Netgate pfSense Reviews

The solution's most valuable features are high availability and the VPN options. Netgate pfSense has the ability to support multiple interfaces and spin up virtual IPs.

What drew me to Netgate pfSense from the beginning is that it's free, open-source software. I wanted the solution for additional control over firewall routing, and there wasn't really anything else on the market that would do that.

Netgate pfSense is very flexible. I like that it can run on enterprise bare metal and Raspberry Pi. Obviously, Netgate has a lot of appliances ranging from extremely small to extremely large.

pfSense Plus is extremely low-cost. Its comparative features include high availability, the ability to tune system variables, and support for hundreds of interfaces.

It would be great for the solution to have better logs. Some of the solution's graphs that show visibility on system performance or session count lack resolution. For example, you may only be able to see the session count by day if you want to look back more than a month.

In contrast, we would want to see the session count fluctuate by an hour or five-minute increments. It would be helpful to be able to query larger data sets, even if you had to break them up into smaller subsets.

I have been using Netgate pfSense for seven years.

The solution's scalability is very poor past 5,000 clients and impossible past 10,000 clients.

I had a very poor experience with the solution's technical support.

I switched from Netgate pfSense to Fortinet. Scalability and high availability are significantly better with Fortinet. It took me about 10 to 15 hours to set up high availability in Netgate pfSense just because of the way it works with virtual IPs and CARP.

On the other hand, it takes about 15 minutes with Fortinet. It's just a completely different experience. Also, the performance availability for appliances is a thousand times better with some of the higher-end offerings at Fortinet versus the highest-end offerings that Netgate has.

The solution's initial setup is difficult because of the extensive setup it takes to achieve high availability.

In our case, it took us around 40 hours to fully deploy the solution from start to finish.

I think Netgate pfSense's TAC or support is a little expensive, considering how inexpensive everything else is. Netgate's most expensive appliance costs around $5,000. However, an annual subscription to TAC costs around $1,000, which is roughly 20% of what you pay for the hardware. It seems a little excessive.

I would say it's pretty easy to add and configure features to Netgate pfSense. However, if you add features that Netgate does not officially support, you can run into issues with your support contracts. It's easy to add features, but it's extremely difficult to support something that is not an official Netgate plug-in.

We saw the benefits of Netgate pfSense pretty immediately after deploying it. We have been scaling, though. As we got to a very large deployment across different sites, we started to see additional problems, but then we also saw additional value added. Initially, there's a lot of value, which increases over time, but eventually, you hit a wall where it's just not that valuable.

On the surface, it looks like pfSense Plus provides visibility that enables data-driven decisions. Unfortunately, after many back-and-forths with support, they say that it looks like the firewall has done something, but there's nothing in the log. There's no data to support their theories. On the surface, it looks like it should, but we found in practice that it was missing a lot of data that would help us make decisions that we needed to make.

The solution's total cost of ownership is good for what it is. I don't think I would ever use it in an enterprise environment anymore. As a value proposition, it's really good for a small business application or a company with multiple sites that you need to be able to interconnect.

You can set up an entire ecosystem for $ 5,000 to $ 6,000 with top-of-the-line hardware from Netgate. Unfortunately, with our user account, throughput, and bandwidth, we've just outgrown it and can't use it anymore.

We've bought appliances for Netgate pfSense's deployment, and we've also deployed the solution on separate machines. Most recently, we used the appliances.

Technically, we never got Netgate pfSense to a good solid state. For the four to six months we had it in production, it was constantly down and needed at least 20 hours of maintenance a week.

Overall, I rate the solution a six out of ten.

We have been building local firewall systems since 2008. 

The main use cases for Netgate pfSense are its exceptional stability and reputation as a premier network operating system worldwide. Millions of people are using it, and we have rolled out a new hotspot system that works from the cloud. The service is running under the pfSense portal.

Netgate pfSense impacts our organization positively because it's open source and has a free edition, which helps us significantly in building our own systems for our customers. It helps in building a new firewall system for the Turkish market. It helps us substantially.

Netgate pfSense's best features are that it's open source and flexible. We have implemented IPsec VPNs, site-to-site VPNs, and client-to-site VPNs. 

We appreciate the flexibility of the Netgate pfSense solution, but we have waited approximately two years for new updates to the Community Edition. We are now moving to OPNsense.

