It's easy to add features via the package management system
What is our primary use case?
We use pfSense internally to protect our management networks and provide VPN access to our internal staff. We also use it for customers needing a more sophisticated firewall than your home or small business WiFi router firewall package.
We deployed it at work when I got hired because we needed to replace the existing hardware solution. I've used pfSense for over 10 years, so I drew upon the experience from the experimentation I do in my home lab.
We're an ISP that provides managed services. We deploy pfSense as part of a larger solution, usually a contract for managed services. We provide their Internet circuit and a managed firewall so that they don't have to do that themselves. They pay part of the hardware cost—maybe 50%—upfront, and then the rest of it is applied against a contract, after which they will then own the hardware.
We use pfSense as a hybrid within our data centers, with some virtualized instances running pfSense community edition and some as Netgate hardware running pfSense Plus (the higher-end ones because we need a firewall that can handle 10 gigs of throughput). We've got multiple different models of the official hardware deployed for ourselves and some managed customers. They range from small businesses to a professional sports venue.
How has it helped my organization?
We use pfSense for work because I was already aware of its flexibility for our needs. The solution provides a great base level of network protection. PfSense is not a next-generation firewall, so it doesn't do in-line virus scanning or offer out-of-the-box IPS/IDS, but that can be covered by a manged antivirus suite and following good security practices. In terms of how secure pfSense is and how secure it keeps your network, it does that very well.
What is most valuable?
The biggest benefit of pfSense is its ease of setup, especially for VPN — both the end-user VPN and site-to-site VPN. It's easy to add features to pfSense via the package management system. We can just turn things on. They have made it much easier to deploy things like free radius, where we want to have enterprise authentication for WiFi. It's by far the most flexible firewall I have ever worked with. There are also packages for ACME for Let's Encypt SSL certificates, and HA proxy.
The pfSense Plus package has given us peace of mind, but we haven't had to open many trouble tickets with NetGate. Aside from the maintenance and support contract, the only feature we use from pfSense Plus is the wizard for building site-to-site VPNs from our locations to AWS VPCs. Building site-to-site IPSEC tunnels to AWS is a fairly complicated task, so having that wizard made it easier.
What needs improvement?
I would like a management console to manage and monitor multiple pfSense installs. We have several pfSense hardware devices installed and as far as I know, there is no single, unified pane of glass that I can use to manage all of them at once. That's the one thing I wish I had, just having a good single unified configuration interface for each install.
For how long have I used the solution?
I have used pfSense at my current company for at least four years now, but I've used it personally for over 10 years.
What do I think about the stability of the solution?
I have to really dig deep to come up with any shortcomings. If you are using VLAN tagging, and making adjustments, restart the DHCP and DNS services manually, just in case.
What do I think about the scalability of the solution?
As far as I know, there isn't a single console from which I can manage multiple installs. That is the only thing impacting their scalability. They max out at 10 gigabits per second, but anything above 10 gigs is such a niche market. To be honest, I doubt that's their target.
How are customer service and support?
I rate Netgate support 10 out of 10. They turn around tickets quickly and their staff is fairly well educated. When I provide detailed information about the problem, they've been able to reply quickly with a solution or go research the problem and get back to us quickly with a fix. It's been pretty top-notch.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I've used OPNSense, a fork of the pfSense project, as well as Cisco ASA, PIX, Palo Alto, Ubiquiti's Unified Gateway, SonicWall, and FortiGate. Some bigger Ubiquiti firewall products are comparable to pfSense, and Cisco ASA has name recognition. SonicWall and FortiGate offer some enhanced features, like better threat management you get as part of a subscription, some block lists, and some more next-generation firewall features.
Overall, our chosen solution is pfSense, as it balances features and cost. It isn't the best at everything, but it's more than enough for almost everything you can throw at it, and it isn't ridiculously expensive like some solutions. It is massively flexible. Although it is missing some of the more esoteric features, you don't need those features 99% of the time. If you have the budget for it and need to do something more advanced than just the basic firewall, it remains the go-to solution we use every time. It's why I keep a couple in stock on the shelf so that I don't have to order them if we need one for an immediate customer install.
How was the initial setup?
It's incredibly easy to deploy pfSense and takes no more than 30 minutes in a typical small office setup. A typical out-of-the-box setup for a small business can be running in five minutes flat. We usually have a two-person team with someone from our network engineering team responsible for the configuration and a field tech installing equipment on-site.
Regarding maintenance, you need to go back in occasionally and install the most current version of the software. We check for updates every couple of months, and that's it. That's it for maintenance. Once it's installed, we fire it and forget. It's there, and it works.
What about the implementation team?
What was our ROI?
What's my experience with pricing, setup cost, and licensing?
I would say pfSense is competitively priced. It isn't the cheapest hardware, but I've never had a problem with it. It is far cheaper than big brand names like FortiGate and Cisco while delivering a feature set that's nearly the same across the entire list. The only places it falls short are esoteric features that almost nobody needs.
The support plan is reasonable. The pfSense Plus license with the warranty is either 400 or 800, depending on the level you want. For a commercial customer, that's more than reasonable and a lot cheaper than many solutions. We haven't had any sort of issues with the firewall hardware itself, so it's doing extraordinarily well on the total cost of ownership.
Which other solutions did I evaluate?
We did side by side comparisons of the feature sets and prices, and drew upon our experience with multiple vendors, including the equipment we had at the time.
What other advice do I have?
