Netgate pfSense Reviews

We're using pfSense as a firewall and for web filtering.

The firewall sensor is highly effective, and it's easy to deploy. You can deploy pfSense with limited hardware resources. It's not necessary to have an appliance with much RAM to make it work. It's cost-effective and performs well.

The solution could be more user-friendly, and the graphical interface needs some work so that someone without an IT background can use the application. I would like the ability to manage the on-premise appliance from the cloud. When I'm not in the office, it would be great to connect to the pfSense server and administer the network remotely.

I've used pfSense for two and a half years.

pfSense is stable. 

You can scale up pfSense with multiple clusters for higher availability. It has that capability. It gives you that flexibility to set up a hybrid with part of the deployment in the cloud and a mural copy or to grow your network. 

At my previous company, we used a Cisco firewall and a router, but they kept having issues with the firewall and the device.  When I joined this company,  we introduced pfSense and haven't had any issues since. 

Setting up pfSense is easy, but it depends on your experience level. The average person with an IT background who is grounded in ICT can do install and configure pfSense in 15 to 30 minutes. 

PfSense is an open-source product, but you need to buy a license to get some features. 

I rate pfSense eight out of 10. It's an open-source solution that you can deploy on data warehouses with various resources. You're not tied to specific hardware. It's easier to manage and use.

Before deploying, you should find out the details about the environment where you will install pfSense. I would recommend pfSense for an enterprise environment with around 1,000 to 2,500 users.

On-premises

We use the product as a perimeter firewall.

We can run it on any hardware.

The product must provide integration with other solutions.

We have been using the solution for ten years.

The tool is stable.

The tool is not very scalable. That is why we are planning to switch to a different product. The solution is used by one administrator and 75 end users in our organization.

I have used SonicWall, Sophos, FortiGate, and Cisco Meraki. The choice of product depends on the context. Netgate pfSense is suitable for small businesses and homes. It is not the best solution for large deployments or branch offices. Sophos and FortiGate would be suitable for large companies.

It is easy to install the tool. We need two weeks to deploy it. One person can deploy the solution. It is also easy to maintain. One person can maintain the solution.

It is an open-source solution.

Overall, I rate the product an eight out of ten.

On-premises

I use the product to test firewalls and VPN solutions.

We could use the solution to connect with the firewalls remotely for security.

The VPN features are the most valuable. The product’s documentation is good.

The solution’s interface must be improved.

I have been using the solution for one year. I am using the latest version of the solution.

I rate the solution’s stability a ten out of ten.

I rate the tool’s scalability a ten out of ten.

The initial installation is easy.

The product is cheap.

Initially, the product was difficult. It gets easier with use. It was a good investment. I would recommend the solution to others. Overall, I rate the product an eight out of ten.

On-premises

We use it for its firewall features and VPN.

I provide it to my customers, and I also use it in my office. It is a very good solution for enterprises that need a VPN for their employees. It is the best way to provide a remote work facility to employees at a very low cost. Other solutions that I have had in the past were very expensive. Enterprises don't always have that kind of money to invest.

Its firewall ability is very good. It is very good and smooth at stopping attacks. It is better than others because we have to perform quite a bit of programming.

It is a very good and affordable solution for enterprises.

Other solutions provide more scope for growth. For instance, we can have only 10 to 20 employees on VPN, but other solutions can support more users. We also have more capabilities to increase the performance of the solution.

I have been using this solution for four years. I am using it now, and I have also used it in the past.

It is very stable. Both pfSense and Netgate appliances are very stable. I have had some of these solutions working non-stop for about a year and a half.

It is very scalable. It is being used in an enterprise with 70 employees and about 30 terabytes of communication per month. I also have other small enterprises with 10 to 20 employees. In my office, I have four users. 

I usually use community forums for any tech support. I get very good information there.

I have also worked with Netgate appliances in the past. Both Netgate and pfSense are very stable.

It is not very easy, but it is straightforward. We have an agreement with the clients to have the equipment and install the appliance in three or four days.

It is very suitable in terms of the price. If a client cannot acquire a Netgate appliance, I provide a custom-made appliance, and I install the Community edition of pfSense. It is a very good and affordable solution for enterprises. Some of the clients pay monthly but usually, it is annually.

