Sold by: Netgate
Deployed on AWS
AWS Free Tier
pfSense Plus software is a leading price-performance edge firewall, router, and VPN solution. Millions of installations used by homes, businesses, government agencies, educational institutions and service providers.
4.6
Overview
Video
Launch pfSense Plus software on AWS
Video
Product video
OVERVIEW pfSense Plus software is a leading price-performance edge firewall, router, and VPN solution. Millions of installations used by homes, businesses, government agencies, educational institutions and service providers.
PRICING Save money with a Private Offer! Contact us at sales@netgate.com or use the Request Private Offer button above. /As of 24.03 - Supports High Availability configurations across both AWS zones and regions, with seamless settings and configuration synchronization ensuring enterprise grade consistent performance. See pfSense Plus on AWS documentation and HA blog at Netgate.com.
No hidden fees for features or functions. No arbitrary licensing fees. No artificial user limitations. Just unparalleled ROI and TCO.
FEATURES Firewall: Stateful packet inspection, GeoIP blocking, Anti-spoofing, Captive portal guest network, Time-based rules, Connection limits, NAT mapping (inbound/outbound)
Router: Policy-based routing, Concurrent IPv4/v6 support, Configurable static routing, IPv6 network prefix translation, IPv6 router advertisements, Multiple IP addresses per interface, PPoE server
Attack Prevention: IDS/IPS, Snort-based packet analyzer, Layer 7 application detection, Multiple rules/sources/categories, Emerging threats database, IP blacklist database, Pre-set rule profiles, Per-interface configuration, False positive alert suppression, Deep packet inspection (DPI), Application blocking
VPN: IPsec, OpenVPN, Wireguard, Site-to-site and remote access VPN, SSL encryption, VPN client for multiple operating systems, L2TP/IPsec for mobile devices, IPv6 support, Split tunneling, Multiple tunnels, VPN tunnel failover, NAT support, Automatic or custom routing, Local user authentication or RADIUS/LDAP
Reverse Proxy and Load Balancing: HTTP and HTTPS proxy, high availability, load balancing, and proxying for TCP, HTTP and HTTPS-based applications.
Network Services: Dynamic DNS, DHCP Server, DNS Forwarding, DNS Filtering
Management: GUI, full suite of configuration, user authentication, system security, resilience/reliability, and system reporting/monitoring features See the full feature list here: https://www.netgate.com/solutions/pfsense-plus/
ABOUT NETGATE Netgate is the company behind the pfSense project and the only official source for pfSense Plus and Community Edition (CE) software. As the primary contributors, our developers work hard to provide the best firewall security technology for your cloud infrastructure.
Highlights
- The leading open-source driven firewall, router, and VPN (OpenVPN/IPsec/WireGuard) solution for network edge and cloud secure networking.
- Millions of installations protecting homes, businesses, governments, educational institutions and service providers.
- Made possible by open source technology. Made into a robust, reliable, dependable product by Netgate.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
FreeBsd 14
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
If you are an AWS Free Tier customer with a free plan, you are eligible to subscribe to this offer. You can use free credits to cover the cost of eligible AWS infrastructure. See AWS Free Tier for more details. If you created an AWS account before July 15th, 2025, and qualify for the Legacy AWS Free Tier, Amazon EC2 charges for Micro instances are free for up to 750 hours per month. See Legacy AWS Free Tier for more details.
Dimension | Cost/hour |
|---|---|
m6i.large Recommended | $0.34 |
t3.micro | $0.12 |
t2.micro | $0.12 |
r4.large | $0.56 |
r4.xlarge | $0.56 |
c5n.large | $0.34 |
m5d.large | $0.34 |
m5.xlarge | $0.45 |
m3.xlarge | $0.45 |
t2.large | $0.12 |
Vendor refund policy
Hourly users may cancel or stop using this service at any time. Annual subscriptions may be cancelled for a full refund within 48 hours of purchase or a prorated refund within 14 days.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
An instance may be managed via ssh or https. Most of the system configurations may only be adjusted via the https interface. To access the instance via ssh: log in as the admin user using the SSH key associated with the instance. E.g. run the command 'ssh -i my_aws_rsa_key admin@instance_host_name'. Substitute the file your private SSH key is stored in for my_aws_rsa_key and the hostname of the instance for instance_host_name. To access the instance via https, use a web browser: Type admin for the account name. The password can be set to a value of your choice when you start the instance by setting a value of the form 'password=your_desired_password' in the "User Data" field of the "Advanced Instance Options" section of the launch screens. If you don't set a password, a random password will be set. The random password can be viewed by choosing Get System Log from the Actions menu for the instance. To set a password during the creation of an instance: On the "Configure Instance Details" screen expand "Advanced Details". Make sure "As text" is selected for "User data". In the "User data" field enter a password of the form 'password=your_desired_password'.
