Netgate pfSense Reviews

I have at least two pfSense routers at home in my home lab, serving my house. Additionally, we use it in my company. We have our satellite office in LA, and we use it as the main router. The use cases involve a router, firewall, and DHCP server.

I was able to see pfSense's benefits immediately because I used it as a learning tool too. From the very beginning, I was able to inspect traffic and see what was happening on my network. That was pretty useful.

pfSense is flexible. I like it. I can install it on different hardware. I can virtualize it if I want.

It is pretty easy to add features to pfSense and configure them. If something is supported by Netgate and it is in their package manager, it is pretty easy, and if it is not, I would not want to add it. I would not be confident enough to put it on my firewall.

pfSense has not directly helped to prevent data loss, but it helps indirectly by protecting the network and not letting in malicious things.

pfSense Plus provides features that help us minimize downtime. Preventive notifications and ZFS snapshots are helpful features. 

pfSense Plus helps to make data-driven decisions to some extent such as which device is using the most bandwidth. The visibility that pfSense Plus provides helps us optimize performance.

The Tailscale integration is very helpful. The DHCP and DNS server functionalities, as well as the package manager, are also good. 

I am using its paid version. I am paying at home for the Plus version, but I wish they would pay attention to the community version. I know there is less incentive for Netgate to develop the community version, but it would be cool to have that.

pfSense does not give us a single pane of glass management. I know that they are coming out with that as a beta or alpha feature, but it is not there yet.

I have experienced only hardware-related issues with Netgate. They are not related to pfSense as a software. I purchased a Netgate firewall, an SG-4100, which is a $600 device, intending to make it a solid piece of my home lab and support the project. It died in one and a half years. I do not see the value in buying their hardware, as their customer support was not friendly or helpful. Eventually, I bought pfSense Plus, which allows using a roughly $200 device that offers part-swapping to keep the device alive or even buying two of them. The pfSense Plus subscription is roughly the same value.

Support for third-party hardware is less documented, not being their preferred option. For most things, it is pretty solid. Other firewalls such as SonicWall offer more protection features such as deep packet inspection. I know that is possible with Snort or Suricata. That is one thing that could differentiate open-source firewalls from the main players. 

Another suggestion is automatic updates to reduce maintenance for smaller setups.

I have used Netgate pfSense for roughly three to four years.

Since they fixed the DHCP issues, it has been pretty stable.

Scalability has never been an issue. I have not dealt with more than 10 gigabit traffic, so I have not experienced any problems.

They answer promptly. However, I do not feel valued when I pay about $150 a year, and they only include certain things for people without the Netgate hardware. They had some general first-time setup features but nothing that actually caused problems. For instance, when I imported my previous configuration to my new hardware, it was not covered. So, even if advertised similarly, it is not the same if I do not own the Netgate hardware.

Neutral

At work, in our main office, we use SonicWall. I also use UniFi Firewalls, ranging from smaller to larger ones, and actively manage two or three of them.

As compared to SonicWall, the user interface of pfSense is much easier to handle. It is also faster even though our SonicWall is a much beefier device. pfSense is more well-organized compared to SonicWall.

With their own devices, it was pretty easy. With third-party hardware, it was a little more difficult because certain devices are not as compatible. It is easier if people double-check compatibility, but in general, it is pretty easy.

It requires maintenance from me. I have to update packages and make sure that everything is running properly and the hardware is fine.

It is a one-person task. If you have the specifications and knowledge of what network segments and VLANs need to be set up, it can be managed by one person.

It is on the higher side. If you want to purchase pfSense Plus alone, the cost is roughly $150 a year, but the value provided justifies the expense. However, a lower-end tier option, around $100, would be beneficial.

With the inclusion of firewall, VPN, and router functionalities, for a business, pfSense makes much more sense. I was comparing different solutions and our SonicWall costs way more when we include VPN and other small features.

If installing on your own hardware, you should definitely research compatibility with FreeBSD, and use ZFS, which I believe is the default now. This allows rollback capabilities. It is important to read what is included in the pfSense support package before contacting support, as you might not get answers, and it might be easier to go directly to the forums.

I would rate pfSense a nine out of ten.

