We use pfSense in our clients' offices to provide secure network access. For remote workers requiring private network connectivity, we deploy a Netgate pfSense router in both the office and the user's home office, establishing a robust IPsec connection between the two. This configuration offers superior security compared to alternatives like OpenVPN, as remote users simply need to connect their LAN cable to the home pfSense for immediate and secure office network access. We primarily serve small organizations with 10 to 200 employees, deploying a pfSense router in each main office and providing OpenVPN or IPsec connectivity. Additionally, we offer optional pfBlocker-NG integration for advanced threat protection, enabling the blocking of traffic from specific geographic regions or known malware sources.

We have several sites with multiple or backup-wide area networks. We use pfSense to manage these networks, configuring them for load balancing or backup as needed. To authenticate OpenVPN logins, we leverage Active Directory on our Windows Server, simplifying user management. Office managers can easily disable both Windows and OpenVPN access for users without needing to access pfSense directly. This centralized approach requires only a single robust passphrase for users to access both the VPN and the Windows domain.

I am accustomed to the interface and find it quick to use. However, I think a new user might need some time to adjust. That said, I've been using it for over 15 years.

As a network administrator, I fully understand the benefits of pfSense before deployment. While end users may not immediately recognize its advantages, I appreciate its value in eliminating the need for costly licenses associated with other firewalls like Barracuda and Checkpoint. PfSense offers a comprehensive suite of features, including VPN, user management, and advanced DNS, without requiring additional fees. This cost-saving aspect is a significant selling point for me when replacing older firewalls with Netgate pfSense. Not only do we improve network security, but we also reduce ongoing expenses, a benefit that becomes apparent to clients over time.

Adding features in the packages section of the interface is quite rapid, especially when limiting options to available packages. However, configuring unfamiliar or infrequently used packages requires research and time, ideally by someone with networking and firewall experience. While pfSense is not entirely plug-and-play, the basic setup is straightforward; adding features demands more technical knowledge. So, feature addition is easy, but configuration can be moderately complex.

pfSense can help prevent data loss by making it difficult for hackers to breach networks. However, most data loss incidents we see result from end-users clicking on malicious links or email attachments. When data loss or ransomware occurs, the issue typically lies with user error rather than pfSense. I believe that the networks I configure using pfBlocker, which restrict communication primarily to the continental US and other approved countries, may help block ransomware. Still, I cannot quantify the frequency of such occurrences.

Approximately ten percent of pfSense routers experience critical issues requiring a factory reset. Previously, this process involved contacting tech support and providing detailed information. However, pfSense has simplified this by offering self-service image downloads. This improvement significantly speeds up customer recovery time. Additionally, Netgate's pfSense Plus hardware comes with a Zero-to-Ping warranty, enabling easy setup and troubleshooting for end users. While not entirely plug-and-play, most users can easily install these routers, and Netgate's warranty provides additional support if needed. I've successfully utilized the Zero-to-Ping warranty several times and believe it is a valuable resource for both technicians and end users.

pfSense has helped enable data-driven decisions. It allows me to communicate the need for faster WAN lines to client management by providing concrete evidence of network performance. Additionally, pfSense offers detailed insights into OpenVPN user activity and IPsec traffic, facilitating targeted problem-solving. For instance, I can readily identify slow IPsec connections for remote users, such as user X, and advocate for necessary improvements based on these data-driven findings.

OpenVPN, IPsec, DHCP, and DNS are the most valuable features. I will also include pfBlocker-NG later in the list, but only a couple of sites use this feature. 

pfSense does offer a convenient single-pane dashboard, but I believe it could be improved with additional features. For instance, an administrator log for team members to record notes, such as adding a nameserver, removing user accounts, or other relevant information, would be beneficial. This simple log within the main status page could enhance communication and collaboration among the admin team. While the current status screen provides most of the necessary information, this extra feature would be a valuable addition.

It would be beneficial if Netgate provided a table outlining the recommended maximum WAN port speeds for their various models.

The documentation doesn't align with what I'm seeing on the console. This is frustrating because the online documentation doesn't match the dashboard, leaving me unsure of the correct steps to take.

I have been using Netgate pfSense for 16 years.

I would rate pfSense's stability a perfect ten. When I replace consumer routers with pfSense for small businesses with two or three employees, they are often amazed to discover the router can run for a year without a reboot. This starkly contrasts their previous experience with consumer routers that required weekly or bi-weekly unplugging.

I have been pleased with pfSense's scalability. While I haven't explored all its features, I have successfully backed up an old system and restored it to a new pfSense device, which I consider an upgrade. I know additional capabilities like load balancing and backup device management but haven't implemented them due to a lack of current need. PfSense offers much more potential than I've utilized.

The quality of the support is high. While the speed used to be somewhat slow, I've noticed a significant improvement in recent calls, connecting with a representative quickly within the past year.

Positive

We've used multiple firewall solutions over the years. Twenty years ago, we implemented Monowall. Subsequently, we switched to Barracuda, which proved highly problematic and required frequent technical support intervention. Our next choice, SonicWall, was an improvement over Barracuda but still presented challenges. Specifically, SonicWall's licensing model is burdensome, as it necessitates constant management on my part, a task end-users are unwilling or unable to perform. Though less frequent than with Barracuda, technical support interactions are still necessary.

Initial deployment is straightforward, taking approximately half an hour for each unit. While pfSense is not the issue, challenges often arise due to clients' limited understanding of their network configurations. A single person can effectively handle the deployment process.