I rate Netgate's pfSense 10 out of 10. I recommend turning on the built-in automatic configuration backup so that if you mess something up, you can easily restore the configuration from a backup and get it back up quickly. I also suggest downloading the community edition on a spare computer to play with and break because it's free.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Economical Pfsense for small businesses
What do you like best about the product?
They are very economical for being open source for companies that want to set up a firewall.
What do you dislike about the product?
It does not have a central console to manage multiple PFSense, support only in English.
What problems is the product solving and how is that benefiting you?
We wanted to connect two offices using OpenVPN.
Nice features, ease of use, good updates
What do you like best about the product?
They are committed to the project, and software is quite stable and efficient. Ease of use, number of features, ease of implementation and ease of integration are key points
What do you dislike about the product?
They dropped the free home/lab version support...
What problems is the product solving and how is that benefiting you?
pppoe session to my ISP, better nat system and better dhcp support
The perfect Prosumer router
What do you like best about the product?
My Netgate 6100 is fast, simple, and secure. It also has enough oomph to run any reasonable combination of a reverse proxy, an IPS, ad blockers, and has a pleasantly functional web UI. And it never breaks a sweat.
I expect it to be a great router for ten solid years. Probably longer.
It's the best investment you can make for solid home internet. Buy simple WAPs and update them every so often. Keep your router the same. It's perfect.
What do you dislike about the product?
The pfSense documentation could be a little better.
What problems is the product solving and how is that benefiting you?
I work efficiently and effortlessly whenever I need a new network service. I can even prototype public services with relative comfort, knowing that it tries very hard to keep the bad guys away.
Wide set of features with easy disaster recovery
What do you like best about the product?
For us the pfsense makes the maintenance work of our external enpoints very easy to comprehend. We sadly had a crashing pfsens hardware but luckely we had a recent backup, we restored the backup to the new hardware and just like that we where up and running again. We where in contact with support to get a new firmware for another one and the support is fast and very informative.
What do you dislike about the product?
It can sometimes be hard to fine tune settings for very specific needs, but that most likely lack of competence on our side.
What problems is the product solving and how is that benefiting you?
A competent loadbalancer for http traffic and wireguard VPN.
Great experience and great hardware
What do you like best about the product?
The first upside of using pfSense is of course the ease of use, and the great interface. It may not be as complete as what Palo Alto offers for example but realistically, the price range is not the same.
What do you dislike about the product?
I have to say, I don't really like the firewall logs, I think there is room for improvements like for example pagination on live monitoring.
It would be awesome to see an application based firewall, even if it comes with a specific version of pfSense.
What problems is the product solving and how is that benefiting you?
pfSense permits me to have a VPN connection to my home network while I'm elsewhere and I need to get a specific file, or just want to browse the internet without ads. It also gives me the ability to open ports (for example for game servers with friends) and to do strict firewall rules.
Free, effective, and very easy to install
What is our primary use case?
We use it for the backup line for the internet. When the internet is disconnected, we transfer to pfSense.
What is most valuable?
We only use it for the backup internet connection. It is effective. We have not had any problems.
What needs improvement?
We have not had any problems with it, and we also do not have a need for any new features. If anything, its reporting can be better. Sophos has better reporting than pfSense. Sophos has more detailed information. pfSense is not as detailed. It is summarized.
For how long have I used the solution?
I have been using pfSense for six months.
What do I think about the stability of the solution?
It is stable. I would rate it an eight out of ten for stability.
What do I think about the scalability of the solution?
It is scalable. I would rate it a seven out of ten for scalability.
How are customer service and support?
I have not used their support.
How was the initial setup?
The installation of pfSense is very easy. It took two to three hours.
It is easy to maintain. We did not have to do any maintenance of pfSense since we installed it.
What's my experience with pricing, setup cost, and licensing?
It is free. It is open source.
What other advice do I have?
We have not used the VPN capabilities of pfSense. We also did not have a need to integrate pfSense with any service.
I would rate pfSense a nine out of ten.
Enterprise & Small Business ready
What do you like best about the product?
I have deployed 6100's in secure facilities and small businesses a like and im constantly impressed with the robustness not only of the software, but also the support model.
What do you dislike about the product?
A few lacking "features" to make administration on mass is a niggle, nothing major
What problems is the product solving and how is that benefiting you?
Multi Tenant buildings with fail over, CE+ secure networks for CNI and List X solutions
Wide array of hardware with flexible software
What do you like best about the product?
The pfSense software is widely-known and very flexible. There are considerable resources on the Internet, from books to videos. Good technical support from Netgate.
What do you dislike about the product?
I'm used to configuring routers and firewalls for my advanced home network. pfSense had a learning curve for me. It would be nice if there were a more intuitive visual interface where it's more obvious that firewall rules and DHCP servers are based on interfaces, and aliases are definitions that go into the rules and such.
Also, it should be much easier to analyze and reduce bufferbloat and other common connection nonidealities.
What problems is the product solving and how is that benefiting you?
The Netgage 1541 provides more than enough throughput for my 1.6 Gbps Internet connection. It provides support for the isolated wireless networks in my house, and has two 10 Gbase-T connections for connecting to my primary switch.
Best and only firewall used for our business and our clients
What do you like best about the product?
Simplicity yet powerful tools to configure the Firewall. Intuitive.
What do you dislike about the product?
Sometime the Firmware updates tend to brick the device
What problems is the product solving and how is that benefiting you?
The range of harware to fit the size of the buinsess.
