One of our clients operates multiple branches, and we've implemented a solution involving feature and IP address tunnels connecting these branches. The main branch serves as the hub, housing the Central PBX and providing services to the other branches.

We use pfSense to handle VPN connections, extending to remote workers in our various branches as well.

The feature I find most valuable for fulfilling network security requirements is pfBlockerNG. It offers exceptional visibility and filtering capabilities, without the need for dedicated hardware or recurring expenses. Unlike other solutions, pfBlockerNG operates seamlessly and continuously without additional costs or maintenance concerns.

The traffic shaping and bandwidth management features of pfSense significantly enhance our network performance. The inclusion of a QoS wizard simplifies the process, eliminating the complexity often associated with configuring QoS on other platforms like Cisco routers. With pfSense, utilizing the wizard streamlines the setup process, making it accessible and effective for users without requiring an advanced understanding of networking intricacies.

There have been specific incidents where the reporting and monitoring tools of pfSense played a crucial role in identifying and resolving network issues. In one instance, we received complaints about internet connectivity problems affecting productivity across the business. Upon investigation, I discovered that the issue stemmed from excessive bandwidth consumption caused by multiple HD camera streams being watched simultaneously. Utilizing pfSense's reporting and monitoring tools, I quickly pinpointed the source of the problem and implemented measures to alleviate the network congestion. These tools are invaluable for identifying resource-intensive processes and resolving performance issues effectively.

The process of integrating pfSense with other tools and services has proven to be quite straightforward thus far. While there may be a slight learning curve at the outset, particularly for those less familiar with networking concepts, it becomes manageable with experience.

The most valuable feature, for instance, is the ease of migrating configurations between different Netgate devices housed in the same box. This capability simplifies troubleshooting, as it allows for faster identification of DNS discrepancies or any other issues compared to proprietary systems. With pfSense, network configurations adhere to standard practices, facilitating troubleshooting without the need for complex overlays or policies. The interface, prioritizes network principles, making it intuitive for those familiar with networking concepts to navigate and achieve desired outcomes efficiently.

It lacks a solution for SD-WAN integration. I believe improving integration with various antivirus vendors could be beneficial. Partnering with trusted antivirus providers such as Bitdefender or Sophos as an add-on feature could enhance the antivirus capabilities of pfSense. Incorporating a centralized management console for easier administration would be a valuable addition.

I have been working with it for over five years.

The stability of pfSense is exceptional. I've only encountered one instance of hardware failure, which was due to an electrical issue. Otherwise, all other deployments have been reliable. I would rate it nine out of ten.

The scalability of pfSense is impressive. I've witnessed its capabilities firsthand, especially when it was deployed in environments supporting up to seven thousand employees. I would rate it nine out of ten. Currently, pfSense is our top recommendation for clients, tailored to their budget and specific requirements. Depending on the client's needs, such as compliance with PCI or HIPAA regulations, we may suggest models that offer corresponding features and evaluations of network security. This flexibility allows us to cater to clients with varying compliance needs, ensuring they receive suitable recommendations.

In terms of technical support, I primarily rely on the forums whenever I have a question or need technical information. I've found that the answers I seek are often readily available there. While pfSense does offer paid support packages, I haven't had the opportunity to utilize them yet.

The main difference between Fortinet and pfSense lies in their integration with different vendors. While pfSense offers integration with multiple commercial antivirus solutions, Fortinet primarily provides its own antivirus offering. However, the effectiveness of the antivirus provided by pfSense may not be as high as some other options available in the market. In terms of cost, pfSense offers a one-time payment for cloud services, providing continuous service without ongoing fees. On the other hand, Fortinet's pricing structure may seem appealing initially, but if you wait until close to the license expiration date, the renewal cost significantly increases, which could result in unexpectedly high expenses.

The initial setup was straightforward.