I appreciate Netgate pfSense because we have been using it for approximately 18 years, which is a considerable amount of time. We are waiting for pfSense to integrate AdGuard, Pi-hole, or Zenarmor directly into the pfSense kernel. When I install packages, such as Snort or OpenVPN client export tool, I need to install AdGuard or Zenarmor because it's very challenging to ban TikTok, YouTube, or social media for our customers. In the early days, we managed this using SquidGuard, but since the blacklist has changed, we are struggling. There are many other blacklists I have tried, but I couldn't make them work. It has to be much easier for engineers to implement this. It's easy to integrate AdGuard into OPNsense; it becomes a function under the firewall. You can easily switch blacklists on and off, and create custom blacklists to block all social media with a toggle. We would appreciate such facilities in pfSense as otherwise, we have to manually enter all the websites, DNS resolver, and DNS overrides. Writing numerous rules on the LAN side during installation takes considerable time.

We have been using Netgate pfSense since 2008.

Netgate pfSense is a stable solution for me.

It's a scalable solution. Two months ago, I purchased a brand new server edition, a Lenovo ThinkSystem server with 128 GB RAM. I installed this pfSense server in a data center, and it's working fine. Many people connect via VPN; three or four sites are connecting site-to-site, and we also established another IPsec connection to one of the biggest ISPs in Turkey. It's working great now.

We have never asked for technical support from Netgate. We rely on the resources on the web for information.

Neutral

Two months ago, we switched to OPNsense, and we are now studying OPNsense. We made a strong decision to switch to OPNsense because of the large solutions. There are many facilities, such as AdGuard and Zenarmor, which can be easily installed under OPNsense. We are studying OPNsense, and we will likely switch to OPNsense in 2025 because we are still waiting for a stable version of pfSense. 2.7.2 is very old, and we have switched to the 2.8 beta version, but we are still making our tests now.

Since we have been using pfSense for almost 18 years, we have learned extensively about Netgate pfSense. We have worked extensively and watched many educational videos from the United States, and we have made ourselves ready for pfSense. If one understands the system, it's easy to handle, but without knowledge, it's very challenging for everybody. Many people try to work with pfSense in Turkey with the free edition, the Community Edition, but they couldn't succeed because it's a complex system. It's a vast ocean, and understanding every protocol is necessary. Basically, all firewall systems are the same. Brands such as Cisco, FortiGate, and Sophos sell well in Turkey, and we are competing with these companies. Our target market is the small market, not the big companies or holdings, especially in the hospitality sector, where we deal with hotels and motels.

We would appreciate seeing facilities similar to OPNsense for Community Edition. In Turkey, people generally don't want to pay for yearly subscriptions to firewall systems. We barely recouped our investment for our Safe Hotspot system in Turkey. Competing with other brands such as Sophos, FortiGate, and Cisco is challenging. These brands also require annual payments, and due to Turkey's economic conditions, everyone is eliminating such costs. We have produced our hardware for pfSense, but it was not Netgate; it was only pfSense in the early days. We made our own rack mount 5 or 8 port firewall systems in Turkey and sold many.

The initial setup of Netgate pfSense is not complex; it's very easy. I can even have one of our resellers burn a pfSense USB stick and install pfSense without knowing anything about it. 

Because the Community edition is free, we only charge for our services to the customers. In Turkey, we cannot demand normal pricing; if we were in Europe or the United States, we might collect more money from customers. The conditions in Turkey are very challenging, and collecting payment is difficult. We often charge half or one-third of the price compared to Europe.

We would like to buy Netgate hardware, but when I checked its price in Europe, it seemed expensive.

I would rate Netgate pfSense a 10 out of 10.

I typically use it as an edge firewall.

pfSense is easy to configure. The features I have configured are firewall rules and dynamic routing through FRR. These advanced features are straightforward to configure, and the documentation, if needed, makes things even easier. 

We are using pfSense Plus. It helps us minimize downtime. There is high availability built into the software. I can deploy two pfSense firewalls, configure them correctly, and they can back up each other in case one of them fails. It is a fantastic free feature integrated into the product, and I utilize it constantly.

pfSense has been somewhat beneficial in helping to prevent data loss. We were able to see its benefits immediately after the deployment.

I find the overall amount of configuration flexibility to be valuable. 

It is fairly maintenance-free. That is one of the strengths of the product. It has no frills and is extremely easy and painless to use. It does not cause any trouble.

Another strength of pfSense is that the documentation is very digestible and easy to understand.

One of the features I know they are working on and would like to see improved is the single pane of glass. They have a beta feature available right now that is good, but I would like to see that more developed and made available to customers sooner rather than later. It is currently very basic. When dealing with a fleet of pfSense firewalls, considering them individually is not the most efficient use of time. 

