Sold by: Netgate
Deployed on AWS
AWS Free Tier
Up to 30% savings with a Private Offer from Netgate. pfSense Plus software is a leading price-performance edge firewall, router, and VPN solution. Millions of installations used by homes, businesses, government agencies, educational institutions and service providers.
4.6
Overview
Video
Launch pfSense Plus software on AWS
Video
Product video
OVERVIEW pfSense Plus software is a leading price-performance edge firewall, router, and VPN solution. Millions of installations used by homes, businesses, government agencies, educational institutions and service providers.
PRICING Up to 30% Cost Savings Guaranteed with a private offer. No changes to your existing AWS infrastructure or instances, with simplified management under your current billing. No need for migration or redeployment. Contact us at sales@netgate.com or use the Request Private Offer button above.
No hidden fees for features or functions. No arbitrary licensing fees. No artificial user limitations. Just unparalleled ROI and TCO.
FEATURES Firewall: Stateful packet inspection, GeoIP blocking, Anti-spoofing, Captive portal guest network, Time-based rules, Connection limits, NAT mapping (inbound/outbound)
Router: Policy-based routing, Concurrent IPv4/v6 support, Configurable static routing, IPv6 network prefix translation, IPv6 router advertisements, Multiple IP addresses per interface, PPoE server
Attack Prevention: IDS/IPS, Snort-based packet analyzer, Layer 7 application detection, Multiple rules/sources/categories, Emerging threats database, IP blacklist database, Pre-set rule profiles, Per-interface configuration, False positive alert suppression, Deep packet inspection (DPI), Application blocking
VPN: IPsec, OpenVPN, Wireguard, Site-to-site and remote access VPN, SSL encryption, VPN client for multiple operating systems, L2TP/IPsec for mobile devices, IPv6 support, Split tunneling, Multiple tunnels, VPN tunnel failover, NAT support, Automatic or custom routing, Local user authentication or RADIUS/LDAP
Reverse Proxy and Load Balancing: HTTP and HTTPS proxy, high availability, load balancing, and proxying for TCP, HTTP and HTTPS-based applications.
Network Services: Dynamic DNS, DHCP Server, DNS Forwarding, DNS Filtering
Management: GUI, full suite of configuration, user authentication, system security, resilience/reliability, and system reporting/monitoring features See the full feature list here: https://www.netgate.com/solutions/pfsense-plus/
ABOUT NETGATE Netgate is the company behind the pfSense project and the only official source for pfSense Plus and Community Edition (CE) software. As the primary contributors, our developers work hard to provide the best firewall security technology for your cloud infrastructure.
Highlights
- The leading open-source driven firewall, router, and VPN (OpenVPN/IPsec/WireGuard) solution for network edge and cloud secure networking.
- Millions of installations protecting homes, businesses, governments, educational institutions and service providers.
- Made possible by open source technology. Made into a robust, reliable, dependable product by Netgate.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
FreeBsd 14
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
If you are an AWS Free Tier customer with a free plan, you are eligible to subscribe to this offer. You can use free credits to cover the cost of eligible AWS infrastructure. See AWS Free Tier for more details. If you created an AWS account before July 15th, 2025, and qualify for the Legacy AWS Free Tier, Amazon EC2 charges for Micro instances are free for up to 750 hours per month. See Legacy AWS Free Tier for more details.
Dimension | Cost/hour |
|---|---|
m6i.large Recommended | $0.34 |
t3.micro | $0.12 |
t2.micro | $0.12 |
r4.large | $0.56 |
r4.xlarge | $0.56 |
c5n.large | $0.34 |
m5d.large | $0.34 |
m5.xlarge | $0.45 |
m3.xlarge | $0.45 |
t2.large | $0.12 |
Vendor refund policy
Hourly users may cancel or stop using this service at any time. Annual subscriptions may be cancelled for a full refund within 48 hours of purchase or a prorated refund within 14 days.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
An instance may be managed via ssh or https. Most of the system configurations may only be adjusted via the https interface. To access the instance via ssh: log in as the admin user using the SSH key associated with the instance. E.g. run the command 'ssh -i my_aws_rsa_key admin@instance_host_name'. Substitute the file your private SSH key is stored in for my_aws_rsa_key and the hostname of the instance for instance_host_name. To access the instance via https, use a web browser: Type admin for the account name. The password can be set to a value of your choice when you start the instance by setting a value of the form 'password=your_desired_password' in the "User Data" field of the "Advanced Instance Options" section of the launch screens. If you don't set a password, a random password will be set. The random password can be viewed by choosing Get System Log from the Actions menu for the instance. To set a password during the creation of an instance: On the "Configure Instance Details" screen expand "Advanced Details". Make sure "As text" is selected for "User data". In the "User data" field enter a password of the form 'password=your_desired_password'.
