Netgate pfSense Reviews

I mostly use basic firewall services like blocking unwanted traffic and I use the geolocation tools to predict where potential attacks could come from. That's the main purpose, to protect our business network using pfSense.

Within our organization, with a single installation, about 500 users are covered.

The flexibility of adding new kinds of services without spending any money can't be beaten. We can compare services like IP blocking, blacklisting and DNS blocking, content filtering, and even deep packet inspection with other larger enterprise firewalls.

The interface is not very shiny and attractive. Most of the people that use pfSense are highly skilled, so they don't even bother to go the extra mile when it comes to configuration or any protection mechanisms. With other firewalls, with just one click or with the assistance of a wizard, the service is already configured. With pfSense, you have to have some time to do your own research regarding how to fine-tune it. If that could be improved, then life would be much easier. This would help any entry-level users to adapt to the platform. 

Netgate, the mother organization that manages the pfSense platform, should offer organized security feeds for its users so that they can avoid configuring multiple types of feeds in multiple locations. That could generate extra revenue for the company, too.

We have been using pfSense for five years.

That's the fun part. It's completely reliable in terms of resources that it needs to run. In terms of stability, once it's configured and properly tuned, it will do its job. Still, with firewalls these days, you can't simply configure and forget — it's not like that. You have to look into it every day or every once in a while and if any new traits or new protection mechanisms need to be built, upgraded, or re-tuned, you have to do that. Otherwise, the platform is rock solid. It doesn't fail.

The expandability and the high availability configuration of the system are good.

With pfSense, we've never had to send an email to a Netgate official support organization. We follow the forum discussion — the community. We'd ask an expert in the community. That's how we deal with any issues.

One of our clients wants to switch from FortiGate to another comparable solution because FortiGate is not stable when it comes to pricing. Over the past three years, they've increased their pricing to almost double. For this reason, our client wants to explore some other options which will be more predictable in terms of costs.

It's definitely complex compared to other firewalls because you have to configure everything, read a lot of documents, and following a lot of formulas and templates. Everyone has to develop their own recipes to work with. There is no proper way forward.

That is another fun part of this solution. There is no license. You don't have to pay anything. It's completely free. The one thing that you can buy is a security feed like an IP feed or a DNS feed. This kind of thing can be easily bought, but if you have the passion and expertise, you can arrange all of these types of feeds for free. It may be slightly different between how frequently those feeds are updated compared to the paid version. Sometimes, it lags behind for 24 hours or 12 hours, but it works.

We are really happy with the system performance, overall, but it depends. For example, right now we have a client who is trying to switch from FortiGate to another solution that is less costly. We recommended and talked with them about pfSense, but despite it being a cheaper and really rock-solid solution with good performance, they were not comfortable using open source. We also offered them Sophos, SonicWall, and Palo Alto — they finally chose SonicWall. I don't know why. It completely depends on the client. 

I would absolutely recommend this solution to others. This is definitely one of the most powerful firewalls for peace of mind. The fact is, as long as you are aware of the challenges that you have to face when implementing and managing the firewall, day-to-day, then this could be the best option for you.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

We use the solution for blocking websites, banking, and malware.

I have found the most valuable features to be antivirus and malware protection.

I have been using the solution for approximately four months.

This solution is good for small businesses but it is not as stable as other competitors such as Fortinet.

We currently have approximately 45 people using the solution.

The support is good when comparing to other solutions.

We have used FortiGate in the past and they tend to be more stable, but lacking in other areas.

The installation was not too complicated. We did have some issues with the port forwarding,  some of the server application were not getting through the firewall but we managed to get it to work.

The whole network deployment took approximately three days.

We are using the open-source version which is free. We are testing the solution to see if we are going to go to the enterprise version which requires a license and is not free.

For those who want to implement this solution I would advise it is great for a small enterprise, it is best to get started without having any harm getting to their networks.

I rate pfSense an eight out of ten.

I was working for a firm that has 70 employees. They are mostly working from home, so I needed a very well-structured VPN for remote working. We put it on Supermicro, and it worked fine, and it was above their needs.

I like the connectivity to the open VPN. It's very smooth. All the encryption in the open VPN is very good. The structure of the pfSense software works out very well. The PF work cuts and the snorts and whatever we put on the console for spyware and attack prevention seem to work very nicely. 

They can improve the dynamic of the input of IPs from outside. Determining the IPs that are outside would be another way to identifying potential threats. We can treat it or identify and then block it or determine the rules to work with that IPs from the outside and inside the network. 

I have been using pfSense for the past three years. 