Resources
Vendor resources
Support
Vendor support
Get expert technical support via email, portal, or phone with a four (4) or 24-hour initial response SLA from the Netgate Technical Assistance Center (TAC). Learn more about our support options at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Netgate
By Palo Alto Networks
By Juniper Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Intrusion Detection and Prevention
Snort-based packet analyzer with Layer 7 application detection, multiple rules and sources, emerging threats database, IP blacklist database, deep packet inspection (DPI), and false positive alert suppression
VPN Protocols and Connectivity
Support for IPsec, OpenVPN, and WireGuard protocols with site-to-site and remote access VPN capabilities, SSL encryption, L2TP/IPsec for mobile devices, IPv6 support, split tunneling, and VPN tunnel failover
Stateful Firewall and Network Protection
Stateful packet inspection, GeoIP blocking, anti-spoofing, captive portal guest network, time-based rules, connection limits, and NAT mapping for inbound and outbound traffic
High Availability and Redundancy
High availability configurations across AWS zones and regions with seamless settings and configuration synchronization
Reverse Proxy and Load Balancing
HTTP and HTTPS proxy functionality with high availability and load balancing for TCP, HTTP, and HTTPS-based applications
Application Layer Visibility and Control
Complete application layer-7 visibility and control of traffic with next-generation firewall capabilities in AWS environments
AI/ML-Powered Threat Detection
AI/ML-powered inspection engine with researcher-grade signatures for detection of zero-day threats, exploits, malware, spyware, and command and control attacks
Dynamic Policy Management
Policy definitions that dynamically apply to cloud assets based on AWS tags, Application IDs, User IDs, geographies, or zones without manual intervention
Cloud Infrastructure Integration
Seamless integration with Gateway Load Balancer, AWS Auto Scaling, and Transit VPC with AWS Transit Gateway for protection across dynamic and large-scale deployments
Advanced Threat Prevention Service
Cloud-delivered Advanced Threat Prevention security service with market-leading threat coverage against known and zero-day threats while maintaining performance
Next Generation Firewall Architecture
High-performance firewall solution with core firewall, VPN, NAT, and advanced L4-L7 security services including application security, IPS, and anti-virus capabilities.
Anti-Virus and Malware Protection
Cloud-based anti-virus protection that detects and blocks spyware, adware, viruses, keyloggers, and other malware over POP3, HTTP, SMTP, and FTP protocols.
Intrusion Detection and Prevention
Intrusion detection and prevention (IPS) system integrated with application visibility and control through AppSecure for threat detection and workload protection.
VPN and Secure Connectivity
IPsec and full mesh VPN termination services enabling secure connectivity from on-premises data centers, campuses, and branches to AWS cloud across geographically dispersed VPCs.
AWS Cloud Service Integration
Native integration with AWS services including Elastic Load Balancer, Auto-Scaling Groups, CloudWatch, Security Hub, Key Management Service, Elastic Network Adapter support, and Gateway Load Balancer with L3 gateway and L4 load balancer capabilities.
Standard contract
No
No
No
Customer reviews
Askar Parveez
Firewall has reduced VPN costs and provides flexible multi-WAN load balancing and traffic control
Reviewed on Feb 25, 2026
Review provided by PeerSpot
What is our primary use case?
We work with Netgate products. We are a reseller and consultant. We have been working with Netgate and Fortinet for around two years.
What is most valuable?