It does not provide visibility to make data-driven decisions. I cannot derive any analytics or information from the pfSense GUI or software to make data-driven decisions. The visibility that pfSense Plus provides does not help us optimize performance. I want more information and context around the data passing through my firewall to make data-driven decisions. I have used other vendor firewalls that provide some capability to show the traffic or bandwidth passed within the last hour, directly within the firewall software. I need a way to generate a report that I can deliver to my C-suite, allowing us to discuss and determine the best path forward. Currently, you deploy it, and it performs as expected, but there are no analytics or reporting capabilities to extract information from the firewall, generate a report, and engage stakeholders in discussions about network connectivity issues, concerns, or upgrades.

I have used Netgate pfSense for more than five years.

I would rate the stability of the product a nine out of ten.

When assessing scalability, I would probably give it a seven out of ten.

I have interacted with their customer service, and they have been, without a shadow of a doubt, beyond helpful. They are fantastic and truly among the best I have worked with. I would rate them a ten out of ten.

Positive

I have used Palo Alto Firewalls and Cisco ASAs as my primary solutions. If money was no object, Palo Alto Firewalls get the edge only due to the fact that they provide more visibility and analytics in regard to the data that goes through the firewall.

Setting it up is extremely easy. Installing the hardware, configuring the software, and getting it ready to forward and pass traffic takes as little as 45 minutes. It is extremely robust and easy to manage and use.

In my case, it definitely involves a team. When we visit on-site, one person can deploy it, but at least in my business, it is accomplished as a team.

pfSense is excellent for a low total cost of ownership. pfSense pricing is extremely competitive, and it delivers exactly what is advertised. If you are looking for a firewall with advanced feature sets at a very low cost, you cannot get anything better than pfSense. It does exactly as advertised, and that is one of its biggest strengths.

It is extremely affordable in relation to TCO. You get everything that other commercial products give but at an extremely affordable rate, so you can deploy en masse to numerous customers and clients.

My overall advice would be to read the fantastic documentation. Everything you will ever need to do with the product is explained very easily in the documentation. If you have any troubles, just read it, and you will always find an answer. It is one of the best documentation of a product I have used in a very long time. Nothing is hidden.

Overall, I would rate pfSense a nine out of ten.

The benefits I have seen in my organization from the use of Netgate pfSense rewards around the fact of how quickly we can implement changes that are needed with the tool are definitely one of the main things. Overall, we have experienced less downtime with the tool. In my organization, we have had downtime with Cisco. Overall, we have noticed some performance increases as well with the use of Netgate pfSense.

The solution's most valuable feature is that I really like the third-party add-ons, as they give the firewall a ton of flexibility and extra functionalities.

My organization plans to solve costs-related problems by using Netgate pfSense. We were using Cisco's firewall products, and the license and hardware costs were just too high. With Netgate pfSense, I think we can get a full firewall tool with support and no need for licensing for under 5,000 USD, saving a ton of money.

There were no specific security issues or challenges I was trying to address using Netgate pfSense.

In terms of the overall flexibility offered by the product, I would say that it is very easy to implement, make changes, and adapt to different challenges that we may have with it. It offers a lot of different options, including VPN options for site-to-site client VPNs. Overall, it is a great tool. It is a highly adaptable solution that is, most importantly, very easy to implement.

It is extremely easy to add features to Netgate pfSense and configure them. If you are talking about third-party stuff, it is something that is within the firewall itself. You can go into the Package Manager and install it.

From a configuration point of view, it is extremely easy to use the tool. With third-party stuff, it can be a pain, but overall, it is extremely easy to manage Netgate pfSense since it is mainly a GUI-driven tool. It is super easy to configure overall.

If I assess the solution for helping our organization prevent data loss, I think it has been great for us. Everything has room for improvement, but it has been great right now.

Netgate pfSense provides our organization with a single pane of glass management. The tool offers great flexibility and is awesome. In our organization, we haven't had any issues with it. It just makes changes that need to be done extremely quickly and efficiently by the end of the day.

I have worked with Netgate pfSense Plus. I buy the hardware from Netgate, and it comes with pfSense Plus.

Netgate pfSense Plus provides 100 percent features that help minimize downtime. In extreme situations, implementing connections that were super helpful in the past and just the ease of deployment, the product offers is helpful since even if something happens to the firewall itself, I can have a virtualized firewall doing the same thing within less than an hour. It can help with that downtime. I know that Netgate pfSense is extremely reliable and a great tool.