We use pfSense in our clients' offices to provide secure network access. For remote workers requiring private network connectivity, we deploy a Netgate pfSense router in both the office and the user's home office, establishing a robust IPsec connection between the two. This configuration offers superior security compared to alternatives like OpenVPN, as remote users simply need to connect their LAN cable to the home pfSense for immediate and secure office network access. We primarily serve small organizations with 10 to 200 employees, deploying a pfSense router in each main office and providing OpenVPN or IPsec connectivity. Additionally, we offer optional pfBlocker-NG integration for advanced threat protection, enabling the blocking of traffic from specific geographic regions or known malware sources.

We have several sites with multiple or backup-wide area networks. We use pfSense to manage these networks, configuring them for load balancing or backup as needed. To authenticate OpenVPN logins, we leverage Active Directory on our Windows Server, simplifying user management. Office managers can easily disable both Windows and OpenVPN access for users without needing to access pfSense directly. This centralized approach requires only a single robust passphrase for users to access both the VPN and the Windows domain.

I am accustomed to the interface and find it quick to use. However, I think a new user might need some time to adjust. That said, I've been using it for over 15 years.

As a network administrator, I fully understand the benefits of pfSense before deployment. While end users may not immediately recognize its advantages, I appreciate its value in eliminating the need for costly licenses associated with other firewalls like Barracuda and Checkpoint. PfSense offers a comprehensive suite of features, including VPN, user management, and advanced DNS, without requiring additional fees. This cost-saving aspect is a significant selling point for me when replacing older firewalls with Netgate pfSense. Not only do we improve network security, but we also reduce ongoing expenses, a benefit that becomes apparent to clients over time.

Adding features in the packages section of the interface is quite rapid, especially when limiting options to available packages. However, configuring unfamiliar or infrequently used packages requires research and time, ideally by someone with networking and firewall experience. While pfSense is not entirely plug-and-play, the basic setup is straightforward; adding features demands more technical knowledge. So, feature addition is easy, but configuration can be moderately complex.

pfSense can help prevent data loss by making it difficult for hackers to breach networks. However, most data loss incidents we see result from end-users clicking on malicious links or email attachments. When data loss or ransomware occurs, the issue typically lies with user error rather than pfSense. I believe that the networks I configure using pfBlocker, which restrict communication primarily to the continental US and other approved countries, may help block ransomware. Still, I cannot quantify the frequency of such occurrences.

Approximately ten percent of pfSense routers experience critical issues requiring a factory reset. Previously, this process involved contacting tech support and providing detailed information. However, pfSense has simplified this by offering self-service image downloads. This improvement significantly speeds up customer recovery time. Additionally, Netgate's pfSense Plus hardware comes with a Zero-to-Ping warranty, enabling easy setup and troubleshooting for end users. While not entirely plug-and-play, most users can easily install these routers, and Netgate's warranty provides additional support if needed. I've successfully utilized the Zero-to-Ping warranty several times and believe it is a valuable resource for both technicians and end users.

pfSense has helped enable data-driven decisions. It allows me to communicate the need for faster WAN lines to client management by providing concrete evidence of network performance. Additionally, pfSense offers detailed insights into OpenVPN user activity and IPsec traffic, facilitating targeted problem-solving. For instance, I can readily identify slow IPsec connections for remote users, such as user X, and advocate for necessary improvements based on these data-driven findings.

OpenVPN, IPsec, DHCP, and DNS are the most valuable features. I will also include pfBlocker-NG later in the list, but only a couple of sites use this feature. 

pfSense does offer a convenient single-pane dashboard, but I believe it could be improved with additional features. For instance, an administrator log for team members to record notes, such as adding a nameserver, removing user accounts, or other relevant information, would be beneficial. This simple log within the main status page could enhance communication and collaboration among the admin team. While the current status screen provides most of the necessary information, this extra feature would be a valuable addition.

It would be beneficial if Netgate provided a table outlining the recommended maximum WAN port speeds for their various models.

The documentation doesn't align with what I'm seeing on the console. This is frustrating because the online documentation doesn't match the dashboard, leaving me unsure of the correct steps to take.

I have been using Netgate pfSense for 16 years.

I would rate pfSense's stability a perfect ten. When I replace consumer routers with pfSense for small businesses with two or three employees, they are often amazed to discover the router can run for a year without a reboot. This starkly contrasts their previous experience with consumer routers that required weekly or bi-weekly unplugging.

