Netgate pfSense Reviews

I use it as a firewall and router. I use it in a few locations. I have three pfSense products.

I like that I can geofence and block different countries from accessing my network.

The flexibility is very good.

I noted the benefits of pfSense within a year. I had it on my VM for a year and then put it into production. 

It's good at blocking malware and DNS attacks. I don't use it for data loss prevention.

The solution gives me a single pane of management. Everything is accessible from the dashboard.

It provides features that help me minimize downtime. I have a WAN, and if any of my WANs go down, it's okay; I have them connected to pfSense. 

It helps me make more data-driven decisions. 

With pfSense, I can optimize performance. 

I don't really need too many features. I just use it as a plain firewall. I like to keep it clean. I don't like to run too many things on it.

The configuration can be a little difficult. You need to know the system a little bit. Even now, I do have one in a VM where I test my stuff, and then implement it into production.

They could make it easier to configure packages. They could have a wizard that helps you out a bit more.

I've used the solution for more than five years. 

I haven't had any issues with stability.

I haven't had issues with scalability. It's easy to back it up and load the backup.

Technical support is fast to respond. However, I did have to eventually pay for them to help me out. I had some problems with the firmware. Someone remote into my appliance and fixed it. They patched it up and now it's working fine. 

Positive

I've used OPNsense and SonicWall previously. 

While pfSense has more features, OPNsense is a lot easier to use. 

I have the solution as an appliance. Deployment for a device is a little bit hard, so it can take a few days. 

Maintenance is required every few days.

I did not have any help from outside consultants. I manage the deployment myself. I was able to eventually figure it out myself via forums. 

I like the fact that there is a free version. I'd like the entire offering to be free. That said, it's 100% worth the cost of ownership.

I use both the paid and community version.

I'd rate the solution eight out of ten.

I would advise new users to test it before implementing it in their environment. 

We use Netgate pfSense to deploy to our customers.

Netgate pfSense has a lot of different applications you can use for VPN and multi-way traffic. It's very simple as far as firewall rules and NAT rules go. It's an overall solid application and product. We don't really have too many RMAs, and there are no monthly fees associated with it.

Netgate pfSense is extremely flexible due to the nature of the multi packages that you can use for different VPNs. You can do the same thing in multiple different ways, and it's very handy when you're trying to troubleshoot problems.

You can add packages to pfSense with Snort and pfBlocker to keep hackers out. We've been using pfSense by creating rules that only allow our IP addresses into those devices. That way, they are never open to the outside world, and we've been doing that for almost 20 years.

Netgate pfSense has a high-availability application called CARP that allows you to put two devices in failover mode.

The visibility that pfSense Plus provides helps us optimize performance because that's all in the updates they push out.

We use pfSense Plus on Amazon EC2 VMs, and it's been pretty good and fairly quick in testing.

The solution should provide a single pane of glass and a management console for all devices.

I have been using Netgate pfSense for 20 years.

The solution is fairly stable unless there's an environmental issue.

I rate the solution's stability an eight out of ten.

I rate the solution a nine out of ten for scalability.

We have previously used SonicWall. SonicWall has all the packages prebuilt. With Netgate pfSense, you have to download and install the packages and then configure everything. These include antivirus and anti-spam, which you have to turn on, but they cost money.

It's really just a configuration setup. SonicWall and Netgate pfSense are two very different firewalls. It's very difficult to compare them other than monthly and yearly licensing versus buying at once.

The solution's initial setup is super easy. I've taught several people with little knowledge of how to do it, and it's been very simple to explain and set up.

From start to finish, the solution's deployment can be done by one person in probably an hour.

I think Netgate needs to charge a nominal fee for the actual software so that it gets paid for because a lot of people skirt the licensing and use the community edition. Netgate should charge something nominal like $50 a year for the community edition to deter people from using it for everything.

Depending on the specifics, adding and configuring features to pfSense could take three or four hours for a RADIUS server with a VPN or less than two minutes to set up a NAT rule.

We were embedded with pfSense in 2023. It took us some time after we deployed the solution to see the benefits.

I have 236 devices in production. Some of the cheaper models are more susceptible to power outages, which cause them to fail. However, some of the more robust models are expensive, but they last for many, many years, and there's very little interaction that we have to do with them.

The only maintenance the solution needs is just updates to the device as required.

New users should do some basic research before configuring Netgate pfSense. There's lots of information about the tool on the web, and it's very easy to get the answers to your questions because somebody's already probably run into that issue. There are tutorials on basic configuration on YouTube.

Overall, I rate the solution an eight out of ten.

I use the solution in two ways. I deploy it commercially and I use it in my home lab as well. 

It's very easy to deploy. It's nice when you've used something for a while. You get comfortable with all of the benefits. I know what I'm doing. I'm very familiar with the product.

The addition of packages makes it very customizable. The flexibility is very good. Not all firewalls out there have that. Typically, you are tied into three or four different plugins. pfSense, however, allows you to add more than the standard handful others offer. 

It's easy to add features and configure them.

They do improve it consistently, which makes me want to return to it over and over as a solution. 

It just introduced, with the latest revision, the ability to save your backups incrementally as well as go back and make changes. I can go back to a particular backup, and that's quite useful.

The solution does prevent data loss. You can pick up your configuration files consistently, whether you want to do it daily, monthly, hourly, et cetera.

Users can manage everything under one single pane of glass. 

