We use Netgate pfSense as a firewall solution for small and medium-sized businesses.
Netgate pfSense offers firewall protection, VPN access, and a range of monitoring tools.
Linux/Unix, FreeBSD 14 - 64-bit Amazon Machine Image (AMI)
External reviews are not included in the AWS star rating for the product.
We use Netgate pfSense as a firewall solution for small and medium-sized businesses.
Netgate pfSense offers firewall protection, VPN access, and a range of monitoring tools.
Adding features to pfSense is easy to do through the wizard.
Netgate pfSense is well documented, and the interface is easy to use when we consult the documentation.
Netgate pfSense was recommended, so the benefits were immediate.
It provides a single wizard. Some third-party tools out there allow us to manage remotely. It also helps us optimize performance by enabling us to turn features on and off.
With the inclusion of firewall, VPN, and router functionality, we love pfSense's total cost of ownership.
The most valuable features are the alerting and local monitoring.
We are a security shop. It would be very useful if we could place pfSense appliances in customer environments and remotely manage them.
I have been using Netgate pfSense for four years.
Netgate pfSense is relatively stable. It has been running for four years now without any issues.
The scalability is limited without upgrading the appliance.
The technical support offers great quality and good response times.
Positive
The initial deployment is not a plug-and-play out of the box. It takes a little bit more than that. For us, it takes ten to 20 minutes for one person to deploy one pfSense firewall.
Netgate pfSense has a great pricing model.
I would rate Netgate pfSense ten out of ten.
Maintenance is required for software updates.
We use pfSense as our router and firewall on several sites.
We implemented the pfSense open platform because we wanted to move away from SonicWall.
We use the community edition of the software and purchase the Netgate router separately. I used white boxes initially, but now I'm also using the Netgate hardware. It's a great product.
The pfSense offers exceptional flexibility, far surpassing SonicaWall's capabilities. Its intuitive interface, complete with a better layout of management screens, makes it a breeze to use. While Cisco routers may be overkill for many applications, pfSense performs well.
Using pfSense is easy. It has intuitive management screens. And if I ever run into a blockade, I pay for the technician annually. I am confident in sticking with that platform. It's always worked for me. It's tried and true.
I hired a seasoned professional with extensive experience using pfSense on white boxes for years, specifically the community edition. His mastery of configuration was evident, and I was impressed by his expertise. After he walked me through several scenarios, I was convinced of the benefits of the Netgate product and began replacing my aging SonicWall devices with it, drawn to the ease of use that Netgate offered.
Netgate pfSense provides a single-pane-of-glass to manage all our firewall needs.
It's relatively straightforward for a novice to deploy pfSense, likely easier than SonicWall. However, I've used SonicWall extensively and am gradually phasing them out. While SonicWall is a solid product, pfSense is remarkably easy to set up.
The intuitiveness and ease of use are the most valuable features of pfSense.
One thing that has always bothered me is that when I buy an appliance, there are two tiers of support: email-only and a premium tier, like TAC, that allows me to speak to someone on the phone. If I'm purchasing their hardware, I should have phone support for a certain period, even at the lower price point. My only complaint is that I need phone support, not just email, because if there's a support issue, I don't have time to wait for an email response. I need to speak to someone immediately. Therefore, I think I should receive TAC support for the Netgate pfSense for at least the first year after purchasing the hardware.
I have been using Netgate pfSense for six years.
I have never experienced any stability issues with pfSense.
To scale we need to add a unit.
I had email support for about a week before calling Netgate to request telephone support. I explained that if I'm calling for assistance, I'm likely experiencing an urgent issue and need immediate help. I decided to pay $699 or so for annual telephone support, which has been excellent. The support is prompt and effective, making it well worth the investment.
Positive
I previously used SonicWall but migrated to pfSense because it is a more intuitive router and firewall.
Compared to Cisco, Netgate is definitively the product that is better for my use case. I know there's a want in the industry for Cisco devices. However, in the hotel vertical, I just don't need it, nor do I need to pay for the expertise in configuration of that platform.
The first time I deployed a pfSense, a seasoned professional guided me through the process, making it incredibly easy to complete.
Netgate pfSense is fairly priced. It's probably the most powerful router firewall I've come across.