I have been pleased with pfSense's scalability. While I haven't explored all its features, I have successfully backed up an old system and restored it to a new pfSense device, which I consider an upgrade. I know additional capabilities like load balancing and backup device management but haven't implemented them due to a lack of current need. PfSense offers much more potential than I've utilized.

The quality of the support is high. While the speed used to be somewhat slow, I've noticed a significant improvement in recent calls, connecting with a representative quickly within the past year.

Positive

We've used multiple firewall solutions over the years. Twenty years ago, we implemented Monowall. Subsequently, we switched to Barracuda, which proved highly problematic and required frequent technical support intervention. Our next choice, SonicWall, was an improvement over Barracuda but still presented challenges. Specifically, SonicWall's licensing model is burdensome, as it necessitates constant management on my part, a task end-users are unwilling or unable to perform. Though less frequent than with Barracuda, technical support interactions are still necessary.

Initial deployment is straightforward, taking approximately half an hour for each unit. While pfSense is not the issue, challenges often arise due to clients' limited understanding of their network configurations. A single person can effectively handle the deployment process.

I appreciate that pfSense eliminates the need for extra payments, license management, or feature limitations. This cost-effectiveness and its reliable Zero-to-Ping guarantee is its most compelling aspect.

The pricing seems fair overall, but I think they need more reasonably priced options for very small offices. They currently offer a few affordable units at the lower end, but then there’s a significant price jump to the next level. I remember they used to have a model around the 2100 range that was a good middle ground. I believe they should offer more choices between the lowest tier and the next one in terms of hardware. Additionally, I'd like to see a per-incident support option, which I don't think they currently provide. I haven’t checked their support options in a while, so I could be mistaken. However, in the past, they only offered annual plans. If I encounter a specific issue, I would prefer the ability to pay a one-time fee for complete support on that particular problem.

The total cost of ownership is great. pfSense is our most recommended appliance for router, firewall, and VPN functionality. 

I would rate Netgate pfSense nine out of ten.

Users don't need to do anything to maintain the system, but I like to check all pfSense instances every few months, install updates, and look for any irregularities. I try to check every single pfSense system if possible. pfSense needs to be manually updated.

My use case involved having a firewall from a different vendor, which was taken over and used as a bot in a network. This incident made me reconsider my firewall provider. 

I integrated pfSense, and I have not encountered any issues since. Initially, I used it as freeware as a virtual box, and it performed well. 

About two and a half years ago, I transitioned to physical boxes. We have more than one. My use case was to connect two offices and create an extended LAN using pfSense for point-to-point connections between the data centers.

I have never had an issue with pfSense, except when attempting to configure it. When left as is, it functions well.

Support is very good.

It is rather flexible.  

Having enterprise support was immensely helpful since I have run into problems using a plugin. Without it, I might have needed to purchase a new box.

I do use pfSense Plus. We had downtime before pfSense. We've never gone down using the solution. We haven't had any performance issues.

I like the plugin systems, even though I feel like I'm playing roulette. I'm not sure if it does what I want it to do or if it will break the original capability of pfSense. Plus, having all of these dependencies may be a liability. While I appreciate their availability and wish to develop my own plugins, time constraints hinder that. 

Since the language used in the documentation is difficult for a non-English speaker, I find it hard to understand. It assumes they understand the words that are used and sometimes I feel I need to get out a dictionary to get handle on what they are talking about. They need to simplify the language a little bit. 

Using a plugin for reverse proxy allows multiple URLs to listen on port 80, rather than a single IP address for multiple servers, however, this requires changing the default port of pfSense. When I changed the default port, I experienced difficulty accessing the device. I thought my password was incorrect, when in fact, the port change was the issue. I had to connect to the physical device using a special cable. While I found this surprising, I am too paranoid to use SSH due to its perceived vulnerability.

We're a security company. We provide solutions to prevent hacking. pfSense is really good at preventing outside access; however, as an attacker, there are endless opportunities to attack. There's no way for me to know who or what pfSense is blocking or preventing. pfSense doesn't tell you any information.

I've been using the solution for two to three years. 

I receive popup notifications indicating that we have run out of memory due to some unknown reason, despite using only 20% of the device's memory. I am unsure of the cause. There is nobody that can give me a good answer to this issue. Occasionally, I receive emails from sales about updates, however, sometimes, the device does not detect these updates.

