The typical use case for Netgate pfSense is VPN connectivity, content blocking, and IDS/IPS. Users typically implement it for these specific purposes.

The best features of Netgate pfSense include its open-source nature, and one of the most appealing aspects is the absence of recurring expenses, as there are no licensing fees. Users get enterprise-class firewall networking with this product.

Customers who use other firewall products such as Sophos or FortiGate often conduct research and choose Netgate pfSense because the yearly expenses of other firewall products are higher compared to pfSense, which has no licensing fee. While there is no yearly licensing fee with this product, users still receive all the enterprise-class firewall features.

The stateful packet inspection feature is enterprise-class, and when compared to other firewall products, it matches their capabilities effectively.

Areas of Netgate pfSense that can be improved include the customers' requests for antivirus protection, which they refer to as Unified Threat Management, available in other products. Unified Threat Management can match up with other brands as well.

I have around one and a half years of experience working with Netgate pfSense.

Netgate pfSense is definitely a scalable solution.

The technical support from Netgate pfSense deserves a rating of 10 on a scale of one to ten, where one is the worst technical support and ten is the best.

Positive

The initial setup of Netgate pfSense is easy because it has a wizard. Users can run the wizard and set up the firewall within five minutes.

Netgate pfSense comes with Netgate appliances, in which pfSense is loaded, ensuring compatibility with different hardware platforms. The solution proves to be stable in operation.

On a scale of 1-10, I rate this solution an 8.

We use pfSense and Netgate pfSense Plus Firewall/VPN/Router to establish a VPN tunnel between our client and our headquarters to transfer data between client and our equipment. It's very simple to use, efficient, up to date, and the hardware is very available; it's very safe.

We use pfSense and Netgate pfSense Plus Firewall/VPN/Router to establish a VPN tunnel between our client and our headquarters to transfer data between client and our equipment. It's very simple to use, efficient, up to date, and the hardware is very available; it's very safe.

Everything works well inside pfSense. It's affordable. For our use of pfSense, it meets one hundred percent of our needs. It features easy installation, and we use direct installation on the equipment rather than cloud deployment.

Regarding tuning, it's not really an advantage as we need that functionality.

The most significant drawback in recent years has been the cessation of firmware release downloads. In the past, when we wanted to update our equipment, we simply downloaded the latest firmware. Now pfSense has changed its policies. Instead of providing firmware for download, they require customers to proceed with updates through the cloud, which isn't an optimal solution for us. I prefer the old method of updating where we could download the latest firmware and install it directly. Without an internet connection, we cannot update our equipment, which is problematic.

Everything is very stable for us at the moment; we have encountered no problems.

Adding new equipment is very easy for our organization.

I am not in charge of networking in our company, so I may not be the most appropriate person to answer detailed questions. The solution is used for security to establish private communication.

We use OpenSense for our operations.

I prefer this product because it is open source. Another thing is that it is Unix-based, so it is not affected by viruses or attacks. Support is also available.

With the right hardware, its VPN capabilities and performance are amazing.

From my usage, controlling the bandwidth for each user is valuable. Also, the availability of working as a backup or aggregating downloads is useful. All these capabilities are key.

Its interface is simple and easy.

Maybe they can add two-factor authentication.

I have been working with this solution for almost four to five years.

It is very stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

We have 60 to 65 users.

I have not taken any technical support from Netgate. I was able to get all the information from the web or Netgate forums. I did not use their technical support because it is an open-source and free edition.

Neutral

I used OPNsense.Using the module for controlling the bandwidth for the users in OPNsense required payment. There was also a subscription, and I dislike subscribing to any service.

It was not complex. It was straightforward. They had a wizard with ten steps. I just had to fill in the information.

It took me about 45 minutes to be completely up and running with my configuration.

There were no third parties involved. It was implemented on-site.

I am using the free version. 

I would recommend pfSense to others. It is free. Overall, I would rate it a nine out of ten. 