The total cost of ownership of pfSense is reasonable, considering the value it provides. I appreciate the VPN, router, and firewall functionality it offers, which is essential for my business operations. In fact, the ongoing costs associated with pfSense do not significantly exceed the initial purchase price.
I would rate Netgate pfSense nine out of ten.
Other than firmware updates, pfSense requires minimal maintenance. I update the firmware every two to three months for routine maintenance or immediately if a security vulnerability is discovered.
For a new user, I would recommend TAC support. I've spoken with others in my industry who have had positive experiences with TAC, particularly compared to email support. They've reported being up and running within five minutes of contacting TAC. Additionally, problem resolution is also swift and effective. So, I highly recommend new users invest in TAC support. It's well worth the money.
I use pfSense as a home firewall and router. I don't use it for anything professional. When I first deployed pfSense, I was using my ISP-provided gateway, and there were a few things that I felt a little frustrated about. I didn't have control over the networks in my home and lacked some features, such as dynamic DNS, the ability to split different VLANs, multiple gateways, etc. There are a lot of features I use now, such as DNS or GeoIP blocking, that I knew about but couldn't take advantage of.
The gateway failover helps prevent downtime. The ZFS Boot Mirror would also help prevent downtime in the event of a disk failure. The dynamic DNS is nice because when my IP changes, my web services won't be affected because it automatically caches my new IP.
PfSense has features that drive data-driven decisions. I was using pfSense years ago on a capped internet connection. It was a Comcast connection with a set amount of data I could use monthly. One useful thing was that it had the traffic totals as a package, so I could track the amount of data I was using and the clients that were using it broken down by client and network. I can determine how much data I use to ensure I don't exceed that limit. That's something I couldn't find in any other similar product.
From a performance perspective, it can help in terms of bandwidth and things like that because I know that the machine I'm using has enough processing power to establish all of my routes, DNS blocking, IDS, IPS, etc. I can utilize the full spectrum of my connection and a custom 10-gig NIC. If I had a smaller off-the-shelf product or an ISP-provided gateway, it wouldn't have the performance I need.
I'm using pfSense Plus, which has several features I like, such as the ZFS boot environment. I support Netgate because they're one of the biggest contributors to FreeBSD, so I'm happy to contribute. The most valuable feature to me is the gateway failover. The area where I live has a lot of natural disasters and times when my Internet connection will go down. I work from home sometimes, and my wife works from home all the time, so it's essential to have a reliable connection. I like that it can automatically pick the connection based on packet loss.
The flexibility seems to be excellent. It has a large set of features to choose from that are built into the UI, so I can do 99 percent of it through the interface. It's also nice that I can run it on my own hardware. I don't necessarily need to buy a Netgate appliance, even though they make good products. It's nice that I can run it just about on any x86 PC with a dual NIC.
If we're adding a plug-in to the pfSense platform, that can be difficult, but I don't mind because Netgate vets the plugins before they make them available. That said, I found FreeBSD easy to deploy, and adding custom packages to it is simple.
It doesn't prevent data loss in other machines, but pfSense has ZFS built in and can mirror it in two disks in different boot environments. If I have a corrupt OS, a bad update, or something else that goes wrong so that I can't connect to my Netgate, that's something built in so I don't have data loss on my firewall.
The dashboard is extremely easy to use. I like that I can go to one page and see the status of my hardware, packages, gateways, interfaces, disks, RAM, thermal sensors, and traffic graphs. It's a one-stop to look at each item and see everything operating properly. I can see them in different menus in the UI, but having one page where I can view them together is nice.
I would like them to have more security platforms. The pfBlocker is nice, but they don't have anything native for CrowdSec or Fail2Ban. I'm running CrowdSec on a web server instance on my server instead, but I'd like to move more of these services to the edge and put them in pfSense. I think that's something that's coming. I don't know if Failed2BAN is, but I'm sure CrowdSec is a popular platform, so it would be nice to have a package that's native to the platform.
I've used pfSense for about five years.
I rate pfSense 10 out of 10 for stability. I've never seen it crash, and I have deployed two of them without any problems.
