Sold by: Netgate
Deployed on AWS
AWS Free Tier
pfSense Plus software is a leading price-performance edge firewall, router, and VPN solution. Millions of installations used by homes, businesses, government agencies, educational institutions and service providers.
4.6
Overview
Video
Launch pfSense Plus software on AWS
Video
Product video
OVERVIEW pfSense Plus software is a leading price-performance edge firewall, router, and VPN solution. Millions of installations used by homes, businesses, government agencies, educational institutions and service providers.
PRICING Save money with a Private Offer! Contact us at sales@netgate.com or use the Request Private Offer button above. /As of 24.03 - Supports High Availability configurations across both AWS zones and regions, with seamless settings and configuration synchronization ensuring enterprise grade consistent performance. See pfSense Plus on AWS documentation and HA blog at Netgate.com.
No hidden fees for features or functions. No arbitrary licensing fees. No artificial user limitations. Just unparalleled ROI and TCO.
FEATURES Firewall: Stateful packet inspection, GeoIP blocking, Anti-spoofing, Captive portal guest network, Time-based rules, Connection limits, NAT mapping (inbound/outbound)
Router: Policy-based routing, Concurrent IPv4/v6 support, Configurable static routing, IPv6 network prefix translation, IPv6 router advertisements, Multiple IP addresses per interface, PPoE server
Attack Prevention: IDS/IPS, Snort-based packet analyzer, Layer 7 application detection, Multiple rules/sources/categories, Emerging threats database, IP blacklist database, Pre-set rule profiles, Per-interface configuration, False positive alert suppression, Deep packet inspection (DPI), Application blocking
VPN: IPsec, OpenVPN, Wireguard, Site-to-site and remote access VPN, SSL encryption, VPN client for multiple operating systems, L2TP/IPsec for mobile devices, IPv6 support, Split tunneling, Multiple tunnels, VPN tunnel failover, NAT support, Automatic or custom routing, Local user authentication or RADIUS/LDAP
Reverse Proxy and Load Balancing: HTTP and HTTPS proxy, high availability, load balancing, and proxying for TCP, HTTP and HTTPS-based applications.
Network Services: Dynamic DNS, DHCP Server, DNS Forwarding, DNS Filtering
Management: GUI, full suite of configuration, user authentication, system security, resilience/reliability, and system reporting/monitoring features See the full feature list here: https://www.netgate.com/solutions/pfsense-plus/
ABOUT NETGATE Netgate is the company behind the pfSense project and the only official source for pfSense Plus and Community Edition (CE) software. As the primary contributors, our developers work hard to provide the best firewall security technology for your cloud infrastructure.
Highlights
- The leading open-source driven firewall, router, and VPN (OpenVPN/IPsec/WireGuard) solution for network edge and cloud secure networking.
- Millions of installations protecting homes, businesses, governments, educational institutions and service providers.
- Made possible by open source technology. Made into a robust, reliable, dependable product by Netgate.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
FreeBsd 14
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
If you are an AWS Free Tier customer with a free plan, you are eligible to subscribe to this offer. You can use free credits to cover the cost of eligible AWS infrastructure. See AWS Free Tier for more details. If you created an AWS account before July 15th, 2025, and qualify for the Legacy AWS Free Tier, Amazon EC2 charges for Micro instances are free for up to 750 hours per month. See Legacy AWS Free Tier for more details.