Netgate pfSense provides 100 percent visibility, enabling my organization to make data-driven decisions. Netgate pfSense is very much configurable. It gives you 100 percent of everything you need to make decisions. It gives you details of all kinds of different graphs, traffic, and firewall rules, along with the things that you definitely need in the form of the data that you need to be able to just make quick data-driven decisions.

Netgate pfSense visibility helps me optimize performance. The data is just so easily accessible that you can make decisions very quickly. It also helps improve performance. In our organization, we have noticed a very noticeable performance increase since we shifted from the old firewall from Cisco to Netgate pfSense.

If I were to assess the total cost of ownership of Netgate pfSense, I would say it is extremely low and affordable. I think it is a really very simple and extremely budget-friendly tool.

In our organization, we have had such a good experience with Netgate pfSense over the last four years. In terms of improvements, I have not really thought much, to be quite honest. Maybe faster releases for the software or the firewall itself can be areas where improvements are possible. The tool is just a little bit slow to release patches, so it is probably one of the things where the tool can improve. In general, the tool is not bad at all at the end of the day.

Speaking about whether any enhancements are required in the tool, I would say that the tool has everything that we need for our usage. We have an extremely complex environment, the most complex of which is how we use Netgate's BGP to connect to our ISP. Netgate pfSense is extremely feature-rich for our specific use scenarios, and we have not encountered any shortcomings in the solution.

I have been using Netgate pfSense for around four years. The box itself says Netgate pfSense XG-1540. I don't remember the software version we are using right now, but all I know is that I keep it up to date. In my organization, it will be the latest version of the product.

I have not faced any issues with the stability of the product. I have one firewall in a very bad physical environment. It was very dusty, but it has been 100 percent reliable.

It is an extremely scalable solution.

In our school, we have close to 1,800 students and 210 teaching staff overall. With administrative staff, I think there are about 50 people.

I have the tool in different locations and on different campuses.

If I can call someone from the product's technical support team, l can have a technical person on the phone with me in less than five minutes. If you have any questions for them, they will come and try to give you the answer as quickly as they can, and if they don't have a reply, they will reply to you later via email. For the amount that it costs per year, the level of service that you get is unbeatable, honestly. I rate the technical support a ten out of ten.

Positive

The product's initial setup phase was extremely straightforward.

When we deployed the product for the first time, we went through its documentation and how to do things. Otherwise, the strategy is usually based on the fact that we have four campuses, and they run in a similar manner. At least for us, we have a master configuration sort of thing, which we can kind of load into Netgate pfSense and make the small changes that we need, like VLAN changes and small things that apply to the location that the device will be deployed to, and it takes less than probably an hour or two to kind of have a firewall deployed working with the bare minimum, which is extremely fast compared to what it takes with Cisco.

In terms of maintenance, it has been pretty much like we do the setup and then forget it. The firmware updates, or physical maintenance, like cleaning the device, are there. From a greater overview, it is just kind of a set-it-up-and-forget kind of solution for us.

The product's deployment was done in-house, and it involved just me. The enterprise-level support from Netgate helped my organization a lot, especially during the first two deployments, but after that, it was easy.

Personally, I do not have any metrics or data points associated with the ROI that I can share with anyone. My CFO is the person who has information related to ROI.

In our organization, the whole point of moving to Netgate pfSense was that we wanted something that wasn't hard to use or where the licensing wasn't so expensive. We looked at different open-source options, but I can't remember their names. We also looked at UniFi's firewall, but Netgate pfSense came on top for us, considering the support provided and the fact that Netgate's team is the main set of people that keep up with pfSense's open-source project. With Netgate, we work directly with people who use Netgate pfSense, and it is great. We did look at other options, one of which was UniFi, but I cannot remember the name of the other alternative to Netgate pfSense. I think it is called OPNsense.

Suppose I compare the other tools I evaluated with Netgate pfSense, and I feel that the pros of pfSense revolve around the area associated with the product's cost in terms of hardware requirements and licensing. There are no existing costs for the licensing or the hardware. You can deal with the licensing part yourself and get it at a cheap rate from elsewhere or buy it from Netgate's boxes directly from the solution company. Another pro would be the ease of management the tool offers since it is possible to have everything that you need in the GUI, which is a little bit controversial because a lot of people like CLI, but sometimes you need to get something quickly without having to have hundreds of different things.

I haven't come across any cons in the product since most of our company's scenarios are simple and small since we are just a school compared to what other big companies have. Everything that Cisco's firewall was doing for us, Netgate pfSense's firewall does for us for a fraction of the cost and even offers a better performance. I would not know the tool's cons since I do not have anything on my mind right now.