I think the scalability should be pretty good. I can put two of them into high availability. If I add more clients and start to deploy a lot of these for a small business, it would be able to handle that. I don't have experience doing that personally, so I can't speak to that, but I have seen evidence of it being used in a more scaled environment.
I rate Netgate support nine out of 10. I only needed help from the support team to transfer a license because I bought new hardware. They could answer my questions pretty easily.
Positive
I've tried UniFi gateways. The feature set was lacking, and it ran on substandard products. Unlike pfSense, I could not run it on my equipment. I've run OPNsense, which was a fork of pfSense at one point. I didn't like the UI or their documentation, but it seems like a fine product. I've also tried OpenWRT back in the day.
Deploying pfSense is easy. I'm not a network administrator, but I'm familiar with computers. I can install it on a USB and set it up like any other operating system. The documentation is excellent. I can configure it based on that, and many YouTubers cover it.
The only people who would have any problems installing it would be people who don't know how to use a computer beyond basic functions. Anyone who's installed Windows can easily install pfSense, and anyone who has used an off-the-shelf consumer router would know how to use it. If you don't change anything, it doesn't require any maintenance besides updating packages twice or thrice annually.
The price of pfSense seems reasonable. I pay around a hundred dollars a year for pfSense Plus, which is inexpensive for such a complex product. It's also good that they can still release a community edition. If it started to get extremely expensive to the point where it was more of an enterprise-only product that costs thousands of dollars a year or something like that, I might consider stepping down to the community edition or looking elsewhere.
The total cost of ownership seems pretty low because you have the cost of the OS and VPN. If I'm paying for a VPN that's probably five to 10 dollars a month, and the firewall is already included.
I rate Netgate pfSense nine out of 10. It's an excellent product. I advise new users that you don't need a Netgate product if you're deploying it at home. It's one way to go, but pfSense works on any old mini PC or PC you have lying around. You can get something off eBay and throw a 20-dollar network interface card into it and you're off to the races. It's not as expensive as you think to get started. The basic routing and firewall rules aren't too complicated. Don't be intimidated, and it's not expensive.
I work in IT at a German insurance company, and I studied computer science. I also work in the network sector, so I know a lot about network solutions. I work with VPN solutions, Fortinet, and other products. For me, pfSense is a private home solution for my family. It's not the solution in my company.
I use pfSense as a firewall appliance, and the function is very good. But I think it's for users with more experience. It's not a solution for beginners.
If you are a professional, it's not difficult to add features to pfSense and configure them. But it is difficult if you are not.
I utilize the core features. I have pfBlockerNG, SquidGuard, OpenSSL, and WireGuard. So, these are the core features I need.
The core benefits are that I can virtualize it with platforms like Proxmox or VMware, and I can buy third-party appliances. And Netgate offers a lot of hardware possibilities.
pfSense offers a lot of things that help to prevent data loss and intrusion, protect telemetry information, and so on.
pfSense gives a single pane of glass management. But for me, it's not a problem because I have one appliance, but I think if you manage a lot of appliances, it could be better. It's important to be able to centralize management if I have 10 or 20 appliances.
I use pfSense Plus, it's called the "Zero-to-Ping" license [TAC Lite]. It's a very good solution, but it's a bit too expensive for private use. pfSense Plus is very good, but, for example, if I want to add another pfSense appliance for a cluster, it requires two licenses. For private use, if I want two licenses, it's very expensive.
pfSense Plus provides features to minimize downtime. One of the key features is ZFS. It's the file system. ZFS is very important for backups. I can make snapshots, and that is very good to make backups.
I am satisfied with the visibility that is provided by pfSense Plus. It is very good and optimizes performance because the hardware acceleration is very good for IPsec, SSL VPN, OpenSSL, and so on. This is very good support from pfSense.
The best feature is a function called pfBlockerNG. In pfSense, you can whitelist and blacklists for IP addresses or dangerous DNS sites. The top feature is the VPN. It's a very good SD-WAN solution and a very good VPN engine. It supports a lot of VPN techniques; it supports IPsec, SSL VPN, and WireGuard. It's the core feature of pfSense.
The flexibility is very good; we have a lot of possibilities. You can connect it with different WAN connections, whether you have a cable provider or fiber.