Dimension | Cost/hour |
|---|---|
m6i.large Recommended | $0.34 |
t3.micro | $0.12 |
t2.micro | $0.12 |
r4.large | $0.56 |
r4.xlarge | $0.56 |
c5n.large | $0.34 |
m5d.large | $0.34 |
m5.xlarge | $0.45 |
m3.xlarge | $0.45 |
t2.large | $0.12 |
Vendor refund policy
Hourly users may cancel or stop using this service at any time. Annual subscriptions may be cancelled for a full refund within 48 hours of purchase or a prorated refund within 14 days.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
An instance may be managed via ssh or https. Most of the system configurations may only be adjusted via the https interface. To access the instance via ssh: log in as the admin user using the SSH key associated with the instance. E.g. run the command 'ssh -i my_aws_rsa_key admin@instance_host_name'. Substitute the file your private SSH key is stored in for my_aws_rsa_key and the hostname of the instance for instance_host_name. To access the instance via https, use a web browser: Type admin for the account name. The password can be set to a value of your choice when you start the instance by setting a value of the form 'password=your_desired_password' in the "User Data" field of the "Advanced Instance Options" section of the launch screens. If you don't set a password, a random password will be set. The random password can be viewed by choosing Get System Log from the Actions menu for the instance. To set a password during the creation of an instance: On the "Configure Instance Details" screen expand "Advanced Details". Make sure "As text" is selected for "User data". In the "User data" field enter a password of the form 'password=your_desired_password'.
Resources
Vendor resources
Support
Vendor support
Get expert technical support via email, portal, or phone with a four (4) or 24-hour initial response SLA from the Netgate Technical Assistance Center (TAC). Learn more about our support options at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Netgate
By Palo Alto Networks
By Juniper Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Intrusion Detection and Prevention
Snort-based packet analyzer with Layer 7 application detection, multiple rules and sources, emerging threats database, IP blacklist database, deep packet inspection (DPI), and false positive alert suppression
VPN Protocols and Connectivity
Support for IPsec, OpenVPN, and WireGuard protocols with site-to-site and remote access VPN capabilities, SSL encryption, L2TP/IPsec for mobile devices, IPv6 support, split tunneling, and VPN tunnel failover
Stateful Firewall and Network Protection
Stateful packet inspection, GeoIP blocking, anti-spoofing, captive portal guest network, time-based rules, connection limits, and NAT mapping for inbound and outbound traffic
High Availability and Redundancy
High availability configurations across AWS zones and regions with seamless settings and configuration synchronization
Reverse Proxy and Load Balancing
HTTP and HTTPS proxy functionality with high availability and load balancing for TCP, HTTP, and HTTPS-based applications
Application Layer Visibility and Control
Complete application layer-7 visibility and control of traffic with next-generation firewall capabilities in AWS environments
AI/ML-Powered Threat Detection
AI/ML-powered inspection engine with researcher-grade signatures for detection of zero-day threats, exploits, malware, spyware, and command and control attacks
Dynamic Policy Management
Policy definitions that dynamically apply to cloud assets based on AWS tags, Application IDs, User IDs, geographies, or zones without manual intervention
Cloud Infrastructure Integration
Seamless integration with Gateway Load Balancer, AWS Auto Scaling, and Transit VPC with AWS Transit Gateway for protection across dynamic and large-scale deployments
Advanced Threat Prevention Service
Cloud-delivered Advanced Threat Prevention security service with market-leading threat coverage against known and zero-day threats while maintaining performance
Next Generation Firewall Architecture
High-performance firewall solution with core firewall, VPN, NAT, and advanced L4-L7 security services including application security, IPS, and anti-virus capabilities.
Anti-Virus and Malware Protection
Cloud-based anti-virus protection that detects and blocks spyware, adware, viruses, keyloggers, and other malware over POP3, HTTP, SMTP, and FTP protocols.
Intrusion Detection and Prevention
Intrusion detection and prevention (IPS) system integrated with application visibility and control through AppSecure for threat detection and workload protection.
VPN and Secure Connectivity
IPsec and full mesh VPN termination services enabling secure connectivity from on-premises data centers, campuses, and branches to AWS cloud across geographically dispersed VPCs.
AWS Cloud Service Integration
Native integration with AWS services including Elastic Load Balancer, Auto-Scaling Groups, CloudWatch, Security Hub, Key Management Service, Elastic Network Adapter support, and Gateway Load Balancer with L3 gateway and L4 load balancer capabilities.
Standard contract
No
No
No
Customer reviews
Manish Nalawade
Secure networking in education has improved and supports unlimited VPN and VLAN customization
Reviewed on Feb 04, 2026
Review provided by PeerSpot
What is our primary use case?
We are using this solution mainly in the education sector, including universities or engineering colleges.
