I use the solution in my company since we operate as a managed services provider that provides security solutions to our customers. I was looking for a device that had the required features my customer wanted, and that fit their budget, so Netgate pfSense is a product that clearly fits this space. Our company has started to deploy the tool for our customers.

In terms of the benefits of the tool for my organization, I am not an end user of the product. My customers use the tool, and what they have been able to achieve using Netgate pfSense is that they are better able to control their spending on internet services. Without Netgate pfSense, users can just take up the whole bandwidth from the network and make it difficult for other people to work, but with the bandwidth control feature, including the built-in functionalities in the solution, you can control what individual IP addresses on the network can do, thereby bringing in more control. My customers have even told their other MSPs how they need to increase their bandwidth, whereas what they needed to do was just control what they already had in Netgate pfSense. Controlling the bandwidth has brought savings to my customers, and it also helped them to have a better user experience with the internet services that they were purchasing.

The solution's most valuable feature is that it is a highly configurable tool. The tool has a lot of options, so there is literally nothing you cannot do with it, but you have to know your way around the product.

The problems my company's clients wanted to resolve by implementing Netgate pfSense were that they wanted a provision for enterprise network security, static control over load balancing, and failover. This area is typically the use case for our customers.

If I assess Netgate pfSense's flexibility, I would say that it is a highly configurable tool, which means there are many options. It has a lot of flexibility in terms of configuration. You can write different rule sets for different traffic types and scenarios. On the same firewall, you could have lots of variety in how you want to handle traffic.

If I want to add features to Netgate pfSense, I would say that because the structure is modular, there is an app store where you can download whatever feature sets you want but are not included by default in the tool. The tool also supports many third-party plug-ins. It is possible to add features to the tool.

Netgate pfSense provides a single pane of glass for management with a customizable dashboard. You can customize the dashboard. Any handy modules you want are possible on a dashboard with a single-view window where you can see what is going on, and it is customizable.

The single pane of glass management feature has an impact on operations since it simplifies management because, typically, my company is not on the customers' premises, so we need to have remote access to the firewall. The people who are doing the back-end monitoring have a single view, which makes operations easy because, with one single glance, you can tell if there is a challenge or not in the tool.

Netgate pfSense Plus is what came on the device that my customers purchased by default.

In terms of whether Netgate pfSense Plus helps minimize downtime, I would say that the main difference between Netgate pfSense and Netgate pfSense Plus is the availability of enterprise support. When I have issues or bugs, I have someone to go to and say that something is not working and ask what we can do about it, after which I can get a response. When it comes to Netgate pfSense and Netgate pfSense Plus, the software is almost the same. One of the versions comes with enterprise backing, so I have some support and OEM support instead of relying on the community. I have a proper company I could talk to about any challenges my customers and I may have. The support does help reduce the downtime. I haven't actually had any downtime with the tool on my customers' end. I haven't had any downtime using the tool.

In terms of whether Netgate pfSense provides visibility that enables my company's clients or me to make data-driven decisions if we don't speak of specific use cases, I would say that it is typically a next-generation firewall that does bandwidth control and provides IPS and IDS features. For instance, if my customers wanted to have an idea of how much internet traffic they are using, then Netgate pfSense would give you graphs that you can export and do further analysis. I don't think the tool's use cases are tied to data or data analysis.

I can’t get any area where improvements are needed in the tool off the top of my head. I haven't had any challenges I couldn't resolve between myself and the support. Maybe Netgate needs to see if a medium-level Netgate pfSense Plus can be created for smaller organizations.

Most of what I need is already in the tool. If there is any need associated with it, I will be sure to report it to the support team.

I have been using Netgate pfSense for two and a half years. My company serves as an MSP for Netgate pfSense.

The only area to consider is that sometimes when there is an upgrade, there may be some changes. But when you have uploaded a stable version of the firmware, the operating system, I think it is a very stable tool. I have not had any issues around stability. Stability-wise, I rate the solution a seven out of ten.

I deal with clients in areas such as residential, government organizations, and medium-scale businesses. I have one customer in each category, which includes small, medium, and large businesses.

Normally, when it comes to the size of hardware before you make a purchase, due diligence is required to see that the device would be able to handle the current requirements and have some room for growth. With the solution itself, I don't see the need to discuss questions related to its scalability because that would be a function of the hardware and the size of the network where you are deploying the tool. Typically, if you have a huge network, you need to make sure that you have the equipment that can handle that volume of traffic from the on-site. The scalability aspect is not really a good assessment criterion to use to measure the tool. If I put things into a certain context and say that we have a network that has around 100 people, then you don't put up a device that can manage 100 people. Instead, you need to get a device that can manage 150 to 200 people, and then you can create room for growth. If you don't follow these steps, you will have to change the device after some time.