I do not use Negate pfSense Plus on Amazon EC2 VMs. In our organization, we are using Negate pfSense Plus on Netgate's hardware. We use Netgate pfSense XG-1540.

To others who plan to use the solution, I would say that the support offered by the product is 100 percent worth it. The enterprise support is also extremely worth it. In a general sense, if people don't know much about implementation, they just need to read the documentation because many things, like the GUI part, could throw some people off. If you come from a CLI-based tool, the GUI aspect can throw you off, and I know it since it threw me off a little bit initially, but we were able to get through the implementation phase very thoroughly as the tool offers great documentation. By thoroughly going through the documentation, you will have a fairly easy time configuring the tool very methodologically. I really don't think I would recommend anything else apart from the fact that others need to read the documentation and take their time.

I rate the tool a nine out of ten.

It's the main firewall for my household. It's also what I'm using to gain access to my employer's website and VPN. It acts as a gateway to my employers. My wife uses the device as a VPN to do her job as well.

I wanted something that is robust and makes it easy to diagnose if anything goes wrong. I'm also used to the system. I've used it since 2006 or 2007. So it was something that was really familiar with. I used to use the free solution. Last year, I decided to jump into the actual hardware devices that these guys sell. I didn't have time anymore to deal with aftermarket hardware. It saves me some time to have their devices.

The main benefit is peace of mind and no downtime or minimal downtime as compared to other solutions that I've used before.

Its ability to put some plug-ins into the system is helpful. There are a couple of packages that I'm using. Since I'm using it mainly as a firewall and sometimes as a VPN endpoint, it's really great.

The flexibility is good. The fact that you can add packages makes the device quite flexible. Also, it's quite overpowered for my needs right now, so that's a good thing. 

Price-wise, the quality to price is pretty much up there, especially when you consider that you don't have to tinker with anything. With hardware, you don't know where you know, how long it's going to last or anything like that. However, with pfSense, you have guaranteed support with NetGate, and this is great.

It's quite easy to configure. It's very intuitive. Maybe that's because I know the interface. There's also tons of of information available online. They have a very good user manual for the software as well. It's very detailed, and it's it's easy to work with. 

There's a forum where you can ask questions, and people are very friendly. Within a couple of hours, sometimes days, somebody has had the issue that you're having before. So, forum responses are quite quick.

It's really easy to work with. There's peace of mind and no downtime.

In terms of preventing data loss, any solution is only as good as its weakest point. And since this is at the very edge of my network, of the outside network, I feel I'm pretty prepared and protected from data breaches. That said, at the end of the day, I'm not opening myself up to many things in the outside world. It's blocking pretty well, and I don't feel threatened. If there's data loss, it's going to be from my end users, not from the device itself.

It provides us with a single pane of glass management for my household. There's only one device that I use.

The main advantage to me right now is that I'm using their reboot environment. It's really easy for me to update, and if some things don't go well, I can go to the previous version and be back up in no time. 

pfSense is just plug-and-play. Performance-wise, once you install the system, it works even when there's been a couple of software updates. It's probably overpowered for what I need. Performance is very good.

If I had to change internal providers, I might have some difficult times. For example, going from cable to ADSL. Right now, it suits my needs, and as long as they keep it updated, I'm pretty good with that.

I've used the solution since December 2023.

The stability is great.

I haven't had to scale the solution.

I haven't had to contact technical support. 

I have used other solutions, such as Untangle, D-Link, and Linksys. There were always a lot of limitations if you didn't adopt the commercial licenses, and those would be expensive. pfSense is reliable, especially with the NetGate hardware. It's also predictable. There's never a big software change. pfSense has been very stable since it's based on FreeBSD. However, it is on a lesser-known OS.

I use a physical device. For implementation, you have to use a console interface through a serial port and then a TTY from your own computer. For some people, maybe it's a bit more difficult. For me, it was really straightforward. It's as easy as setting up a switch. 

I loaded it up the first time and the only thing I had to do was modify my previous config, change the interface names, and just throw it back in there. It takes less than an hour.

There's only maintenance if there's an update. It might be down for a few minutes during that time. It takes maybe five to 10 minutes. Even if something goes wrong, it's pretty easy. You just reimage it and reload the safe configuration. It's much easier than other solutions, like Untangle. 

I handled the implementation myself. I did not need the help of third parties. 

The pricing is reasonable. Before I got the 6000, I was on my own devices. They developed a pricing schedule last year. At first, I was worried, however, it's maybe $130 a year and it's very reasonable compared to other solutions. With the 6000, the price is included within the device itself. 