I appreciate that pfSense eliminates the need for extra payments, license management, or feature limitations. This cost-effectiveness and its reliable Zero-to-Ping guarantee is its most compelling aspect.

The pricing seems fair overall, but I think they need more reasonably priced options for very small offices. They currently offer a few affordable units at the lower end, but then there’s a significant price jump to the next level. I remember they used to have a model around the 2100 range that was a good middle ground. I believe they should offer more choices between the lowest tier and the next one in terms of hardware. Additionally, I'd like to see a per-incident support option, which I don't think they currently provide. I haven’t checked their support options in a while, so I could be mistaken. However, in the past, they only offered annual plans. If I encounter a specific issue, I would prefer the ability to pay a one-time fee for complete support on that particular problem.

The total cost of ownership is great. pfSense is our most recommended appliance for router, firewall, and VPN functionality. 

I would rate Netgate pfSense nine out of ten.

Users don't need to do anything to maintain the system, but I like to check all pfSense instances every few months, install updates, and look for any irregularities. I try to check every single pfSense system if possible. pfSense needs to be manually updated.

I use Netgate pfSense as my office firewall.

I implemented pfSense as a firewall, VPN, and content filtering solution using pfBlocker and configured it to verify HAProxy certificates.

Most of our pfSense deployments are on existing machines with a small amount in the cloud.

pfSense offers excellent flexibility and works well with both physical appliances and virtual machines.

The ease of adding features to pfSense and configuring them depends mainly on the user's experience. I find it extremely easy.

Firewalls and Network Address Translation offer immediate benefits once configured, as they are foundational security measures. Other features, however, require more extensive configuration and testing before their advantages become apparent.

Compared to other firewall solutions, pfSense's interface is user-friendly and straightforward.

pfSense allows us to configure multiple internet connections and firewall rules to minimize downtime.

It provides visibility into our network by capturing and delivering log data, such as Syslog, firewall logs, and other relevant information. This enables us to make informed decisions based on data analysis.

pfSense can help optimize network performance. When using appliances, we can install more than ten gigabit network interface cards and add more as needed, depending on the hardware capabilities. Typically, new appliances come equipped with ten-gigabit network adapters or ports. We can significantly enhance network and server communication speeds by fully utilizing these ten-gigabit connections.

The most valuable features of pfSense are the pfBlocker, HAProxy, NAT, and VPN.

I am unsure if it's feasible, but I have previously utilized a web VPN interface with Cisco Firewalls that allows VPN connections through a website, eliminating the installation of VPN software. Such a feature would be a valuable addition to pfSense. Additionally, an easy method to monitor pfSense within other monitoring software would be beneficial.

I have been using Netgate pfSense for ten years.

We have encountered only minor and infrequent stability issues.

Netgate pfSense is highly scalable.

The quality of the technical support is good, but if we cause an issue, we have to pay for the support hours.

Positive

I have previously used WatchGuard Firebox and OPNsense, but I prefer pfSense for its excellent usability within my company. Other firewalls like WatchGuard and OPNsense are often retained due to customer preference or specific requirements, but most of my deployments utilize Netgate's pfSense.

Deploying a single pfSense box is relatively straightforward. However, the process can become more complex if outdated hardware is used and network cables must be reconfigured. Deployments using Netgate appliances tend to be more straightforward.

We can have the Web GUI up and running in under 30 minutes, and a complete deployment can last up to four hours. One person is required for each deployment.

The pricing is reasonable.

Netgate pfSense offers effective total cost of ownership by combining firewall, VPN, and router functionalities into a single solution.

I would rate Netgate pfSense nine out of ten.

pfSense does not have any built-in features specifically designed to prevent data loss. Instead, we must configure various functions to indirectly protect against data loss, primarily as a preventative measure against unauthorized access to our servers and equipment.

I use both the paid and community versions of pfSense. Most of my appliances use the paid version. In the cloud, some virtual machines come with the free community version.

Maintenance is required to open ports and create VPN users.

I use the solution in my home network as the main firewall before all data heads out to the internet. I use it for DNS resolution as well.

I noticed the benefits of pfSense immediately after deployment. I was able to take complete control of my security to my house, and it gave me all the things that I needed in order to secure my home network.

The GUI and the user interface have been very clean, understandable, and feature-rich across the board.

The flexibility of pfSense is great. 

It is very easy to add features. 

There are features that help to prevent data loss. The rules engine of pfSense, a traditional firewall rule structure, has always been the same.

There's definitely a single pane of glass. There's definitely a lot there in front of you. 

pfSense provides visibility that enables users to make data-driven decisions. I'd rate the capabilities seven out of ten. 

Sometimes it's a bit of a challenge to know how to do something when you want to do something, for instance, setting up a point to point VPN.

Configuration is sometimes a challenge just due to a lack of knowledge on my side. I find that if I don't set up the rules correctly, and this goes to lack of knowledge of being an expert in the firewall space, it's a bit of a challenge sometimes in setting that up.

I would ask them to update it to a more modern interface, as it does look a little tired compared to GUIs today. However, the features are there. A redesign would be greatly appreciated, just from a human engineering aspect.

It might be easier if they separated things out a little bit more instead of putting all the aspects of what pfSense can do for you in a single menu. For instance, they have services, and they have all the services that you could have on your system. It's a lot.

Sometimes I find it difficult to find the data visibility that I would need in the interface to then go make a data-driven decision.

pfSense helps optimize performance. From a performance standpoint, setting up firewall rules does a great job of laying out exactly what those rules are. The layout of the firewall rules makes it easy to create a secure environment on my home network, albeit not very big. However, all the features are within the firewall, and I can create individual rules and organize the rules.