The primary thing I find valuable in Netgate pfSense Plus Firewall/VPN/Router is that it is license-free software. Unlike FortiGate, you do not have to do yearly subscription renewals. In pfSense, there is no need for any license renewal. This represents a one-time cost, so customers feel that there is no OPEX, only CAPEX.
For VPN, we primarily recommend Netgate pfSense Plus Firewall/VPN/Router to our customers. More packages are available, including IDS and IPS. Whatever features you want, there will be a package readily available. You just have to install it and do the configuration.
VLAN is a basic feature and it is available. Traffic shaping is good enough. Generally, pfSense's traffic shaper is very effective for this. You can prioritize traffic for voice and data.
Load balancing and load failover are valuable. You can have multiple ISPs and do the load balancing effectively. Many customers use load balancing by default and ask for load balancing, VLAN, VPN, and everything.
We have multiple VPN options for our customers' remote access strategy. We have WireGuard, OpenVPN , and IPsec. Usually for customers needing site-to-site VPN, we recommend IPsec. If they want remote VPN access, we recommend OpenVPN .
Multi-WAN allows you to do load balancing and failover.
What needs improvement?
Netgate pfSense Plus Firewall/VPN/Router regularly provides updates. One aspect they can improve is that most people ask whether an antivirus scanning system is available in pfSense. Other companies, such as FortiGate or Cisco, market their product as a next-generation firewall with built-in antivirus applications and zero trust, with everything available in their ecosystem. This needs to be better communicated for pfSense, because the capability already exists, but we have to explain to customers which package to install and configure for those features to be used effectively. If Netgate can pitch their product with antivirus as a clearly available option, it will be more useful.
How are customer service and support?
Their support is good. I would rate their support as nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Netgate could learn more from FortiGate in terms of product marketing. Customers are more satisfied wherever we have delivered the product. For example, one customer previously used SonicWall and replaced it with Netgate pfSense Plus Firewall/VPN/Router. They are more satisfied with Netgate pfSense Plus Firewall/VPN/Router in terms of its flexibility and customer support.
What other advice do I have?
For metrics to measure its impact, we do not measure in a formal way. We use bandwidth monitoring to check how effective the solution is.
I have not encountered customers asking for additional features beyond the antivirus system. That is the only topic that comes up.
I do not find anything to be improved when it comes to VPN or routing in pfSense.
I would give Netgate pfSense Plus Firewall/VPN/Router a rating of eight out of ten.
MD D.
Reliable, Flexible, and Built for Real Control
Reviewed on Feb 19, 2026
Review provided by G2
What do you like best about the product?
What I like most about Netgate pfSense is how much control it gives you without being overly complicated. It’s reliable, secure, and flexible enough to handle everything from basic setups to more advanced networking needs. I also appreciate that it’s not a closed system
What do you dislike about the product?
If I had to point out a downside, it would be that the interface can feel a bit overwhelming at first, especially if you’re new to networking. Some advanced features take time to understand, and the learning curve can be steep. It’s powerful, but you do need some technical knowledge to get the most out of it.
What problems is the product solving and how is that benefiting you?
Netgate pfSense solves the problem of having limited control and weak security with typical off-the-shelf routers. It gives you advanced firewall protection, better traffic management, and reliable VPN options in one place. For me, that means more control over my network, better security, and the ability to customize everything based on my needs instead of being stuck with basic features.
Manish Nalawade
Secure networking in education has improved and supports unlimited VPN and VLAN customization
Reviewed on Feb 04, 2026
Review provided by PeerSpot
What is our primary use case?
We are using this solution mainly in the education sector, including universities or engineering colleges.
What is most valuable?
I have used Netgate pfSense Plus Firewall_VPN_Router VLAN support, and I find VLAN support is good. VLAN support provides unlimited VLANs and is well-implemented.
VPN tunneling has also been good, as it provides unlimited VPN tunneling capabilities.
The load balancing capabilities of Netgate pfSense Plus Firewall_VPN_Router are good.
What needs improvement?
Regarding the drawbacks or weak points I have noticed, I reviewed all current firewalls and it seems all are on an equal level, including Netgate pfSense Plus Firewall_VPN_Router. There are no major differences or drawbacks. You can customize this product and choose your own hardware.