The solution's technical support team is okay. They respond quickly. I have only had the need to place two support calls in all of my dealings so far, and they were able to figure out my issues and resolve them very quickly. I rate the technical support a seven to eight out of ten.

Positive

In our company, we typically deploy a mix of security products that we prefer. At our organization, we have Sophos, Fortinet, and Netgate pfSense. Sophos, Fortinet, and Netgate pfSense are pretty standard. Netgate pfSense has all of the features that Sophos and Fortinet have, but what is more, it can be used without having to have separate licensing. Netgate pfSense really beats the other tools hands down in terms of price because there are no individual license costs for the features that you want to use. In Sophos, certain features require separate licensing. Netgate pfSense's advantages over other tools in price make it a top choice over the others. In our company, we have some customers who are particular about products, and for such customers, we provide them with what they request. For those who don't mind trying something different, Netgate pfSense is our default choice.

The product's initial setup phase is straightforward. The complexities in the deployment are produced by customers who do not know exactly what they want. Some customers have requirements, and my company needs to sit with them and streamline certain areas. The integration and the configuration are not the challenges associated with the tool.

The solution is deployed on an on-premises model.

Typically, if all the configuration information is available, the tool can be deployed in a maximum of two to three days. One can have the standard installation done. The deployment procedure can be done assuming one day for the configuration and the second day for rack mounting. The process is quick when the customer has all of the information they want configured in hand. For some of them, the tool is typically deployed over a period of a few weeks because they don't know or have not decided how they want to implement a particular feature. Still, it would not be a delay from Netgate pfSense's end but rather a delay from the customer side.

I would not call it a cheap tool, but it is very cost-efficient. I don't see any product that gives you the same functionality within the same price brackets offered by Netgate pfSense. There is hardly any need to go to the open-source firewalls, especially with the ones that are coming back, and there are no enterprise security products in the price range that Netgate pfSense falls under.

If I assess the total cost of ownership of Netgate pfSense, I rate it as an eight or nine out of ten.

I don't use Netgate pfSense Plus on Amazon EC2 VMs, and I haven't had a customer who wanted to deploy the tool on the cloud. Most of them purchase and install their hardware directly from Netgate.

The maintenance of the tool's equipment is done once or twice a year just to blow out some dust and make sure it looks physically okay, which is nothing outside of what the regular network devices require. It doesn't require any special maintenance.

I would recommend Netgate pfSense because it is one of the products that my company markets to our customers.

As I have existing customers that use the solution, they serve as a reference point for my new customer. I tell others that I have deployed Netgate pfSense in a few official organizations, their use, and the problems that it has solved for them. I have case studies to speak about. If someone wants to go for a proof of concept, it is something that is doable.

I rate the tool an eight out of ten.

I use the solution in two ways. I deploy it commercially and I use it in my home lab as well. 

It's very easy to deploy. It's nice when you've used something for a while. You get comfortable with all of the benefits. I know what I'm doing. I'm very familiar with the product.

The addition of packages makes it very customizable. The flexibility is very good. Not all firewalls out there have that. Typically, you are tied into three or four different plugins. pfSense, however, allows you to add more than the standard handful others offer. 

It's easy to add features and configure them.

They do improve it consistently, which makes me want to return to it over and over as a solution. 

It just introduced, with the latest revision, the ability to save your backups incrementally as well as go back and make changes. I can go back to a particular backup, and that's quite useful.

The solution does prevent data loss. You can pick up your configuration files consistently, whether you want to do it daily, monthly, hourly, et cetera.

Users can manage everything under one single pane of glass. 

I also use pfSense Plus. It provides good features that help minimize downtime. The updates come quicker to Plus, which is helpful. It also helps optimize performance. Having the pane of glass offers consistency in terms of finding things. The UI is very intuitive.

Updating some of the packages can be a bit difficult. It's hard to stay on top of them all. There also might be a bit of a lag on updates.

If they could get to something like Meraki, where I could remotely log in and not have to deploy a package to do that, that would be nice to have. 

It would be helpful if they had more documentation. Some online details seem out of date and you have to spend a lot of time going through forums to uncover what everyone else is doing.

I've been using the solution for probably ten years. 

The stability is very good. I'd rate it nine out of ten. 

Most of my clients who are users are under 50 users. I handle mostly SMBs. I'd rate scalability eight out of ten.

Technical support is awesome. I haven't dealt with them a ton, however, every time I do, via email, within an hour, they've responded. 

Positive

I've used Cisco Meraki over the years. It's a bit different. There's also a cost factor. 