I've used the solution for six years. 

I have never experienced downtime from my pfSense device. I'd rate stability ten out of ten.

The scalability is very good. I'd rate it a ten out of ten.

I contacted technical support when there was a major upgrade a few years back, and I needed some assistance.

The quality was perfect. They were fast and very helpful. Even though I wasn't a paying customer for support, they still gave me great guidance and helped me focus on the issues at hand.

Positive

I've always had my service provider, Verizon, with their main router, and that router usually has a firewall built into it. I've never used anybody else besides pfSense outside of that.

The initial setup is straightforward. I've done it for my son at college in a matter of two hours, from unboxing to operation. It's easy to deploy a box. I can deploy it by myself.

It does not require any maintenance.

The ROI and the TCO are significant. You get a lot of features under one product. However, I don't use it as a router. I only use it for firewall and VPN capabilities and DNS.

The pricing and licensing are spot on. It's well below the industry average.

I did not look into other options. I knew of pfSense as being a leader in the industry, and that it is utilized by major corporations in large environments. To that end, I assumed it wouldn't hurt for me to have familiarity with the product and use it at home.

I'm an end-user.

I use the Plus version of pfSense. However, I do not pay for support.

I would rate the solution eight out of ten.

We primarily use the solution as a firewall and for managing traffic.

The interface and the integrated services are very useful.

pfSense offers very good flexibility. There are good plugins you can integrate into the software. We can use it for a firewall and to monitor internal traffic. We can do many things. 

It's not very difficult to integrate and configure features. At the install level, using the wizard is very simple. As a firewall, it's easy. You can watch usage and target effectively. If I have difficulties or questions or I need to understand how something works, there are videos and tutorials. 

We noticed the benefits of using pfSense pretty immediately. We could see it on the graphs that help us analyze the traffic.

We're able to leverage the single pane of glass interface. We can monitor everything from it from traffic to the state of the machine to memory usage and CPU. It provides good visibility so that we can make data-driven decisions. The visibility we get helps with availability.

Performance has been optimized under pfSense. We can filter traffic and limit internet use as needed. With it, we can control throughput.

The first time we deployed it, it was kind of tricky. There were many configurations. You need to first configure the alias, then you have all the IPs ordered correctly, and you can start to manage the VLANs. It would be ideal if we could implement in an easier and efficient way. 

One time, we tried to configure a wireless AP to the firewall and that was tricky. Understanding the interface was hard. It could be easier. 

The displays of all the plugins could have a better layout. You have to search through all of them to find what you need. They need a search button.

I've used the solution for one year.

We haven't had any issues with stability.

We haven't tried to scale the solution. 

We haven't contacted technical support.

Previously, we used a simple firewall called Linksys, among others. It was not very useful for analyzing traffic. pfSense is more granular in terms of firewall rules. 

The initial setup was straightforward, and there are a lot of tutorials online. You can just follow instructions. It's not too hard. The setup was fast. It took maybe half an hour.

There might be a bit of maintenance needed. We check from the main page to check it for CPU or disk failures. there might be some updates. That's it. Sometimes I go on Reddit and check to see if I should do the update or not. I remember once I read that someone suggested that we do not update and to wait for an update in a few weeks.

We managed the initial setup ourselves. 

The total cost of ownership is good. We don't have too many pfSense subscriptions across our network. However, it's pretty cheap compared to other firewall subscriptions. Plus, the pricing is inclusive. 

The pricing is good for us. It's not too expensive considering all of the features on offer. It's about $1700 a year. It could always be cheaper, however, for the most part, it's good. 

We use the Plus version of the solution. 

I'd rate the solution nine out of ten.

I'd advise users to always follow tutorials which can be found online. Be prepared. That said, the interface is not overly difficult.

We use the solution as a gateway appliance for our own corporate network as well as that for many of our clients. It has become our go-to gateway appliance for clients when they're looking to to have a new network stack installed.

Many of our clients are smaller. However, the big features for them are usually the built-in OpenVPN server for client-based VPN access. The site-to-site links and IPsec site-to-site connectivity are great.

The flexibility is one of the reasons it's become our go-to unit. We don't, unfortunately, get to use so much of its flexibility on a regular basis. That said, I love the fact that it can basically do whatever we need it to do all in one piece of gear.

It's relatively easy to add additional features. They have an application store that already has tools that you can add to pfSense as you need them. At this point, there are 30 or 40 or more of them.

In the long term, when you buy a piece of hardware, you basically get updates for that device for the life of that device. You're not paying for additional licenses throughout the life of that device. You just pay for it once. We do Meraki devices as well, and, every year or few years you need a license. You have to renew. 

There are some features in pfSense that help you to prevent data loss. Even just on the firewall side, you can limit what people are able to reach out to. The outbound filtering has a massive effect on that. They also have some other web filtering tools built-in; however, we don't typically use those. We have other tools for that.

pfSense offers a single pane of glass type of management per client site.

The solution does provide features that help minimize downtime. We don't use these features. However, we know they are available. We have the ability to offer that service. You can hook up two of the gateways in tandem. That way, if one of them ever does fail, it automatically fails over to the other functioning unit. 

pfSense provides visibility that enables users to make data-driven decisions. You can look at the amount of bandwidth used by the device as a whole or as a client. If there's a problem or if Netgate isn't performing per the client's wishes, we can easily make an assessment.

