I recently started using pfSense to secure my home network. As an IT consultant working remotely, I needed better security than my router offered. I run servers in a lab environment to demo software for clients, and in my previous consulting role, I managed networks for companies of all sizes, some with hundreds of thousands of devices. Since we can't modify a client's environment directly, having a secure home lab for testing is crucial. pfSense allows me to segment my network and use a VPN for secure remote access, offering more functionality than my previous setup. While a free version exists, I opted for the convenience of a pre-configured appliance.
External reviews
413 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Acts as my first line of defense against data loss by controlling incoming and outgoing traffic
What is our primary use case?
How has it helped my organization?
pfSense surprised me with its ease of use, even though it's powerful enough for corporate environments. Unlike my previous complicated Cisco firewall that now collects dust in the garage, pfSense offers the flexibility and functionality I need.
pfSense offers a default rule that allows all traffic initially. While I prefer to block everything by default and only allow specific traffic, this approach led me to accidentally lock myself out of the firewall during configuration. The device functioned as intended, following my overly restrictive rule. Resetting to factory settings was a learning experience, and now I understand how to avoid self-imposed lockouts. After diagnosing my initial setup issues, I successfully corrected them and implemented filters that boosted our internet speed. This experience made clear the benefit of pfSense for our network.
The firewall acts as my first line of defense against data loss by controlling incoming and outgoing traffic. Additionally, I keep my devices updated with security patches and utilize application whitelisting, which restricts programs to those from approved vendors with verified digital signatures. This helps prevent unknown malware from executing on my system. While demonstrating data loss prevention for a government agency, I encountered a connection hurdle between my devices on different subnets. Realizing a firewall was blocking communication, I opened the necessary ports to allow the connection. This highlights the firewall's role as a first line of defense. Even if one device is compromised, the firewall helps prevent the attack from spreading to other segments of the network. However, it's important to remember that the subnet itself remains at risk, which is why I also use local firewalls on individual devices for additional protection.
When it comes to the firewall functionality of pfSense, it does provide a single-pane-of-glass to manage everything.
What is most valuable?
The most valuable aspect of pfSense for me is its firewall functionality. It allows me to set up different networks, and VLANs, and control how subnets communicate with each other, all the way down to individual nodes. This granular control is very important for my network security. Additionally, pfSense offers a variety of alternatives like VPN that I haven't explored yet, but my top priorities are the firewall features that protect my network from external threats and allow me to segment internal traffic. I also use the filter feature to filter internet ads and adult content. The filter list depends on someone keeping it updated, but the community has been great for this and it makes my internet browsing much faster because all the junk ads are blocked.
What needs improvement?
pfSense would be much more efficient if it allowed exporting the entire configuration of a device after it's been set up. This way, the configuration could be easily imported onto another device, saving time and effort.
For how long have I used the solution?
I have been using Netgate pfSense for one year.
What do I think about the stability of the solution?
Netgate pfSense is stable with zero downtime related to the firewall.
What do I think about the scalability of the solution?
Netgate pfSense can scale at an enterprise level.
Which solution did I use previously and why did I switch?
Cisco's firewall device proved too complex for me, ending up unused in my garage. Thankfully, pfSense offered a much more user-friendly experience.
How was the initial setup?
pfSense deployment was straightforward thanks to the available documentation and video tutorials, although I did lock myself out once due to user error. While IT professionals might not always consult the manual first, pfSense helpfully allows saving configurations without immediate application, a feature that would have prevented my mistake. Learning from this experience, I now know how to leverage the provided resources for a smoother pfSense deployment process.
I did the deployment myself but someone who is not an IT person will require the help of an integrator or consultant.
I deployed pfSense in two and a half days. It included setting up VLANs for different purposes like a DMZ, server LAN, user devices, guest network, and VMware management. I also configured a firewall with rules to isolate these networks and implemented an IPSec VPN to filter out ads and malicious sites.