The feature list is good. For me, it's more important that we have fewer patches and better stability compared to OPNsense. I think OPNsense is too big. They support a lot of things, but pfSense is better. I think pfSense is better for stability.
The only thing that could be better is the hardware compatibility for LTE devices. This is a bit tricky for me; I wish the hardware compatibility were better for LTE devices.
I wish the FQ_CODEL limiters were improved. They're very good, but the FQ_PIE limiters don't work well. FQ_PIE limiters are important for cable modem connections. In Germany, we have a lot of cable providers for these interfaces, and the FQ_PIE limiters don't work well in pfSense.
I have been using it for eight to ten years. It has been a very long time. pfSense is very popular in Germany.
I use the latest pfSense Plus version.
The stability is very good.
I use it for my family, for maybe 20 or 30 devices. It's not a big environment.
I utilize the pfSense forum and the community forum, and it's okay for me.
My preference in comparison with OPNsense is pfSense. I think it is better; it is stable.
The difference is that OPNsense has more features, but also has more bugs.
For me, pfSense is stable. It's better for my use case.
The deployment process is very good. For example, I can set up a new appliance and boot directly from a config file. This is very good.
It's very simple. I download new images, and during the boot process, if you make an image, you have a directory. In the directory, you make the config file, and then you can directly boot with the setup. You can boot a finished version. It's a good thing.
I use it on-premises. The on-prem version is very good. The software is good.
Maintenance depends on the features you use. If you have a proxy server with SSL introspection, sometimes it creates a small firewall size. If you have an easy firewall setup, then it's not so complicated. It depends on your environment and feature settings.
I did the deployment myself without the help of third parties or anything like that. It's very simple. I have enough skills because I studied computer science and work in the network sector. It's not a problem for me.
It took me ten minutes to deploy it.
The ROI is good. pfSense is a very good solution, not only for home use, but also for middle-sized or larger companies.
In comparison with pfSense CE (Community Edition), pfSense Plus is a little bit too expensive. The pricing is a little bit high for private users.
With the inclusion of the firewall, VPN, and router functionalities, the total cost of ownership of the pfSense Plus solution is very good because pfSense Plus has a lot of features. For the VPN features, it is good for the total cost of ownership.
I can recommend it if you are a professional or if you know what a firewall is.
It is a very good solution for the home sector, for companies, and for larger companies. I would recommend it to a lot of companies.
Overall, I would rate it an eight out of ten.
I have two installations at schools as firewalls. The biggest drivers for using pfSense were cost-effectiveness and functionality. It offers higher functionality for its cost.
The benefits are fairly obvious at the beginning. There's no specific time frame required. The flexibility and consistency of the product are what draw me to it, regardless of the size or capacity of the operation. It's easy to deploy.
Arguably, the use of products like Suricata for intrusion prevention could help prevent data loss.
It gives a single pane of glass for each individual device, but not across multiple devices. pfSense could catch up with other market providers by offering a view across multiple devices, but the current interface is fine. It is just we have to individually manage each one.
There are two versions of pfSense, the paid "Plus" version and the free "Community Edition." I use the "Plus" paid version.
The way pfSense handles system updates is pretty good. The updates are virtually transparent to any downtime. I've had pfSense boxes running for 200 to 300 days with no downtime. From a software standpoint, pfSense is about as bulletproof as it comes.
pfSense provides visibility that enables us to make data-driven decisions. Its reporting is effective. The data is effective in making decisions based on traffic. It is not just one feature, it is how we manage data traffic. It provides adequate information to make decisions based on traffic.
I have used pfSense in virtualized environments, just not on AWS.
It allows me flexibility in hardware size and capabilities while maintaining the exact same interfaces and controls.
I also like the fact that based on its operating system, it has applications that can be added, such as IDS/IPS and filtering.
I would like to see a single pane of glass for multiple devices.
From a service provider standpoint, it is a bulletproof operation to deploy. Aside from being able to manage and monitor multiple devices from a single pane of glass, that would be the only thing I would change.
I've used pfSense, probably for the last two or three years off and on.
It's one of the most bulletproof solutions out there. I can't recall a problem where the system locked up or had any issue that required intervention to get it started back up again.
Aside from possibly a hardware failure, I haven't had any problems. And that's not the software.