The visibility in pfSense helps optimize performance. There are a lot of different visualization aspects, including some bandwidth charts as well as some other built-in ways of looking at the way the data or information is flowing through the system, which definitely allows for that.

Something that we would really love to see is a real single pane of glass management for multiple clients. Having a reseller portal of some kind that allows us to easily remotely access all the different pfSense gateways that we have out there (like Meraki does with their equipment) would be ideal. Right now, we have to manage client by client and just maintain access per site, basically.

We've been using the solution for the past three or four years. 

They are super stable units. I have not had a single complaint about them.

They are definitely scalable. You can add your own additional storage to them. You can add additional memory to them if need be. They're very scalable, considering what you see in the rest of the gateway appliance market. Those are usually just static boxes where you get what you get, and that's it.

I have contacted support once. I have a Netgate pfSense box that I run as well. I got a little impatient when a firmware update was happening and thought the device locked up and rebooted and ended up having to push the default firmware back. I got help over email, and they were great. They gave me a copy of the factory firmware and I was able to recover the unit.

Positive

We've previously used Meraki. We use their gateways as well. We also used to use some Unify gateways but it was too limited. 

pfSense is great - and more flexible. It's better than both. It just lacks a centralized management portal. 

Initially getting into it, it took took a second or two just to get our team trained up on it. Since it's so flexible, there are some initial configuration assumptions that aren't made. You can do with the device as you wish. There's a lot of network equipment out there that has done a little bit too much hand-holding in terms of the initial configuration, however, those are also devices that are much less configurable. Going in, you want to understand networking a little bit more to make some of those decisions when you're setting up a pfSense box. 

How long it takes to implement depends on what you call fully deploy. We're still in the process of doing that. We have, especially on the Unify or Ubiquiti side, every time we have a client where one of those devices fails, we're putting in a pfSense box at this point. We deployed it on our own corporate network rather quickly. I had it done in a couple of hours, basically. 

There is some maintenance needed. The firmware updates, and we want to make sure that we're watching for when the new firmware is released, especially if it's being released to cover some known vulnerabilities.

We did the implementation all by ourselves in-house.

We are buying the Netgear hardware and we get the license along with it. The total cost of ownership is is extremely low when you compare it to a lot of the other devices or other gateway appliances that are available on the market.

The pricing is great - for the hardware, at least, which is generally what we're paying for. I was very aware of and paid attention to all the noise that went down when they changed their licensing, especially for the community edition. They created a new product called the Plus version of the license. 

For what they charge for it, which is maybe $100 a year, it's still good. If you wanted to build your own router, pfSense is more than worth $100 a year to have all that flexibility and maybe your own piece of custom hardware that you want to run it on. It's definitely a value-driven product.

We're using the Plus version since we buy the Netgate hardware. That comes with pfSense, and we're typically not building our own gateways.

I'd rate the solution nine out of ten.

My advice to new users would be to practice with the product when you get an appliance. It's always easier to start learning with an appliance directly from Netgate. Just set it up and mess around with it maybe on a network that is a test network of some kind. Something that's not in production. It's not a hard device to understand if you understand networking at all. 

We deploy the pfSense firewall to our customers' networks.

The solution provides customers with reliability and additional security.

The interface is very good. The configuration options are excellent. All of its capabilities are quite useful. It's more capable than what we need it for. I like having the ability to have additional capabilities compared to others.

pfSense's flexibility is great. I would rate it pretty high based on that.

We immediately witnessed the benefits of pfSense.

The IPS intrusion protection system helps prevent data loss. It works really well. It's a little bit manual process, however, it works really well overall.

pfSense provides high availability to help minimize downtime. They all have built-in high availability, which fails over to another box.

The solution provides visibility that enables users to make data-driven decisions. That said, that's a capability that we really don't need due to how small our customers are.

The visibility in pfSense helps to optimize performance. Just being able to see network traffic and the load on the firewall on the box, or the response times from packets going back and forth is helpful. There is a lot of visibility into network performance.

pfSense does not provide a single pane of glass type of management. That's one of the biggest downfalls. We take care of more than 60 customers, so it would be nice to have the ability to have all of the pfSense boxes that we deploy under one pane of glass so we can manage them centrally. 

I've used the solution for two years. 

I've had no issues with stability; I'd rate it ten out of ten. 

While we do not scale the solution, I can see it being very scalable. 

Technical support is of excellent quality, and they have fast response times. 

Positive

We've never used any alternative to pfSense.

We're buying the machines from Netgate. It's very easy to deploy. I'd rate the ease of implementation as eight out of ten. Even if someone didn't have much experience with pfSense, it would be pretty easy.

It's low maintenance; we may only need to worry about an occasional firmware update. 

I did not use an integrator or consultant during the implementation. I handled the process myself. 

The total cost of ownership is very good. It's low maintenance. Once you get it up and running, you really don't have to touch it. It's very favorable to have the inclusion of firewall, VPN, and router functionalities.

The pricing is excellent. 

We're an end-user.

We use the pfSense Plus version. 

I'd rate pfSense nine out of ten.

New users should be aware that it is more complex than just a consumer-grade product. Users need to be prepared for a lot of features that they might not understand or know how to implement at first. Check your resources in preparation.

I use pfSense as my primary home router and edge gateway. My professional background is primarily in security engineering, though I focus more on pre-sales technical engineering. Due to my extensive experience in direct and security information management over the past decade, I leverage pfSense's capabilities to generate much of the data in my SIM system. This data is essential for laboratory purposes, testing, rule development, and use case creation. As a result, pfSense is a crucial component in securing both my home network and laboratory environment.