Resources
Vendor resources
Support
Vendor support
Get expert technical support via email, portal, or phone with a four (4) or 24-hour initial response SLA from the Netgate Technical Assistance Center (TAC). Learn more about our support options at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Netgate
By Palo Alto Networks
By Juniper Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Intrusion Detection and Prevention
IDS/IPS with Snort-based packet analyzer, Layer 7 application detection, deep packet inspection (DPI), multiple rules/sources/categories, emerging threats database, IP blacklist database, and per-interface configuration with false positive alert suppression.
VPN Protocols and Connectivity
Support for IPsec, OpenVPN, and WireGuard protocols with site-to-site and remote access VPN capabilities, SSL encryption, L2TP/IPsec for mobile devices, IPv6 support, split tunneling, multiple concurrent tunnels, and VPN tunnel failover.
Stateful Firewall and Network Protection
Stateful packet inspection, GeoIP blocking, anti-spoofing, captive portal guest network, time-based rules, connection limits, and NAT mapping for both inbound and outbound traffic.
Advanced Routing Capabilities
Policy-based routing, concurrent IPv4 and IPv6 support, configurable static routing, IPv6 network prefix translation, IPv6 router advertisements, multiple IP addresses per interface, and PPPoE server functionality.
Reverse Proxy and Load Balancing
HTTP and HTTPS proxy services with high availability, load balancing, and proxying capabilities for TCP, HTTP, and HTTPS-based applications.
Application Layer Visibility and Control
Complete application layer-7 visibility and control of traffic with next-generation firewall capabilities in AWS environments
AI/ML-Powered Threat Detection
AI/ML-powered inspection engine with researcher-grade signatures for detection of zero-day threats, exploits, malware, spyware, and command and control attacks
Dynamic Policy Management
Policy definitions that dynamically apply to cloud assets based on AWS tags, Application IDs, User IDs, geographies, or zones without manual intervention
Cloud Infrastructure Integration
Seamless integration with Gateway Load Balancer, AWS Auto Scaling, and Transit VPC with AWS Transit Gateway for protection across dynamic and large-scale deployments
Advanced Threat Prevention Service
Cloud-delivered Advanced Threat Prevention security service with market-leading threat coverage against known and zero-day threats while maintaining performance
Next Generation Firewall Architecture
High-performance firewall solution with core firewall, VPN, NAT, and advanced L4-L7 security services including application security, IPS, and anti-virus capabilities.
Anti-Virus and Malware Protection
Cloud-based anti-virus protection that detects and blocks spyware, adware, viruses, keyloggers, and other malware over POP3, HTTP, SMTP, and FTP protocols.
Intrusion Detection and Prevention
Intrusion detection and prevention (IPS) system integrated with application visibility and control through AppSecure for threat detection and workload protection.
VPN and Secure Connectivity
IPsec and full mesh VPN termination services enabling secure connectivity from on-premises data centers, campuses, and branches to AWS cloud across geographically dispersed VPCs.
AWS Cloud Service Integration
Native integration with AWS services including Elastic Load Balancer, Auto-Scaling Groups, CloudWatch, Security Hub, Key Management Service, Elastic Network Adapter support, and Gateway Load Balancer with L3 gateway and L4 load balancer capabilities.
Standard contract
No
No
No
Customer reviews
Sachin-Yadav
Firewall has unified security, routing, and VPN management on a single dashboard
Reviewed on Mar 31, 2026
Review provided by PeerSpot
What is our primary use case?
I use Netgate pfSense as a gateway device, where I manage network security, routing, VPN, and traffic management. I'm using the firewall for user authentication as a multi-WAN, or SD-WAN, and all those things are mainly used by the firewall only.
How has it helped my organization?
Netgate pfSense has positively impacted my organization because before Netgate pfSense, we were using a router for NATting and various tools for security management. Now, I can do all those things via the firewall only, which has helped me considerably, and all things are shown on a single dashboard.
What is most valuable?
The best features Netgate pfSense offers in my experience are its firewalling and NAT. In firewalling, stateful packet inspection as well as advanced NAT are used. VPN support is also excellent, with IPsec, OpenVPN , and WireGuard all supported. For load balancing, failover, and SD-WAN, it is being used, and the best aspect is about its security services, for example, IDS, IPS, DNS filtering, and GeoIP blocking.