What is most valuable?
I have used Netgate pfSense Plus Firewall_VPN_Router VLAN support, and I find VLAN support is good. VLAN support provides unlimited VLANs and is well-implemented.
VPN tunneling has also been good, as it provides unlimited VPN tunneling capabilities.
The load balancing capabilities of Netgate pfSense Plus Firewall_VPN_Router are good.
What needs improvement?
Regarding the drawbacks or weak points I have noticed, I reviewed all current firewalls and it seems all are on an equal level, including Netgate pfSense Plus Firewall_VPN_Router. There are no major differences or drawbacks. You can customize this product and choose your own hardware.
In future releases and updates of Netgate pfSense Plus Firewall_VPN_Router, the basic feature I would like to see is that it remains open-source with no recurring cost, which is a big feature in a country like India. A captive portal would be an additional feature that would be good to have.
For how long have I used the solution?
I have been working with this product for nearly 15 to 17 years.
What do I think about the stability of the solution?
My experience with the product is that it is a stable and good product that is easy to use. It is an open source product.
I would rate stability from one to ten as a nine in comparison to all other firewalls because it is a cheaper option for deployment and price.
What do I think about the scalability of the solution?
I would rate the scalability of the solution from one to ten as an eight. There is another open-source software, OPNSense, where there is major development compared to Netgate pfSense Plus Firewall_VPN_Router.
How was the initial setup?
The approximate time deployment for Netgate pfSense Plus Firewall_VPN_Router requires only one hour or a maximum of two hours. It is user-friendly.
Which other solutions did I evaluate?
I am not currently working only with Netgate pfSense Plus Firewall_VPN_Router, as we work with other firewalls also. However, it is a good choice for users.
The other firewalls I am using include Fortinet and Sophos.
What other advice do I have?
I would assess the effectiveness of Netgate pfSense Plus Firewall_VPN_Router's traffic shaping as good, but I would give a six marks only for that compared to others because in the past few years, there has been a stop of improvement or lack of improvement showing in Netgate pfSense Plus Firewall_VPN_Router. That is why OPNSense is quite good now.
The benefits of Netgate pfSense Plus Firewall_VPN_Router VPN services to my remote access strategy are comparatively the same with all others. The basic thing is that all these modules or VPN tunneling or others are unlimited use in Netgate pfSense Plus Firewall_VPN_Router, and in other firewalls, you need to purchase additionally.
I do use Netgate pfSense Plus Firewall_VPN_Router Multi-WAN capabilities. Basically, it is customized, so you can choose your own hardware. It is scalable, depending on your requirements.
My job position is that I am an owner of a company that is involved in managed networks. I rate this product overall as a nine out of ten.
Tony C.
robust networking solution
Reviewed on Jan 30, 2026
Review provided by G2
What do you like best about the product?
the ability to configure your own router HOWEVER you want!
What do you dislike about the product?
a little bit unintuitive to manage system resources, sometimes eats up a lot of hardware memory.
What problems is the product solving and how is that benefiting you?
- ability to adapt to different custom hardware
- ability to provide configurations for firewalls and traffic monitoring
- native integration with WireGuard and Tailscale
- native pfblockerng capability
- ability to provide configurations for firewalls and traffic monitoring
- native integration with WireGuard and Tailscale
- native pfblockerng capability
Dusan Colakovic
Reliable VLAN and dual VPN setup has strengthened network management and improved load balancing
Reviewed on Jan 19, 2026
Review provided by PeerSpot
What is our primary use case?
I have used the VLAN support of Netgate pfSense Plus Firewall_VPN_Router. We actually use two types of VPN, OpenVPN and WireGuard, and both of them are working perfectly fine; it is great.
What is most valuable?
The load balancing capabilities have helped my IT infrastructure. It has helped our network management, as we have a couple of LAN networks and WAN networks.
What needs improvement?
The effectiveness of Netgate pfSense Plus Firewall_VPN_Router traffic shaping is quite good, but I am not very satisfied with the interface for control. It needs some upgrading in speed, so I would not say it is too complicated or obsolete.
For how long have I used the solution?