The maintenance cost varies depending on the kind of solution we have implemented. It could be €100 per month or around €800 per year.

I would absolutely recommend this solution. I would rate it a nine out of 10.

On-premises

I use it as a firewall and also as a router because you can address what you want to do with it. It can do network advanced translation (NAT).

It is sitting on my own server. It is on a remote server on a private network.

It is very simple to use. I'm working faster now. I don't have to configure a switch and sync some VLANs on the switch. I can concentrate more on my work because I know that pfSense is guarding my network. It improves my workflow a lot. 

The plugins or add-ons are most valuable. Sometimes, they are free of charge, and sometimes, you have to pay for them, but you can purchase or download very valuable plugins or add-ons to perform internal testing of your network and simulate a denial-of-service attack or whichever attack you want to simulate. You can also remote and monitor your network and see where the gap is. Did you forget a printer port? Most attacks at the moment are happening through printers, and they can tell you immediately that you forgot to close the port of the printer. There are more than one million printers that are in danger, and everybody knows that hackers are using them to enter the network. So, you can download plugins to protect your network.

It is not only a firewall; it can also do some routing or network advanced translation (NAT), which makes it very powerful.

It is very simple to use. As long as you understand the basics or fundamentals of networking, you can manage everything very quickly with it.

The web is evolving every day. So, the product should be constantly improved with more regular updates. Things are constantly changing. There are obsolete protocols, and then there are new protocols. For my own use, it is not an issue, but for somebody who is more at the forefront of internet browsing, it could be a problem.

There could be a way to remote to it through a mobile app. You can always browse through your browser on your mobile phone or tablet, but it would be good to have a dedicated app. I understand that iOS and Android developers are expensive, but there should be a mobile app.

I have been using this solution since May.

It is very stable as long as you don't change the winning theme. When it is working, leave it working. My rule number one is one computer, one function. So, pfSense does that one function, and I don't try to use it for anything else. I could do some File Transfer Protocol or things like that, but it is not made for them. I don't restart it and move it. I only do the security updates and change the username and password very often.

I don't require much scalability. It is fine for a small-scale company with about 30 devices, such as printers, computers, etc. I'm only working with a few people, and I don't have any traffic problems, but a company with 50 or 60 users could have problems with it. Currently, there are four to five users, and I'm providing multimedia services to four to five people. 

It is being used extensively. Sometimes, its usage is 50 times a day, and sometimes, there is no usage. I don't work on it on a daily basis. It also depends on the project I'm working on. We have plans to increase its usage.

Their support is good.

I didn't use any other solution previously. I didn't have a need for it. Only in May, I had the need to deploy my own service.

It is easy to set up if you understand the protocols. If you understand the theory of what is a firewall and what is a router, its initial setup is straightforward.

Its deployment took one week. The strategy was simple. It involved blocking certain traffic, allowing certain traffic, and making ACL or a list of undesired operations such as cookies so that if it is impossible to sniff, and there is complete security. If someone is trying to enter, I immediately get a message on my phone, whether I am in the county or abroad. I immediately get a message saying that somebody is trying to enter, and I am able to counterattack immediately. That's a big advantage of it.

I did it on my own with the advice of some of my friends who have much deeper knowledge than me. It is also very well-documented on the web, and there is a big community.

I am also taking care of its maintenance. I don't have any maintenance except that sometimes, the server on which this solution is implemented has issues. Its maintenance mainly involves regularly checking the systems.

There is a big return on investment because FortiGate is 60 to 70 times more expensive, which could be a big problem for me. It is more expensive than my car. I have a small budget and a small car.

It is about €1,000. It is a one-time payment. I do not have a monthly or yearly subscription. I don't subscribe to any subscription because I hate cloud services.

There are no additional costs.

I would advise others to try it and see if it is good for them. It is a very good product for me, but that might not be the case for other users. There are so many solutions, but I'm really happy with it. For my scale, it is good. If you are Amazon or a company with one million connections every minute, don't ever use this. It is not made for that. It is perfect for small-scale networks.

I would rate it a nine out of 10. It needs more regular updates, so I can't rate it a 10, but it is very easy to use, stable, and solid. 

On-premises

I build my own firewalls, and I use pfSense.