I've also tried OPNsense. I didn't like the look of it after using pfSense for so long. 

The initial deployment is straightforward. It's awesome. I always bench test it before deployment. I do it through my office, not on-site, to go through the various variables that could make things go sideways. 

The implementation only takes about a day. I can manage the process by myself. I don't need a team. 

A majority of my deployments are for home users.

There's not a lot of maintenance. You just want to keep packages updated when the time comes. 

I have witnessed an ROI from a remote perspective. I'm able to remote in for some users and fix any problems that way.

The solution is fairly priced. The total cost of ownership is pretty good. They do offer appliances as well and those are quite cost effective. 

I'm a consultant. 

I'd advise new users to learn at home first and play with pfSense just to get used to it. 

I'd rate the solution nine out of ten.

The solution is primarily used for anything to do with security. SMEs are using it to protect their businesses.

The companies we work with are fairly generic. What we see most is companies using the solution since it's affordable.

The price point is the most valuable aspect of the solution. Customers really value that.

Customers value the following features:  

• It's highly configurable
• It's flexible. 
• The features are easy to use.

The interface is somewhat challenging if you compare it to other commercial products. If you compare it to something like Sophos, where someone with decent firewall knowledge can get it up and running in a very short time, you need to be a fairly skilled security worker for this product.

Configuring the interface can be a bit hard.

We've found working with SAP networks challenging. The model that they have in terms of partner networks works very well in the US. However, it's very challenging in our part of the world. What works very well here (Kenya) is a distributor-reseller model, where you have the vendor appoint a distributor. Then the reseller can quickly serve the client. The partner support could be better here.

We've been selling the product for two or three years. 

The solution is quite stable. I'd rate stability nine out of ten. I rarely have a failure.

We largely work with SMBs. 

Support is excellent. 

Positive

We have used other products as well in the past. For example, I do have knowledge of Sophos. We are a reseller.  We've had it longer than pfSense. Sophos is a bit easier to set up. pfSense pricing is very good, however. It does need a more friendly UI.

The initial setup is a bit complex. There are other products that are easier to set up. The installation is not a problem, however, the complexity comes in with the configuration. The installation itself, which is basic, won't take long. The configuration process is longer since it can be from challenging to quite complex. 

There is some maintenance required. There are updates every quarter. Previous to the last update, you couldn't do an update without breaking. It's easier now, however, there is still maintenance. 

The solution is cost-effective, however, that does come at a cost to the client. They do have to buy the product in the US and ship it to Kenya. The total cost of ownership, including acquisition and support, can be quite competitive. 

We are resellers. 

I'd recommend the solution to other users.

I'd rate the product seven out of ten. There are a few challenges. However, it is stable and offers good support. 

We use pfSense for firewall, ad-blocking, and IPS functions. We have two pfSense instances on Dell hardware, and one exclusively does IPS/IDS. I have the firewall features turned off on that. The other use case is for the firewall features, reporting, and VPN.

The first benefit is that pfSense offers an affordable firewall solution. It's open source and available on any platform. If you wanted to pull an old machine out of your garage, you could set up a pretty decent pfSense installation. Having learned a little more about pfSense and some of the additional packages that can be bolted onto pfSense, I've used it now for quite a few different things.

I haven't had any particular instances where I felt I was under attack or the firewall was somehow inadequate. I feel very comfortable that this will do everything to protect data. The initial deployment was positive, and we started seeing the benefits within a couple of hours.

The pfSense Plus has vetted rules and software releases from Netgate. Having that extra layer of accountability from Netgate with the Plus features is a positive. 

I like the VPN features. We use WireGuard, which is part of the pfSense package. That was easy to set up, so I could connect to other customer sites seamlessly. Is there such a thing as being too flexible? It's a highly flexible platform, especially regarding support for third-party packages. It's almost like you're overfilling your grocery cart, and items are all falling on the floor. You can add too much to it. 

The single pane of glass management could be better. For example, it relies on several additional packages to provide some of the features advertised as part of its capabilities, but those packages are not visible directly through the initial pfSense dashboard. 

It is easy to add features, but configuring them takes a lot of knowledge. I would like to see an additional wizard added to pfSense when you add some of their other packages. You can add a package from pfSense to do a particular task, but you need to be a product expert or willing to spend time on the Internet for hours and hours to figure out how to configure some of those features correctly. 

We have used pfSense for about one year.

We haven't experienced any crashes or performance issues. I have pfSense loaded up with third-party packages, and it's just rock solid.

We're a small shop, so I don't have much experience deploying it in bigger, better, faster scenarios. 