What about the implementation team?
The implementation was completed in-house.
What's my experience with pricing, setup cost, and licensing?
pfSense offers a surprisingly affordable enterprise-grade solution for small businesses. While my own pfSense 6100 costs $700, the value it provides makes it a very cost-effective purchase.
What other advice do I have?
I would rate Netgate pfSense nine out of ten.
Other than installing updates, pfSense has not required any maintenance.
Before configuring your network devices, plan out your network segmentation. This written plan will guide how you set up VLANs, servers, DHCP scopes, and DNS. Think of it as a blueprint for your network design. While implementing the plan on a Netgate device or pfSense might be straightforward, without a clear strategy, you'll be overwhelmed by the available features.
Improved the traffic visibility of the devices we are monitoring
What is our primary use case?
I use Netgate pfSense in my home lab and company. I wanted to learn more about networking so I swapped my ISP router with Netgate pfSense.
How has it helped my organization?
Netgate pfSense is a flexible solution. Netgate has its appliances but if I want to use pfSense somewhere else, I can install it into a virtual machine or on my hardware.
I would rate the ease of adding features to Netgate pfSense eight out of ten.
Netgate pfSense has improved the traffic visibility of the devices we are monitoring. Netgate pfSense has also taught me a lot about networking because I got to use an enterprise-grade firewall.
pfSense Plus helps minimize downtime thanks to its ZFS snapshotting feature. This means if we misconfigure something, we can quickly restore our system to a previous working state, reducing downtime.
Both pfSense Plus and the community edition provide visibility that enables us to make data-driven decisions.
Netgate pfSense has provided a reduction in downtime of 30 percent thanks to its user-friendly configuration process.
What is most valuable?
The most valuable features of Netgate pfSense are the ease of use and GUI.
What needs improvement?
pfSense's dashboard offers basic monitoring, but it lacks centralized management for multiple PSM devices and a unified event interface for various services. Ideally, I'd like a management interface that can handle multiple PSMs, even if they're in different locations. This interface should provide at least status information and basic management features.
For how long have I used the solution?
I have been using Netgate pfSense for three years.
What do I think about the stability of the solution?
I would rate the stability of Netgate pfSense nine out of ten. While I did encounter some issues earlier on, they have all since been resolved.
What do I think about the scalability of the solution?
Netgate pfSense is scalable. While we haven't used features like the rack-mounted version or maxed out its capabilities, the system is easily scalable. Upgrading to a more powerful model is simple - just export our settings and import them to the new device.
How are customer service and support?
I had to use the technical support twice and they were extremely quick to respond and deal with my issues.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
While I previously switched from UniFi to pfSense for its wider range of features, the gap between them has narrowed somewhat. However, pfSense remains a more enterprise-focused option, allowing for granular control over specific network elements useful in complex environments. UniFi, on the other hand, offers a less detailed view.
How was the initial setup?
While the initial setup was mostly straightforward, some specific configurations proved challenging and lacked intuitiveness. To address these, I consulted YouTube videos and Netgate's documentation.
I would rate the ease of the setup process a seven out of ten.
Installing pfSense took a full day.
What about the implementation team?
I implemented pfSense myself.
What was our ROI?
pfSense has definitely paid off for me. It's become a rock-solid foundation for my network. Since the memory leak fixes, it's been incredibly stable and requires minimal maintenance.
What's my experience with pricing, setup cost, and licensing?
While pfSense hardware from Netgate might have a higher upfront cost, I've had very little trouble with it. Plus, buying from them directly helps fund the software's development, making it a worthwhile investment in my eyes.
pfSense offers a reasonable total cost of ownership for me. Since I primarily use it at home, I don't need additional features or paid support. However, compared to commercial options like SonicWall, even support costs seem affordable. It's worth noting that advanced features like Suricato or Snort require additional subscriptions for business use, but overall, pfSense remains a cost-effective solution.
