Netgate pfSense Reviews

I mostly use basic firewall services like blocking unwanted traffic and I use the geolocation tools to predict where potential attacks could come from. That's the main purpose, to protect our business network using pfSense.

Within our organization, with a single installation, about 500 users are covered.

The flexibility of adding new kinds of services without spending any money can't be beaten. We can compare services like IP blocking, blacklisting and DNS blocking, content filtering, and even deep packet inspection with other larger enterprise firewalls.

The interface is not very shiny and attractive. Most of the people that use pfSense are highly skilled, so they don't even bother to go the extra mile when it comes to configuration or any protection mechanisms. With other firewalls, with just one click or with the assistance of a wizard, the service is already configured. With pfSense, you have to have some time to do your own research regarding how to fine-tune it. If that could be improved, then life would be much easier. This would help any entry-level users to adapt to the platform. 

Netgate, the mother organization that manages the pfSense platform, should offer organized security feeds for its users so that they can avoid configuring multiple types of feeds in multiple locations. That could generate extra revenue for the company, too.

We have been using pfSense for five years.

That's the fun part. It's completely reliable in terms of resources that it needs to run. In terms of stability, once it's configured and properly tuned, it will do its job. Still, with firewalls these days, you can't simply configure and forget — it's not like that. You have to look into it every day or every once in a while and if any new traits or new protection mechanisms need to be built, upgraded, or re-tuned, you have to do that. Otherwise, the platform is rock solid. It doesn't fail.

The expandability and the high availability configuration of the system are good.

With pfSense, we've never had to send an email to a Netgate official support organization. We follow the forum discussion — the community. We'd ask an expert in the community. That's how we deal with any issues.

One of our clients wants to switch from FortiGate to another comparable solution because FortiGate is not stable when it comes to pricing. Over the past three years, they've increased their pricing to almost double. For this reason, our client wants to explore some other options which will be more predictable in terms of costs.

It's definitely complex compared to other firewalls because you have to configure everything, read a lot of documents, and following a lot of formulas and templates. Everyone has to develop their own recipes to work with. There is no proper way forward.

That is another fun part of this solution. There is no license. You don't have to pay anything. It's completely free. The one thing that you can buy is a security feed like an IP feed or a DNS feed. This kind of thing can be easily bought, but if you have the passion and expertise, you can arrange all of these types of feeds for free. It may be slightly different between how frequently those feeds are updated compared to the paid version. Sometimes, it lags behind for 24 hours or 12 hours, but it works.

We are really happy with the system performance, overall, but it depends. For example, right now we have a client who is trying to switch from FortiGate to another solution that is less costly. We recommended and talked with them about pfSense, but despite it being a cheaper and really rock-solid solution with good performance, they were not comfortable using open source. We also offered them Sophos, SonicWall, and Palo Alto — they finally chose SonicWall. I don't know why. It completely depends on the client. 

I would absolutely recommend this solution to others. This is definitely one of the most powerful firewalls for peace of mind. The fact is, as long as you are aware of the challenges that you have to face when implementing and managing the firewall, day-to-day, then this could be the best option for you.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

We are a solution provider and deploy this product for our customers. We also use it in our organization. We use both Cisco and pfSense but for our customers we mainly use Sophos and pfSense. I'm the CEO of our company. 

The solution has assisted us by preventing unwanted access. If the solution is configured properly, then you'll be protected to some degree, although you may also need other products. 

Content protection, content inspection, and the application level firewall are all good features. 

There's always room for improvement. In general terms, for someone who is not familiar with the product I think ease of use could be improved. When you're connecting, the interface is very difficult for an inexperienced user in the sense of setting everything up, as it all has to be set manually. I've also found that the more features you use influences performance and the drop can be drastic when you use advanced features. I want to achieve a certain level of security and at the same time maintain good performance.

The solution is feature rich enough, but one of the things usually outside the UTM system or gateway system is SIEM. It's an advanced system for managing the possibilities and it would be nice to have a kind of interface in the UTM, to enable connectivity with most SIEM systems.

pfSense is rated as one of the good solutions in it's field and stability is good. 

The solution is scalable to a degree but we never use it for big companies. We use it for mid-range companies. Our company has a data center and we have companies that are hooked to our data center. We're doing this on-premise for our customers so if the customer has an on-prem information system, we will implement the firewall and UTM at their location. We have plans to increase use because we have good feedback for the product and we have good experience with it. So we are increasing use of pfSense. Actually we are moving away from Sophos and more towards pfSense.

Technical support is well organized. Most of it is in-house, but in the case there's also a we have access to a second level if necessary. 