I appreciate pfSense's flexibility because I previously encountered issues with hardware reliability. While I'll eventually order dedicated pfSense hardware, I experienced consistent problems with SSD corruption. Frustrated with this, I considered switching to OpenSense. However, I discovered its potential after running pfSense in a virtual environment. The ability to easily create snapshots and recover from mistakes is invaluable. Ultimately, I've decided to continue using pfSense virtually due to its flexibility and convenience.

The ease of adding features and configuring them in pfSense depends on a user's familiarity with FreeBSD and network analytics. While I have extensive experience building firewalls from raw FreeBSD, pfSense offers a user-friendly interface that accelerates setup for newcomers. Its underlying FreeBSD foundation allows advanced users to access and configure low-level features. I appreciate pfSense's intuitive GUI and the secure default configuration provided during initial installation.

After the initial setup process, I immediately recognized the value of pfSense. The straightforward configuration questions provided a solid foundation, making the benefits apparent. While every implementation requires tailored adjustments, pfSense offers a versatile platform to explore various use cases. My primary focus was extracting in-depth information beyond standard firewall logs, such as detailed Suricata events and DNS server activity. As I delved deeper, I discovered pre-built packages that simplified data export to tools like Prometheus and InfluxDB, often meeting most of my requirements without extensive customization.

The advanced pfSense firewall rules offer significant advantages, such as implementing threat intelligence to block malicious actors from accessing our network. Configuring pfSense for radius or two-factor authentication can enhance security by preventing unauthorized access to our environment. These features are among the reasons I appreciate pfSense.

pfSense offers a centralized view of network data, but its built-in dashboards are sufficient for many users. As a fan of Grafana, I prefer a consolidated approach and could utilize pfSense data through either Prometheus or InfluxDB. However, extracting all data for central aggregation, as I'm accustomed to in threat management, aligns more with my preferred workflow. Nevertheless, the ability to customize dashboards within pfSense to monitor firewalls, DNS, and other critical services is valuable and meets the needs of many users, including those focused on point-of-service operations.

pfSense offers several features designed to minimize downtime, including failover, synchronization between routers, and ZFS snapshotting. While these tools effectively reduce downtime, I believe virtualization snapshotting and backups provide the best solution for my needs. Ideally, I would have multiple pfSense routers with a redundant setup, but budget constraints currently limit me to virtualization. Ultimately, the best approach depends on individual requirements and resources.

pfSense provides visibility that enables me to make data-driven decisions.

pfSense's visibility into system performance enables optimization at various levels. The initial user interface provides valuable information about RAM usage, active services, and general health. In contrast, more advanced users can access in-depth kernel-level data for granular insights into system behavior. By offering tools for novice and experienced users, pfSense empowers practical understanding and management of system resource allocation.

I appreciate pfSense's foundation on FreeBSD, which enables me to leverage additional FreeBSD packages for expanded functionality. WireGuard, a core feature I constantly rely on, facilitates my home and mobile devices' constant connection to my home network, allowing complete traffic monitoring and filtering. I value Pia ad-block's effectiveness in network traffic filtering, ad blocking, and malware prevention. Unbound's flexible DNS server complements the robust firewall, which is user-friendly and flexible for rule creation.

I've encountered persistent issues with the solid-state drives built into pfSense hardware devices. The devices consistently malfunctioned despite repeated attempts to resolve the problem, including complete reinstallation. Power outages significantly contributed to the issue, as frequent system corruption occurred following these events. Even after reformatting, bad sectors persisted on several drives across at least three purchased devices. Unfortunately, this has rendered some units utterly unusable due to recurring disk corruption.

While there seems to be support for virtual environments, I believe some modules specifically support VirtualBox. Unfortunately, I've had to customize my own setup again. To accommodate users on platforms like Proxmox, I need to install the QEMU Guest package to provide native support for such environments, similar to other open-source virtualization solutions like KVM. Out-of-the-box QEMU Guest support would be beneficial. I appreciate the inclusion of Suricata, Snort, WireGuard, and Telegraph, which work well behind the scenes. The Prometheus node exporter is also present. Having used pfSense for a decade, I continually discover new functionalities. Surprisingly, some features I needed were already available, but better discovery mechanisms within the product could help users explore them. I would like to see out-of-the-box QEMU support.

I have been using Netgate pfSense for ten years.

Stability has been a concern for me. Hardware-wise, performance has been inconsistent. Software stability has also been an issue, particularly during significant upgrades. I've encountered various problems that required troubleshooting. However, I've noticed a substantial improvement in stability and ease of use for upgrades and patching over the past year or two. While there have been occasional setbacks, such as with the new packet exporter feature, pfSense has become much more reliable overall.

The scalability is good because I started with a simple network, WAN, and LAN setup and expanded it to multiple LANs, VPNs, and internal networks.

Technical support has been good, especially for hardware issues. Whenever my image was corrupted, I could always count on them to send a new NISO image within a few days without questions. However, I don't need much support for configurations or other technical aspects as I prefer to experiment and learn by trial and error in my lab environment. That's the fun part for me.

Positive

I was going to move to OpenShift, but I never made the jump. Eventually, I think my saving grace was my ability to virtualize pfSense. Once I do that, I can bounce back from misconfigurations or something wrong. I have had no problems with pfSense since I got off the harness.

A skilled networking engineer unfamiliar with pfSense can easily configure a firewall. Setting up a NAT barrier between internal and external networks is straightforward; this functionality is included by default. VLAN configuration and other initial setup questions are addressed during the product's initial setup process, the specifics of which depend on the intended use case.