Compared to other solutions, the total cost of ownership is very good. It's not that it is so much cheaper, it's that it fulfils the needs of more people. With the level of support provided, the price is very reasonable. 

I'd advise new users to take the time to read about the device and the software beforehand. Otherwise, you're going to waste a lot of time trying things that you think are going to work. Since it's not necessarily the same thing as, let's say, Untangle, you have to familiarize yourself with the interface and with the system before actually diving in deep.

I would rate the product ten out of ten.

We're primarily using the solution for testing. We're also using it internally at our own site, mostly as a reverse proxy, but also for the speed. Not all firewalls have 2.5 and and ten gig WAN ports.

The format, the layout and the interface are excellent. We really like that it is quite simple to use and straightforward. The quality, in particular, the ones we have is the Netgate unit, is particularly robust in terms of the look and feel as well as their speed and quality.

We appreciate its flexibility. Its usability is great.

We were able to witness positive results from the product pretty much immediately.

Its SD-WAN capabilities are great. The onboard storage is nice for keeping configs and logs, et cetera.

We do get a single pane of glass for management. It's well laid out and provides clear visibility into management features. Everything is easy to find within the menu bars and options. It is all very logical.

We're using the Plus version with Netgate.

pfSense does provide features to help minimize downtime. There's a failover availability, and there are high availability configurations. We don't use that; however, that's good to have if you need it. Having multiple endpoints or configurations on all of the ports is possible. It helps keep up our site and other sites.

With the logging capabilities, the solution provides visibility and enables you to make data-driven decisions. A lot of our clients are smaller, so they are nowhere near the limits of what pfSense can do by any means. 

The ease of changing parameters helps us optimize performance. It's a lot easier than what can be done with competitors, for sure. 

The solution could improve by adding in some sort of user account credentials in the sense of accommodating more levels of users. From what I've found, everybody has basically the same access. 

A formal partnership with some sort of VPN vendor, like OpenVPN, would be nice.

I've been using the solution for a couple of years. 

The stability is very good. there is no lagging or crashing. It's reliable. 

The scalability is good. However, we and our clients aren't too large. 

I've never needed to contact technical support. 

In the past, we have used Fortinet devices. pfSense is definitely easier to configure and use. It doesn't have quite the same feature set. However, that's fine - you don't always need the full feature set. We find that the add-ons that are available are fine. You just have to find them from a third party. 

The initial deployment was easy.

There isn't any maintenance needed beyond updates. The base install probably took ten minutes and to configure it properly takes two to three hours with some internal servers and multiple ISPs. You just need one person to handle the process. 

I'm using pfSense via Netgate devices, which are reasonably priced. The solution seems to be reasonable. It's well-priced for what you get. It's a bit lower than the competition if you are trying to gauge the cost of ownership. And it adapts well to different speeds.

I'm a customer and end-user. 

I'd rate pfSense eight out of ten.

If a person is familiar with firewalls, they'll be fine adopting it. The interface is pretty easy.

I have at least two pfSense routers at home in my home lab, serving my house. Additionally, we use it in my company. We have our satellite office in LA, and we use it as the main router. The use cases involve a router, firewall, and DHCP server.

I was able to see pfSense's benefits immediately because I used it as a learning tool too. From the very beginning, I was able to inspect traffic and see what was happening on my network. That was pretty useful.

pfSense is flexible. I like it. I can install it on different hardware. I can virtualize it if I want.

It is pretty easy to add features to pfSense and configure them. If something is supported by Netgate and it is in their package manager, it is pretty easy, and if it is not, I would not want to add it. I would not be confident enough to put it on my firewall.

pfSense has not directly helped to prevent data loss, but it helps indirectly by protecting the network and not letting in malicious things.

pfSense Plus provides features that help us minimize downtime. Preventive notifications and ZFS snapshots are helpful features. 

pfSense Plus helps to make data-driven decisions to some extent such as which device is using the most bandwidth. The visibility that pfSense Plus provides helps us optimize performance.

The Tailscale integration is very helpful. The DHCP and DNS server functionalities, as well as the package manager, are also good. 

I am using its paid version. I am paying at home for the Plus version, but I wish they would pay attention to the community version. I know there is less incentive for Netgate to develop the community version, but it would be cool to have that.

pfSense does not give us a single pane of glass management. I know that they are coming out with that as a beta or alpha feature, but it is not there yet.