I rate Netgate support nine out of 10. They were very responsive. It took some getting used to because I always used phone support. I love phone support. I like talking to people, but the support level that I paid for was email. They were on it fairly quickly. It was a licensing issue, and they told me exactly what the problem was within 24 hours.

Positive

I've used Cisco firewalls before and found them very complicated. You don't know what you're doing, and it's dedicated hardware. I've used some other common off-the-shelf products, such as Netgear and Linksys. I thought pfSense was the best fit.

The initial deployment of the pfSense firewall is easy. It took nearly four hours, including the additional configuration tweaks. We're a small environment, so it was pretty straightforward

After deployment, it doesn't require much maintenance. It's essentially fire and forget. I chose to do the updates manually, but you can set it to update automatically. I should note that I chose Dell platforms to run pfSense because there's a lot of industry knowledge regarding the combination of Dell and pfSense. Anyone deploying some no-name hardware from other companies will probably run into some trouble.

PfSense is affordable. I appreciate that it's based on a support requirement instead of bandwidth or users. We're pretty small, so we don't touch many of those levels that they might have. 

Since I'm using my own hardware instead of a Netgate appliance, this is the most bang for your buck you can deploy. I pay for the Plus and feel the benefits behind the software and configurations. The average user might be fine with the community edition, but I wouldn't go that route for a production environment. I think this is a cost-effective solution. I can amend it to manipulate the various hardware configurations without much pushback from Netgate. 

I rate Netgate pfSense nine out of 10. I highly recommend it. It isn't a perfect solution. It's a little difficult to configure. If you can afford it, I would pay for the phone support.

I have the Netgate 6100 firewall with pfSense at my house, and I also have several business clients on it. I use it for site-to-site VPN from one doctor's office to another so their PBX phone systems can replicate across the network. 

PfSense helps prevent data loss. It's a firewall, so unless you open ports, they are completely closed off, and nobody will crack into your network. You can set up various rules that will let you know if you have an intrusion or block an IP address, country, etc., for malicious threats. 

I haven't experienced any downtime with the 6100, but I've had problems with the Netgate 2100 appliances. One of the data-driven procedures is performance. If you make a change, your traffic comes up almost immediately. If I had to compare pfSense to SonicWall, I probably wouldn't use SonicWall based on the boot time. When you have to restart the system or something like that, pfSense is quick, whereas these other firewalls will take 10 minutes to come back online. 

The visibility pfSense provides helps optimize performance. Some of the stuff is visible in their charts and graphs. You can see their traffic moving in real time. That's beneficial to me, especially if I'm looking for something. For example, if you're looking for an IP address that's seeing a lot of data, you can narrow it down to what device it is.

The most valuable aspect of pfSense is the community. If you have a question, you can post it on the forum. The backups are also good. I restored it from a hard drive recently and was back up in 10 minutes. 

I like pfSense's flexibility. It lets you install it on multiple applications, such as a VM, appliance, or white box. For a short time, the community edition had a free upgrade to the Plus edition, so you could technically download the version and convert it into a Plus version. They offered support there for a while, but I don't know if they still do. 

If you log into it, it is a single pane of glass, but the features are scattered everywhere. If you make a firewall rule and you run a port, it will automatically make the firewall rule for you, so you don't have to do that. That's convenient versus some firewalls where you have to make the net rule, then you have to make the firewall rule to allow the net to operate. 

It's easy to add features, but some require configuration. Depending on the feature you're adding, that can be tricky. I wish their GUI were easier to use because it's always been scattered instead of having everything in one column. You have to click one thing to get something to work kind of like UniFi. You have to be a little techie to get it working as you want. The only other problem I've encountered is that sometimes it has buffer bloat, and you have to go in and change some firewall limiter rules to get the bloat to go away. Once you get it down and have done it a couple of times, it seems fairly straightforward. 

If the GUI interface were better, that would be a huge benefit. There's a fork of pfSense called OpenSense with a far superior interface. Everything's in the left-hand column. When you click on one item, you see everything listed under a single tab. You don't have to jump back and forth through the program. 

Everybody is sometimes scared of open firewalls, but they get updates regularly. I check them all the time. I wish it had an app or some alert feature that you could set up. That would make it a little bit easier if something went wrong because you usually don't find out until the last second.

I've used pfSense for 10 to 15 years.

PfSense is highly stable. I don't typically have any crashes. Usually, it's hardware problems, such as a hard drive or memory chip. Beyond that, I have had no issues with any appliances that pfSense installed.

The scalability is good because if you have two identical devices, you can do high availability, so it's highly scalable. 