As a firm, we have been using Netgate pfSense Plus Firewall_VPN_Router for a couple of years, and for me, it has been around one year, as long as I have been here.
What do I think about the scalability of the solution?
I do not use the multi-WAN capability of Netgate pfSense Plus Firewall_VPN_Router.
What other advice do I have?
I do not have complaints about Netgate pfSense Plus Firewall_VPN_Router with Firewall, VPN, and Router; it is really comfortable for use, and it does a pretty good job.
I would rate my experience with Netgate pfSense Plus Firewall_VPN_Router as eight out of ten. Mostly the interface is the reason I rate it eight out of ten, but I do not have anything else I would alter or improve. My overall review rating for this product is eight out of ten.
Alexander Aguilar
Secure multi-WAN setup has simplified managing VLAN segments and reliable failover
Reviewed on Dec 30, 2025
Review provided by PeerSpot
What is our primary use case?
I primarily use this for a small single-site, multi-source setup with multi-WAN inputs. I have a main fiber connection and a couple of failovers, and I manage different networks across different segments.
What is most valuable?
I really enjoy the flexibility of the interface setup configuration for my network VLANs. It is very easy to configure and set, and when I am doing multi-inputs with internet providers coming in, it is very easy to manage and set up with very little effort.
What needs improvement?
I think the package management and the updating process in Netgate pfSense could be better. Whenever there is a release, knowing that you cannot update any of the packages until you have done the actual operating system update can be confusing. Beyond that, I do not have any major issues. There are generally some user interface updates and tweaks here and there, but this is a lower priority.
They come out about every 12 months, and I know that is one criticism against Netgate pfSense that they are a little slower on development, but honestly, that is probably preferable because it is not constantly updating.
For how long have I used the solution?
I have been using Netgate pfSense for about eight years in my career.
What do I think about the stability of the solution?
Netgate pfSense rates a 10 for stability, and I have experienced no issues there.
What do I think about the scalability of the solution?
Scalability works well. I would say it is probably going to be a nine.
How are customer service and support?
They are very responsive. Within an hour, two hours, or three hours, I generally get a response. I have only had to contact them maybe two or three times for very minor issues, but there is no issue there. I think they are very responsive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have used UniFi primarily in the last couple of years, probably three years now, and I have it as a separate site. It is nice, but it is not nearly as configurable. The biggest differentiator is the Netgate pfSense software, particularly the ability to do VPN with regard to Tailscale and OpenVPN , which is very easy to use, whereas UniFi is not ideal. Additionally, the security in UniFi is open by default versus Netgate pfSense, which is closed, and closed is always going to be preferable.
How was the initial setup?
For an entirely new site, it would take some time to configure and set up. If you are coming from an existing setup or configuration, you effectively export the configuration, upload it, and make some minor updates. Even with a booting environment, it is easy to go back or revert to an existing configuration if you make a mistake, so it might take some time, but it is not overly complicated. I would say it requires minimal effort, especially if there is a plan in place ahead of what the structure will be.
What other advice do I have?
One person can do it, but you are going to need to be testing. Honestly, it is not anywhere near as complicated as a larger, more legacy offering, so I think it is very easy.
You are going to have manual updates in terms of the releases, checking those out, doing some testing, and confirming in non-prod environments. It is not that complicated. Even if you have the boot states, you can pretty easily do an operating system update and it is easy to manage.
Jim Voige
High availability routing has secured our network and delivers reliable support every day
Reviewed on Dec 26, 2025
Review provided by PeerSpot
What is our primary use case?
We use Netgate pfSense Plus Firewall_VPN_Router as a high availability BGP solution.
What is most valuable?
My favorite feature about Netgate pfSense Plus Firewall_VPN_Router is the fact that it's open source, so if you go online and look at other people's comments and reviews, you find it's transparent with nothing hidden and no additional charges for software.
Netgate pfSense Plus Firewall_VPN_Router is extremely scalable; we chose the highest end product at that time and have greatly expanded its capabilities. We needed to upgrade the RAM in the firewall, and I found compatible RAM on Newegg, receiving it in just 24 hours. Overall, we've been very happy with it being a Supermicro-based server, which we already use in production.