I use pfSense as a home router firewall on enterprise equipment purchased from eBay. I utilize it for personal interests and not in a professional IT capacity, mainly for home setups and maintaining VPNs to family members.

It is very easy. An enterprise person who has been doing this all day long will find it as easy as a command line if not easier than the command line. I would prefer not to have to set up another server to monitor my links and everything else. I like that I can go into my one dashboard. It is all running on that one box. I am happy. A large enterprise will have monitoring services, so this might not be as critical for them. For small and probably medium-sized businesses, having the user interface and being able to import configs is very powerful, but it is probably a mixed bag for larger companies that already have services and other things, and GUI does not matter to them.

It provides a single pane of glass. When I come in, I can immediately look at my gateways, link connections, services, etc. It shows my DNS blocker, CPU usage, and memory usage. I can see that my gateways are online, what traffic graphs I have selected, and all my services are up. That is what I like about it. This is what I will miss if I go to VyOS. I know I will have to set something else up specifically to show me all the monitoring and make sure that I have that warm fuzzy that everything is working.

Being able to see in a single pane of glass what is happening makes it very easy for me to react and know what is going on. For example, I changed some tunnels to my family in upstate New York. I am down in Philadelphia. We were having some connection issues, and through its interface, I was able to easily identify the issue. I had a tunnel configured wrong and changed some settings, and we were back up in ten minutes.

Its ease of use is great. If I do not continue forward with pfSense, it would be going to VyOS, which is all command line. pfSense's user interface is very nice for simpler configs and monitoring. It is very stable, and it works very well. Flexibility is great, and the plug-in model is very nice for pfBlocker and other things. It is a very robust solution that works very well.

They could do better with their licensing in the home use space. For me, that has been a struggle. 

I got three pfSense Plus licenses when they were giving them away to the community for free because pfSense decided that they do not enable the QAT. They do not enable the network acceleration function that is on the Intel Atom CPUs and some of the Xeon D's in the Community edition. IPSec acceleration and OpenVPN acceleration do not work on those smaller boxes because it is going to use the CPU, so I got the three licenses, which worked well. It was all good, but they decided to take that away and are charging $129 a year. Somebody savvy like me is going to pay for it. I will pay for it for myself, but I also maintain the routers of my parents, my mother-in-law, and a friend. I have IPSec tunnels to them, and they need the acceleration technology that is disabled, but they are not willing to pay $129. I wrote to the Netgate salesperson asking to consider a model with a $60 per year subscription because they are putting a barrier on themselves. They have abandoned the Community edition. There has not been an update in a year, but then you hear that they are contributing. They are making updates, but they have not released it. There is an opportunity to make more money in the home user space if they change their licensing model.

The other little hiccup that I see with it is they have it tied to MAC addresses. It generates a license based on the MAC address. If you change any MAC address, you have to issue a new license. They were nice about it for me when they did a one-time change for me, but if I put another Ethernet adapter in the box, it says it needs another license. They should work on that. It seems they are going to change this.

I have probably been using it for more than a decade at this point.

My instance has been up for over two years without a reboot, so it is very good.

It is a mixed bag because I have had 1 gig symmetrical Internet. I have 2 gigs now. As you get further up the stack, it is going to get worse. I do not have options past 2 gigs. I have 25 gigs between some servers. I have 10 gigs with a lot of machines. They have their TNSR project that sits at a thousand dollars a year, but I cannot even try that. They have entirely removed the Community edition for that, but it has been great with 2 gigs and 1 gig.

They are super fast, super nice people, and very accommodating. The quality of support is great. They are better than I would have expected them to be. I would rate them a ten out of ten.

Positive

Previously, I have mainly used VyOS, Cisco ASA, OPNSense, and Fortinet. 

Cisco ASAs are very nice. They compare very well, and they have their single pane of glass. They have GUI and no license fees yearly. Netgate will say the same thing. If you buy their hardware, you get the license for free, but they triple the price of a new piece of equipment.

The initial setup is not easy right now because I have to put my email in, and they send me a link. I would prefer to have separate images for the Community and Plus editions.  