We were one of the first companies here making UTMs (before they were known as UTMs). We were the first partner of Cobalt, the first appliance creator. When Cobalt was bought from Sun, we made our first network defender line. It was the first appliance that had a firewall, content inspection, constant protection, intrusion prevention, intrusion detection, antivirus, and mail and web server in one box. Our line was mainly distributed all over the Middle East, Asia, and some parts of Europe. We expanded and worked with companies such as Palo Alto, Cisco, Sophos and pfSense. In some areas pfSense is better than Sophos which didn't make the advances they should have. They now have XG, so they have two totally different products in the same area which is one of the reasons I prefer pfSense.

If you carry out a straightforward setup, then you will have straightforward, basic protection, nothing else. It's more complex if you want other things included. We usually start with some research, carry out a basic setup and make the initial monitoring. From there we make additions based on the results of the complete monitoring. Then it's ongoing monitoring all the time and setting or adjusting to the situation.

For any compnay, ROI can be seen even if they look at the basic possibility of a crypto virus or the like. The savings on that would be at least two days of lost work and the cost would be more than the cost of the whole system plus maintenance. 

Licensing costs depend on company size. pfSense is an open source solution, so there's a charge for support. We offer a first line of support and a second line if required. Payment depends on the contract, because usually it's only covers the firewall. We offer a contract for the network which includes UTM. There's a hardware cost for HP servers and, again, depending on the size of the company, installation cost is about 500-800 Euro. There's an annual maintenance fee included in the networking agreement. 

I recommend this product, it's well-balanced, has a longer history than other solutions so it's not lacking in maturity. There is a lot of online support available via YouTube or blogs but professional support is available if required. I highly recommend taking the support because usually people look at the UTM as something which should be set up in the system and left, but that's not the case with these devices. I strongly suggest making an external agreement with a specialized company to deal with security. Users need to have decent protection, not just protection.

I would rate this solution a nine out of 10. 

It is my main firewall into the data center and VPNs for clients. It sets up my DMZ and does a whole bunch of other stuff. I am using the latest version.

We wouldn't be able to function without it.

The intrusion detection feature is the most valuable. It is an open-source firewall, so there is a lot of material on it. I also find the open VPN capability very nice.

It is pretty customizable. The clustering and the high availability are the two biggest things to be able to get out of a firewall. 

Their support could be better in terms of the response time.

It has been pretty rock solid.

Its scalability is good. I have got web users and other kinds of users, so there can be five or thousands of users.

I paid for some support with them, and it was pretty good. They just could be a little quicker in responding. They have custom level support, so if you got something complicated, they get you up to the upper tiers, but it takes a little bit longer to do that. Once you get there, the support is good. I would rate them an eight out of ten.

I used Fortinet previously, and I used Ubiquiti prior to that. We switched partly because of the cost. It also gave me the ability to do the clustering. I can still maintain my VPNs, connections, and other things. I can take down one of the firewalls for maintenance and bring up the other one and not take down my whole user base.

It was not complex. I was able to do it myself, but we had some problems with some of the protocols, and we had to get one of their coders to get in and look at it. Because of that, it was a little complicated to do the high availability stuff.

I did it myself.

I spent a couple of $1,000 on hardware, and the OS was free. A comparable firewall would cost me probably 20 grand. It saved a lot of money.

I would advise others to go for it. I would recommend this solution. It is a good solution. No other solution can beat the price. 

There is so much stuff you can do with it. There are so many features, and I have not even scratched the surface on all of them. If it is something that someone doesn't feel like configuring, you can buy a prebuilt system from them and get support.

I would rate pfSense a nine out of ten because of the cost and flexibility. It has been pretty good.

We just use the solution as a straight-up firewall. There is no VPN access or anything like that. We just use it as a straight-up firewall and we run Suricata on it as a defense.

The built-in open VPN and the VPN Client Export are the solution's most valuable aspects.

I cannot recall any features that are lacking.

There's a bit of a learning curve during the initial implementation.

You do have to pay extra for better customer service.

We've been using the solution for about six months. It hasn't been too long.

The solution is very stable. We've had zero issues. There aren't bugs or glitches. It doesn't crash or freeze. It's been reliable.

I have not tried scaling, therefore, I can't really comment on how easy or hard it would be to expand the service.

There's only one person in the organization using the solution, and that's me.

The tech support is excellent if you have a support subscription. If you didn't have that, you could be lining up for a while. It could be a hit or miss, whether you get someone that's actually going to help you. 

However, we have a subscription and therefore our support is always excellent. We're quite satisfied with the level of service we're getting.

Previously, we used Dell SonicWall. There was just a high cost of licensing all the time, and, with having someone go in and troubleshoot for issues as well, it just wasn't cost-effective anymore. pfSense is simply a better solution.

The initial setup has a bit of a learning curve. It's not complex per se. It just takes some getting used to. After the initial deployment, the other six or seven were easy. I could just copy the configuration of the other ones, change some IP addresses, and I was basically done.

There aren't monthly or yearly licensing costs.

We're just cusomers. We don't have a business relationship with pfSense.

We're using the latest stable version of the solution.

I would 100% recommend the solution to others. On a scale from one to ten, I'd give it a ten.

