease of use could be improved. When you're connecting, the interface is very difficult for an inexperienced user in the sense of setting everything up, as it all has to be set manually. I've also found that the more features you use influences performance and the drop can be drastic when you use advanced features. I want to achieve a certain level of security and at the same time maintain good performance.
The solution is feature rich enough, but one of the things usually outside the UTM system or gateway system is SIEM. It's an advanced system for managing the possibilities and it would be nice to have a kind of interface in the UTM, to enable connectivity with most SIEM systems.View full review »
The interface is not very shiny and attractive. Most of the people that use pfSense are highly skilled, so they don't even bother to go the extra mile when it comes to configuration or any protection mechanisms. With other firewalls, with just one click or with the assistance of a wizard, the service is already configured. With pfSense, you have to have some time to do your own research regarding how to fine-tune it. If that could be improved, then life would be much easier. This would help any entry-level users to adapt to the platform.
Netgate, the mother organization that manages the pfSense platform, should offer organized security feeds for its users so that they can avoid configuring multiple types of feeds in multiple locations. That could generate extra revenue for the company, too.View full review »
I haven't experienced many problems when dealing with the solution, so I don't know if there are areas that need improvement.
If a user doesn't have a large amount of experience in Linux systems, they will have problems using this solution. Users need to be highly skilled in troubleshooting competency. Users who do not have such skills will find the product difficult to use.
Sometimes if your network goes down, you might experience an issue on the captive portal. This may require a restart and it also may require that you load it again. I'm used to the system, so I know what to do, but it can happen from time to time.
It can be really easy to deal with Technical support. Technical support is avaible every time I call . But sometime if Technical support do not privide you the solution, so you should double check and solve the issue by your self.View full review »
Technical Project Manager at a government with 1,001-5,000 employees
The integration of the plugins into the GUI could be better. It's sometimes hard to find where a setting can be found or how it might interact with other settings. Some documentation is outdate and plugins sometime have no documentation. Information can always be found on the fora but for novice users this can be a challenge.View full review »
Manager, Operations at SUS-TECH Limited
The solution can be complex. It needs a bigger team with more coding skills than what we have at our disposal. With our skillsets, we're facing a lot of limitations. We're a team of four who handles 12 independent companies under a larger umbrella. Our workload is already quite high. We need solutions that lessen it, not enhance it.
The solution requires a lot of administration.
The solution would work better for us if the user interface had some kind of unifying feature that didn't just do firewalls. Sophos, for example, offers so much more. You get one license and you're good to go. Everything's handled from the anti-virus to the network and the traffic and monitoring. Sophos is really user friendly and easy to master. It's easy to get rules put in. pfSense offers none of these things beyond just the firewall capabilities.
CTO, Software Architect, founder at a tech services company with 11-50 employees
We did have a strange issue with an update at one point, however, that was resolved quickly.
If you want to take advantage of all of the solution's options, you need to have a bit of a technical background. It's not for a layperson.
You do get a good solution for free. However, the trade-off is you need to be technical to really take advantage of it.
The installation could potentially be faster.View full review »
System Analyst at a tech services company with 11-50 employees
As an open-source solution, there are so many loopholes happening within the product. By design, no one is taking ownership of it, and that is worrisome to me.
Integration with other products could be improved. It needs log research integrated within it to make it more useful for our purposes.View full review »
IT analyst with 1,001-5,000 employees
The access control aspect of the product could be improved. There should be more control over everything that the user is doing. It should be able to log and report on everything users are doing.
The product no longer complies with new rules in Brazil. Therefore, we need to move off the solution.View full review »
Systems Administrator at a tech services company with 51-200 employees
Their support could be better in terms of the response time.View full review »
CEO at a tech services company with 1-10 employees
The main problem with pfSense is that we have to use proxy solutions. They don't have features like Layer 7 filtration. We can't filter based on applications. For this reason, we need to work with solutions from Cisco like OpenAPPID that help pfSense understand similar applications. For example, if I have to block WhatsApp, I need to use a third-party solution like OpenAPPID to help it understand what WhatsApp is. This capability is not native to pfSense, so I have to use another solution, like an add-on. I think that the proxy is the main problem with pfSense.
pfSense doesn't implement SD-WAN solutions. Competitors have this feature. If pfSense began doing this, it would be a big improvement.
The problem with open-source is that no one can take responsibility.
It needs to be more secure. Security needs improvement.
It's always better to have an agreement, an SLA regarding security. You should outsource your security to another company.View full review »
NOC Manager at a tech services company with 51-200 employees
The router monitoring needs improvement when compared with Sonicwall.
I would like an API that can sync to SolarWinds because we use SolarWinds for our monitoring platform. It would be great to be able to do all of the monitoring from SolarWinds instead of logging into the application to monitor it. It would be a nice feature to have.