We have not reached the point where it becomes stressed. Our device isn't that big in terms of size since we don't have a lot of big users. No one has complained of buffering or response times. Our internet is likely slower than our pfSense. 

I was really happy having enterprise support when issues arose. Without this support, I probably would have bought a new box.

We have premium support. It helps me as I didn't feel comfortable with all of the responsibility. It's helped us with tech IDs and getting into the system when there have been issues. 

Positive

Management provides a budget for purchases. Initially, I bought a product based on appealing flyers and sales promises. However, after purchase, I realized it was not as secure as anticipated. I liked that pfSense started off as partially open-source. We trusted the technology.

We don't do cloud services. We have an on-premies setup and wanted to use pfSense in our on-premises cloud. It works really well and we are very comfortable with it. We do a lot of research with nasty malware and have not seen anything able to hack it yet. We've done so many deployments that we're very comfortable with the setup and capabilities.

You just power it on and follow the Wizard. If somebody has never done any firewalls, they should do what the tech says.

I'm the only person that is allowed to touch it and I'm the only one with access. We have four sites and no issues. We've abused one of the plugins, the pfBlocker, that has a subscription URL that can get malicious actors and help us block their IP. We can update the firewall rules almost in real-time. That's the basic maintenance we do. It's mostly automated.

There are occasional updates, and we get notices. Sometimes, the devices do not see the update, and I get paranoid that it's a phishing attempt. I'm not sure of this is a bug or not. 

If instructed by my boss, I can complete tasks within four hours, adhering to pfSense's SLA. I don't mind being challenged. 

Monetary concerns are not my focus; I cannot justify saving on the firewall for personal expenses. 

I would recommend the solution to other users, including potential government clients. I've invited others to try and hack it, to showcase how robust it is, and no one can. It's impressing people. They're saying, "I need to get one of those."

I would rate the overall product seven out of ten. I'm stressed out by the documentation. I do have an interest in doing a pfSense certification course. The documentation is holding me back from giving me a ten. 

I have two installations at schools as firewalls. The biggest drivers for using pfSense were cost-effectiveness and functionality. It offers higher functionality for its cost.

The benefits are fairly obvious at the beginning. There's no specific time frame required. The flexibility and consistency of the product are what draw me to it, regardless of the size or capacity of the operation. It's easy to deploy.

Arguably, the use of products like Suricata for intrusion prevention could help prevent data loss.

It gives a single pane of glass for each individual device, but not across multiple devices. pfSense could catch up with other market providers by offering a view across multiple devices, but the current interface is fine. It is just we have to individually manage each one. 

There are two versions of pfSense, the paid "Plus" version and the free "Community Edition." I use the "Plus" paid version. 

The way pfSense handles system updates is pretty good. The updates are virtually transparent to any downtime. I've had pfSense boxes running for 200 to 300 days with no downtime. From a software standpoint, pfSense is about as bulletproof as it comes.

pfSense provides visibility that enables us to make data-driven decisions. Its reporting is effective. The data is effective in making decisions based on traffic. It is not just one feature, it is how we manage data traffic. It provides adequate information to make decisions based on traffic. 

I have used pfSense in virtualized environments, just not on AWS.

It allows me flexibility in hardware size and capabilities while maintaining the exact same interfaces and controls. 

I also like the fact that based on its operating system, it has applications that can be added, such as IDS/IPS and filtering.

I would like to see a single pane of glass for multiple devices.

From a service provider standpoint, it is a bulletproof operation to deploy. Aside from being able to manage and monitor multiple devices from a single pane of glass, that would be the only thing I would change.

I've used pfSense, probably for the last two or three years off and on.

It's one of the most bulletproof solutions out there. I can't recall a problem where the system locked up or had any issue that required intervention to get it started back up again. 

Aside from possibly a hardware failure, I haven't had any problems. And that's not the software.

Scalability is one of the reasons why it's a good product. You can utilize it in a budget-friendly way as well as a full-on enterprise. pfSense is almost infinitely scalable. Obviously, hardware is the dictating factor.

I have never had a reason to contact customer service and support. 

I've used Unifi products, DrayTek products, and Meraki products.

From a capability standpoint, I would put pfSense at the top of functionality. DrayTek comes close; however, it lacks the add-on applications. So, I would put pfSense at the top. 

I build the machines myself. Their hardware is not overly special, and I think it's overpriced, so, I build my own.