I rate Netgate support 10 out of 10. Netgate technical support is just phenomenal. If you pay for support, they're on it right away. I've had to call them a couple of times and ask for a system image for some of their lower-end devices. I've noticed that an upgrade will sometimes break them. You can take the serial and model numbers, send them an email, and they'll send you the image. You just download the image, flash it over onto the device, and restore from the backup.

Positive

I've used UniFi's Dream Machines, FortiGate, SonicWall, and OpenSense. I've got one instance of OpenSense out there. They're all about the same in performance, but everything has its own learning curve. The learning curve of pfSense is higher than OpenSense because of the GUI, which is a little confusing and intimidating for someone brand new.

A brand-new user might be confused, especially if they don't have too much networking capability. If you have a white box and download the software, you need to configure everything, including the network interface card, but if you buy an appliance, you should be able to plug into a port and get an IP address. That's not the case with the community. It isn't. For those who want to dabble and play around with it, there's a bit of a learning curve there at the beginning on how to get it. They have some good documentation, but it's a little confusing.

I can have it running in 10 minutes. It depends on what you're doing and whether you have VLANs, which can be confusing to configure. But you can set up a simple home user with no VLANs in 10 minutes. For maintenance, it'll tell you if there's an update, but I typically wait a while before I do the update to ensure that it's solid. They do good testing on it, but I've had some problems where it breaks something else when they do an update.

The price of pfSense is on par with everything else. It depends on how big an appliance you buy and whether you're purchasing it directly from Netgate. Some rack-mounted systems are expensive—a couple thousand bucks. The one that I use at my house was $700.

The total cost of ownership isn't too high or too low. I think it's right where it needs to be. Obviously, with new appliances and faster technology, your prices will go up, but that's expected with any product you buy. It was all free when I first started using it, and you could put it in any box you wanted to buy. 

I rate pfSense eight out of 10. The reason I give it an eight is that the GUI needs to be cleaned up a little. I think Netgate would sell more if the GUI were a little more like Opensense. Before buying, I would test the community edition on a virtual machine and select an appropriate appliance based on your deployment. 

I use pfSense as our primary firewall and router. We use several functions of pfSense, including the OpenVPN capabilities for mobile VPN and pfBlocker for DNS blocklisting. We also use Snort for IPS capabilities. 

The solution helped us secure the perimeter against vulnerabilities. I'm confident in the team's ability to keep things updated and all the security holes patched. It also has security add-ons like IDS, IPS, etc. We realized the benefits immediately.

My favorite thing about pfSense is its overall stability of the product. It's rock solid and low maintenance. I like that aspect. It doesn't cost much, and it's feature-rich, including mobile VPN, pfBlocker, and IPS. You have the flexibility to deploy it as bare metal or VM. 

It's very easy to add features to pfSense and to configure them. The solution's management page offers a single pane of glass view. You can clearly see the various features on the main page, and it isn't difficult to drill down into the other sections for more details. 

I can't say which features Plus provides that the community edition doesn't. I only knew that the Plus edition was the path forward. I was previously on a community edition for many years, but I've been on the Plus edition for at least a couple of years now.

One area of improvement would be better communication. They kind of left a lot of people in the dark and misled them about the pfSense Plus Edition. I feel like they automatically switched people over and then followed that up with a required subscription model. That aggravated a lot of customers, including me, but I stuck with it regardless.

I have used pfSense for nearly a decade.

I rate pfSense 10 out of 10 for reliability. 

pfSense is highly scalable. The only limitation is the hardware you have behind it. As long as you can upgrade your hardware when you scale, pfSense will be able to support it. 

I rate pfSense support nine out of 10. I've typically gotten all the answers I sought when needed. They are highly responsive. I don't think I've ever had to wait more than an hour to get a reply. 

Positive

I wasn't involved in deploying pfSense. I maintain an existing one. For maintenance, you just need to periodically update to the latest version of pfSense Plus and maintain the different rulesets, such as firewall, IPS, and pfBlocker rules. 

The total cost of ownership of pfSense is rather low. After the recent subscription change, it doesn't cost us more than a couple hundred bucks a year. The only other thing I have to pay for is the business Snort license for the IDaaS IPS functionality. 

I rate pfSense nine out of 10. I recommend doing a white box deployment because it's easier on the hardware. I tried pfSense on a Netgate appliance and wasn't impressed with the performance compared to the white box I already had in place. I suggest starting with a spare server you have — Dell, HP, etc. 

I use pfSense for my home network firewall. I also manage two Cloud platforms that use it. 

Netgate pfSense is flexible allowing for modifications to meet our needs.