When you go to the installer, it asks you if you want Plus. You have to put a valid license in to get it to install Plus. In my situation, all three of my Plus licenses have expired, and they all continue to work. If I need to reinstall that on a new box, I can only install the Community edition. When I boot it up, I cannot import my config because my config is from Plus. For me, it would make more sense if I could download and install a Plus image, and it gives you a 24-hour period to put in a license and have it activated. Something to that effect would make it easier because I cannot imagine I am the only person who has had this issue.

The licensing model needs improvement, especially for home users. There should be more flexibility to change licenses with hardware changes. The pricing model could be more accessible for home users.

The license is locked to a specific device. There are other services where you can buy a pfSense, and you get that license for a year. You can put it on any single device, and it moves with you. I do not want to have to call them to get the license changed. I would prefer that when I put it on a new device, they know it is registered to this new device. It is not on the old one. They should handle licensing differently for home users. They should try to differentiate it from enterprise.

There should be a cheaper tier of pfSense Plus for home users. They need to improve the pricing for a home user. They can look at the numbers. They know how many installs they have.

I would rate it an eight out of ten. It is a great product, but they have sold it in a way that does not align with the way I need to use it or the people that I have it with are going to use it. It practically does not make sense versus what else is out there. VyOS is free. Its Community edition is free, and they update their Community edition first. It is the opposite of what pfSense is doing. They are updating the Plus edition first and the Community edition comes second.

I have Netgate 4100 and pfSense Plus.

My career is in IT, and Netgate is part of my home network, which does hot failover between two ISPs because I work from home a lot and do not want to be disconnected. It handles all my home security, manages remote access to my systems when I am abroad, and hosts some services such as health checks from Route 53, WireGuard, etc.

I was able to see its benefits immediately. One issue it helped me solve was that I was hitting bandwidth caps from one ISP and did not understand why. It turned out that the ISP was counting all return traffic from outsiders probing my home network. They would find my Linux device and see that there was an open SSH port, and they would hammer at it. This generated an enormous amount of traffic. Installing pfSense allowed me to detect it accurately and shut down this traffic.

It is hard to say if pfSense helped prevent data loss in any way, but unauthorized access to my network and the data I have on my network from the outside is not feasible now.

I can do all the things I want to do from the device. I do not have to set up services on other hosts. I do not have to have any other UI in place. I can just go to pfSense and do all the things I need. The slight caveat to that is that I am not operating AWS or GCP from pfSense. I have set up my health check from Route 53. I have set a couple of very simple things in AWS, but I do the rest of the things from pfSense. It is pretty close to a single pane of glass.

I use pfSense Plus and found pfSense Plus to be more robust than the Community Edition. Any network device needs occasional prophylactic reboots. The frequency of issues, such as the tables being all dirty or memory being scrambled, has significantly reduced with pfSense Plus. The hardware has considerably improved. Because I was running Community Edition on an older Netgate, it is difficult to understand where I am getting the improvement from, but pfSense Plus has certainly been a lot more robust. I have fewer instances where one of the interfaces just stopped working. That used to happen with Community Edition fairly regularly. I have not had that trouble at all here. Upgrades have been a lot smoother. They are down to just a reboot, whereas, with Community Edition, I had to regularly wipe the device, reinstall the operating system on pfSense, and load in my configuration from backup, which I was able to do and usually worked. I spend a lot less time in system maintenance using pfSense Plus than with Community Edition.

Its out-of-the-box performance meets my needs. When I wonder whether my network is a little sluggish, I am able to go in and find out things, such as one of my ISPs being dropped out of my load balancing config because of too many latent pings. It has been very useful and easy to do those sorts of things.

It is very flexible. I have not found a use case that I could not satisfy with the device. There are more use cases I am not currently using. For instance, I do not have an HA setup. I use it for my internal home DNS and DHCP services and to split the VLANs so that I have Internet of Things and guest VLANs. I trust the device's VLAN. It helps me deny traffic from large areas of the world that do not need to interact with my firewall.