It's easy to deploy them, but then I've worked with them for a while. If I reflect back at the very beginning, there is a bit of a learning curve, but I don't think it's that steep. Overall, it's fairly easy.

It's fairly easy to add and configure features in pfSense, though it depends on the application. So, it is moderately easy. Some are simple, while others require a lot of preplanning and time to configure.

One person can deploy it, but the deployment time varies because it depends on the network design. It can be up and running in ten or fifteen minutes, but configuring it for the network design may take longer.  

Not much maintenance is required from the end user. Netgate pfSense do a very good job of keeping the application and operating system up to date by itself. Occasionally, applications require updates that need manual intervention, but for the most part, updates can almost be automated.

pfSense's pricing or licensing model is very affordable. Netgate hardware is a bit overpriced, but the software itself is arguably underpriced.

I have not come across a more effective product. Unifi products are inexpensive but not feature-rich by any stretch of the imagination. From a pure feature standpoint, hands down, I would argue that Meraki is as capable and comparable in features, but the cost is prohibitive for most small businesses.

From a pure feature-function standpoint, pfSense has the best total cost of ownership, once it's installed, I don't have any problems with it. If taking into account the software licensing, the hardware, and the amount of time it takes to manage, I'm not sure there's a better TCO on the market.

Overall, I would rate it a nine out of ten. 

I am in IT. I use pfSense for my personal use. I use it to practice networking and understand how networks work. I apply all the networking-related things that I have learned to pfSense at home.

I also use it to isolate my IoT network from my regular network and from the devices I use for the cameras.

The main reason for implementing pfSense is that I like playing games. With pfSense, I can place quality control over the traffic traversing over the WAN connection or the Internet. I am able to prioritize and limit some devices to allow me to have a better connection to the Internet than some devices in our house.

pfSense is a flexible solution. It has features for setting devices into groups. I was able to group up the devices in our house to be able to set some restrictions on some devices and have full restrictions on other devices. It allowed me to control my kids' devices to limit access to the Internet to a certain time. It automatically stops on the Internet for those devices when that time comes.

pfSense gives a single pane of glass management in regard to the network. I was able to control everything in my network, which is good.

I use pfSense Plus. I got third-party hardware, not with pfSense, but I purchased the license to have a pfSense Plus version. That hardware went down a few days after I bought the license. I created a ticket, and the engineer allowed me to move it to another device because I had just recently purchased it. Thanks to them, I was able to have less downtime because I did not have extra money to purchase another license. I was able to bring it up as fast as possible. The backup and recovery of the configuration is very pretty easy. I just reuploaded the file and updated two lines of code, and that was it. Everything worked.

Everything works well. My streaming is working fine. My kids do not complain about any lags. I can play my games without having any issues. I do not experience any lags. When my wife is working, she does not have any problems downloading or uploading files back to her work. We are pretty happy with the performance.

For me, the firewall is most valuable because I can play around with the firewall. That is the best asset for me. I can limit what I want to limit, and I can open what I want to be open.

I like the versatility of pfSense. Compared to other products I have used for home and small businesses, this is the easiest to understand. It has enterprise features compared to, for example, Ubiquiti UniFi. Their router is limited to some features, whereas with pfSense I can do, for example, routing and dual WAN. I also have several VPN options. 

It has a lot of features, but I wish there were even more features. Some of the features I am looking for are still not there in pfSense, like, for example, content control. Because I have kids, I want to control the content or what they watch. There is a feature in pfSense called pfBlocker, but it is limited. If I set that up, it is blocked by an IP address. Sometimes my devices are borrowed by my kids. They are able to get a full connection to the Internet, but their devices are limited. If content blocking is added to pfSense, it would be great. If I can block content by a user, that will be a preferred solution.

The frequency of feature releases can be better. We have been waiting for some of the features for a while, but they have not been released. I know they prioritize what is used in the enterprise area, and then they provide some features for regular consumers like me. If they can balance that 50:50 and focus equally on the enterprise and consumer suggestions, it will be great.

The interface and support are perfect for me. I saw a post on their blog that they will be moving to the Linux operating system. Hopefully, they would have better wireless because the wireless for pfSense is horrible or horrendous. If they move to Linux, hopefully, they will improve it.

I have been using pfSense since 2020. It has been four years now.