Back in the day, I was using Fortinet, and it was very tricky to get it working without spending more money. pfSense is exactly what we paid for, and it's still working very well. We've been working with it for two or three years, and it's a very good solution, and I didn't have to spend any more money on it.

Cisco VSL and Fortinet are tricky when it comes to improving the firewall rules or creating rules above older rules. In pfSense, it's very logical. It's simple.

The initial setup is very linear and very smooth.

On a scale from one to ten, I would give pfSense a nine.

We primarily use pfSense as a firewall. It's a DHCP server.

The most valuable aspect of the solution is the way it can browse packages on the internet.

The initial setup is very easy.

We've found the stability to be very good overall.

The product can scale if you need it to.

The access control aspect of the product could be improved. There should be more control over everything that the user is doing. It should be able to log and report on everything users are doing. 

The product no longer complies with new rules in Brazil. Therefore, we need to move off the solution.

I have about five years of experience with the solution. It's been a while since we started using it at our organization.

The stability of the product is very good. We haven't had any issues. There aren't bugs or glitches. It doesn't crash or freeze. It's reliable.

We've found the solution to have good scalability. If a company needs to expand, it can do so. That shouldn't be a problem.

We have about 10,000 people using the solution. There is a network manager and about ten people that work directly with the solution.

We won't be increasing usage, however. The Brazilian government recently changed some laws and this product is no longer in compliance. That is one of the reasons we are looking at Palo Alto. We are likely moving away from this solution.

While the websites and forums are excellent, we don't have any dealings directly with technical support. Therefore, we can't speak to how they are in terms of their responsiveness or knowledgability. 

A long time ago, the company did use a different solution. They switched to pfSense. However, now they are moving away from it as well. 

We're also using Palo Alto, however, right now, it's just in the demo phase. The solution seems to be better at centralization, which is a big selling point. We have three school campuses and we'd like to configure a solution from one central location that would work for all three campuses. With Palo Alto, it looks like we can achieve this.

On top of that, with Palo Alto, there are more user control products. You can log everything that you are doing on the internet with it.

The initial setup of the solution is very easy. It's straightforward. There isn't any complexity. A company shouldn't have any troubles with the setup.

We are using a free version of the solution. We don't need to pay any licensing fees.

We are just customers. We don't have a business relationship with the company.

I would recommend the solution to small companies. If you are a small company, you can use pfSense without any issues due to the fact that it's a free solution.

I would rate the solution seven out of ten.

We are a solution provider and deploy this product for our customers. We also use it in our organization. We use both Cisco and pfSense but for our customers we mainly use Sophos and pfSense. I'm the CEO of our company. 

The solution has assisted us by preventing unwanted access. If the solution is configured properly, then you'll be protected to some degree, although you may also need other products. 

Content protection, content inspection, and the application level firewall are all good features. 

There's always room for improvement. In general terms, for someone who is not familiar with the product I think ease of use could be improved. When you're connecting, the interface is very difficult for an inexperienced user in the sense of setting everything up, as it all has to be set manually. I've also found that the more features you use influences performance and the drop can be drastic when you use advanced features. I want to achieve a certain level of security and at the same time maintain good performance.

The solution is feature rich enough, but one of the things usually outside the UTM system or gateway system is SIEM. It's an advanced system for managing the possibilities and it would be nice to have a kind of interface in the UTM, to enable connectivity with most SIEM systems.

pfSense is rated as one of the good solutions in it's field and stability is good. 

The solution is scalable to a degree but we never use it for big companies. We use it for mid-range companies. Our company has a data center and we have companies that are hooked to our data center. We're doing this on-premise for our customers so if the customer has an on-prem information system, we will implement the firewall and UTM at their location. We have plans to increase use because we have good feedback for the product and we have good experience with it. So we are increasing use of pfSense. Actually we are moving away from Sophos and more towards pfSense.

Technical support is well organized. Most of it is in-house, but in the case there's also a we have access to a second level if necessary. 

We were one of the first companies here making UTMs (before they were known as UTMs). We were the first partner of Cobalt, the first appliance creator. When Cobalt was bought from Sun, we made our first network defender line. It was the first appliance that had a firewall, content inspection, constant protection, intrusion prevention, intrusion detection, antivirus, and mail and web server in one box. Our line was mainly distributed all over the Middle East, Asia, and some parts of Europe. We expanded and worked with companies such as Palo Alto, Cisco, Sophos and pfSense. In some areas pfSense is better than Sophos which didn't make the advances they should have. They now have XG, so they have two totally different products in the same area which is one of the reasons I prefer pfSense.