With such solutions, there is always a learning curve, but with enough foundation, I have never found that curve very hard to climb. Whenever I have tackled a new thing, a little bit of searching on the web and playing with the UI has always gotten me where I wanted to be.

It is best practice to remove all installed packages before you do an upgrade because most upgrade failures have to do with having installed packages. These are additional packages that supply functionality above and beyond what comes in the base operating system. We have to remove them one at a time. I would prefer being able to click a button that says," I am upgrading, so uninstall everything and store in the configuration file what I had installed." It already keeps the configuration of all the packages installed. Even if I do not install them again, the configuration for those packages is still there after the upgrade. It would be very nice to have a one-click feature. There can be a check flag on the upgrade screen to remove packages first and then another check flag to reinstall them after the upgrade. This would be extremely handy, particularly when I have a lot of packages. It takes me about 15 to 20 minutes to uninstall and reinstall them all after the upgrade.

A couple of weeks ago, I would have had another area for improvement, even though it was outside their purview. They are switching DHCP providers from ISV to something, but it did not have a feature I wanted, which was client hostname registration for statically served IP addresses. I rely on this for host management inside my trusted network, but that feature has been released now, so I feel more comfortable moving to the new DHCP version they support.

I have used the solution for at least seven years.

Since operating Netgate 4100 and pfSense Plus, anytime I wondered if the device itself was laggy, it was not the device. It was something upstream causing the issue. I have an HA configuration and a load balancer, so if one of the links goes down, the device gets a little laggy as it drops that interface and brings up the other one as the primary. If the ISP is flapping, this will happen continuously, introducing a lot of network lag, but that is trivial now that I understand what is happening. As soon as I start feeling lag, I check the logs to see if that is the cause. The device itself has not ever been latent or lagging. It has been rock solid.

I found it very scalable. I am out of ports on my device because of having multiple ISPs and VLANs. I do not have an HA setup, so the device scaled very well for my needs personally. When we deployed an HA pair in a professional situation, we had a much larger network, and it scaled to cover that easily.

I have only contacted them to get a download of the operating system image ahead of any upgrade attempt just in case I needed to start from scratch.

Neutral

I have used a number of different solutions. I have used firewall software and hardware of all kinds, both professionally and personally, reaching back to the early 2000s.

The initial deployment was done many years ago. I remember it being pretty straightforward back then. One of the things I enjoyed about the device is that the configuration file is like the starter batter where someone gives you a lump of yeast and dough pinched from someone else's. 

I have been able to roll my configuration file forward every time I switched devices or operating systems. This has made it a lot easier to maintain the device. Even when I had to completely wipe the machine and start over, it was pretty trivial in almost all cases. It has certainly been a lot easier since I started using pfSense Plus to get my configuration back up and running again.

When I ran an IT shop a few years ago, we had an off-the-shelf solution where years ago, somebody had built a firewall solution using a couple of rack-mount PCs and some open-source security package. It was a black box. Nobody around understood it anymore, and I needed to replace it. I went to look for hardware that my shop wanted to use, like Cisco, but the price was well out of our budget, so we went with a pair of HA Netgate devices and pfSense. That solved our problem. I thought it was a good price point for a good solution.

Their pricing is quite reasonable. It is very good. Every firewall is a router, but typically, in an enterprise situation, these are separate. My home is essentially a small office. My partner and I work from home a lot, and I am the system administrator, network administrator, and security administrator. The values are high because I am not maintaining two machines. I am not spending my own power on two different devices. For small office or home use, such as mine, pfSense is valuable because it combines multiple functions into one low-power device.

I would rate pfSense a nine out of ten. 

I can restrict IP addresses by country, for example, which is very useful. If I don't have business traffic from specific regions of the globe, I can restrict them. I loaded SNORT and started playing with some of the rules and packages.

Overall, I've experienced fewer problems since I started using it at home, so I'm very happy with it. It's very flexible. I think it's extremely flexible.

I can configure as much or as little security as I want. A lot of it comes out of the box and I can fine-tune it toward my needs according to my knowledge, obviously. I think it's pretty flexible, yeah.