With my strong security background and experience managing pfSense, adding and configuring new features is a breeze. While some might encounter challenges, my expertise allows me to navigate them with ease.

pfSense impressed me with its ease of deployment and low maintenance. It excels in protection and firewall functionality and offers a wide range of add-ins to further customize my network. After considering alternatives like OPNsense and Untangle, pfSense emerged as the perfect fit for my needs.

The single pane of glass provided by pfSense makes it easier to determine issues related to attacks and what is being blocked. I can see live logging of the firewalls and what rules apply to what.

pfSense does a good job helping prevent data loss using Snort which identifies and blocks suspicious traffic before it enters our network.

pfSense Plus offers a visibility feature that helps me optimize network performance. The dashboard displays clear traffic graphs and device load information, and I can customize it to show exactly what I need.

The total cost of ownership is extremely reasonable. pfSense is a good option, especially for people conscious of recurring expenses.

The most valuable features of pfSense are the high availability that easily allows failover to a backup unit and the Snort integration with pfSense and WireGuard.

Netgate pfSense can improve by adding a different OS layer other than FreeBSD.

I have been using Netgate pfSense for ten years. 

Netgate pfSense has been stable.

pfSense's scalability is highly dependent on the hardware you choose, but despite this, it offers a strong ability to handle increased network demands overall.

In addition to pfSense, I have used OPNsense, WatchGuard, and Cisco. The WatchGuard rules were more straightforward than pfSense. New pfSense users might find deciding between floating and interface rules for specific scenarios confusing.

The installation is easy for those who are comfortable with command-line interfaces. It is quick and straightforward but they have to be careful when assigning the internal or external net because that can be challenging for some.

One person is enough to deploy.   

Netgate pfSense is competitively priced. The 4100 box is a good box for the price.

I would rate Netgate pfSense nine out of ten.

Before deploying pfSense in your lab, I recommend checking the pfSense forums to learn about any potential issues or considerations other users have encountered.

I'm an independent IT consultant specializing in pfSense router deployments. I use pfSense not only in my home and my parents' homes but also at ten of my clients' locations.

The pfSense router can be deployed on-premises, in the cloud, or on a hybrid platform, but I only deploy it on-premise.

pfSense's flexibility overall is excellent. I can't think of a feature that it doesn't have.

Once I got the hang of it, pfSense became easy to use to add new features. However, there are occasional complexities, like configuring a RADIUS server, which initially seemed overly complicated. Thankfully, the documentation helped me navigate the process successfully.

I immediately saw the benefits of pfSense based on the cost savings alone. The routers are low-cost, to begin with, and there are no annual licensing fees like those required by Cisco routers and other brands. I have replaced many Cisco routers with pfSense because of the ridiculous licensing fees.

pfSense, as long as it is properly configured, is excellent at helping us prevent data loss.

Netgate hardware devices come pre-installed with pfSense Plus, which means all of our installations benefit from pfSense Plus because they run on Netgate hardware.

pfSense provides visibility that enables us to make data-driven decisions. The package manager lets us add a lot more visibility. I use the softflowd add-on package, and there are a few other add-ons if we need more visibility.

The visibility provided by pfSense helps optimize performance. The data flows across the different subnets, which is helpful if there is a performance issue.

pfSense stands out for its full features and adherence to industry standards. Unlike competitors introducing proprietary variations like UniFi or Omada, pfSense prioritizes compliance. This is crucial in manufacturing environments where diverse systems need to integrate seamlessly. In such multi-brand settings, standard compliance becomes a critical factor for successful system interaction.

pfSense doesn't offer a central management system for multiple sites, which wouldn't be a big deal for most of my customers, who typically manage just one site. However, for larger companies with many sites, logging into each pfSense router individually to manage them could become cumbersome.

Previously, we were able to download an offline installer for our firmware. For example, if our router crashes, we must reinstall the OS. We would have it on a USB stick that is available to reinstall. Now, with the current version of pfSense, they are no longer providing an offline installer. We have to be connected to the internet to download the OS in real time, which, in some cases, is not possible. Some routers need to be air-gapped for compliance controls. They are not supposed to have access to the internet. In other cases, we can't disconnect the company's internet to connect the replacement router because that would take down the company. So we don't have a way to install the OS. I went back and forth with Netgate's support, trying to get that through their heads, and eventually, a manager gave me the offline installer but told me this would be the last one and not to expect this ever again. They have provided offline installers for 15 years, so I don't understand why they would remove them now. They are not considering all of the use cases. If we have a large company and the router goes down, we could be losing thousands of dollars an hour, and we don't want to sit there trying to troubleshoot an internet connection when we could use a USB stick to reinstall it in two seconds and restore the config. This is an essential need for some organizations and an area where Netgate pfSense can improve.