I have experienced only hardware-related issues with Netgate. They are not related to pfSense as a software. I purchased a Netgate firewall, an SG-4100, which is a $600 device, intending to make it a solid piece of my home lab and support the project. It died in one and a half years. I do not see the value in buying their hardware, as their customer support was not friendly or helpful. Eventually, I bought pfSense Plus, which allows using a roughly $200 device that offers part-swapping to keep the device alive or even buying two of them. The pfSense Plus subscription is roughly the same value.

Support for third-party hardware is less documented, not being their preferred option. For most things, it is pretty solid. Other firewalls such as SonicWall offer more protection features such as deep packet inspection. I know that is possible with Snort or Suricata. That is one thing that could differentiate open-source firewalls from the main players. 

Another suggestion is automatic updates to reduce maintenance for smaller setups.

I have used Netgate pfSense for roughly three to four years.

Since they fixed the DHCP issues, it has been pretty stable.

Scalability has never been an issue. I have not dealt with more than 10 gigabit traffic, so I have not experienced any problems.

They answer promptly. However, I do not feel valued when I pay about $150 a year, and they only include certain things for people without the Netgate hardware. They had some general first-time setup features but nothing that actually caused problems. For instance, when I imported my previous configuration to my new hardware, it was not covered. So, even if advertised similarly, it is not the same if I do not own the Netgate hardware.

Neutral

At work, in our main office, we use SonicWall. I also use UniFi Firewalls, ranging from smaller to larger ones, and actively manage two or three of them.

As compared to SonicWall, the user interface of pfSense is much easier to handle. It is also faster even though our SonicWall is a much beefier device. pfSense is more well-organized compared to SonicWall.

With their own devices, it was pretty easy. With third-party hardware, it was a little more difficult because certain devices are not as compatible. It is easier if people double-check compatibility, but in general, it is pretty easy.

It requires maintenance from me. I have to update packages and make sure that everything is running properly and the hardware is fine.

It is a one-person task. If you have the specifications and knowledge of what network segments and VLANs need to be set up, it can be managed by one person.

It is on the higher side. If you want to purchase pfSense Plus alone, the cost is roughly $150 a year, but the value provided justifies the expense. However, a lower-end tier option, around $100, would be beneficial.

With the inclusion of firewall, VPN, and router functionalities, for a business, pfSense makes much more sense. I was comparing different solutions and our SonicWall costs way more when we include VPN and other small features.

If installing on your own hardware, you should definitely research compatibility with FreeBSD, and use ZFS, which I believe is the default now. This allows rollback capabilities. It is important to read what is included in the pfSense support package before contacting support, as you might not get answers, and it might be easier to go directly to the forums.

I would rate pfSense a nine out of ten.

We use pfSense in our clients' offices to provide secure network access. For remote workers requiring private network connectivity, we deploy a Netgate pfSense router in both the office and the user's home office, establishing a robust IPsec connection between the two. This configuration offers superior security compared to alternatives like OpenVPN, as remote users simply need to connect their LAN cable to the home pfSense for immediate and secure office network access. We primarily serve small organizations with 10 to 200 employees, deploying a pfSense router in each main office and providing OpenVPN or IPsec connectivity. Additionally, we offer optional pfBlocker-NG integration for advanced threat protection, enabling the blocking of traffic from specific geographic regions or known malware sources.

We have several sites with multiple or backup-wide area networks. We use pfSense to manage these networks, configuring them for load balancing or backup as needed. To authenticate OpenVPN logins, we leverage Active Directory on our Windows Server, simplifying user management. Office managers can easily disable both Windows and OpenVPN access for users without needing to access pfSense directly. This centralized approach requires only a single robust passphrase for users to access both the VPN and the Windows domain.

I am accustomed to the interface and find it quick to use. However, I think a new user might need some time to adjust. That said, I've been using it for over 15 years.

As a network administrator, I fully understand the benefits of pfSense before deployment. While end users may not immediately recognize its advantages, I appreciate its value in eliminating the need for costly licenses associated with other firewalls like Barracuda and Checkpoint. PfSense offers a comprehensive suite of features, including VPN, user management, and advanced DNS, without requiring additional fees. This cost-saving aspect is a significant selling point for me when replacing older firewalls with Netgate pfSense. Not only do we improve network security, but we also reduce ongoing expenses, a benefit that becomes apparent to clients over time.

Adding features in the packages section of the interface is quite rapid, especially when limiting options to available packages. However, configuring unfamiliar or infrequently used packages requires research and time, ideally by someone with networking and firewall experience. While pfSense is not entirely plug-and-play, the basic setup is straightforward; adding features demands more technical knowledge. So, feature addition is easy, but configuration can be moderately complex.

pfSense can help prevent data loss by making it difficult for hackers to breach networks. However, most data loss incidents we see result from end-users clicking on malicious links or email attachments. When data loss or ransomware occurs, the issue typically lies with user error rather than pfSense. I believe that the networks I configure using pfBlocker, which restrict communication primarily to the continental US and other approved countries, may help block ransomware. Still, I cannot quantify the frequency of such occurrences.