What needs improvement?
Vendor backend support must be improved and customer support can be improved. I would like to see improvements in VPN for Netgate pfSense because sometimes the CPU shows heavy load, configuration is a little bit complex for OpenVPN , and troubleshooting is the main concern.
You could add AI for troubleshooting with Netgate pfSense because it will be easier for new engineers.
For how long have I used the solution?
I have been using Netgate pfSense for the last two years.
What do I think about the stability of the solution?
Netgate pfSense is stable in my experience.
What do I think about the scalability of the solution?
Netgate pfSense's scalability is strong but conditionally for stability models. It has no hard-coded limits.
How are customer service and support?
The customer support for Netgate pfSense can be improved. I do not say it is bad, but it can be better.
Which solution did I use previously and why did I switch?
I was not satisfied with the firewall I previously used before Netgate pfSense.
How was the initial setup?
My experience with pricing, setup cost, and licensing for Netgate pfSense is that the pricing is good compared to other vendors, but licensing can be improved as it is a little bit confusing.
What about the implementation team?
We work as a partner with this vendor, not just as a customer.
What was our ROI?
I have seen a return on investment with Netgate pfSense because it helped me in all these areas.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for Netgate pfSense is that the pricing is good compared to other vendors, but licensing can be improved as it is a little bit confusing.
Which other solutions did I evaluate?
I have not evaluated other options before choosing Netgate pfSense.
What other advice do I have?
I rely on VPN the most in my daily operations because many of my users are working from home, so I provide the RA VPN to the users for remotely accessing my servers that are placed inside my internal network.
I definitely advise others to use this firewall device, as it is truly useful, time-saving, and money-saving. My overall rating for Netgate pfSense is eight out of ten.
Askar Parveez
Firewall has reduced VPN costs and provides flexible multi-WAN load balancing and traffic control
Reviewed on Feb 25, 2026
Review provided by PeerSpot
What is our primary use case?
We work with Netgate products. We are a reseller and consultant. We have been working with Netgate and Fortinet for around two years.
What is most valuable?
The primary thing I find valuable in Netgate pfSense Plus Firewall/VPN/Router is that it is license-free software. Unlike FortiGate, you do not have to do yearly subscription renewals. In pfSense, there is no need for any license renewal. This represents a one-time cost, so customers feel that there is no OPEX, only CAPEX.
For VPN, we primarily recommend Netgate pfSense Plus Firewall/VPN/Router to our customers. More packages are available, including IDS and IPS. Whatever features you want, there will be a package readily available. You just have to install it and do the configuration.
VLAN is a basic feature and it is available. Traffic shaping is good enough. Generally, pfSense's traffic shaper is very effective for this. You can prioritize traffic for voice and data.
Load balancing and load failover are valuable. You can have multiple ISPs and do the load balancing effectively. Many customers use load balancing by default and ask for load balancing, VLAN, VPN, and everything.
We have multiple VPN options for our customers' remote access strategy. We have WireGuard, OpenVPN , and IPsec. Usually for customers needing site-to-site VPN, we recommend IPsec. If they want remote VPN access, we recommend OpenVPN .
Multi-WAN allows you to do load balancing and failover.
What needs improvement?
Netgate pfSense Plus Firewall/VPN/Router regularly provides updates. One aspect they can improve is that most people ask whether an antivirus scanning system is available in pfSense. Other companies, such as FortiGate or Cisco, market their product as a next-generation firewall with built-in antivirus applications and zero trust, with everything available in their ecosystem. This needs to be better communicated for pfSense, because the capability already exists, but we have to explain to customers which package to install and configure for those features to be used effectively. If Netgate can pitch their product with antivirus as a clearly available option, it will be more useful.
How are customer service and support?
Their support is good. I would rate their support as nine out of ten.
Which solution did I use previously and why did I switch?
Netgate could learn more from FortiGate in terms of product marketing. Customers are more satisfied wherever we have delivered the product. For example, one customer previously used SonicWall and replaced it with Netgate pfSense Plus Firewall/VPN/Router. They are more satisfied with Netgate pfSense Plus Firewall/VPN/Router in terms of its flexibility and customer support.
What other advice do I have?
For metrics to measure its impact, we do not measure in a formal way. We use bandwidth monitoring to check how effective the solution is.
I have not encountered customers asking for additional features beyond the antivirus system. That is the only topic that comes up.
I do not find anything to be improved when it comes to VPN or routing in pfSense.