What other advice do I have?
I would rate Netgate pfSense nine out of ten.
pfSense handles both my home lab, suitable for a small household, and our company's branch office with roughly 150 on-site users and 50 remote VPN connections. It also facilitates a site-to-site VPN connection between this branch and our main New York office.
pfSense is low-maintenance. While regular updates are important, I typically won't need to perform much additional maintenance beyond occasional logins to check the dashboard and install those updates.
pfSense is a stable and feature-rich firewall, but it lacks Layer 7 application filtering, which means you can't easily block specific applications. While I haven't personally needed this feature, it's a known gap in pfSense's functionality.
I recommend pfSense overall to others.
Free, effective, and very easy to install
What is our primary use case?
We use it for the backup line for the internet. When the internet is disconnected, we transfer to pfSense.
What is most valuable?
We only use it for the backup internet connection. It is effective. We have not had any problems.
What needs improvement?
We have not had any problems with it, and we also do not have a need for any new features. If anything, its reporting can be better. Sophos has better reporting than pfSense. Sophos has more detailed information. pfSense is not as detailed. It is summarized.
For how long have I used the solution?
I have been using pfSense for six months.
What do I think about the stability of the solution?
It is stable. I would rate it an eight out of ten for stability.
What do I think about the scalability of the solution?
It is scalable. I would rate it a seven out of ten for scalability.
How are customer service and support?
I have not used their support.
How was the initial setup?
The installation of pfSense is very easy. It took two to three hours.
It is easy to maintain. We did not have to do any maintenance of pfSense since we installed it.
What's my experience with pricing, setup cost, and licensing?
It is free. It is open source.
What other advice do I have?
We have not used the VPN capabilities of pfSense. We also did not have a need to integrate pfSense with any service.
I would rate pfSense a nine out of ten.
Wide array of hardware with flexible software
What do you like best about the product?
The pfSense software is widely-known and very flexible. There are considerable resources on the Internet, from books to videos. Good technical support from Netgate.
What do you dislike about the product?
I'm used to configuring routers and firewalls for my advanced home network. pfSense had a learning curve for me. It would be nice if there were a more intuitive visual interface where it's more obvious that firewall rules and DHCP servers are based on interfaces, and aliases are definitions that go into the rules and such.
Also, it should be much easier to analyze and reduce bufferbloat and other common connection nonidealities.
Also, it should be much easier to analyze and reduce bufferbloat and other common connection nonidealities.
What problems is the product solving and how is that benefiting you?
The Netgage 1541 provides more than enough throughput for my 1.6 Gbps Internet connection. It provides support for the isolated wireless networks in my house, and has two 10 Gbase-T connections for connecting to my primary switch.
Satisfaction
What do you like best about the product?
My general confidence in its high security level (on the condition that its configuration is errorfre)
What do you dislike about the product?
1. Sometimes I experience uncertainty in how to interpretate and/or configure and understanding consequences of firewall configuration commands.
a. One example of my experience: I did create firewall commands for an OPT interface (on SG-1100, as well as on SG-2100), in order to setup Netgear WiFi Routers R6020 to the OPT Interface as their WAN. However, when I looked at Netgear router logs, there used to be an abundancy of log entries indicating DOS Attack. Therefore, I assume that I didn't manage to secure the OPT interface against incoming traffic from the Internet.
b. Another example that I do not understand: Log entries in pfSense (System, General) containing text "now monitoring attacks", quite a lot of entries.
2. Use of PHP in pfSense which, to my knowledge, is not a completely reliable web language, and often is subject to security vulnerabilities.
a. One example of my experience: I did create firewall commands for an OPT interface (on SG-1100, as well as on SG-2100), in order to setup Netgear WiFi Routers R6020 to the OPT Interface as their WAN. However, when I looked at Netgear router logs, there used to be an abundancy of log entries indicating DOS Attack. Therefore, I assume that I didn't manage to secure the OPT interface against incoming traffic from the Internet.
b. Another example that I do not understand: Log entries in pfSense (System, General) containing text "now monitoring attacks", quite a lot of entries.