Less down time, less denial of service attacks.

I received a great deal of guidance and help from the technical user group, the forums are awesome and the community is outstanding.

Netgate technical support is also very good although it incurs a cost.

The software is easy to use and rather flexible, it is just a matter of getting to know it. 

You can buy the appliance pre-configured, there are many models available, to suit your needs and your budget.

However, you don't need to buy the hardware, which is what I'm really excited about, in other words, you can buy the service on the AWS cloud.

Since I purchased the service, I have not had as many denial of service attacks, it minimizes downtime by reducing the number of computer crashes, so yes, it increases uptime.

The solution is very flexible, you can configure as much or as little security into it as you want, a lot is available right out of the box, you can fine-tune it.

I saw results of using the solution immediately. You can start restricting IP addresses by country right away. That's very useful. It's easy to restrict regions.

Overall, I have experienced fewer problems since using the solution. 

pfSense does provide a configurable dashboard, however, you have to connect to it through a browser. I can see a lot of stats in a single pane that is quite flexible. It does what I need it to do so far, you can add or remove sections.

It doesn't directly minimize downtime, however it does indirectly, by minimizing the number of DDoS attacks. This increases uptime. Since using pfSense, I don't have as many attacks. 

I use pfSense on an Amazon EC2 virtual machine. It works well in the cloud. This implementation optimizes resource utilization because it doesn´t rely on static hardware which quickly reached EOL support, I can grow/re-size easily.

I can take it with me wherever I go - as long as I have a network connection, laptop or cell phone without being tied to hardware.

I'm not knowledgeable enough to suggest new features. The use has been very straightforward. Whatever questions I've had, I've found videos to help me on YouTube, or I've been able to ask the forums.

I've also reached out to technical support and I've received help although there could be more videos or tutorials from Netgate, in addition to third parties who have already implemented it, which is great. 

I have suffered a lot of problems over time but I don't think the problems are related to the hardware or the software. I am convinced that the problems have been related to hacking during configuration.

During the setup process, while experimenting, the device would stop working or the password would suddenly not allow access, requiring re-installation and re-configuration, it was very slow going until I moved to the cloud.

The dashboard is a little bit slow and the reporting isn't always current or immediate but acceptable. I'm not sure I can make data-driven decisions due to insufficient volume. I would need enhanced reporting, statistics, playback. 

I haven't looked at the reports a lot since because you have to access the log files, time is an issue, I use it in a home office environment.

I have been using pfSense on and off since August 2015 when I bought my first device with the pre-loaded operating system. I've been working ON it ever since, on and off.

I suffered a lot of problems but they are not related to the hardware or the software. They were related to hacking that I was subjected to. The device would stop working. The password stop working suddenly. I had to reinstall the whole thing. So it would be very slow going. 100% up time since I went to the cloud. There you have it in a nutshell. 

I'm not tied to the size of the hardware that I'm using. An SGA 2440 is a really nice device for a home office. However, if I should grow into a business, then all I need to do is resize the virtual machine capacity. I don't need to buy a new device and reconfigure it. I can just grow the device that I already have. That might imply a migration but not reconfiguring from scratch.

The support is excellent quality, yet it's expensive. 

They're very quick to rule out things if they're not cutting edge. In other words, if it's not a new device, if the device is near its end of life, they tend to kind of say, "well, you know, no. We don't deal with that anymore." 

My device was still supported, although older. In any case, it was clear that they were not going to give it as much effort as something in its main life cycle. My impression was that it I was summarily brushed off on account of age.

User groups helped me a great deal. Support offers a certain amount for free when you get the subscription in the cloud which I purhased. However, if you have a really big issue, then you have to pay for support. 

Positive

I looked at another Netgate option which also runs in the cloud on AWS. I haven't used/evaluated it. I don't remember the name of it although it looked very interesting. I settled on Netgate because my friends recommended it.

Malicious behavior is something that I've noticed over the years and it is growing.