The average time to set up one pfSense box is 15 to 20 minutes.

One person is enough to deploy pfSense. 

I prefer the software licensing model. In contrast, hardware costs can be substantial; I once paid around $400 for a piece of equipment, perhaps two or three years ago. I believe they've made improvements since then, although I can't recall the exact model number, as I moved from the smaller SG 1100 to the SG 2100 to accommodate more advanced features requiring additional RAM. Unfortunately, I encountered another hardware failure with the latter.

The cost of ownership is low, especially when purchasing the pfSense Plus and virtualizing it.

I would rate Netgate pfSense eight out of ten.

I use the paid version of pfSense because I constantly was replacing faulty hardware. The previous physical appliances struggled to handle the network load, so I switched to a virtualized solution.

pfSense can be essentially set and forgotten in basic configurations, but utilizing advanced features like Suricata IDS and TF blocking necessitates regular maintenance to ensure rule updates and system synchronization. Consistent care and attention are required for optimal performance in these scenarios.

I recommend that new users keep things simple with pfSense. While I enjoy pushing my products to their limits, simplicity contributes to a more stable system overall.

The benefits I have seen in my organization from the use of Netgate pfSense rewards around the fact of how quickly we can implement changes that are needed with the tool are definitely one of the main things. Overall, we have experienced less downtime with the tool. In my organization, we have had downtime with Cisco. Overall, we have noticed some performance increases as well with the use of Netgate pfSense.

The solution's most valuable feature is that I really like the third-party add-ons, as they give the firewall a ton of flexibility and extra functionalities.

My organization plans to solve costs-related problems by using Netgate pfSense. We were using Cisco's firewall products, and the license and hardware costs were just too high. With Netgate pfSense, I think we can get a full firewall tool with support and no need for licensing for under 5,000 USD, saving a ton of money.

There were no specific security issues or challenges I was trying to address using Netgate pfSense.

In terms of the overall flexibility offered by the product, I would say that it is very easy to implement, make changes, and adapt to different challenges that we may have with it. It offers a lot of different options, including VPN options for site-to-site client VPNs. Overall, it is a great tool. It is a highly adaptable solution that is, most importantly, very easy to implement.

It is extremely easy to add features to Netgate pfSense and configure them. If you are talking about third-party stuff, it is something that is within the firewall itself. You can go into the Package Manager and install it.

From a configuration point of view, it is extremely easy to use the tool. With third-party stuff, it can be a pain, but overall, it is extremely easy to manage Netgate pfSense since it is mainly a GUI-driven tool. It is super easy to configure overall.

If I assess the solution for helping our organization prevent data loss, I think it has been great for us. Everything has room for improvement, but it has been great right now.

Netgate pfSense provides our organization with a single pane of glass management. The tool offers great flexibility and is awesome. In our organization, we haven't had any issues with it. It just makes changes that need to be done extremely quickly and efficiently by the end of the day.

I have worked with Netgate pfSense Plus. I buy the hardware from Netgate, and it comes with pfSense Plus.

Netgate pfSense Plus provides 100 percent features that help minimize downtime. In extreme situations, implementing connections that were super helpful in the past and just the ease of deployment, the product offers is helpful since even if something happens to the firewall itself, I can have a virtualized firewall doing the same thing within less than an hour. It can help with that downtime. I know that Netgate pfSense is extremely reliable and a great tool.

Netgate pfSense provides 100 percent visibility, enabling my organization to make data-driven decisions. Netgate pfSense is very much configurable. It gives you 100 percent of everything you need to make decisions. It gives you details of all kinds of different graphs, traffic, and firewall rules, along with the things that you definitely need in the form of the data that you need to be able to just make quick data-driven decisions.

Netgate pfSense visibility helps me optimize performance. The data is just so easily accessible that you can make decisions very quickly. It also helps improve performance. In our organization, we have noticed a very noticeable performance increase since we shifted from the old firewall from Cisco to Netgate pfSense.

If I were to assess the total cost of ownership of Netgate pfSense, I would say it is extremely low and affordable. I think it is a really very simple and extremely budget-friendly tool.

In our organization, we have had such a good experience with Netgate pfSense over the last four years. In terms of improvements, I have not really thought much, to be quite honest. Maybe faster releases for the software or the firewall itself can be areas where improvements are possible. The tool is just a little bit slow to release patches, so it is probably one of the things where the tool can improve. In general, the tool is not bad at all at the end of the day.

Speaking about whether any enhancements are required in the tool, I would say that the tool has everything that we need for our usage. We have an extremely complex environment, the most complex of which is how we use Netgate's BGP to connect to our ISP. Netgate pfSense is extremely feature-rich for our specific use scenarios, and we have not encountered any shortcomings in the solution.

I have been using Netgate pfSense for around four years. The box itself says Netgate pfSense XG-1540. I don't remember the software version we are using right now, but all I know is that I keep it up to date. In my organization, it will be the latest version of the product.

I have not faced any issues with the stability of the product. I have one firewall in a very bad physical environment. It was very dusty, but it has been 100 percent reliable.

It is an extremely scalable solution.

In our school, we have close to 1,800 students and 210 teaching staff overall. With administrative staff, I think there are about 50 people.

I have the tool in different locations and on different campuses.

If I can call someone from the product's technical support team, l can have a technical person on the phone with me in less than five minutes. If you have any questions for them, they will come and try to give you the answer as quickly as they can, and if they don't have a reply, they will reply to you later via email. For the amount that it costs per year, the level of service that you get is unbeatable, honestly. I rate the technical support a ten out of ten.