If you carry out a straightforward setup, then you will have straightforward, basic protection, nothing else. It's more complex if you want other things included. We usually start with some research, carry out a basic setup and make the initial monitoring. From there we make additions based on the results of the complete monitoring. Then it's ongoing monitoring all the time and setting or adjusting to the situation.

For any compnay, ROI can be seen even if they look at the basic possibility of a crypto virus or the like. The savings on that would be at least two days of lost work and the cost would be more than the cost of the whole system plus maintenance. 

Licensing costs depend on company size. pfSense is an open source solution, so there's a charge for support. We offer a first line of support and a second line if required. Payment depends on the contract, because usually it's only covers the firewall. We offer a contract for the network which includes UTM. There's a hardware cost for HP servers and, again, depending on the size of the company, installation cost is about 500-800 Euro. There's an annual maintenance fee included in the networking agreement. 

I recommend this product, it's well-balanced, has a longer history than other solutions so it's not lacking in maturity. There is a lot of online support available via YouTube or blogs but professional support is available if required. I highly recommend taking the support because usually people look at the UTM as something which should be set up in the system and left, but that's not the case with these devices. I strongly suggest making an external agreement with a specialized company to deal with security. Users need to have decent protection, not just protection.

I would rate this solution a nine out of 10. 

It is my main firewall into the data center and VPNs for clients. It sets up my DMZ and does a whole bunch of other stuff. I am using the latest version.

We wouldn't be able to function without it.

The intrusion detection feature is the most valuable. It is an open-source firewall, so there is a lot of material on it. I also find the open VPN capability very nice.

It is pretty customizable. The clustering and the high availability are the two biggest things to be able to get out of a firewall. 

Their support could be better in terms of the response time.

It has been pretty rock solid.

Its scalability is good. I have got web users and other kinds of users, so there can be five or thousands of users.

I paid for some support with them, and it was pretty good. They just could be a little quicker in responding. They have custom level support, so if you got something complicated, they get you up to the upper tiers, but it takes a little bit longer to do that. Once you get there, the support is good. I would rate them an eight out of ten.

I used Fortinet previously, and I used Ubiquiti prior to that. We switched partly because of the cost. It also gave me the ability to do the clustering. I can still maintain my VPNs, connections, and other things. I can take down one of the firewalls for maintenance and bring up the other one and not take down my whole user base.

It was not complex. I was able to do it myself, but we had some problems with some of the protocols, and we had to get one of their coders to get in and look at it. Because of that, it was a little complicated to do the high availability stuff.

I did it myself.

I spent a couple of $1,000 on hardware, and the OS was free. A comparable firewall would cost me probably 20 grand. It saved a lot of money.

I would advise others to go for it. I would recommend this solution. It is a good solution. No other solution can beat the price. 

There is so much stuff you can do with it. There are so many features, and I have not even scratched the surface on all of them. If it is something that someone doesn't feel like configuring, you can buy a prebuilt system from them and get support.

I would rate pfSense a nine out of ten because of the cost and flexibility. It has been pretty good.

We mainly use pfSense at client locations where the client is looking for a free alternative for paid/subscription based Network gateway with enterprise grade features

Being free and open source, we replaced our network gateway with it. Works well on an old Pentium 4 PC with 1 GB of memory. Failover, URL Filtering, Proxy server, traffic monitoring features inbuilt with SNORT IDS/IPS is all we use and have never faced any problem for over 5 years now.

The most valuable feature for our company has been the extensibility of the platform which is great. It's a great solution and I have regularly been supplying it to my clients. 

The user interface could be improved, it's a bit clumsy and clunky.  

I've been using this solution for more than seven years. 

This solution is absolutely stable. With some systems there's a necessity to regularly redo the configurations inside the system. With Pfsense that's not the case. I have no issues with it at all. 

The solution is very scalable. It has a failover feature so it's highly skilled. 

Given that the solution is a free and open source product, it doesn't have any technical support center. We just have the online documentation which is not one of the best, but it's good. 

I previously used a solution from Cyberoam but we had issues with the licensing. That's the reason we mainly stick to Pfsense open source.

The initial setup is a little complex, of intermediate difficulty. It takes about a day. 
In terms of deployment, the entire system has been installed and configured to basically take care of a network of roughly around 35 to 40 computers. We have a dedicated physical machine which has been configured and installed throughout.

My only comment would be to suggest that if you wish to implement the solution read the documentation very carefully. 

I would rate this solution a nine out of 10. 

We just use the solution as a straight-up firewall. There is no VPN access or anything like that. We just use it as a straight-up firewall and we run Suricata on it as a defense.