I've been a Netgate pfSense user for nearly 15 years, practically since its launch.

Netgate pfSense has been excellent in terms of stability. I have never had an issue with any of the business-grade routers. Their lowest-end model runs on MMC storage instead of regular hard drive storage, and I have had some of those crash.

Netgate pfSense has different tiers, so the higher we scale, the more expensive it gets, but as long as we match it appropriately, it works great.

I have never paid for Netgate support, but when we purchase a new router, they allow us to send a config of the old router and provide one-time support for free. So, I have interacted with them a few times under these terms. The results have been mixed. Sometimes, I can tell I am speaking to a competent person, and others don't understand what I'm saying. In the past 15 years, I have been working with pfSense routers. I have contacted the support team 15 times, and the results have been 50/50.

Neutral

I have used Cisco routers, which were a real hassle to manage. I have also used Linksys and Apple AirPort routers.

The initial deployment for a new user is moderate. It all depends on their experience level. The documentation on their website is suitable for beginners. For a basic deployment, there are many articles from other people and YouTube videos on how to deploy.

Compared to other business routers, pfSense's pricing is reasonable. It also offers a free community version that can't be beaten.

With the inclusion of firewall, VPN, and router functionality, pfSense's total cost of ownership is low compared to other routers like SonicWall, which licenses the VPN feature. 

When I compare pfSense to other routers like TP-Link and Omada, I see that it has all the standard network features, whereas the others are missing a few. The challenge with pfSense is learning to use it because of all the features it includes. I have never felt like I needed to change brands because pfSense was missing a required feature.

I would rate Netgate pfSense eight out of ten. It is a great product.

I recommend new users do a test setup on their home network first to understand how it works before moving it into their business.

I recently started using pfSense to secure my home network. As an IT consultant working remotely, I needed better security than my router offered. I run servers in a lab environment to demo software for clients, and in my previous consulting role, I managed networks for companies of all sizes, some with hundreds of thousands of devices. Since we can't modify a client's environment directly, having a secure home lab for testing is crucial. pfSense allows me to segment my network and use a VPN for secure remote access, offering more functionality than my previous setup. While a free version exists, I opted for the convenience of a pre-configured appliance.

pfSense surprised me with its ease of use, even though it's powerful enough for corporate environments. Unlike my previous complicated Cisco firewall that now collects dust in the garage, pfSense offers the flexibility and functionality I need.

pfSense offers a default rule that allows all traffic initially. While I prefer to block everything by default and only allow specific traffic, this approach led me to accidentally lock myself out of the firewall during configuration. The device functioned as intended, following my overly restrictive rule. Resetting to factory settings was a learning experience, and now I understand how to avoid self-imposed lockouts. After diagnosing my initial setup issues, I successfully corrected them and implemented filters that boosted our internet speed. This experience made clear the benefit of pfSense for our network.

The firewall acts as my first line of defense against data loss by controlling incoming and outgoing traffic. Additionally, I keep my devices updated with security patches and utilize application whitelisting, which restricts programs to those from approved vendors with verified digital signatures. This helps prevent unknown malware from executing on my system. While demonstrating data loss prevention for a government agency, I encountered a connection hurdle between my devices on different subnets. Realizing a firewall was blocking communication, I opened the necessary ports to allow the connection. This highlights the firewall's role as a first line of defense. Even if one device is compromised, the firewall helps prevent the attack from spreading to other segments of the network. However, it's important to remember that the subnet itself remains at risk, which is why I also use local firewalls on individual devices for additional protection.

When it comes to the firewall functionality of pfSense, it does provide a single-pane-of-glass to manage everything.

The most valuable aspect of pfSense for me is its firewall functionality. It allows me to set up different networks, and VLANs, and control how subnets communicate with each other, all the way down to individual nodes. This granular control is very important for my network security. Additionally, pfSense offers a variety of alternatives like VPN that I haven't explored yet, but my top priorities are the firewall features that protect my network from external threats and allow me to segment internal traffic. I also use the filter feature to filter internet ads and adult content. The filter list depends on someone keeping it updated, but the community has been great for this and it makes my internet browsing much faster because all the junk ads are blocked. 

pfSense would be much more efficient if it allowed exporting the entire configuration of a device after it's been set up. This way, the configuration could be easily imported onto another device, saving time and effort.

I have been using Netgate pfSense for one year.

Netgate pfSense is stable with zero downtime related to the firewall.

Netgate pfSense can scale at an enterprise level.