Positive

The product's initial setup phase was extremely straightforward.

When we deployed the product for the first time, we went through its documentation and how to do things. Otherwise, the strategy is usually based on the fact that we have four campuses, and they run in a similar manner. At least for us, we have a master configuration sort of thing, which we can kind of load into Netgate pfSense and make the small changes that we need, like VLAN changes and small things that apply to the location that the device will be deployed to, and it takes less than probably an hour or two to kind of have a firewall deployed working with the bare minimum, which is extremely fast compared to what it takes with Cisco.

In terms of maintenance, it has been pretty much like we do the setup and then forget it. The firmware updates, or physical maintenance, like cleaning the device, are there. From a greater overview, it is just kind of a set-it-up-and-forget kind of solution for us.

The product's deployment was done in-house, and it involved just me. The enterprise-level support from Netgate helped my organization a lot, especially during the first two deployments, but after that, it was easy.

Personally, I do not have any metrics or data points associated with the ROI that I can share with anyone. My CFO is the person who has information related to ROI.

In our organization, the whole point of moving to Netgate pfSense was that we wanted something that wasn't hard to use or where the licensing wasn't so expensive. We looked at different open-source options, but I can't remember their names. We also looked at UniFi's firewall, but Netgate pfSense came on top for us, considering the support provided and the fact that Netgate's team is the main set of people that keep up with pfSense's open-source project. With Netgate, we work directly with people who use Netgate pfSense, and it is great. We did look at other options, one of which was UniFi, but I cannot remember the name of the other alternative to Netgate pfSense. I think it is called OPNsense.

Suppose I compare the other tools I evaluated with Netgate pfSense, and I feel that the pros of pfSense revolve around the area associated with the product's cost in terms of hardware requirements and licensing. There are no existing costs for the licensing or the hardware. You can deal with the licensing part yourself and get it at a cheap rate from elsewhere or buy it from Netgate's boxes directly from the solution company. Another pro would be the ease of management the tool offers since it is possible to have everything that you need in the GUI, which is a little bit controversial because a lot of people like CLI, but sometimes you need to get something quickly without having to have hundreds of different things.

I haven't come across any cons in the product since most of our company's scenarios are simple and small since we are just a school compared to what other big companies have. Everything that Cisco's firewall was doing for us, Netgate pfSense's firewall does for us for a fraction of the cost and even offers a better performance. I would not know the tool's cons since I do not have anything on my mind right now.

I do not use Negate pfSense Plus on Amazon EC2 VMs. In our organization, we are using Negate pfSense Plus on Netgate's hardware. We use Netgate pfSense XG-1540.

To others who plan to use the solution, I would say that the support offered by the product is 100 percent worth it. The enterprise support is also extremely worth it. In a general sense, if people don't know much about implementation, they just need to read the documentation because many things, like the GUI part, could throw some people off. If you come from a CLI-based tool, the GUI aspect can throw you off, and I know it since it threw me off a little bit initially, but we were able to get through the implementation phase very thoroughly as the tool offers great documentation. By thoroughly going through the documentation, you will have a fairly easy time configuring the tool very methodologically. I really don't think I would recommend anything else apart from the fact that others need to read the documentation and take their time.

I rate the tool a nine out of ten.

It's a straight-up front edge router used in various scenarios for front-ending multiple websites and multiple web applications for various marketing scenarios which require certain back-end firewalling that you would need to utilize. We found that it works much better than others. It's not like the Ciscos, which, at the time, were incredibly expensive and difficult to work with unless you had a CCNA who was programming it for you.

I was looking for routers that were capable of doing multiple firewalling, which it does. We wanted it for setting up demilitarized zones and setting up some failover for WAN for the internet. We looked at that, and we played around a little bit with Untangle. pfSense was just far easier to get configured and working, and there were no hidden costs or fees involved, which made it very nice to use.

They have a whole section of package management that you can add stuff to. We use pfSense to do a little bit more than what we would or what I would normally do today in a medium to large enterprise.

The flexibility of pfSense is fantastic. You can use it in a number of situations. I have it running on my home Netgate. At the same time, I can just put it on a slightly larger machine and run a massive, highly trafficked web environment. It will run anywhere.

It's easy to add features to pfSense and configure them assuming about web networking and routing and traffic through an edge router scenario. For a home user, it's probably a lot more than they would get through, but they wouldn't need to since you can just install it, and it just works right out of the box. Just about everything is easy. It's extremely well documented, and the amount of help that's available is fantastic.

I saw the benefits of pfSense immediately. When you need your router to do something more than, for example, a store-bought router for home, you immediately see it since now I can do things. I can set up multiple LANs. I can create a firewall between the LANs. I can open up a full demilitarized zone or just port forward into specific LANs and have the LANs porting between themselves in various ways. You don't get that stuff in your normal consumer-grade solution. You have to spend a lot of money to get a serious data center router - and on top of that, you need to get somebody to program that from the command line, which is very expensive. In contrast, pfSense has a graphical user interface, which makes it all very straightforward and easy to use to set up some pretty sophisticated routing scenarios.

I don't use pfSense to prevent data loss as I have backups, both on-site and off-site backups. It's effective for preventing data breaches.

pfSense gives users a single pane of glass as a type of management. There is everything in one instance. It has a graphical user interface. It'll come up with a dashboard that you can customize to put whatever you need to see up on there. I can customize the dashboard to show me the most important things to me. It's incredibly intuitive.