Our main business is for WiFi networks. Customers also ask us for simple firewalls, and we use pfSense to add a firewall to provide the complete solution. We are working with the latest version of pfSense.

One of the advantages of pfSense is that it is very easy to work with. It is a very good open-source solution, and it works really well.

pfSense provides a complete package. For some features, it could be the first solution in the world. It is a very good alternative in the market for a firewall solution. You don't need to go to Cisco or other brands with expensive firewalls. pfSense also allows us to offer some support services.

There is more demand for UTMs than a simple firewall. pfSense should support real-time features for handling the latest viruses and threats. It should support real-time checks and real-time status of threats. Some other vendors, such as Fortinet, already offer this type of capability. Such capability will be good for bringing pfSense at the same level as other solutions. 

I have been using pfSense for about four or five months.

It is stable.

It is easily scalable. It is more of a hardware thing than a software thing.

It is easy to deploy. Our real deployments are for WiFi networks, and then we add one or two firewalls to protect the network. For a small network, it can take one week. For a more complex network, it could be two or three months. We have a few upcoming projects which would require severe thousand firewalls, and it would take us more than a year.

It is open source.

I would recommend pfSense, but it depends on the requirements. There could be other vendors who offer more services than pfSense. For example, Fortinet is a very good brand, and it offers services in a different way. Fortinet also offers more services, but it is very expensive. If you don't need some specific services, pfSense is an excellent solution.

I would rate pfSense a nine out of ten.

I use the product for many enterprise clients, including building construction, government, and education.

The documentation is very good.

The pricing is okay. It's not too expensive.

The integration capabilities are great. The product can integrate well with Check Point and Fortinet. They make it a very easy process.

It's very good at defending our company.

It would be ideal if the solution could integrate with Snort and OpenVPN.

The technical support needs to be improved.

I've been using the solution for ten years at this point.

The technical support is not great. It's very slow. Sometimes it will take four days in order to connect with them, which is actually a decent timeframe for them. 

Their documentation, however, is pretty good.

The initial setup is not complex. It's pretty straightforward. The onboarding process is pretty good. They make everything very, very easy. People shouldn't have any issues with implementation.

We've found the pricing to be very fair. It's actually pretty low. The licensing is very inexpensive.

We looked at Fortinet and CheckPoint in relation to how they work with Linux.

In the case of Fortinet, the content filter is a URL content filter. It's very different and it's complex to use.

We're a pfSense partner.

I'd rate the solution ten out of ten. It's been very good to work with.

I would recommend the solution. pfSense is superior in terms of defending against attacks.

I use pfSense for OpenVPN and DNS. 

I like pfSense's security features. 

The integration of pfSense with EPS and EDS could be better. Also, it should be easier to get reports on how many users are connecting simultaneously and how sections connect in real-time.

I've been using pfSense for about 10 years.

PfSense is stable.

PfSense is scalable.

It's easy to set up pfSense. But it generally takes two or three days, depending on the environment.

Eight out of 10

We are a small business and we use pfSense as our interface for the WAN. We use it for a Firewall and to ensure that all devices are operating. It provides our basic network routing needs, reporting on usage, such as IDS, and for managing individuals on network devices for controlling bandwidth and destinations.

Our security in our organization was previously provided by our ISP and since we have been using pfSense it has provided me more abilities to manage my network in a secure way. We have much better controls and security.

The solution has good customization abilities and plenty of features.

As an IT leader, it would be a benefit to have a mobile application to have certain features, such as mobile application notifications when a new device is added, or the ability to turn off or on firewall policies. Having these simple features would be very convenient and reduce the need to have to log into the console. I can use a web browser on my phone to access the pfSense site but I would prefer to have an application where I can toggle things, such as the policies. Some simple features within a mobile application would be valuable to me. I have evaluated other solutions and have determined this feature does not currently exist. However, Untangle has an application but it was not enough to compel me to change at this point.

In an upcoming release, the reporting could be more user-friendly. For example, the reporting in graphs and charts for the host can be cumbersome.

I have been using pfSense for approximately five years.

The stability of the solution is very good. My only complaint is when there is a power outage pfSense requires a manual reset.

The scalability of this solution is perfect.

I am the administrator of the solution and the rest of my organization are end-users.

I have not needed to contact technical support. I have not had any problems with pfSense.

The initial setup was straightforward. The whole process took approximately eight hours and one hour of that was in front of the computer using the keyboard.

We did the implementation of the solution ourselves.

I have evaluated Untangle.

My advice to the IT manager is to do your research, and make sure that pfSense meets your needs. If you are not technical enough, then looking at other solutions. pfSenseis needs a bit more tech-savvy IT manager to manage it. It is a very important business tool for me.

I rate pfSense an eight out of ten.

I rated pfSense an eight because it did everything I wanted it to do which makes it an awesome solution but not a ten because of a few minor shortcomings. However, I recognize it is open-source and it is not going to have everything.