Scalability is one of the reasons why it's a good product. You can utilize it in a budget-friendly way as well as a full-on enterprise. pfSense is almost infinitely scalable. Obviously, hardware is the dictating factor.
I have never had a reason to contact customer service and support.
I've used Unifi products, DrayTek products, and Meraki products.
From a capability standpoint, I would put pfSense at the top of functionality. DrayTek comes close; however, it lacks the add-on applications. So, I would put pfSense at the top.
I build the machines myself. Their hardware is not overly special, and I think it's overpriced, so, I build my own.
It's easy to deploy them, but then I've worked with them for a while. If I reflect back at the very beginning, there is a bit of a learning curve, but I don't think it's that steep. Overall, it's fairly easy.
It's fairly easy to add and configure features in pfSense, though it depends on the application. So, it is moderately easy. Some are simple, while others require a lot of preplanning and time to configure.
One person can deploy it, but the deployment time varies because it depends on the network design. It can be up and running in ten or fifteen minutes, but configuring it for the network design may take longer.
Not much maintenance is required from the end user. Netgate pfSense do a very good job of keeping the application and operating system up to date by itself. Occasionally, applications require updates that need manual intervention, but for the most part, updates can almost be automated.
pfSense's pricing or licensing model is very affordable. Netgate hardware is a bit overpriced, but the software itself is arguably underpriced.
I have not come across a more effective product. Unifi products are inexpensive but not feature-rich by any stretch of the imagination. From a pure feature standpoint, hands down, I would argue that Meraki is as capable and comparable in features, but the cost is prohibitive for most small businesses.
From a pure feature-function standpoint, pfSense has the best total cost of ownership, once it's installed, I don't have any problems with it. If taking into account the software licensing, the hardware, and the amount of time it takes to manage, I'm not sure there's a better TCO on the market.
Overall, I would rate it a nine out of ten.
I use pfSense to provide IT services for small businesses. They typically have a broadband or fiber connection through a router to the ISP, so they're looking for some additional security. We can get a Netgate appliance with pfSense for a few hundred dollars.
We saw the benefits immediately. I live in Edmonton, and one of my clients is a machine shop in Montreal. We configured the firewall and sent it to the shop with instructions on how to set it up. They set it up, and once it was running, I could remote in and start providing IT services to my client two time zones away.
It can help you prevent data exfiltration from the outside, but you'll always have a problem with employees who want to do bad things. It isn't a completely zero-trust approach. It has logs that will tell you if something seems odd. That requires the owner or IT professional to stay on top of it.
The stability of the Netgate hardware and pfSense software helps to prevent downtime. At the machine shop in Montreal, we had an older Netgate model running for almost seven years, which we replaced last Christmas. It wasn't failing, but we upgraded it to ensure uptime. We spent about $200 on that device or about a few months of coffee for the office. You can deploy pfSense on your own device, but it gives the client comfort to see an actual device instead of something I cobbled together.
I don't know if there's a particular dashboard other than the volume of data you are passing through the firewall that we check to ensure it is as expected. All of the businesses we handle are small, so we don't need some of the advanced features, such as VLANs, and I'm not going into them to fiddle with them constantly. If the power is somewhat dodgy, as it is in Montreal, they come back online in the proper configuration.
One of the main benefits of our use case is pfSense's inclusion of OpenVPN. We can set up a server-client configuration so employees can access the office outside business hours. This enables us to provide secure remote access to their workstations and other devices inside their worksite. OpenVPN is included, so I don't need to purchase an expensive VPN solution with its own client.
I also value the community on the pfSense website and other forums. If you're trying to set something up, there's invariably someone else who has done it before. It's open source, so the community is massive.
PfSense is quite flexible. You can tune it to meet your needs. If my client has something provisioned to their clients, we can run that through the firewall. We can also set it up so that everything is locked down and all traffic moves through the VPN. Like any other firewall, you can set up rules. I haven't encountered anything that I wanted to do that I couldn't.
Setting up the VPN is always tricky, but adding features isn't hard overall. OpenVPN is easier to use than any other open-source VPN solution. It does all of the DHCP and DNS forwarding and other firewall tasks out of the box.