Managing multiple devices is easy enough. You just log in remotely to the device, and it's all connected through the IP. It's really quite simple.

There are two versions of pfSense: the community edition, which is free, and the plus version, which is paid. I'm using the paid one presently.

The solution minimizes downtime. Once it's configured, it works. I don't have to worry about it. I fully know it backwards and forwards since I've been using it for 15 years now and it pretty much just works. I have certain instances of pfSense that haven't even been rebooted in years since it's up and running and it keeps running, and it runs well. I rarely need to touch certain my installs after they've been set and configured.

The solution provides visibility that enables data-driven decisions. It has logging. It has intrusion detection systems, which will give you a whole lot of data that you can make decisions on. For example: Who do I need to block? Is somebody trying to attack me? It'll allow me to collect all that information to make critical decisions regarding exposing certain resources to the internet.

pfSense helps optimize performance in combination with the hardware that it's running on. That will determine what kind of performance you're going to be getting out of the box. It's a very lightweight software package. Depending on the hardware, you can hit it with lots of traffic, and it won't even hiccup.

I would like to see more active updates coming out of the developers. I like the FreeBSD. That said, the developers in FreeBSD are less productive than what you see out of the Linux community, where there are millions and millions of developers. Being FreeBSD-bound, it seems they're short of developers who have to specialize in that operating system.

I've used the solution since 2009.

The solution never crashes and never lags. It works. You fire it up, and it will work for the next 50 years. As long as the hardware is working, pfSense will just go on and do its thing.

Scalability all comes down to hardware. When you put pfSense on more robust hardware, it performs pretty well. 

For the paid version, if I have an issue, I need to open a ticket. Before I had my business going, I used the community, and it worked it worked just as well. I haven't had a need to call support. However, I pay for pfSense Plus support in case something happens that's over my head that I need to speak to an expert about.

I contacted them when I had a question about a Snort setup, which is for intrusion detection and prevention. It turns out you have to contact their specialist, and that Snort requires you to pay extra for that help. It's a third-party plugin for pfSense. However, in relation to pfSense, issues, I have not needed help. 

I've used Untangle and Cisco routers, and I've tried OPNsense.

I prefer pfSense. I'm comfortable with it. It's rock solid. I've never had an issue with it. I tell it to do something, and it does exactly what I tell it to do.

I have purchased NetGate appliances for customers. For my business, I have hardware that I've repurposed for pfSense.

The initial deployment, either way, is very easy. It would probably be easier than most commercial routers that people buy.

A simple instance where you're just using a firewall router with one LAN can take less than five minutes. You just install the software. It picks up the WAN IP and gives you a LAN IP, and it's up and working as quickly as the software will install, which is usually less than five minutes on most devices and most hardware.

I do the deployments myself. I don't see where a team would be required for this. It's just a firewall router. If you need a complicated setup, it might take one person, a couple of days of planning, and then implementation. That said, I don't see where you would need a team to do that unless you're installing a bunch of other network hardware at the same time, multiple switches, or a ten-gig, one-gig type of scenario. However, that's not a pfSense issue.

In terms of maintenance, generally, there is none. It will update itself. I see very few critical security updates. Most of them are our feature updates. I have certain installs that have been running without rebooting for five years, and it just installed them. Mostly, I'm leaving it alone.

The pricing is reasonable for what it is. I usually put it on my own hardware. The licensing for me is relatively inexpensive for what I'm getting out of it.

The Total Cost of Ownership (TCO) is fantastic. You can use the community edition and get expertise from the manufacturer. It's quite reasonable. It's quite a good setup.

I'd rate the solution nine out of ten.

I'd advise potential new users to install it, plug it in, get to know it, log into it, and you'll start to see how easy and robust it is. The more you use it, the more you learn, and you'll like it as much as I do.

I use it as a firewall and router. I use it in a few locations. I have three pfSense products.

I like that I can geofence and block different countries from accessing my network.

The flexibility is very good.

I noted the benefits of pfSense within a year. I had it on my VM for a year and then put it into production. 

It's good at blocking malware and DNS attacks. I don't use it for data loss prevention.

The solution gives me a single pane of management. Everything is accessible from the dashboard.

It provides features that help me minimize downtime. I have a WAN, and if any of my WANs go down, it's okay; I have them connected to pfSense. 

It helps me make more data-driven decisions. 

With pfSense, I can optimize performance. 

I don't really need too many features. I just use it as a plain firewall. I like to keep it clean. I don't like to run too many things on it.

The configuration can be a little difficult. You need to know the system a little bit. Even now, I do have one in a VM where I test my stuff, and then implement it into production.

They could make it easier to configure packages. They could have a wizard that helps you out a bit more.

I've used the solution for more than five years. 

I haven't had any issues with stability.

I haven't had issues with scalability. It's easy to back it up and load the backup.

Technical support is fast to respond. However, I did have to eventually pay for them to help me out. I had some problems with the firmware. Someone remote into my appliance and fixed it. They patched it up and now it's working fine. 

Positive

I've used OPNsense and SonicWall previously. 

While pfSense has more features, OPNsense is a lot easier to use. 

I have the solution as an appliance. Deployment for a device is a little bit hard, so it can take a few days. 

Maintenance is required every few days.

I did not have any help from outside consultants. I manage the deployment myself. I was able to eventually figure it out myself via forums. 

I like the fact that there is a free version. I'd like the entire offering to be free. That said, it's 100% worth the cost of ownership.

I use both the paid and community version.

I'd rate the solution eight out of ten.

I would advise new users to test it before implementing it in their environment.