Cisco's firewall device proved too complex for me, ending up unused in my garage. Thankfully, pfSense offered a much more user-friendly experience.

pfSense deployment was straightforward thanks to the available documentation and video tutorials, although I did lock myself out once due to user error. While IT professionals might not always consult the manual first, pfSense helpfully allows saving configurations without immediate application, a feature that would have prevented my mistake. Learning from this experience, I now know how to leverage the provided resources for a smoother pfSense deployment process.

I did the deployment myself but someone who is not an IT person will require the help of an integrator or consultant.

I deployed pfSense in two and a half days. It included setting up VLANs for different purposes like a DMZ, server LAN, user devices, guest network, and VMware management. I also configured a firewall with rules to isolate these networks and implemented an IPSec VPN to filter out ads and malicious sites.

The implementation was completed in-house.

pfSense offers a surprisingly affordable enterprise-grade solution for small businesses. While my own pfSense 6100 costs $700, the value it provides makes it a very cost-effective purchase.

I would rate Netgate pfSense nine out of ten.

Other than installing updates, pfSense has not required any maintenance.

Before configuring your network devices, plan out your network segmentation. This written plan will guide how you set up VLANs, servers, DHCP scopes, and DNS. Think of it as a blueprint for your network design. While implementing the plan on a Netgate device or pfSense might be straightforward, without a clear strategy, you'll be overwhelmed by the available features. 

I use Netgate pfSense in my home lab and company. I wanted to learn more about networking so I swapped my ISP router with Netgate pfSense.

Netgate pfSense is a flexible solution. Netgate has its appliances but if I want to use pfSense somewhere else, I can install it into a virtual machine or on my hardware.

I would rate the ease of adding features to Netgate pfSense eight out of ten.

Netgate pfSense has improved the traffic visibility of the devices we are monitoring. Netgate pfSense has also taught me a lot about networking because I got to use an enterprise-grade firewall.

pfSense Plus helps minimize downtime thanks to its ZFS snapshotting feature. This means if we misconfigure something, we can quickly restore our system to a previous working state, reducing downtime.

Both pfSense Plus and the community edition provide visibility that enables us to make data-driven decisions.

Netgate pfSense has provided a reduction in downtime of 30 percent thanks to its user-friendly configuration process.

The most valuable features of Netgate pfSense are the ease of use and GUI. 

pfSense's dashboard offers basic monitoring, but it lacks centralized management for multiple PSM devices and a unified event interface for various services. Ideally, I'd like a management interface that can handle multiple PSMs, even if they're in different locations. This interface should provide at least status information and basic management features.

I have been using Netgate pfSense for three years.

I would rate the stability of Netgate pfSense nine out of ten. While I did encounter some issues earlier on, they have all since been resolved. 

Netgate pfSense is scalable. While we haven't used features like the rack-mounted version or maxed out its capabilities, the system is easily scalable. Upgrading to a more powerful model is simple - just export our settings and import them to the new device.

I had to use the technical support twice and they were extremely quick to respond and deal with my issues.

Positive

While I previously switched from UniFi to pfSense for its wider range of features, the gap between them has narrowed somewhat. However, pfSense remains a more enterprise-focused option, allowing for granular control over specific network elements useful in complex environments. UniFi, on the other hand, offers a less detailed view.

While the initial setup was mostly straightforward, some specific configurations proved challenging and lacked intuitiveness. To address these, I consulted YouTube videos and Netgate's documentation.

I would rate the ease of the setup process a seven out of ten.

Installing pfSense took a full day.

I implemented pfSense myself.

pfSense has definitely paid off for me. It's become a rock-solid foundation for my network. Since the memory leak fixes, it's been incredibly stable and requires minimal maintenance.

While pfSense hardware from Netgate might have a higher upfront cost, I've had very little trouble with it. Plus, buying from them directly helps fund the software's development, making it a worthwhile investment in my eyes.

pfSense offers a reasonable total cost of ownership for me. Since I primarily use it at home, I don't need additional features or paid support. However, compared to commercial options like SonicWall, even support costs seem affordable. It's worth noting that advanced features like Suricato or Snort require additional subscriptions for business use, but overall, pfSense remains a cost-effective solution.

I would rate Netgate pfSense nine out of ten.

pfSense handles both my home lab, suitable for a small household, and our company's branch office with roughly 150 on-site users and 50 remote VPN connections. It also facilitates a site-to-site VPN connection between this branch and our main New York office.

pfSense is low-maintenance. While regular updates are important, I typically won't need to perform much additional maintenance beyond occasional logins to check the dashboard and install those updates.

pfSense is a stable and feature-rich firewall, but it lacks  Layer 7 application filtering, which means you can't easily block specific applications. While I haven't personally needed this feature, it's a known gap in pfSense's functionality.

I recommend pfSense overall to others.