To set up pfSense, you start by configuring firewall rules to allow the necessary traffic. Once that's done, you can explore and download additional security packages from the package manager to enhance your environment's security. The initial setup is quick, typically taking around ten minutes for a basic configuration. However, if you're integrating features like pfBlockerNG, it may take a bit longer as you need to ensure you're not inadvertently blocking any essential services. Despite this, the task can be managed by a single person, such as an IT manager.

Maintenance tasks, such as checking logs and ensuring updates are running smoothly, are typically handled by two designated individuals. They connect to the firewall periodically to perform these checks. While we do have a management console, it's not fully integrated with the pfSense Manager (PSM) solution. Having a dedicated management console that allows remote management of all wireless devices would be ideal, as it would streamline the process of making changes across multiple devices.

The price point is highly competitive. The cost varies depending on the license type, such as licenses for eight to five support or twenty-four seven support. Opting for twenty-four-seven support significantly increases the price, reaching around ten thousand to thirteen hundred dollars. I would rate it four out of ten.

Overall, I would rate it nine out of ten.

Our most common use cases are for our corporate firewalls, and currently, I'm using it as our school firewall. So it's our perimeter firewall. So, we're running three firewalls on our network.

So we have separate networks each because we have, like, different use cases. So we're running three at the moment.

We've been running it for six years now, and so far, it's been good.

Netgate pfSense has been utilized to create and manage VPNs within our organization. So we're running pfSense with VPN on one of our private cloud providers. So we're using IPSec VPN on that.

For everyday tasks, we just get alerts. It's anything that's suspicious, including from our Netgate. So, it's part of how we maintain cybersecurity in our school. This is working alongside our endpoint security solution.

We were using an open-source endpoint solution for that. So we're integrating that with the one we have on pfSense.

The ease of use. Like, it's easy to manage the firewall, rule-wise and interface-wise. For me, it's quite easy and friendly to use.

We have a set of rules so that it can manage all of our rules. We have a complex network here in our school. We have a lot of rules running, so it's really easy to match all of those rules using pfSense.

Integrating pfSense with other products was a bit tedious at first. We researched and tested for about a month, so it was not too hard but not instant.

For the third-party packages, I'd rather have it built-in, like a core feature of pfSense, part of the core model. This feature of pfSense would be great, instead of relying on a third-party module.

I have been using it for six years.

It's about 95% stable, not perfect, but quite reliable.

If I needed to scale it and merge our pfSense machines into one, I'd prefer a dedicated hardware appliance instead of running multiple x86 servers on the firewall.

We have around 4,000 endpoints.

I reached out to support for an unusual CPU usage issue after an upgrade. They were responsive, and even though I ultimately found a solution, they were helpful in diagnosing.

We used Fortinet. We opted for pfSense because of budget limitations. pfSense was a more affordable solution for our requirements.

pfSense is easier to manage and offers modularity for features. With FortiGate, everything is there, but we might not need everything, and too many features can be challenging.

The initial setup is very straightforward and intuitive.

We use the pfSense software directly and install it on our rack servers. So, we're adding three instances of that.

I handle all the deployment processes. I am the core manager for the entire infrastructure, so I manage and deploy everything.

I consider how many users and gigabytes we expect on the network and try it on a test network first to validate before actual deployment.

Just my core team members manage the whole deployment, so that's enough for us.

Migrating the old one to the new one took around a month because we have many rules, and the new Netgate was quite different.

From the maintenance perspective, it is not difficult at all.

While configuring or maintaining pfSense, we had high CPU usage on one firewall, but the GPAC subscription provided a good response. The support team was helpful, and we resolved it in a few hours. So, we had good support because of the support subscription.

We just have the yearly support subscription.

I just found pfSense online. I just tried it out on a home lab and found it worked well enough for us. So, just started out, like, searching online and responded and tried it.

I would advise you to try to estimate your network first and do a test network just to have a proof of concept of what you want to run and check the routes you want to run against your network, making sure that your requirements are valid before deploying it.

Overall, I would rate the solution a nine out of ten.

