Netgate pfSense Reviews

I use pfSense firewall, especially as an IPSec VPN Server. There are several VPN connections with equipment of various manufacturers at the other end.

I use ServerU as hardware instead of an ordinary PC, as most other people usually do.

The gain in performance and security from configuring the VPN connections was significant, since pfSense has replaced a server with a custom Linux open source version, which was running on outdated hardware.

Security and stability. The pfSense server acts as "IPSec VPN Server" for a small financial institution, but regardless of the company size, interruptions would cause significant financial impact.

pfSense serves us very well. My only observation is about the quality of the IPSec logs, which are difficult to interpret and are poor in filters. I have more than 10 IPSec VPN connections, and when there is a need for troubleshooting, the logs are of little help.

With regard to this configuration, I consider it a stable solution.

Firewall and VPN, Internet link balancing, as the proxy was installed on another machine. Used redundant firewall as a cluster.

Improved service performance and availability through redundancy. The company already had specialists in Linux, which facilitated the project.

Ease of monitoring and placement of other packages and functionalities next to the equipment.

Improve analysis of logs and dashboards (control panel) with improved alert functionality.

Firewall system for small, medium, and large data networks. It allows you to provide security to your environment: DMZ networks, LAN, WAN, etc. A very stable product that lasts over time, easy to understand, and administer.

With pfSense, an incomparable stability is achieved with other firewall systems. It is easy to use and has integrity with other systems, such as proxies and quality of service.

Security

• Stability
• Integration with other systems
• Easy assimilation of its features
• Easy administration
• Multiple network management tools
• Load balancing
• Multiple links
• High availability, etc.

The connections should be shown in a more specific way, as Kerio Control does. It should integrate with LDAP, Active Directory, etc, to improve the way in which the traces and connections of each IP, or user connected through the firewall, are shown.

Primary we use it for bandwidth limiting and load balancing our ISPs. And Pfsense excels doing that. 

We had two ISPs, and still our Internet connection was awful. By installing pfSense and configuring load balancing and limiting bandwidth, we now have a reliable and stable connection.

Routing, load balancing, Traffic Limiter and queues. Since this company relies on an Internet connection, having these features is a must.

Reporting and real-time monitoring, since I'm used to Watchguard's reporting features, it would be nice to have an embedded solution for reporting. 

Close to none. One time, while upgrading, the system crashed and had to install from scratch. After some research, it was due to an unsupported package that I had installed which the new version didn't like. I just installed and restored my configuration and that was it. No biggy.

Haven't tested this part since the company hasn't grown much.

Haven't used the official support channels. The community forum is awesome when you're looking for quick answers.

Actually, PfSense replaced a Watchguard firewall, mostly due to costs. But I haven't missed it since.

Very straightforward. For a small company with few configuration options it works almost out-of-the-box. The firewall comes with basic outgoing and incoming rules, and you take it from there.

The implementation was made in-house. 

If you need to buy hardware onto which to install PfSense, go with their boxes on their website, they are great. If you already have the hardware, just download and install, it works great either way.

I did, I evaluated Untangle, IPCop and MikroTik.

Just go with it, can't go wrong.

I stood up pfSense in a Large Telecom providers Lab environment for their next generation products. I was able to achieve 10G throughput (about 9.1 true throughput as tested over 4 days solid), and only hit a max of 20% CPU utilization on a DL380 G7. This server also had Suricata (in IPS mode and a heavy ruleset), as well as pfBlocker running.

I use pfSense because it gives me the flexibility to greatly expand basic firewall features. It's open source (and free - as in beer and speech), but also has commercial support. This can be run on any commodity hardware on the market (I've ran it on AMD and Intel - even Atom, processors) and throughput is excellent, even with lower speed CPUs and less RAM.

The GUI. There are TONS of plugins for pfSense, as such, if a user wants to add quite a bit of functionality, the GUI will feel a little congested.

A little... BUT, this was contributed to a failing Arista switch that would do a coredump and reboot. The pfSense installation at high speeds failed over perfectly though.

No - in our high-speed tests (10G), we were not able to push the CPU over 20% utilization.

I didn't really need any technical support. But was in contact with the Developers of pfSense as we were starting to work with them for an NFV setup.

Fortinet, SourceFire, etc.... the cost... oh the cost! Why pay these guys when I can use pfSense for free AND only pay for support when and if I need it?

Very straight forward. If anyone has ever installed any kind of OS or set up a firewall, it will be a piece of cake.

Open Source - just download! If you need support, it's available.

Fortinet, SourceFire.

It's an amazing product. There really are few issues with pfSense.

The most valuable features for me and my current company are the open VPN capabilities and the firewall service.

pfSense has provided my current organization with remote access to the internal services and additional protection via its firewall.

I would like more add-ons/packages for extending pfSense which are approved by the main community.

I have been using pfSense for the last five years, in three different companies in Denmark.

We never had any stability issues, even during high load usages.

We never had any scalability issues. It's easy to add additional services, or even a second or third pfSense product which works with the others.

Unfortunately, I never used the technical support. However, the community forums provided me with answers to the implementation and configuration questions that I had.

I was using FortiGate and other firewall and VPN solutions. They were all ou0dated and too complicated to maintain. The change was made due to the ease of use of pfSense and the features that it provides.