It is very easy to use. The interface is quite understandable. There is a good community, and I can take over at any time I want. If there is anything wrong with it, I could just reinstall the whole thing and start all over again, and I'll be up again in less than a few minutes.

More documentation would be great, especially on new features because sometimes, when new features come out, you don't get to understand them right off the bat. You have to really spend a lot of time understanding them. So, more documentation would be awesome.

In terms of features, for my use, I don't see anything wrong with it. I basically get what I need from it by default. I build my firewall, so I only rely on the software. On the software side, there is not much to improve right now. So, at this point in time, I don't see anything, but I always welcome any kind of upgrades that they do. I always try them out and see if I can use them in the company or not, but so far, there are no complaints on my end.

I have been using this solution for more than eight years.

It is a very stable product.

It is quite scalable.

I don't have any experience dealing with technical support directly from the makers of pfSense. I am using its Community Edition. That's why when it comes to technical support, I rely on myself, the community, and the information on the internet, especially from those who are more adept at it than me.

It is quite easy. It is up in a few minutes even though I reinstalled the whole thing. For me, it is as straightforward as it can get. I'm a long-time user, and I don't see any problems with the configuration.

We are using its Community Edition, which is free. My company is a government school, and we don't have much budget.

There is a steep learning curve and you have to spend a lot of time with it to understand how you're going to use it and how you're going to customize it yourself. That's where you're going to have to spend a lot of time, but by the time you're done with everything and you have played with all the features you want, you will understand everything you need. You will always be up in minutes, even if it gets "destroyed" during the night, you can come back to it and reinstall the whole thing, and everything will be good.

I would rate it a 9 out of 10. It cannot get a 10 right now because it changes every day. It might be 10 today, but in a few seconds, it won't be a 10 because the whole internet changes in a few seconds, and the whole way of serving your clients can change in a few seconds. So, it can't get that perfect 10. 

On-premises

We have one Head Office and two main offices and other small branches. We want to secure our network from external and internal threats and block all unnecessary ports. We want to create a WAN with firewalls installed at all other offices and branches to connect to Head Office directly.

Overall, our experience with pfSense has been good. We're satisfied with what we're doing, but we have to move forward. It's covering what we require now, but maybe we might need something else in the future. For example, we are implementing ISO 2701, and the regulators could demand something else for compliance if they conduct an audit. And if we're following the policies required by ISO 2701 best practices, then perhaps we need to implement new hardware too because we can't do everything with our existing hardware infrastructure. 

For instance, say I want to block USB access, but I don't have the software. Currently, we use our antivirus software, which is a proper endpoint management tool. We can use it to modify the Windows registry and block everything, I can do whatever I want with the PC on the endpoints. We need to have that, but not everything works without the hardware infrastructure. 

The GUI is easy to understand. 

We had one issue with hardware support. The department head who was managing the solution became the director of the company, but he still has administrator access. And usually, whenever a WAN goes down, we always have a backup, but the hardware doesn't support more than one WAN. And then, if he wants to switch, he doesn't know how to reconfigure it. So we have to wait for the ISP to resume their services, which is not professional.

Also, the GUI is helpful, but it's not user-friendly. It's complicated. It should be more intuitive for the average user and have an excellent graphical view. Of course, the user will typically know about network administration, but it still should be easy to understand. A user should be able to find the feature they're looking for easily, but pfSense isn't so good in that sense.

We're using a flavor of pfSense. It's called XNET. It's a flavor of the pfSense main pfSense build because it's open-source, but it's basically similar to the pfSense build, and we've been using it since 2008.

Not very stable.

Scalable but only if one has expertise of open source configuration of software such as pfsense.

Customer support for any open source product is mostly based on the individuals who have expert knowledge while otherwise we have to resort to other internet sources.

I've used TMG by Microsoft, and it's much easier to manage domains and websites. For example, pfSense has IP-based blocking, but websites like YouTube and Facebook keep using different IPs. TMG blocks the actual domain name. That is one downside to pfSense I've noticed as a basic user.

It was complex and done by the vendor.

We implemented it through a vendor who had build upon the pfsense open source to create a package titled Xnet firewall.

We only paid for the hardware and savings were quite high.