In most of our use cases, the pfSense interface acts like a single pane of glass for me to log in, monitor, and configure. You can use the command line interface, but I use the web interface. I would only use the CLI to review logs because everything is on a text interface rather than a browser window, so it's easier. However, for a business user, the web interface is easier if they don't have any complex needs.
Our customer's IT operations are optimized to go through the pfSense firewall and OpenVPN. It enables us to get work done without constant callouts from the clients. When we upgrade to a new unit, we give them configuration files to install on their workstations.
They could improve the VPN wizard to make the configuration easier. I don't know what happened last time, but it was a little fiddly. Adding users isn't difficult, but it's a step that's in a different panel from the configuration of the VPN client itself. You need to create the user on the firewall and then associate that with the VPN. They should make it easier to link the firewall configuration with the VPN client.
I have used pfSense for between five to seven years.
PfSense has always been stable, even in an inhospitable environment. A machine shop is bad for devices because of all the dirt and oil, and I had one that continued running for five years without any complaints.
I always pick a Netgate device that has sufficient hardware for each of my clients, but if I had to expand suddenly, I know Netgate has a range of devices that would work. However, I do think they focus on small and medium-sized enterprises.
I deploy pfSense on Netgate appliances. It's easy for a typical network engineer with no experience with pfSense. If you know about networking, it's an easy device to set up. Coming from a Cisco background, I found it dead simple to install. I have deployed boxes in under an hour. One person is enough to do it. The maintenance and updates are easy. I've never had an issue with updating and fixing bugs. You can do it all remotely.
I rate Netgate pfSense nine out of 10. Having a basic understanding of networking concepts, like firewalls, routing, and VPN will help you navigate the pfSense interface.
I am using pfSense for its firewall, gateway, and intrusion detection. I used the Community Edition for years and then switched to the pfSense Plus free-from-home edition. There was a bit of turmoil when IXSystems announced that they would no longer offer the free-from-home edition
We immediately realized the power when we deployed it a few years ago. It exceeded our expectations. As time went on, I discovered more features in the different packages they provide and whether they fit my needs. Over time, it's been a learning process, and I've been greatly impressed with almost every aspect of this product. It has all the things I wanted but found lacking in other products.
All of the features work together to prevent data loss or any compromise of your data. It all boils down to the rule set. I have mine configured so that all the data goes out depending on my Netgate device. Some machines go through a particular VPN connection. If that connection goes down, I've got the rule set configured like a dead man's switch. It's cut off from the outside world, and I get an alarm, and it allows no more attempts to let traffic pass through that connection.
It helps to prevent downtime. Whenever there is an issue, it's the first place I look because I can check the statuses of various interfaces to check whether they're up and then zoom further out to see if it's something in my internet provider, like a faulty cable. It enables me to reduce downtime by quickly determining where the problem might be.
PfSense provides the visibility I need to make data-driven decisions. For example, if I have a spike in bandwidth usage, it shows me which devices on my network are suddenly eating more bandwidth. I can see what's causing that. It also greatly reduces the time spent maintaining my network, so there's a productivity boost.
PfSense has a learning curve, but once you've mastered that, it isn't that difficult. It's very flexible, and you can do almost anything necessary to secure a home network. It has packages that expand its capabilities. For example, you can install Snort if you want intrusion detection. If that's unimportant to you, you can use it to check the bandwidth of all the machines in your network.
Adding features is simple. You go into the menu to check which ones are available and click on the ones you want to install. If you've done your research on the packages you want and the settings you'd like to use, it's a matter of walking through the configuration in the menu. When removing the package, it will revert the settings 99 percent of the time.
I like the interface. You can arrange the windows to see the important information and put them in the order you want. You can see the various interfaces you have at a glance in a single pane of glass. I have certain bits of information I want to see first, and there are secondary or tertiary pieces of information. If you are using VPN connections, you can see their statuses. You can see hacking attempts, which are logged.
It's powerful. You can get quite granular in setting up a highly topical application of pfSense, but if you want just basic protection, you can do that easily. It depends on your needs and how brave you are. You can go deep into the system and do some cool things with it or set up the bare protection you would get from any firewall.