It is very stable. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

We are a family of five. Five of us are connecting to the pfSense Internet.

They are great. They are perfect for me.

Positive

I have used TP-Link and Ubiquiti EdgeRouter. In regards to features, the two are on par. They are way behind pfSense. pfSense is way ahead of these two in terms of what it could offer. In terms of security, TP-Link is very bad, EdgeRouter is in the middle, and pfSense is way ahead. In terms of performance, TP-Link is worse, and EdgeRouter and pfSense are neck to neck. I prefer pfSense over others.

I installed it on third-party hardware. The longest period of initial configuration was when I deployed it for the first time. After that, it is very fast because I can back up my config and restore it if I break something.

It took an hour or two for all the installation and configuration.

In terms of maintenance, it requires regular updates. That is the only maintenance that it needs. I also need to monitor if any known or zero-day bugs are found in pfSense. I am watching that because pfSense is the device facing the Internet, so I need to be always alert about any zero-day bugs. I also need to be mindful of the configuration to not accidentally expose any ports. These are the three things required in terms of maintenance.

In four years of using it, that payment of 189 dollars per year has already paid off. Over these years, I only experienced it going down two or three times, which is less than 1% downtime per year.

It is cheap. If you are a technical person, it is a pretty cheap solution because first of all, the Community Edition (CE) is free. I am in Australia, and my pfSense license is about 200 dollars. It is not bad because it is per year and not per month. It is cheap compared to other solutions.

I am not using the hardware. I am using the software. It is very cheap. It does not cost me a lot. The only cost is just the one-year payment. If I need extra hardware, I need to purchase that from the third party whose hardware I am using.

I would recommend pfSense to others. I already recommended it to my boss, and he is using it now. He is loving it as well. It is easy to use, and there are a lot of resources available. If you have any problem, someone would have already encountered that problem and found a fix, so it is easy to fix based on that. It is very reliable. The downtime experience is very low. It is almost zero.

I would rate pfSense a ten out of ten.

We use pfSense as a small business firewall and as a VPN gateway. 

PfSense provides us with a cost-effective but reliable network appliance. We have a standard networking device that lower-end help desk people can use effectively. It's less complicated. We moved from another platform that although the hardware was reliable, the software wasn't particularly reliable, and it was difficult to use.

It helps our operations because it's a standard platform anyone on our help desk can use. Every site will be pretty much the same. Once cloud management comes out, it'll be even better. 

PfSense is fairly simple to configure and has a good administration interface. It's built on pfSense, so I know it'll be reliable. It is quite flexible, and adding and configuring features is pretty easy. There's a lot of support for add-ons, and we can do a lot of stuff with it, so it suits our needs perfectly.

It secures against data loss pretty well. Plus only has a few additional features over the Community Edition. We mainly use Plus because it comes with the Netgate hardware.

The only feature I want to add is cloud management. I'll be an early adopter of that one. We're ready for that feature, and it's one of the few missing things, so that'll be excellent when it comes.

Another thing that's primarily an issue for us is that Netgate may soon stop production of the 1100. That's what we use for our telephony gateway. It doesn't need to be high performance, but it does need to be low cost. If they stop it and make the 2100 the lowest, that will be problematic for us. We will need to start using something else because it will become too expensive for our purposes. 

Effectively, we are using it as just a VPN gateway, and 1100s are great for that. What's annoying is that we cannot buy the 1100s directly because we're not a partner, and it isn't approved for connection to Australia, so we need to buy it through a company that went out and got it approved. We lose a bit of margin doing it that way. We can buy 2100s and above directly, but we must go through a reseller to get 1100s.  

I have used pfSense for two years.

I rate pfSense nine out of 10 for stability.

Netgate pfSense is scalable.

I rate Netgate support seven out of 10.

Neutral

We have used some other hardware, but the software was a dog. It's pretty difficult. We've also used some UniFi solutions, which are good, but they haven't sorted out the VPN component, so we'll continue using Netgate. Once they work out the kinks in their software, they'll possibly have a compelling solution. 

However, if Netgate stops selling the 1100, that could be quite problematic for us, and we'll probably go with Ubiquiti because it's too expensive to use 2100s for VPN appliances. 

PfSense is straightforward to deploy once you know what to do. It's a one-person job and takes a couple of hours. After deployment, it requires upgrades, but that's it.