This is a good option. If a vendor is trying to sell Fortinet and Sangfor, but the customer's requirements are basic, they'll have a hard time convincing someone who believes in free, open-source software that pfSense is not suitable for them. The only cost is the hardware. But pfSense doesn't have after-sales support or some of the other features you might find in a commercial solution. 

I've heard that Fortinet is slightly more expensive than Sangfor. Then again, if Sangfor comes into the picture, maybe you would consider Sangfor.

I rate pfSense six out of 10. We want a product that has at least two WANs as well as fault tolerance or load balancing features, which pfSense also has, but we don't have the hardware or support. That's why we need to switch. However, if cost is a big issue, then I recommend pfSense for customers who can't afford a paid hardware and software solution. That was our issue because we're a government company, so our assets belong to the government. We have to think about where we want to spend money because it's the taxpayers' money. If your management doesn't understand the need to invest in IT, then you can consider this alternative.

On-premises

The product makes our business more secure. It has increased the security of our business. We are using the two solutions. The first one is from Cisco, and the second is from pfSense.

A few months back, we were attacked, however, the attackers used the wrong software. We decided then it was important to start prioritizing our security, which is why we brought on this product. 

The solution is very flexible.

I find the product very easy to use. 

The initial setup is not complex. 

The solution has been very stable so far.

We can scale the solution if we need to.

The process can be challenging. We do not have one security team. We need a team that can guarantee the security of our company and we're not there yet. We only have the client's equipment, and one guy managing this equipment. This isn't necessarily a problem with the product, it's more about our own internal structure. 

Ultimately, we'd like something stronger, and something that can handle threats better in real-time. 

I've been using the solution for about five years now. 

The stability has been great so far. there are no bugs or glitches. It doesn't crash or freeze. Its performance has been great.

The scalability of the product is very good. If we want to expand, we can do so. 

We have 3,000 people on the solution right now. There are people from various teams that utilize it. It's not just IT. 

We previously used OpenBSD, a Linux solution. 

We switched to this product as it is free and open-source. It also increased the level of security we had on hand, even though OpenBSD was more user-friendly. 

When it comes to setting up the solution, it's not a complex process. It's pretty straightforward in general. 

The deployment took maybe a month and a half. 

We have two teams that handle deployment and maintenance tasks. One team is internal and the other is external. They're mostly engineers and they work together. 

We used an outside integrator to help us and we were pretty happy with the results. 

We are using the free version of the solution. We are not paying anything for it at this time. 

We're reading up on other solutions every day. We likely won't stay with this solution. It's good for now, however, we'd like something more robust further down the line. 

We are a customer and an end-user. 

We're using either version 5.3 or 5.4 at this time. 

While this is a good solution, we're looking for something stronger in the future. I'd recommend others also look for something strong, that fits their security needs. 

I would rate the solution at a nine out of ten. 

On-premises

We had been hit by crypto, and with our existing firewall infrastructure, we found out it didn't have geofiltering without an additional cost. That's still written from SonicWall and I think you have to pay extra for that. pfSense came with geofiltering and with logging as well, which I believe you have to pay extra for with SonicWall. So we didn't realize this until we got hit. We implemented GoIP filtering, and we also activated and stored the log files from within the firewall. I think there are some other feature sets that we used as well. The device seemed to be a little bit simpler to manage and configure through the interface. Of course with it being open source, we were able to stay current with that without having to incur annual purchasing or annual licensing fees like we do with SonicWall.

What I found most valuable is the cost of the platform, the flexibility of the platform, and the fact that the ongoing fees are not there as they are with the competitor. Some people may think you're taking a risk with using open source. I think it just provides the end-user, specifically for us small, medium business providers of services, the flexibility we need at the right cost to provide them a higher-end, almost enterprise-type service. 

In terms of areas of improvement, the interface seemed like it had a lot. The GUI interface that I had gotten into was rather elaborate. I don't know if they could zero in on some markets and potentially for small, medium businesses specifically, give them a stripped-down version of the GUI for pfSense.

I've used this solution for about a year. 

You could scale the pfSense platform to multiple users and bandwidth. With SonicWall, you have to go get a different version of their product because they're going to tie their firmware to their version. pfSense doesn't do that. It seemed to me like the scale of pfSense is easier and it was a non-sales interactive requirement to scale the offering versus with SonicWall.