We use Netgate pfSense for load balancing.

The tools' most valuable feature is load balancing.

Netgate pfSense needs to improve the configuration for a VPN.

I have been working with the product for three months.

I rate the product's stability a nine out of ten.

I rate Netgate pfSense's scalability a seven out of ten.

I have used online documentation and hence haven't contacted the support yet.

I rate the tool's deployment a nine out of ten. Its deployment takes only a few hours to complete.

We did the deployment in-house.

I use the product's free version.

I rate the solution a nine out of ten.

I have used Netgate pfSense for a range of purposes. Initially, I employed it for VPN connections, mainly for personal and professional use. I also relied on it to maintain network equipment in a professional context. In the professional sphere, I have experience with both pfSense and Juniper, but eventually, I decided to phase out Juniper due to its high costs, especially for updates and the addition of new functionalities. pfSense's cost-effectiveness and the flexibility to transition to new hardware while retaining configurations made it a preferred choice. pfSense also stands out in terms of its rapid algorithm evolution compared to competitors like Juniper. Its scalability is another advantage, where adding a new box or reconfiguring can boost the firewall's capacity.

On a personal note, I use Netgate pfSense to connect to my equipment at the data center. Currently, I have a highly available installation that requires two instances of pfSense. While I considered pfSense for this setup, I had to assess whether OpenSense might offer better features for future requirements before delving deeper into pfSense.

It's worth noting that Netgate pfSense's performance is independent of the hardware it runs on. As I mentioned earlier, its scalability is a strong point. Most functions are readily available, and additional features can be obtained by downloading and installing plugins, which are generally free. When you compare this to the alternative of purchasing a firewall from a different supplier, you'll find that the latter option typically doubles the cost of the firewall itself. This cost increase is often attributed to additional licenses for deep inspection and similar functionalities. While configuring pfSense may require more time and effort upfront, the long-term cost savings make it a more cost-effective choice.

One concern I have with Netgate pfSense is related to packet filtering. Specifically, issues can arise with certain functionalities like GP, and, at times, there may be bugs. When creating IP lists, I've noticed that synchronization doesn't always function correctly. While it's not entirely dysfunctional, troubleshooting these synchronization problems can be quite challenging.

I have been using Netgate pfSense since 2015-16.

I've experienced certain issues with Netgate pfSense in the past, particularly with the previous version, which was 2.5. It posed several problems. However, the current version appears to be more stable. Nonetheless, I still encounter troubleshooting challenges. For instance, there is an issue where it initially blocks an IP range but releases it after ten minutes. This behavior is somewhat peculiar, and it pertains to IP filtering.

The support for Netgate pfSense mainly comes from online forums. These forums are populated by a significant number of individuals who are knowledgeable in pfSense and its related areas, making it a valuable resource.

The choice of whether to use Netgate pfSense often depends on the company's preferences. In some cases, particularly in Switzerland, there is a strong preference for open source solutions. This choice is sometimes motivated by the desire for open source alternatives and can also be related to cost considerations.

The Initial setup is very easy.

Netgate pfSense is a cost-effective option. If you're not using a VPN, you can acquire a decent embedded PC for around a hundred dollars and install pfSense on it, effectively creating a robust firewall solution. With this setup, you can achieve a throughput of two hundred to three hundred megabits per second without any issues, provided you're handling relatively simple rules. The level of performance depends on the specific requirements and tasks.

If you're considering using Netgate pfSense for the first time, I would recommend giving it a try. It's relatively easy to set up and use, especially if you have some prior knowledge of network and IT work. The user manual provides helpful guidance, and the basic configuration is straightforward. Just ensure you pay attention to the hardware requirements to make the most of it.

It can be rated as an eight for simplicity. However, as you progress and introduce complexities, such as enabling deep packet inspection, adding extra features, or installing multiple plugins, the configuration can become more intricate. I encountered some issues with iOS in version 2.5, but they are expected to be resolved or have been resolved.