I've never tried it in large environments. All my clients are small businesses with a handful of employees, so I am not sure how it works in large environments. I keep up with recent versions, and there's nothing I'm waiting for, and nothing breaks when I get a new version.View full review »
IT Support Specialist with 51-200 employees
I cannot recall any features that are lacking.
There's a bit of a learning curve during the initial implementation.
You do have to pay extra for better customer service.View full review »
The solution could always work at being more secure. It's a good idea to continue to work on security features and capabilities in order to ensure they can keep clients safe.View full review »
General Manager at Galgus
There is more demand for UTMs than a simple firewall. pfSense should support real-time features for handling the latest viruses and threats. It should support real-time checks and real-time status of threats. Some other vendors, such as Fortinet, already offer this type of capability. Such capability will be good for bringing pfSense at the same level as other solutions.
IT Consultant at a tech services company with 1-10 employees
I would like to see the dashboard modernized.
If you look at some of the other providers, their dashboard is more modern looking.
Also, simplifying the rules for the GeoIP. Making it simpler to understand would be an improvement.
Head Of Infrastructure at a transportation company with 201-500 employees
The hotspot and the portal feature in this solution are not stable for WiFi access. We use it at least once or twice every day and it crashes. Some modules can be better by improving detection and having new updates. Additionally, we have some issues with clustering and load balancing that could improve.
In a future release, they could redesign the policies because we need to write inbound and outbound simultaneous policies. They could change it to one policy, such as in FortiGate, Sophos, and Cyberoam. In these firewalls, we add rules in one way, and they add rules automatically. However, in this solution, we need to write every policy manually.
They can improve in site-to-site tunnels with other devices, such as Cisco or FortiGate. It is not very easy to set up VPNs for site-to-site tunnels.
There have been some problems we have been facing with BGP routing that needs to be improved.View full review »
The user interface could be improved, it's a bit clumsy and clunky.
Right now we have to use a lot of third party plugins with other providers that have their own built-in features so I'd like to see layer 7 advanced firewall features included in the solution. It would definitely improve the product.
IT Manager at a marketing services firm with 1,001-5,000 employees
I have been using WireGuard VPN because it is a lot faster and more secure than an open VPN. However, in the latest version of pfSense, they have removed this feature, which is one of the main features that I need. They should include this feature.
Engineering Manager at UTI Tech SA de CV
Many people have problems setting up the web cache for the web system.
They should put an anti-spam in a web application firewall.View full review »
The solution could use better reporting. They need to offer more of it in general. Right now, the graphics aren't the best. If you need to provide a report to a manager, for example, it doesn't look great. They need to make it easier to understand and give users the ability to customize them.
The VPN feature of the solution could improve by adding better functionality and providing easier configure ability.View full review »
They can improve the dynamic of the input of IPs from outside. Determining the IPs that are outside would be another way to identifying potential threats. We can treat it or identify and then block it or determine the rules to work with that IPs from the outside and inside the network.
Owner and business consultant at networks srl
I tried pfSense, and it has a big issue with file system consistency, and this is what drove me to OPNsense. The file system stability is quite a big issue for us. We have a lot of outages related to power issues, and OPNsense is much more stable on this side.
I would like it to be more stable on the file system part. It also has an issue with the ARP publishing, but it's common to BSD, and some providers experience issues with Layer 2 connectivity.View full review »
It would be ideal if the solution could integrate with Snort and OpenVPN.
The technical support needs to be improved.View full review »
CEO at a tech services company with 11-50 employees
They could improve their commercial stance and be more agile when it comes to the commercial pricing of enterprise deals.
For a feature update, they should increase the API integrations into decentralized identity platforms making it stronger.View full review »
The main problem with pfSense is that it lacks adequate ransomware protection. I would also like pfSense to be more robust like Cisco or Fortinet.View full review »
I have no idea.View full review »
Solutions Architect at a tech services company with 51-200 employees
The domain blocking lists need to be improved. The supported list for domain blocking is community-maintained, and I would like to see something from the manufacturers of pfSense that is a little more global.
I would like to see different graphs available in the reporting.View full review »
ClamAV AntiVirus can cause some crashes. That service should be improved.View full review »
The configuration of the solution is a bit difficult.View full review »
pfSense has some limitations in detecting site sessions. We want to control internet usage based on sites and their content, and pfSense doesn't perform this function.
The site itself could be improved; it's not easy to find the things that you want to implement and apply.
It would be good if it had more features like Sophos does.View full review »
Owner with 11-50 employees
There are some bias issues and some intrusions in our network that have to be addressed. So, we're thinking of changing this firewall to something like a professional hardware-enabled firewall.View full review »
I'd like to see some instructional videos as opposed to documentation. It would be helpful for beginners and start-up companies.