I would give Netgate pfSense Plus Firewall/VPN/Router a rating of eight out of ten.
MD D.
Reliable, Flexible, and Built for Real Control
Reviewed on Feb 19, 2026
Review provided by G2
What do you like best about the product?
What I like most about Netgate pfSense is how much control it gives you without being overly complicated. It’s reliable, secure, and flexible enough to handle everything from basic setups to more advanced networking needs. I also appreciate that it’s not a closed system
What do you dislike about the product?
If I had to point out a downside, it would be that the interface can feel a bit overwhelming at first, especially if you’re new to networking. Some advanced features take time to understand, and the learning curve can be steep. It’s powerful, but you do need some technical knowledge to get the most out of it.
What problems is the product solving and how is that benefiting you?
Netgate pfSense solves the problem of having limited control and weak security with typical off-the-shelf routers. It gives you advanced firewall protection, better traffic management, and reliable VPN options in one place. For me, that means more control over my network, better security, and the ability to customize everything based on my needs instead of being stuck with basic features.
Manish Nalawade
Secure networking in education has improved and supports unlimited VPN and VLAN customization
Reviewed on Feb 04, 2026
Review provided by PeerSpot
What is our primary use case?
We are using this solution mainly in the education sector, including universities or engineering colleges.
What is most valuable?
I have used Netgate pfSense Plus Firewall_VPN_Router VLAN support, and I find VLAN support is good. VLAN support provides unlimited VLANs and is well-implemented.
VPN tunneling has also been good, as it provides unlimited VPN tunneling capabilities.
The load balancing capabilities of Netgate pfSense Plus Firewall_VPN_Router are good.
What needs improvement?
Regarding the drawbacks or weak points I have noticed, I reviewed all current firewalls and it seems all are on an equal level, including Netgate pfSense Plus Firewall_VPN_Router. There are no major differences or drawbacks. You can customize this product and choose your own hardware.
In future releases and updates of Netgate pfSense Plus Firewall_VPN_Router, the basic feature I would like to see is that it remains open-source with no recurring cost, which is a big feature in a country like India. A captive portal would be an additional feature that would be good to have.
For how long have I used the solution?
I have been working with this product for nearly 15 to 17 years.
What do I think about the stability of the solution?
My experience with the product is that it is a stable and good product that is easy to use. It is an open source product.
I would rate stability from one to ten as a nine in comparison to all other firewalls because it is a cheaper option for deployment and price.
What do I think about the scalability of the solution?
I would rate the scalability of the solution from one to ten as an eight. There is another open-source software, OPNSense, where there is major development compared to Netgate pfSense Plus Firewall_VPN_Router.
How was the initial setup?
The approximate time deployment for Netgate pfSense Plus Firewall_VPN_Router requires only one hour or a maximum of two hours. It is user-friendly.
Which other solutions did I evaluate?
I am not currently working only with Netgate pfSense Plus Firewall_VPN_Router, as we work with other firewalls also. However, it is a good choice for users.
The other firewalls I am using include Fortinet and Sophos.
What other advice do I have?
I would assess the effectiveness of Netgate pfSense Plus Firewall_VPN_Router's traffic shaping as good, but I would give a six marks only for that compared to others because in the past few years, there has been a stop of improvement or lack of improvement showing in Netgate pfSense Plus Firewall_VPN_Router. That is why OPNSense is quite good now.
The benefits of Netgate pfSense Plus Firewall_VPN_Router VPN services to my remote access strategy are comparatively the same with all others. The basic thing is that all these modules or VPN tunneling or others are unlimited use in Netgate pfSense Plus Firewall_VPN_Router, and in other firewalls, you need to purchase additionally.
I do use Netgate pfSense Plus Firewall_VPN_Router Multi-WAN capabilities. Basically, it is customized, so you can choose your own hardware. It is scalable, depending on your requirements.
My job position is that I am an owner of a company that is involved in managed networks. I rate this product overall as a nine out of ten.
Tony C.
robust networking solution
Reviewed on Jan 30, 2026
Review provided by G2
What do you like best about the product?
the ability to configure your own router HOWEVER you want!
What do you dislike about the product?
a little bit unintuitive to manage system resources, sometimes eats up a lot of hardware memory.
What problems is the product solving and how is that benefiting you?
- ability to adapt to different custom hardware
- ability to provide configurations for firewalls and traffic monitoring
- native integration with WireGuard and Tailscale
- native pfblockerng capability
- ability to provide configurations for firewalls and traffic monitoring
- native integration with WireGuard and Tailscale
- native pfblockerng capability