Approximately ten percent of pfSense routers experience critical issues requiring a factory reset. Previously, this process involved contacting tech support and providing detailed information. However, pfSense has simplified this by offering self-service image downloads. This improvement significantly speeds up customer recovery time. Additionally, Netgate's pfSense Plus hardware comes with a Zero-to-Ping warranty, enabling easy setup and troubleshooting for end users. While not entirely plug-and-play, most users can easily install these routers, and Netgate's warranty provides additional support if needed. I've successfully utilized the Zero-to-Ping warranty several times and believe it is a valuable resource for both technicians and end users.

pfSense has helped enable data-driven decisions. It allows me to communicate the need for faster WAN lines to client management by providing concrete evidence of network performance. Additionally, pfSense offers detailed insights into OpenVPN user activity and IPsec traffic, facilitating targeted problem-solving. For instance, I can readily identify slow IPsec connections for remote users, such as user X, and advocate for necessary improvements based on these data-driven findings.

OpenVPN, IPsec, DHCP, and DNS are the most valuable features. I will also include pfBlocker-NG later in the list, but only a couple of sites use this feature. 

pfSense does offer a convenient single-pane dashboard, but I believe it could be improved with additional features. For instance, an administrator log for team members to record notes, such as adding a nameserver, removing user accounts, or other relevant information, would be beneficial. This simple log within the main status page could enhance communication and collaboration among the admin team. While the current status screen provides most of the necessary information, this extra feature would be a valuable addition.

It would be beneficial if Netgate provided a table outlining the recommended maximum WAN port speeds for their various models.

The documentation doesn't align with what I'm seeing on the console. This is frustrating because the online documentation doesn't match the dashboard, leaving me unsure of the correct steps to take.

I have been using Netgate pfSense for 16 years.

I would rate pfSense's stability a perfect ten. When I replace consumer routers with pfSense for small businesses with two or three employees, they are often amazed to discover the router can run for a year without a reboot. This starkly contrasts their previous experience with consumer routers that required weekly or bi-weekly unplugging.

I have been pleased with pfSense's scalability. While I haven't explored all its features, I have successfully backed up an old system and restored it to a new pfSense device, which I consider an upgrade. I know additional capabilities like load balancing and backup device management but haven't implemented them due to a lack of current need. PfSense offers much more potential than I've utilized.

The quality of the support is high. While the speed used to be somewhat slow, I've noticed a significant improvement in recent calls, connecting with a representative quickly within the past year.

Positive

We've used multiple firewall solutions over the years. Twenty years ago, we implemented Monowall. Subsequently, we switched to Barracuda, which proved highly problematic and required frequent technical support intervention. Our next choice, SonicWall, was an improvement over Barracuda but still presented challenges. Specifically, SonicWall's licensing model is burdensome, as it necessitates constant management on my part, a task end-users are unwilling or unable to perform. Though less frequent than with Barracuda, technical support interactions are still necessary.

Initial deployment is straightforward, taking approximately half an hour for each unit. While pfSense is not the issue, challenges often arise due to clients' limited understanding of their network configurations. A single person can effectively handle the deployment process.

I appreciate that pfSense eliminates the need for extra payments, license management, or feature limitations. This cost-effectiveness and its reliable Zero-to-Ping guarantee is its most compelling aspect.

The pricing seems fair overall, but I think they need more reasonably priced options for very small offices. They currently offer a few affordable units at the lower end, but then there’s a significant price jump to the next level. I remember they used to have a model around the 2100 range that was a good middle ground. I believe they should offer more choices between the lowest tier and the next one in terms of hardware. Additionally, I'd like to see a per-incident support option, which I don't think they currently provide. I haven’t checked their support options in a while, so I could be mistaken. However, in the past, they only offered annual plans. If I encounter a specific issue, I would prefer the ability to pay a one-time fee for complete support on that particular problem.

The total cost of ownership is great. pfSense is our most recommended appliance for router, firewall, and VPN functionality. 

I would rate Netgate pfSense nine out of ten.

Users don't need to do anything to maintain the system, but I like to check all pfSense instances every few months, install updates, and look for any irregularities. I try to check every single pfSense system if possible. pfSense needs to be manually updated.