The total cost of ownership is good because you buy it upfront and don't need to pay a subscription fee. We've spent a bit more, but we pass that along to the customer. In the end, everyone wins because they get a reliable solution, and we get something much easier to manage. 

I rate pfSense five out of five for pricing. It's fairly priced. We wouldn't buy it if it weren't. There are cheaper firewall options, but they aren't as reliable and easy to manage. Of course, there are also more expensive ones.

No ongoing subscription fee is nice because many of them are small businesses that don't want to pay for an ongoing subscription. It's always being updated, so that's good from a security perspective.

I rate Netgate pfSense seven out of 10. I would recommend it to others.

I use pfSense for my home network firewall.

I've installed pfSense on nearly every environment type, including Virtual Manager and most virtual machine hypervisors like Microsoft Hyper-V, ESXi, and even older versions like VM Player. Currently, it's running as a VM in Virtual Machine Manager on my NAS, showcasing its flexibility.

pfSense is a highly flexible product with a rich feature set. While designed with a graphical user interface in mind, it also offers command-line access for greater control. This versatility allows users to tailor the product to their specific needs.

Adding packages to pfSense is straightforward; navigate to the package manager and click "add." However, incorporating hardware, such as a dongle, is slightly more complex.

I saw the benefits of pfSense immediately. Going from a SOHO router to a pfSense one is night and day. pfSense is an enterprise-grade product that is easy to use and has a simple GUI.

The dashboard is very handy. I use mine almost daily. I can put up the widgets I want to see or remove widgets I don't want to see. It has pertinent information about my services running, any VPN connections I have, and clients connected. It's a nice dashboard.

The failover functionality for connectivity helps minimize downtime. It has also been simplified recently with some excellent added features. If I lose or corrupt my image, I can easily reinstall the operating system and restore my configuration. I'm pleased with these features of pfSense.

pfSense is a straightforward, feature-rich firewall. I am a big fan.

One area where Netgate could improve is communication with its user base. While they make an effort, much of their user base isn't composed of enterprise-level engineers who regularly read release notes and stay abreast of feature changes. A few years ago, they held a commendable meeting with forum moderators to discuss upcoming changes, which was appreciated. However, they could enhance their communication further by providing more precise information about changes and release timelines for new features.

I have been using Netgate pfSense for 13 years.

I have not contacted technical support for any technical issues. I did contact them for a replacement box, and their support was fantastic. I received the replacement box within a couple of days. I do contact their TAC when they release a new version. That process is changing with their new Netgate, the store, and everything. Previously, if we had a Netgate appliance and wanted a new image to install natively, we had to contact TAC with a ticket. The turnaround time was always excellent, just a couple of minutes. They would provide a link where we could download the image. I've been surprised by how fast they respond sometimes. Even when they're in the middle of deploying a new version, I've reached out and received a download link within five minutes. So they're usually on the spot.

Positive

Over the years, I've played with quite a few different firewalls, but I always go back to pfSense. It's a leader in its field, with its direct competition being OPNsense. There was a feud when they forked off. pfSense is the leader in that sense.

Installing pfSense should be relatively straightforward, even for a network engineer unfamiliar with the product. The process is user-friendly and guided, similar to installing an operating system like Windows. With a basic understanding of networking concepts, setting up pfSense can be accomplished within minutes. The main challenge arises when users need more fundamental networking knowledge, such as understanding IP addresses or the difference between DHCP and static configurations. For someone with networking experience, however, the installation process is quick and straightforward.

The pricing is reasonable. It costs money to run a product. It used to be completely free, and I think that's where many people became a bit disappointed when the pricing model was introduced, but I think it's a pretty fair price point. Some users don't understand that they can't offer everything for free. The development work involved costs money.

The inclusion of firewall, VPN, and router functionalities significantly reduces the total cost of ownership. In my previous role, we utilized pfSense in some locations due to its superior cost-effectiveness compared to other enterprise solutions. For smaller companies or those aiming to reduce expenses, it's a highly affordable option, and even their hardware is reasonably priced.

I rate Netgate pfSense ten out of ten.

We use pfSense as an edge router for customers. I use pfSense Plus. We're using Netgate boxes preconfigured with pfSense.

PfSense gives our customers high security, and it's easy to implement. Most customers are looking for a VPN, so we set up a static IP that makes the VPN easy. The benefits of pfSense are immediate. It has a few features that prevent data loss, such as backups and creating rules. It does packet inspection to ensure large known malware does not get through to the end users.