2. Use of PHP in pfSense which, to my knowledge, is not a completely reliable web language, and often is subject to security vulnerabilities.
What problems is the product solving and how is that benefiting you?
Secure Electronic communication from my home (Stationary computers, Laptops, Smart phones, WiFi AP and router (since a few days, no longer including Netgear WiFi routers having OPT as its WAN interface)
Netgate user review
What do you like best about the product?
Someone that can help support the product when time is of the essence. Once we received our product, it was of high quality with high quality support.
What do you dislike about the product?
Their support is a bit clunky, and the ordering process was opaque.
What problems is the product solving and how is that benefiting you?
A reliable firewall gateway that I can learn once and keep as the main , industry standard firewall so I don't keep having to switch vendors.
Great open source firewall, good hardware
What do you like best about the product?
I have been using pfSense for many years. First on my own hardware and later on netgates hardware. The System is easy enough to use but also gives you the ability to have fine tuned rules.
I think because the pfSense Firewall software is open source and has a very large community you have a higher chance to find solutions to edge cases than with other non-open source firewalls. Some solutions might feel a bit hacky but there's always a way to get the software to behave like you want
I think because the pfSense Firewall software is open source and has a very large community you have a higher chance to find solutions to edge cases than with other non-open source firewalls. Some solutions might feel a bit hacky but there's always a way to get the software to behave like you want
What do you dislike about the product?
I have had a few clients which have the 1000+$ Netgate 7100 hardware firewall which have had heat related problems (total freeze if the temperature exeeds a value that it was easily reaching in normal use).
After opening the case I realized the heat sinks were mounted in the wrong orientation (not with, but against airflow) which seemed to be a production error because later versions of this firewall had the fans on the side and the rotated orientation would make sense there but not with the version my customers had.
After fixing the orientation of the heat sinks I had no more overheating problems though. Thanks to the standard hardware it was easy enough to fix.
After opening the case I realized the heat sinks were mounted in the wrong orientation (not with, but against airflow) which seemed to be a production error because later versions of this firewall had the fans on the side and the rotated orientation would make sense there but not with the version my customers had.
After fixing the orientation of the heat sinks I had no more overheating problems though. Thanks to the standard hardware it was easy enough to fix.
What problems is the product solving and how is that benefiting you?
pfSense is a good blend of a for-profit company and open source software. They benefit from the large community which is there because it is open source, and companies benefit from having Netgate as a primary contact for support.
The market for open source firewall software is not very large and pfSense is the main choice for people who want to use open source and selfhostable software.
The market for open source firewall software is not very large and pfSense is the main choice for people who want to use open source and selfhostable software.
Best firewall
What do you like best about the product?
All in one package. it has firewall and router and other plugins for proxy etc..
What do you dislike about the product?
Pfsense doe3s not have the any network monitoring packages etc..
What problems is the product solving and how is that benefiting you?
firewall and proxy and it works well
Robust, great thoughput, stable and extremley reliable.
What do you like best about the product?
The product provides high level of security with high troughput, and is extremely relaible.
What do you dislike about the product?
Can be a bit daunting with a high learning curve to set up the first time, for a non technical person.
What problems is the product solving and how is that benefiting you?
Reliable firewall platform, that allows me to work at home without interuption in connection nor degraded connection speed.
Ten years of experience in using pfssense, more than forty firewalls administered.
What do you like best about the product?
The software is flexible, working well in KVM-type VMs that I mainly use. With a little practice you can do anything with it.
What do you dislike about the product?
There are required features that have been lost for years and never implemented, such as a centralized administration console for sets of firewalls.
What problems is the product solving and how is that benefiting you?
Routing, centralized VPN, firewall.
showing 61 - 70