For an IT person, the setup was more or less straightforward.

pfSense is free and open source software. Modification is easy and you can adapt it to your company's requirements.

As I already had experience with pfSense and I knew how it would help me and my company, I didn't evaluate other options.

The product is flexible, scalable, and has logic in using it. It is easy to integrate and implement into your IT environment.

It has improved our security. Users can work offsite and connect to the VPN.

• The VPN and the firewall. They are reliable and easy to manage.
• The VPN is valuable for setting up secure remote connections to our network.
• pfSense has the OpenVPN package which is a well-supported VPN software.
• The "OpenVPN Client Export" package is really helpful in exporting the VPN client software on most popular devices: iOS/Android, Windows, Mac, Linux, and a handful of SIP handsets.

Network monitoring and device inventory could use some improvements. I'm using SpiceWorks for this because it never really worked in pfSense.

Network monitoring is a big topic and I realize there is plenty of software out there like SpiceWorks, NTOPNG, PDQ, Zabbix, and Nagios.

I can easily log into pfSense and check "Status > Gateways" to see if the internet connection is online. However, I don't usually know if there's a problem until it's been down for a while and someone tells me about it. I realize this is a tricky problem, because if the pfSense internet goes down, how is it supposed to send out an email that relies on the internet connection?

I guess the only way that would make sense, is if an external monitor was set up in the cloud or something that could check the status of pfSense at given intervals.

As far as clients being up/down is concerned, I can use some alternative software and maybe there's a package in pfSense that I can use for it.

Another idea for pfSense device inventor: What if pfSense collected a list of newly connected clients? For security, it's important to know about all the clients connected to the network. A simple list of new clients that connect would be nice to have.

The alternative would be to lock pfSense down to only make address reservations, but that just creates more work for the Network Admin.

It seems to run stable, as long as the hardware is good. I tried running pfSense on a USB flash drive. After a month, I was having to re-install/re-configure pfSense on a new flash drive. I did that for a couple of months and collected a bunch of broken flash drives.

Even though their online documents claim that pfSense can run on flash drives, it really just breaks the flash drive after a month or less.

I have noticed that pfSense boots up really slowly as more users are connected to it. Occasionally, you have to re-install or delete broken packages that freeze up the system. However, the core pfSense software runs great.

I have never used pfSense technical support so I can't rate them. I used Google and figured everything out on my own. I do my own support.

We did not use a previous solution. I recommend pfSense because it's free, open source software.

The setup of pfSense was very straightforward for the most part. Usually, when something isn't working, it's because the "Apply" button wasn't clicked.

Spend at least $300 or more on a good pfSense box. Use a hard drive, and not a USB flash drive for pfSense storage.

We looked at some other solutions, but pricing and licensing was the problem. I looked at Palo Alto and SonicWall.

The learning curve is steep, but once you get the basics down, it's very robust and easy to use. There are plenty of resources online about setting it up.

The easy to use GUI. Less training is required for the newcomers in IT.

Any new hire straight out of school who has network knowledge is able to operate the software without the complication of a CLI.

There were some bugs in the version we used.

We have been using the solution for one year.

We had a stability issue. A handful of times the firewall box froze and needed a power cycle.

We had a scalability issue. The fail over did not work automatically.

Our infrastructure manager tried contacting their support but it was not helpful. Response time was bad as expected for an open source software.

FreeBSD box was an old setup from 1998, so it was time to upgrade without it being costly.

The setup was straightforward.

It's open source so it's free. We did not buy their hardware.

We evaluated Cisco .

If your organization has the budget, go with a paid solution. We've had our days with it and went with a paid solution (another firewall) due to the company growing and we couldn't have any downtime. It would likely cost the company more money with downtime than to purchase a good quality firewall.

Outbound Load Balance for internet links work great. It's very good to keep internet access for the company we support.

I could keep my customers working even if they lose one internet link. Most of them have at least two links.

We have been using this for 10 years.

There was a problem when I ran a version update, then the server just stopped working. This was because pfSense (in this case FreeBSD) was no longer supporting the hardware of the server (HPE).

There were no stability issues. If there are issues, they usually stem from a hardware fault.

There were no scalability issues.

It is usually easy to find answers in the forum.

Technical support is good.

I used Kerio and Microsoft. I switched because I was looking for something with better security and for someone who could fix bugs faster.

The setup was easy. You can install it in two minutes. It takes more than five minutes to put it to work with a single internet link plus NAT.

It is free.

The GUI is an all in one solution that includes features such as DHCP, VPN, Squid, Firewall, etc.

I am using this product as a firewall for site-to-site connectivity and also, the Dynamic DNS (DynDNS).

As per my understanding VPN, Captive Portal user-level and MAC-level filtering need to be improved.

I have used this solution for the last one and a half years.

There were no stability issues.

There were no scalability issues.

I am using the community version so there is no need for any support.

Earlier, I was using FortiGate. Due to budget issues we moved to pfSense.

The setup is simple, if you have some Linux and firewall administration expertise.

We evaluated FortiGate, Cisco ASA and Palo Alto.

I would recommend joining the community and ask questions.

You should also read the installation and configuration documentation on the website.