It offers features that help us prevent downtime, but that doesn't apply to our customers. It has failover, so if an internet line were to go bad, you could failover to another line. That doesn't apply to our customers because they can't afford a second internet line. 

I appreciate the depth of what you can do with pfSense and the simplicity of the initial setup. One thing we've done is create an image, and when we get a new customer who needs a device, we can put that image on there. The image gets them up to 90 percent of what we need them to have, and we only have to customize the remaining 10 percent. PfSense is incredibly flexible. It's complicated, but it's incredibly flexible.

We do a lot of managed services and are currently trying to get people off of L2TP VPN. Apparently, we can download a mobile config file from a configured NetGate device, and we're primarily Apple. We've experimented with it on a device that's not a production device, and we can't seem to get the phase one IPSec set correctly so that the Apple config will accept it. 

We've tried looking at the documentation but haven't found anything. While it's not the highest priority, it is rather frustrating. We'd like to do this, and the feature is right there, but we can't get it configured. We certainly don't want to try it on a production machine because it will break the current VPN. 

I would like to download the Apple mobile config so that I can tell it to configure my VPN connection to do that. We have some cross-platform things. So there's also a Windows VPN. You can download a script or a PowerShell, put it on a Windows machine, and it can connect to the VPN. It would be nice if I could say I want Mac only, Windows only, or both. I wish it could configure the IPSec phase one and phase two, or at least give me solid instructions on how to configure that.

It doesn't supply out-of-the-box visibility to drive decisions. You get 75 log lines, so if you're trying to troubleshoot something, you have to look at one log and then another. It integrates with SysLog systems, but our customers are not at the level where they want to pay for some third-party SysLog system. Usually, we can get things taken care of fairly quickly.

I would like to have the ability to control all my devices from one place. With Ubiquiti, you can get a controller that allows you to control all of your Wi-Fi devices, switches, and routers. From one area, you can switch to that customer and see what's happening in their environment. That's not part of pfSense. I understand why it's not because pfSense is open source and community supported. That's something that someone in the community needs to pick up and run with. It's not something the pfSense can easily implement. If they could, that'd be great.

I have used pfSense for 12 years.

I give it an eight out of 10. I've never had any lag or downtime.

The higher-end boxes have a lot of scalability. You can run pfSense on a Unix box and add cards or all sorts of things. If you had a powerful Unix box and hot spot-able, there would be a lot of scalability to it. I primarily use their Netgate appliances from the 1100 to 2100 hundred, so the scalability is limited. 

The old 3100 had a lot more scalability than its replacement the 2100. But the next step up now is to the 4100, which gives you an additional preconfigured WAN port that allows you to easily separate networks. It jumps from $400 to $900.

I rate Netgate support eight out of 10. They're great. I called about an issue with a bad box. They answered the phone and I got somebody who was highly familiar with the product. He had me try several troubleshooting things, identified that the box was bad, and got me a replacement. 

Positive

We’ve used SonicWall and switched due to cost. Though SonicWall is easier to manage, the on-going costs are prohibitive.

The deployment difficulty depends on what you need to do. Let's say you get a box and plug it into your network, but you can't get it to work, so you call the folks at pfSense. They will help you configure it so that you can ping a remote device. That's pretty easy. 

I gave one of the pfSense boxes to one of my people who has minimal knowledge about setting up network devices. He could get it to ping in about 25 minutes. Then, I asked him to add a VLAN, and he's still working on that. That's been two and a half months. If someone needs something to put on their network, it's pretty easy, but if you want the full benefit of a firewall, it may take a while. One person is enough to do it. After deployment, you just need to do some periodic firmware updates. 

PfSense's pricing is reasonable. However, support is relatively expensive for smaller customers, and you need to pay per device to get it. So if Customer A is having an issue, I have to get support, and then I have to get support for Customer B, and so on. It would be nice as a managed services provider to get support for my company rather than individual devices.

I would compare the total cost of ownership to SonicWall. We can compare the basic functions of the Netgate 2100, the model we use most, to the SonicWall 3500. They have very similar functionality. The cost of the 3500 was closer to $4,000.

I rate Netgate pfSense eight out of 10. I recommend doing a lot of research or spending the $500 to get the extended support.