pfSense Firewall/VPN/Router
Netgate | 2.3.4Linux/Unix, Other FreeBSD pfSense 2.3.4/FreeBSD 10.12 - 64-bit Amazon Machine Image (AMI)
External reviews
External reviews are not included in the AWS star rating for the product.
Great option of perimeter firewall
- Leave a Comment |
- Mark review as helpful
Very easy to install out of the gate and a robust routing platform.
Pfsense a worth while firewall
pfsense has a range of modules/plugins that can be added in order to shape pfsense to your needs, there is a wide selection and you are sure to find something to do the job. If for any reason you are unable to find a module to do what needs to be done, more than likely a question has been asked on the subject and an answer is easily found, if not you can pose a question on the forums and you will be met with a very patient community.
One of the main benefits is the capability for multiple WANs, allowing you to route traffic how you see fit or even load balance.
You can add squid guard and block/allow websites on a whitelist/blacklist.
Aliasing allows you to add multiple IP's/networks/hosts under a single alias and make firewall rules based on this, so rather than creating 250 firewall rules for 250 nodes, simply alias all 250 and make a single rule for that alias.
There are pages devoted to graphs so you can monitor your network traffic, your physical NICs and the server itself.
There are a ton of features and all the basic/advanced networking needs are met.
I was unable to achieve port forwarding for a VPN. The VPN was PPTP (admittedly I never tried any other methods) on a Windows server. Despite countless hours searching and reading the results and numerous attempts of changing settings, I was unable to use the VPN (had worked previously with a paid firewall solution), whether this issue still stands or was entirely my fault still remains unsolved.
After approximately three years I have found pfsense to become slightly flaky. I have only experienced this with one box (the longest running). Whether this issue boils down to the physical server and/or components or whether this is due to changes over the course of time/corruption of configuration files, is again undetermined.
In reality I have not experienced any real downsides of the solution I cannot link back to me.
It has allowed me multiple WAN connections. With aliasing I can quickly group servers, computers, security equipment etc. Using the aliasing I have been able to dedicate WAN connections for specific purposes ensuring the bandwidth is distributed as necessary with a single firewall rule.
Modules like bandwidthd help me check the hosts consuming the most traffic, squid to help me monitor traffic and squid guard to help me block or allow traffic, make this a great solution.
After moving from one paid licensed solution to another I have found pfsense to not only be free, but completely wipe the floor with anything paid for previously.
My experience with this product is extremely positive and I would definitely recommend it as a great solution.
Fantastic as always
At the last minute, I needed to move part of my AWS solution to multiple external dedicated server providers (bandwidth costs!). So, machines that used to live in the private cloud with all their friends suddenly had to live in a faraway place. How could they talk to their friends? Netgate pfsense to the rescue. It was easy to set up a VPN on pfsense, and easy to configure the remote hosts with openvpn. It just worked. It was easier than setting up AWS's Virtual Private Gateway, and can handle multiple clients! I am a huge pfsense fan, so no surprise that this solution was perfect for me.
pfSense is the my favorite firewall distribution
pfSense
Good product, but phenomenal support
We're migrating away from NAT instances and six Virtual Private Gateway connections to a single instance running pfSense. So far, everything works well and we'll cut our VPN costs by more than 50%. Good stuff. But wow, what support! I opened a ticket to get some help configuring IPSec tunnels, and was instantly into a live session with their support rep – and it turned into a multi-hour marathon with a highly capable tech on the other end. We wound up debugging a whole bunch of things beyond the simple IPSec problem, and he stuck with it until we had everything up and running smoothly. So yeah, the product is good, the pricing is good, but the people behind it are awesome!
Open Source Enterprise Grade Firewall
If you want to build your own rather than buy rack based commercial products then i highly recommend.
We have full control and transparency over our perimeter with this solution.
The array of plugins available is great and integration of proven IDS and IPS solutions is very good also.
Over all its very good.
Very steep learning curve but worth it.
Lots of gotchas to work out.
Works like charm.
I have been using pfSense for many years. Its amazing project/product having more 200 000 users globally. I have build own AMI for AWS and understand a lot of work put in to pfSense to run on AWS. New version coming 2.3 will brings a lot that helps to upgrade process on AWS with Repositories etc.
If you understand how AWS network plumbing works then you will have no problem to use pfSense. It is reasonable price for all features it offers. If you can take advantage of many features you will save a lots of money using pfSense compare to other products. Its all about to be able do design it all well.
We use pfSense on AWS and is great to forward AWS DNS records using DNS resolver. Multi global IP address allocation per single interface using Virtual IPs functions with Elastic Global IP. Provide internet access to many servers and much more.
I recommend this product for AWS.
Consistent decent performance after tuning
We sit close to 300mbps over our OpenVPN link after we used the system tunable mentioned here: https://forum.pfsense.org/index.php/topic,47567.0.html
Performance is decent and the product is great for the rest of our private networking and NATing needs - we still use elastic load balancers for publishing content to the net.