I sought help and joined a nonprofit organization locally whose charter is to educate people about the dangers of being on the Internet and how to modify their behavior to minimize the risks and protect themselves. 

This solution is very configurable, reliable and approachable open-source software. When I re-nstalled the latest version on my home device, I downloaded it for free, I got an invoice from Netgate for zero dollars. 

Netgate makes money from subscriptions on the cloud or selling the hardware with the installed operating system. However, the operating system is still free. It's still open source. 

The community is wide, and there's a lot of help available. It's relatively cheap if you buy your own hardware and very configurable. 

I can't say that I went into a very exhaustive investigation of other options. When you're ignorant or inexperienced like me, it requires a huge time investment to make the evaluation, I discarded over the counter solutions.

So you try to approach people who have already evaluated a whole bunch of products, and ask them to tell you which one they think is best, most flexible and configurable, NETGATE pfsense was the overall winner.

The initial setup in the cloud is easy and I received good instructions and a fair amount of coaching when I purchased the service. 

The on-premise appliance, which was also pre-configured did not come with instructions, so it was less straight forward. I didn't have a guide. It didn't come with a manual. It was more difficult for me and I struggled a great deal. 

The second time around, I already had seen the operating system its interface, configured it, reset passwords, the whole thing so I was more comfortable with that, received more help and had more documentation available online.

The cloud version was easier since even if I did not have a lot of experience, I had more help. Maybe it's just the perception. While it wasn't difficult for an inexperienced IT person, it might be a little more complicated for a regular user.

Netgate has TOP of the line expertize and customer service.

Not measurable in the USD but considerable in terms of productivity.

It's a little expensive in my region. I really want to buy a device, a hardware device, and have it on-premises. I want my own security gateway appliance at home, my own router to log into, configure and play with. 

However, I don't have that, my SG-2440 just died from a power surge, it's a huge up front investment and it is also more vulnerable in more ways than one.

An average device costs around $500, is vulnerable, can be stolen, damaged by electrical surges, tampered with. 

If I buy the subscription in the cloud, I eliminate the danger of theft and losing my investment, and I can take it wherever I go. I feel more secure with the cloud version, even though I know it's more expensive. 

The cloud lease cost $50 a month at the time I was interviewed, about $120 now, a lot of money for me. However, it has been worth it. I can access all of the resources remotely, manage, configure, upgrade, use at home and on the road.

No, I asked around for recommendations.

I'm just a customer considering a partnership.

I now have a pfSense subscription on AWS, I've installed it on my laptop and mobile devices. I can use it at home and away from home. My cell can share Wi-Fi and extend the benefits to others around me.

I'm considering alternate architectures to split my home office network using an on-premise device here at home. 

That will allow the mobile component on the  AWS Cloud for my cell and my laptop if I travel, since the OpenVPN is installed on them, as well as the ethernet connection from the home appliance for wired access to repeater, TV, laptop. 

It doesn't matter if it's Ethernet or Wi-Fi everything will be covered. 

Overall the product rating is nine out of ten.

I have at least two pfSense routers at home in my home lab, serving my house. Additionally, we use it in my company. We have our satellite office in LA, and we use it as the main router. The use cases involve a router, firewall, and DHCP server.

I was able to see pfSense's benefits immediately because I used it as a learning tool too. From the very beginning, I was able to inspect traffic and see what was happening on my network. That was pretty useful.

pfSense is flexible. I like it. I can install it on different hardware. I can virtualize it if I want.

It is pretty easy to add features to pfSense and configure them. If something is supported by Netgate and it is in their package manager, it is pretty easy, and if it is not, I would not want to add it. I would not be confident enough to put it on my firewall.

pfSense has not directly helped to prevent data loss, but it helps indirectly by protecting the network and not letting in malicious things.

pfSense Plus provides features that help us minimize downtime. Preventive notifications and ZFS snapshots are helpful features. 

pfSense Plus helps to make data-driven decisions to some extent such as which device is using the most bandwidth. The visibility that pfSense Plus provides helps us optimize performance.