I'm trying to set up a gaming server for multiplayer games like 7 Days to Die. I spent three or four days trying to publish a private IP address through pfSense to the outside world. Some commercial and consumer-grade routers can do this, specifically gaming routers, but pfSense is not intended for this usage.
That's a feature I'd like to see added, where you can go into a submenu, turn it on, and specify which machine or IP address you want to publish. It's not a must-have, but it would be nice to have. I spent a long time trying to figure that out. Ultimately, I was successful, but it was not intuitive.
I have used pfSense since 2016.
I rate Netgate support 10 out of 10. You must have a license for pfSense Plus, and I called them about an unexpected hardware issue that caused me to switch machines. I emailed explaining the situation and got a response the same day. I provided all the information on the new box, and they gave me a license. It was a pleasant, non-stressful experience.
I have used Smoothwall and a few other things that have been abandoned. I liked the look and performance of Smoothwall's interface. It had many of the same features as pfSense, but its capabilities weren't deep enough. I've also used basic Linux distros set up as firewalls, but pfSense is oriented toward an enterprise-level deployment, and I find myself between hobby and enterprise. I also like the added features pfSense provides.
I am not using a Netgate appliance. I deployed pfSense on a very small machine that has plenty of RAM for the overhead, logs, and speeds I want for my network.
When I first installed pfSense, there was a bit of a learning curve. I had to sit down with the documentation and figure out what to do. It wasn't difficult— just time-consuming. That information has carried forward with me. Other people look at me like I'm some kind of expert but I'm really a few pages ahead of them in the manual.
PfSense isn't something you can turn on and forget about. You need to configure the solution and test it. Then you can turn it on and let it run. From time to time, you have to come back periodically to make sure everything is still fine. The initial deployment takes about 30 minutes. It was a one-person job.
I would like to see the price of pfSense lowered by about $50, or maybe they could create a category for home lab users like me with one device. I'm not running a business or profiting from it. I realize that people need to get paid for the work that they do, so I can't complain. They decided that they needed to change their model after providing the product for free for many years.
Before they changed and started to charge for pfSense, the total cost of ownership was phenomenal. It still offers tremendous value, but that was an adjustment. You can choose to go back to the community edition or just pony up the money.
I rate Netgate pfSense nine out of 10. I only give it a nine due to that recent issue setting up the game server. I eventually figured it out and published my solution to the forums. Otherwise, it would be a perfect 10.
I use pfSense for my home monitoring. It's used to build a subnet in my home environment to separate the IoT and my daily lab.
PfSense can separate the network into subnets, which I can't do with an ordinary home router. It is relatively simple to add a multiple gigabit network port on the home router. For example, I can buy customized hardware with 6x 2.5 GbE. It helps me optimize performance. I use pfSense as my reverse proxy and have a single interface for managing all the SSL certificates using HAProxy.
The best feature of pfSense is that it can be installed on any customized hardware. I don't need to use Netgate hardware. I like the dynamic DNS update and firewall feature. Adding features is easy. If a feature is built-in, I can check it, install the package, and convert it. If it isn't built-in, I can't add it to pfSense.
PfSense's interface could be improved. For example, the menu is ordered alphabetically instead of logically. The reboot button should be located near the shutdown, but it's in alphabetical order. Also, Netgear should create a home license for pfSense Plus for non-commercial use.
I have used pfSense since 2020, so it's been about four years.
I rate pfSense six out of 10 for stability.
I haven't tried to scale pfSense. I only use it locally.
I rate Netgate support five out of 10. They are helpful for basic questions, but if I ask something more complicated, they refuse because I am not a higher tier of support. The response time is acceptable.
Neutral
I used OpenWrt before pfSense but for a relatively short period. PfSense is more feature-rich than previous solutions.
Deploying pfSense is a bit complicated, but It's nothing I can't handle. It requires some maintenance, such as when they release updates.
PfSense saves me the time I would spend doing things separately. For example, building a VM to set the rear-end policy would take a lot of time.
If it's not the free community edition, pfSense is relatively expensive for home use. It's okay for commercial use. The cost of ownership is low. I can save about a hundred dollars annually.
I rate Netgate pfSense seven out of 10. I recommend pfSense for advanced users. It's a good solution if you want to learn more about networking in a company environment/.