The built-in open VPN and the VPN Client Export are the solution's most valuable aspects.

I cannot recall any features that are lacking.

There's a bit of a learning curve during the initial implementation.

You do have to pay extra for better customer service.

We've been using the solution for about six months. It hasn't been too long.

The solution is very stable. We've had zero issues. There aren't bugs or glitches. It doesn't crash or freeze. It's been reliable.

I have not tried scaling, therefore, I can't really comment on how easy or hard it would be to expand the service.

There's only one person in the organization using the solution, and that's me.

The tech support is excellent if you have a support subscription. If you didn't have that, you could be lining up for a while. It could be a hit or miss, whether you get someone that's actually going to help you. 

However, we have a subscription and therefore our support is always excellent. We're quite satisfied with the level of service we're getting.

Previously, we used Dell SonicWall. There was just a high cost of licensing all the time, and, with having someone go in and troubleshoot for issues as well, it just wasn't cost-effective anymore. pfSense is simply a better solution.

The initial setup has a bit of a learning curve. It's not complex per se. It just takes some getting used to. After the initial deployment, the other six or seven were easy. I could just copy the configuration of the other ones, change some IP addresses, and I was basically done.

There aren't monthly or yearly licensing costs.

We're just cusomers. We don't have a business relationship with pfSense.

We're using the latest stable version of the solution.

I would 100% recommend the solution to others. On a scale from one to ten, I'd give it a ten.

Our main business is for WiFi networks. Customers also ask us for simple firewalls, and we use pfSense to add a firewall to provide the complete solution. We are working with the latest version of pfSense.

One of the advantages of pfSense is that it is very easy to work with. It is a very good open-source solution, and it works really well.

pfSense provides a complete package. For some features, it could be the first solution in the world. It is a very good alternative in the market for a firewall solution. You don't need to go to Cisco or other brands with expensive firewalls. pfSense also allows us to offer some support services.

There is more demand for UTMs than a simple firewall. pfSense should support real-time features for handling the latest viruses and threats. It should support real-time checks and real-time status of threats. Some other vendors, such as Fortinet, already offer this type of capability. Such capability will be good for bringing pfSense at the same level as other solutions. 

I have been using pfSense for about four or five months.

It is stable.

It is easily scalable. It is more of a hardware thing than a software thing.

It is easy to deploy. Our real deployments are for WiFi networks, and then we add one or two firewalls to protect the network. For a small network, it can take one week. For a more complex network, it could be two or three months. We have a few upcoming projects which would require severe thousand firewalls, and it would take us more than a year.

It is open source.

I would recommend pfSense, but it depends on the requirements. There could be other vendors who offer more services than pfSense. For example, Fortinet is a very good brand, and it offers services in a different way. Fortinet also offers more services, but it is very expensive. If you don't need some specific services, pfSense is an excellent solution.

I would rate pfSense a nine out of ten.

We use it for small businesses, and most of my clients are using pfSense.

It works. I put pfSense in, and it works. I can't think of any trouble I ever had with it. It runs on heat-sensitive appliances. They don't need a fan, so they don't overheat. 

It is affordable, fast, and very high-speed. It is built on BSD Unix, and it pretty much runs on any Intel processor. 

I've never tried it in large environments. All my clients are small businesses with a handful of employees, so I am not sure how it works in large environments. I keep up with recent versions, and there's nothing I'm waiting for, and nothing breaks when I get a new version.

I have been using this solution for maybe five years.

It just works.

I've never challenged it. All of my clients are small businesses. It is open-source software, and it runs on whatever appliance you run it on, so whatever computer you run it on, it'll scale up pretty high.

Their technical support is excellent. They do have good support service. I don't use it because I've never had any problems with it, but the people I know who use it in bigger environments love it. You can even search their knowledge base and learn anything you want to know pretty quickly. 

Some of my businesses just use the built-in firewall in the ISP modem. I replaced an old SonicWall that couldn't keep up with a faster internet service. I've replaced a couple of Cisco solutions that were just getting old to run modern software, but the hardware was working. They just died of old age, and I replaced them with pfSense. It has been great. I'm sure a lot of people know how to configure Cisco solutions, but I don't. pfSense is very easy to configure.

It was very simple. You download and boot a USB stick or a CD to install it. From then on, it is managed by its own webpage. The deployment takes a few minutes.

It has almost zero cost, and it is open to us. It runs on a small appliance just for a couple of 100 bucks, and I've never had an appliance burn out on me yet. 

It is just great. Give it a try. It just works.

I would rate pfSense a ten out of ten.