In future releases and updates of Netgate pfSense Plus Firewall_VPN_Router, the basic feature I would like to see is that it remains open-source with no recurring cost, which is a big feature in a country like India. A captive portal would be an additional feature that would be good to have.
For how long have I used the solution?
I have been working with this product for nearly 15 to 17 years.
What do I think about the stability of the solution?
My experience with the product is that it is a stable and good product that is easy to use. It is an open source product.
I would rate stability from one to ten as a nine in comparison to all other firewalls because it is a cheaper option for deployment and price.
What do I think about the scalability of the solution?
I would rate the scalability of the solution from one to ten as an eight. There is another open-source software, OPNSense, where there is major development compared to Netgate pfSense Plus Firewall_VPN_Router.
How was the initial setup?
The approximate time deployment for Netgate pfSense Plus Firewall_VPN_Router requires only one hour or a maximum of two hours. It is user-friendly.
Which other solutions did I evaluate?
I am not currently working only with Netgate pfSense Plus Firewall_VPN_Router, as we work with other firewalls also. However, it is a good choice for users.
The other firewalls I am using include Fortinet and Sophos.
What other advice do I have?
I would assess the effectiveness of Netgate pfSense Plus Firewall_VPN_Router's traffic shaping as good, but I would give a six marks only for that compared to others because in the past few years, there has been a stop of improvement or lack of improvement showing in Netgate pfSense Plus Firewall_VPN_Router. That is why OPNSense is quite good now.
The benefits of Netgate pfSense Plus Firewall_VPN_Router VPN services to my remote access strategy are comparatively the same with all others. The basic thing is that all these modules or VPN tunneling or others are unlimited use in Netgate pfSense Plus Firewall_VPN_Router, and in other firewalls, you need to purchase additionally.
I do use Netgate pfSense Plus Firewall_VPN_Router Multi-WAN capabilities. Basically, it is customized, so you can choose your own hardware. It is scalable, depending on your requirements.
My job position is that I am an owner of a company that is involved in managed networks. I rate this product overall as a nine out of ten.
Tony C.
robust networking solution
Reviewed on Jan 30, 2026
Review provided by G2
What do you like best about the product?
the ability to configure your own router HOWEVER you want!
What do you dislike about the product?
a little bit unintuitive to manage system resources, sometimes eats up a lot of hardware memory.
What problems is the product solving and how is that benefiting you?
- ability to adapt to different custom hardware
- ability to provide configurations for firewalls and traffic monitoring
- native integration with WireGuard and Tailscale
- native pfblockerng capability
- ability to provide configurations for firewalls and traffic monitoring
- native integration with WireGuard and Tailscale
- native pfblockerng capability
Dusan Colakovic
Reliable VLAN and dual VPN setup has strengthened network management and improved load balancing
Reviewed on Jan 19, 2026
Review provided by PeerSpot
What is our primary use case?
I have used the VLAN support of Netgate pfSense Plus Firewall_VPN_Router. We actually use two types of VPN, OpenVPN and WireGuard, and both of them are working perfectly fine; it is great.
What is most valuable?
The load balancing capabilities have helped my IT infrastructure. It has helped our network management, as we have a couple of LAN networks and WAN networks.
What needs improvement?
The effectiveness of Netgate pfSense Plus Firewall_VPN_Router traffic shaping is quite good, but I am not very satisfied with the interface for control. It needs some upgrading in speed, so I would not say it is too complicated or obsolete.
For how long have I used the solution?
As a firm, we have been using Netgate pfSense Plus Firewall_VPN_Router for a couple of years, and for me, it has been around one year, as long as I have been here.
What do I think about the scalability of the solution?
I do not use the multi-WAN capability of Netgate pfSense Plus Firewall_VPN_Router.
What other advice do I have?
I do not have complaints about Netgate pfSense Plus Firewall_VPN_Router with Firewall, VPN, and Router; it is really comfortable for use, and it does a pretty good job.
I would rate my experience with Netgate pfSense Plus Firewall_VPN_Router as eight out of ten. Mostly the interface is the reason I rate it eight out of ten, but I do not have anything else I would alter or improve. My overall review rating for this product is eight out of ten.