Technical support was through an online chat. I don't remember us running into any snags. 

The initial setup is pretty straightforward if you have your ducks in a row if you understand the IP engineering and design, and you understand some of the protocols that you want to introduce into the environment. I think one of the biggest things that it allowed us to do also was remote desktop or remote access. We filtered out remote management. We shut those ports down within pfSense, and that seemed pretty straightforward. I think the GUI has a little too much information out there, but if you're a senior engineer, you're going to love all the information because it makes sense to you. If you're a junior or a freshman engineer, you're not going to mind it either because you can use it to teach yourself how to take advantage of that information that's there. 

On the front end of this, I thought it was rather intuitive.

With a firewall, typically we only charge between $25 and $75 a year to manage the firewall. That allows us to keep our price points low, and with minimal administrative overhead, we can maximize our profits.

When compared to other solutions like SonicWall, SonicWall has a built-in administrative burden where you have to go back and make sure your client understands they're going to get hit with another annual fee to keep that device up to date. pfSense is not like that. pfSense is not like that in the sense that if you go out and get the latest update of firmware or software, you're going to get the latest and greatest. You don't have to remember to go to the client and remind them they're going to be charged another fee next year to keep their license current. I hope they keep that model.

If you're a junior or even a beginner engineer, jumping into the interface for pfSense could be overwhelming. There are going to be things in there you just have never heard or seen before, which isn't a bad thing.

On the front end, I would take advantage of any courses that are out there, any introductions to it. It's very intuitive and there are a lot of forums out there that you can go watch and educate yourself on. If you are not that advanced of a network engineer, I think it's a great solution for you because you can go out to some peers and get a lot of direction and guidance from them to set it up in a small environment. The only other thing I would do is just compare. You always have to understand what your customers' needs are. Make sure you understand what your customer's needs are and that it's going to fit into their environment and their budget. I don't know why it wouldn't, but that'd be about the only advice I'd give is just make sure that it is definitely a fit for your customer base. I'm fairly confident, small and medium businesses should be a very good fit. I've been in the enterprise space as well. There may be some things on the enterprise level that you just can't do with pfSense and you might want to go to some other solution set, but I think it's very competitive.

I'd rate this solution a nine, even if I was an experienced engineer because it's easy to have and easy to maintain.

I use pfSense as a proxy and a firewall to monitor all the traffic to my network. It allows me to shape the traffic and eliminate bottlenecks that cause the network to slow down. You can use pfSense to catch some websites or make the network faster because we have applications connected remotely all over the country. We need to have a network with a reliable speed and no hiccups on the way because all our applications are on-premise, and the entire country goes to the same data center to get information.

I like pfSense's reports and how I can control access to the policies on the firewall.

The user interface can be improved to make it easier to add more features. And pfSense could be better integrated with other solutions, like antivirus. For example, pfSense could add templates with firewall policies that a user can customize. I haven't tried to integrate pfSense with Microsoft Active Directory, but in Mozambique, we use many Kaspersky antivirus solutions. If pfSense integrated with these antivirus solutions, everything would be much more stable because most of the companies here have a different kind of security solution. Within a single company, you might find two or three different antivirus suites. So, for example, there could be an open-source solution that you get for free, but you can pay for the support if you want it. So for solutions like that, it would be great.

Companies in Africa have issues with budgeting for IT. An open-source solution like pfSense gives us stability and provides us with good reports. It's amazing. It makes the solution reliable.

I haven't tried yet scaling up pfSense. But my setup is Windows based, and I have some Windows-based applications, so I want it to integrate with the Microsoft Active Directory. I haven't done it yet, but I think it would be good to have that integration.

I contacted pfSense support only once when I was installing it and had only configured one network tab. I had to get in touch with them, and the support was terrific. I was impressed. I can't complain about their support.

I have some experience with Linux distributions, so setting up pfSense was a bit easier for me, and I have been working with security for quite some time. It was fast for me, but part of my team is not used to a Linux environment, so it was tricky for them to implement add-ons to the appliance.

I rate pfSense eight out of 10. I would recommend it for a small business or a startup as a starting point. It's also good for companies that are on a tight budget.

On-premises