The Tailscale integration is very helpful. The DHCP and DNS server functionalities, as well as the package manager, are also good. 

I am using its paid version. I am paying at home for the Plus version, but I wish they would pay attention to the community version. I know there is less incentive for Netgate to develop the community version, but it would be cool to have that.

pfSense does not give us a single pane of glass management. I know that they are coming out with that as a beta or alpha feature, but it is not there yet.

I have experienced only hardware-related issues with Netgate. They are not related to pfSense as a software. I purchased a Netgate firewall, an SG-4100, which is a $600 device, intending to make it a solid piece of my home lab and support the project. It died in one and a half years. I do not see the value in buying their hardware, as their customer support was not friendly or helpful. Eventually, I bought pfSense Plus, which allows using a roughly $200 device that offers part-swapping to keep the device alive or even buying two of them. The pfSense Plus subscription is roughly the same value.

Support for third-party hardware is less documented, not being their preferred option. For most things, it is pretty solid. Other firewalls such as SonicWall offer more protection features such as deep packet inspection. I know that is possible with Snort or Suricata. That is one thing that could differentiate open-source firewalls from the main players. 

Another suggestion is automatic updates to reduce maintenance for smaller setups.

I have used Netgate pfSense for roughly three to four years.

Since they fixed the DHCP issues, it has been pretty stable.

Scalability has never been an issue. I have not dealt with more than 10 gigabit traffic, so I have not experienced any problems.

They answer promptly. However, I do not feel valued when I pay about $150 a year, and they only include certain things for people without the Netgate hardware. They had some general first-time setup features but nothing that actually caused problems. For instance, when I imported my previous configuration to my new hardware, it was not covered. So, even if advertised similarly, it is not the same if I do not own the Netgate hardware.

Neutral

At work, in our main office, we use SonicWall. I also use UniFi Firewalls, ranging from smaller to larger ones, and actively manage two or three of them.

As compared to SonicWall, the user interface of pfSense is much easier to handle. It is also faster even though our SonicWall is a much beefier device. pfSense is more well-organized compared to SonicWall.

With their own devices, it was pretty easy. With third-party hardware, it was a little more difficult because certain devices are not as compatible. It is easier if people double-check compatibility, but in general, it is pretty easy.

It requires maintenance from me. I have to update packages and make sure that everything is running properly and the hardware is fine.

It is a one-person task. If you have the specifications and knowledge of what network segments and VLANs need to be set up, it can be managed by one person.

It is on the higher side. If you want to purchase pfSense Plus alone, the cost is roughly $150 a year, but the value provided justifies the expense. However, a lower-end tier option, around $100, would be beneficial.

With the inclusion of firewall, VPN, and router functionalities, for a business, pfSense makes much more sense. I was comparing different solutions and our SonicWall costs way more when we include VPN and other small features.

If installing on your own hardware, you should definitely research compatibility with FreeBSD, and use ZFS, which I believe is the default now. This allows rollback capabilities. It is important to read what is included in the pfSense support package before contacting support, as you might not get answers, and it might be easier to go directly to the forums.

I would rate pfSense a nine out of ten.

I typically use it as an edge firewall.

pfSense is easy to configure. The features I have configured are firewall rules and dynamic routing through FRR. These advanced features are straightforward to configure, and the documentation, if needed, makes things even easier. 

We are using pfSense Plus. It helps us minimize downtime. There is high availability built into the software. I can deploy two pfSense firewalls, configure them correctly, and they can back up each other in case one of them fails. It is a fantastic free feature integrated into the product, and I utilize it constantly.

pfSense has been somewhat beneficial in helping to prevent data loss. We were able to see its benefits immediately after the deployment.

I find the overall amount of configuration flexibility to be valuable. 

It is fairly maintenance-free. That is one of the strengths of the product. It has no frills and is extremely easy and painless to use. It does not cause any trouble.

Another strength of pfSense is that the documentation is very digestible and easy to understand.