What needs improvement?
One downside of Netgate pfSense Plus Firewall_VPN_Router is the need for a better understanding of what hardware it would run on. Right now, we're using Netgate's hardware, but I'm interested in knowing if there are other hardware options available, particularly heavier duty hardware, because the Supermicro 1537 version we have only has a single power supply, which is a shortcoming in an IT environment where dual power supplies are ideal.
The pricing for the hardware of Netgate pfSense Plus Firewall_VPN_Router is steep, which is one reason I'd explore other options. I'm familiar with the costs of Supermicro servers, and I believe Netgate charges a premium for their server hardware without enough upside to justify it. The pricing is not justified.
For how long have I used the solution?
I have been using Netgate pfSense Plus Firewall_VPN_Router since 2018.
What do I think about the stability of the solution?
In terms of stability, we've experienced a couple of upgrades that didn't affect functionality, but other smaller issues arose. For the most part, the hardware is rock solid. I haven't faced total failures, which was a significant problem with the Ubiquiti gear that had power supply failures. Overall, the entire Netgate pfSense Plus Firewall_VPN_Router product has been reliable, though some of their smaller gear aimed at remote offices hasn't been cost-effective.
How are customer service and support?
We use their technical support services and have been very happy with their online technical support people.
The support is included, and it comes with a four-hour response time, so it's fairly high-end technical support. The quality of their answers is impressive; the support team is humble and knowledgeable. I've dealt with many customer support professionals over the years, and the support group at Netgate pfSense Plus Firewall_VPN_Router is by far the best. They identify problems quickly and connect you with the right specialist without hesitation, working diligently to resolve issues, even if it takes hours, which is refreshing compared to many tech support experiences I've had.
I give Netgate pfSense Plus Firewall_VPN_Router a 10 out of 10 for support because we have a great deal of confidence that any outage we encounter will be resolved quickly with their help. Overall, I rate Netgate pfSense Plus Firewall_VPN_Router a 10 out of 10; they are an impressive company with interconnected teams, making it easy to get consistent answers from both sales and tech support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I've used a whole bunch of Ubiquiti gear; we used exclusively Ubiquiti before switching to Netgate pfSense Plus Firewall_VPN_Router.
I prefer Netgate pfSense Plus Firewall_VPN_Router because it provides regular updates and has longevity, meaning I don't worry about it going obsolete. Many IT products have maybe a three-year lifecycle, and once you stop receiving updates for a product, it becomes practically useless. We've faced problems with Ubiquiti gear that has gone obsolete, where updates would trash our system, requiring us to revert to old versions. Netgate is good about ensuring updates won't disrupt my system.
I saw benefits from Netgate pfSense Plus Firewall_VPN_Router after we made the change in 2019, due to power supply issues with our Ubiquiti gear when we couldn't obtain replacements. That prompted our decision to switch to Netgate pfSense Plus Firewall_VPN_Router, as it proved to be a more robust product.
How was the initial setup?
The initial deployment of Netgate pfSense Plus Firewall_VPN_Router was extremely easy thanks to an incredible amount of documentation online, user videos, and a robust user community that quickly helps troubleshoot issues.
The first deployment took about four hours, even though we had a pretty complicated situation, as we were integrating multiple features from the Ubiquiti world into the Netgate pfSense Plus Firewall_VPN_Router setup, which I consider quite fast.
What about the implementation team?
Two people were involved in the initial deployment of Netgate pfSense Plus Firewall_VPN_Router.
What other advice do I have?
We use the Plus version of Netgate pfSense Plus Firewall_VPN_Router, which comes automatically with any Netgate hardware, so really, I'm paying for it once.
We do all our own maintenance on Netgate pfSense Plus Firewall_VPN_Router, reaching back to pfSense only when we encounter issues unfamiliar to our IT people or if it's something highly specialized. Currently, we're using the premium support product for quick callbacks.
My overall rating for Netgate pfSense Plus Firewall_VPN_Router is a 10 out of 10.