pfSense Room for Improvement

Ray Ost
CEO at Private
Some suggestions for improvement of pfSense are: * Adjustment in the interfaces: I had to adjust those interfaces manually and of course that is a great feature that you can restore it but it is immediately also one point for improvement. If you don't have to adjust, if it's just stamped and it works, that's great. * With regard to the Community Edition, when I installed it, we use Proxmox as an equivalent of PMWorks and I installed the Community Edition in Proxmox. That was very difficult to get to work at first. A lot of tweaking. That is very, very not easy. * When I'm inside of my network and I go to a URL, the URL points to a server inside my network. It doesn't hang, but I don't get a response. It just stays blank. * I can imagine that inside my network, I am going outside, and it points to the public address, so I can reach it. With eSoft, without any adjustment, it worked, and I was able to do that. I went to search pfSense for an option, and I had some documents open to read about how it is done, but it isn't clear enough. It's not that easy. I would appreciate it if I could get easy help on that. View full review »
IT Manager & Sr. Application Programmer with 11-50 employees
While I agree spam filtering is not included or an option with the system, I don't necessarily hold that against the product as there are a number of other services that do it far better than a firewall could. If you use Office 365, Microsoft's implementations are likely to be far superior to what you'll get from a firewall. However, with that said, the one item I wish it included, even if it was a subscription-based service, is the inclusion of an AV and/or threat intelligence. This would elevate the solution well above other alternatives. View full review »
Koen Van Cauwenberghe
Network and Office Manager with 11-50 employees
A malware blocker should be included. I do not know if it is included yet. However, until now, we have not experienced a large malware invasion. There are a few features not included, and when you have to use those features, you have to pay for them. I know that I should change the current pfSense solution. I should change it because we have only one key port on it. Our internet access also has a key port now, I should have two key ports, one to the LAN and one to the WAN. Therefore, I want to change it, because it gives us less speed. I could provide the speed, but there are not two key ports on it. Therefore, I now have to choose a new pfSense solution, or I could look at another vendor similar to what we have. View full review »
Christopher Collins
IT Support Engineer
Network monitoring and device inventory could use some improvements. I'm using SpiceWorks for this because it never really worked in pfSense. Network monitoring is a big topic and I realize there is plenty of software out there like SpiceWorks, NTOPNG, PDQ, Zabbix, and Nagios. I can easily log into pfSense and check "Status > Gateways" to see if the internet connection is online. However, I don't usually know if there's a problem until it's been down for a while and someone tells me about it. I realize this is a tricky problem, because if the pfSense internet goes down, how is it supposed to send out an email that relies on the internet connection? I guess the only way that would make sense, is if an external monitor was set up in the cloud or something that could check the status of pfSense at given intervals. As far as clients being up/down is concerned, I can use some alternative software and maybe there's a package in pfSense that I can use for it. Another idea for pfSense device inventor: What if pfSense collected a list of newly connected clients? For security, it's important to know about all the clients connected to the network. A simple list of new clients that connect would be nice to have. The alternative would be to lock pfSense down to only make address reservations, but that just creates more work for the Network Admin. View full review »
COO at a tech services company with 501-1,000 employees
They need to take care of a few issues with the GUI. Occasionally, they don't update the configurations properly. I would also like them to firm up the VPN aspect of the software a bit and provide better monitoring software. When a carrier that supports a VPN or IPsec tunnel bounces, the recovery time can take a few minutes. Reducing that time would be greatly appreciated in future releases. View full review »
Reinhardt Jansen
Senior Systems Administrator at a non-tech company with 51-200 employees
Layer 7 filtering has been taken away from pfSense. They would like us to use Snort, which is a good thing, but I would like them to make the Layer 7 thing easier. The one reason that we did not go with pfSense is that it is not centrally managed like Meraki, where you log into the website and can see all your services there. This is the only reason why we are going with Meraki. We would like to be able to see is all the configurations from a central interface on all our pfSenses. View full review »
Haytham Tarek
Founder and MD at Smart Solution
It has everything I need, but the main drawback of pfSense is that it's not user-friendly. I hope to have something to make the interfaces more user-friendly. I would also like to see some documentation that can help with use cases or that has advice and tips. I have found some documentation available but it's usually from an earlier version. If they develop this, pfSense will be the best. The only thing that Fortigate is better than pfSense is that they have 24/7 support. pfSense also needs improvements in the intrusion detection area. View full review »
Anders Olsson
Systems Administrator at a tech services company with 201-500 employees
* The central point of management, like the long-rumored pfCenter. * Better parsing of logs: At the moment, you have to use an external server for this if you want a deeper analysis. View full review »
Alfredo Cornell
Chief Technology Officer at Xpro Networks
I would like to see SD1 integration into the software. That would be fantastic. View full review »
Cloud Engineer at a tech services company with 1,001-5,000 employees
The GUI. There are TONS of plugins for pfSense, as such, if a user wants to add quite a bit of functionality, the GUI will feel a little congested. View full review »
Gustavo Rendon
Owner with 51-200 employees
Reporting and real-time monitoring, since I'm used to Watchguard's reporting features, it would be nice to have an embedded solution for reporting. View full review »
Matt Bilbrey
IT Director
The GUI could use more “bells and whistles”. It's got plenty of info for a Sysadmin but some people like shiny things. View full review »
Svetoslav Bakalov
IT Systems Engineer at a manufacturing company with 201-500 employees
I would like more add-ons/packages for extending pfSense which are approved by the main community. View full review »
Jinlong Ye
HTS Engineering - Heat Transfer Solutions at a construction company with 201-500 employees
There were some bugs in the version we used. View full review »
Winston Barbosa
Infrastructure Manager at a engineering company with 501-1,000 employees
Easy to deploy and easy to use, although the support of the community in the forums is excellent and there is always a solution View full review »
Snr. VOIP Specialist at Digital Globe Services
As per my understanding VPN, Captive Portal user-level and MAC-level filtering need to be improved. View full review »
student at a university with 51-200 employees
The product is good in many of its departments, but this should make HTTPS filtering more efficient since Squid falls short when using man in the middle. It works, but it is not 100% efficient. It requires more attention to provide a better alternative for open source to small government or educational institutions with reduced budgets in terms of technology. View full review »
Analista Senior at a tech services company
pfSense serves us very well. My only observation is about the quality of the IPSec logs, which are difficult to interpret and are poor in filters. I have more than 10 IPSec VPN connections, and when there is a need for troubleshooting, the logs are of little help. View full review »
Luis Castro
Specialist in IT Infrastructure, Networks and Software Quality at a tech services company with 51-200 employees
The connections should be shown in a more specific way, as Kerio Control does. It should integrate with LDAP, Active Directory, etc, to improve the way in which the traces and connections of each IP, or user connected through the firewall, are shown. View full review »
Ross Bennett
Senior Systems Engineer at a financial services firm with 11-50 employees
* I would like to see multiple DNS servers running on individual interfaces. * It would be useful to manage firewall policies on a source interface and destination interface basis. View full review »
Mervin Sosa
Services on additional features: * SNMP Network Management * Managing inventory * Generating IT reports. View full review »
CEO with 11-50 employees
Improve analysis of logs and dashboards (control panel) with improved alert functionality. View full review »
Jaco Lange
Managing Director with 51-200 employees
This product needs improvements with respect to reporting and auditing. View full review »
Alejandro Vera Moran
User with 51-200 employees
A way to clean squid cache from the GUI. View full review »
More regular patch updates, because this is very important for a firewall. View full review »

Sign Up with Email