One of the features I know they are working on and would like to see improved is the single pane of glass. They have a beta feature available right now that is good, but I would like to see that more developed and made available to customers sooner rather than later. It is currently very basic. When dealing with a fleet of pfSense firewalls, considering them individually is not the most efficient use of time. 

It does not provide visibility to make data-driven decisions. I cannot derive any analytics or information from the pfSense GUI or software to make data-driven decisions. The visibility that pfSense Plus provides does not help us optimize performance. I want more information and context around the data passing through my firewall to make data-driven decisions. I have used other vendor firewalls that provide some capability to show the traffic or bandwidth passed within the last hour, directly within the firewall software. I need a way to generate a report that I can deliver to my C-suite, allowing us to discuss and determine the best path forward. Currently, you deploy it, and it performs as expected, but there are no analytics or reporting capabilities to extract information from the firewall, generate a report, and engage stakeholders in discussions about network connectivity issues, concerns, or upgrades.

I have used Netgate pfSense for more than five years.

I would rate the stability of the product a nine out of ten.

When assessing scalability, I would probably give it a seven out of ten.

I have interacted with their customer service, and they have been, without a shadow of a doubt, beyond helpful. They are fantastic and truly among the best I have worked with. I would rate them a ten out of ten.

Positive

I have used Palo Alto Firewalls and Cisco ASAs as my primary solutions. If money was no object, Palo Alto Firewalls get the edge only due to the fact that they provide more visibility and analytics in regard to the data that goes through the firewall.

Setting it up is extremely easy. Installing the hardware, configuring the software, and getting it ready to forward and pass traffic takes as little as 45 minutes. It is extremely robust and easy to manage and use.

In my case, it definitely involves a team. When we visit on-site, one person can deploy it, but at least in my business, it is accomplished as a team.

pfSense is excellent for a low total cost of ownership. pfSense pricing is extremely competitive, and it delivers exactly what is advertised. If you are looking for a firewall with advanced feature sets at a very low cost, you cannot get anything better than pfSense. It does exactly as advertised, and that is one of its biggest strengths.

It is extremely affordable in relation to TCO. You get everything that other commercial products give but at an extremely affordable rate, so you can deploy en masse to numerous customers and clients.

My overall advice would be to read the fantastic documentation. Everything you will ever need to do with the product is explained very easily in the documentation. If you have any troubles, just read it, and you will always find an answer. It is one of the best documentation of a product I have used in a very long time. Nothing is hidden.

Overall, I would rate pfSense a nine out of ten.

I run a company that is a managed service provider. We supply our clients with products and purchase on their behalf. We install pfSense in their offices or main client offices.

What I like most about the product is that it is simple to use. I use it at home and in other locations. It offers great value for money because there are no licensing issues apart from the support package. I don't have to worry about licenses expiring or the firewall not working. The overall security gain is stable and reliable.

Multi-appliance monitoring and management, like a single pane of glass, would be very nice to have. A centralized management console would help us. There might be improvements to the web UI, which could benefit from a new look. It looks a little dated, although everyone knows where the options are.

I have used the solution for four years.

The solution is stable. I'm happy with the stability, I would rate it a nine. I had some minor issues, like hardware power supply failure after two to three years, but it was rock-solid until it failed.

The solution is pretty much scalable. I would say nine, although I'm not sure why.

I used their support about two times. I don't need much support, as I've managed to fix everything by myself. I would rate it ten because they went above and beyond expectations.

Positive

Sophos was used in some cases. Some clients require products which are used in their other offices.

The initial setup takes about one hour. It is fairly simple and sometimes only takes half an hour, depending on what needs to be done.

We implemented it in-house with one person.

Because we are familiar with the product, the ROI is between ten to twenty percent. We have been saving by having a stable, well-known product.

I estimate it to be between four or five, something like that. I cannot say it is cheap, but it is not expensive either, so let's say three or four.

I usually advise having a solid firewall with a low cost of ownership, which is why I rate it nine. There's room for improvement, as I would love to have more control over the packets. Overall, I would rate the product nine out of ten.