I also use pfSense Plus. It provides good features that help minimize downtime. The updates come quicker to Plus, which is helpful. It also helps optimize performance. Having the pane of glass offers consistency in terms of finding things. The UI is very intuitive.

Updating some of the packages can be a bit difficult. It's hard to stay on top of them all. There also might be a bit of a lag on updates.

If they could get to something like Meraki, where I could remotely log in and not have to deploy a package to do that, that would be nice to have. 

It would be helpful if they had more documentation. Some online details seem out of date and you have to spend a lot of time going through forums to uncover what everyone else is doing.

I've been using the solution for probably ten years. 

The stability is very good. I'd rate it nine out of ten. 

Most of my clients who are users are under 50 users. I handle mostly SMBs. I'd rate scalability eight out of ten.

Technical support is awesome. I haven't dealt with them a ton, however, every time I do, via email, within an hour, they've responded. 

Positive

I've used Cisco Meraki over the years. It's a bit different. There's also a cost factor. 

I've also tried OPNsense. I didn't like the look of it after using pfSense for so long. 

The initial deployment is straightforward. It's awesome. I always bench test it before deployment. I do it through my office, not on-site, to go through the various variables that could make things go sideways. 

The implementation only takes about a day. I can manage the process by myself. I don't need a team. 

A majority of my deployments are for home users.

There's not a lot of maintenance. You just want to keep packages updated when the time comes. 

I have witnessed an ROI from a remote perspective. I'm able to remote in for some users and fix any problems that way.

The solution is fairly priced. The total cost of ownership is pretty good. They do offer appliances as well and those are quite cost effective. 

I'm a consultant. 

I'd advise new users to learn at home first and play with pfSense just to get used to it. 

I'd rate the solution nine out of ten.

My company uses Netgate pfSense firewall routers for some clients, but I choose the device based on their needs. For locations like restaurants that require constant internet, I use a different device with cellular failover built-in. The cost-effective Netgate pfSense is a good option in simpler locations like doctors' offices. I can leverage Netgate's ability to handle multiple ISPs for clients with large internet demands. Ultimately, the choice depends on the client's budget and specific requirements.

In my role, I decide what our clients should implement for their network security. I want to create a secure environment by separating the business network from the Wi-Fi and phone networks. To achieve this separation, pfSense uses different subnets to effectively block any incoming traffic attempting unauthorized access to the network.

pfSense is highly configurable, offering flexibility to tailor its features and functionality to each client's network needs.

pfSense offers a wide range of plugins and add-ons, making initial configuration straightforward. However, since I primarily rely on endpoint security products installed on clients' workstations for their overall protection, my pfSense setup focuses on basic functionality. This includes configuring the firewall for my in-house network and leveraging its ability to handle multiple WAN connections. Ultimately, pfSense's affordability and ease of use make it a great choice for me as a secure and customizable router/firewall solution.

Network segmentation offers the biggest benefit for my clients. By creating separate Wi-Fi, phone systems, and business network segments, I can isolate any security breaches and prevent them from spreading throughout the entire network. As the decision-maker, I prioritize client security without needing them to understand the technical details. My focus is ensuring their networks are secure.

I have never had any downtime using pfSense Plus.

The most valuable features of pfSense are its ability to segment networks, create different subnets, create different VLANs, and use the VPN, as well as its affordability.  

pfSense lacks a centralized web dashboard for viewing all my clients' pfSense dashboards. A single pane of glass for both web access and management would be a game-changer. This missing interface is my biggest frustration with pfSense, and improvement is sorely needed. I have clients all over the United States and would deploy many more pfSense firewalls if it had a centralized web dashboard.

I started installing Netgate pfSense for clients almost three years ago.

I would rate the stability of Netgate pfSense ten out of ten.

I would rate the scalability of Netgate pfSense ten out of ten.

We've worked with almost every firewall: SonicWall, Cradlepoint, Ubiquiti, Fortinet, and UniFi devices. You get into the licensing of some of those with SonicWall and Fortinet, and it's just not the product that I like to sell to my clients. I'm always client-friendly. I want to find the most affordable product for them that does the best job. NetGate pfSense is the right one for some but not for others.

The deployment is simple. We preconfigure the device in the shop and then take it out and hook it up in less than one hour.

We have three people total who deploy the firewalls, including myself.

Netgate pfSense is a set-and-forget product other than deploying and periodically updating the firmware. pfSense has been solid for me.

Unlike many firewalls that require annual licensing fees, making them expensive for small businesses, pfSense is an affordable option.

I would rate Netgate pfSense seven out of ten. The only area of improvement is the web dashboard, which is currently lacking in pfSense.

I use other products to control data security. Most of my clients don't have an in-house server. I work with small businesses, and that's why the Netgate pfSense device works well. For my larger clients, we go to the cloud for data storage and data security with redundancy. So, I don't use pfSense for data security at all.

pfSense is a good value for some clients; it's client-specific. It depends upon other things we are deploying there, such as what kind of Wi-Fi network we use. If we are adding a VoIP phone system. It just depends on what the client's needs are, but It is the right device for the right client.

A lot of our clients are small businesses. I've got one fairly large business. It is a restaurant group nationwide with 700 employees, but its main office has maybe 30 to 50 employees. So, that's probably my largest deployment of the Netgate device.

The only maintenance required for the pfSense firewalls is applying the occasional firmware updates.

Some MSPs are more focused on making money. I'm not. I'm focused on the right fit for the client, and the money takes care of itself. pfSense is a great device. I'm not focused on what will make me money. I'm focused on what is best for the client. In many decisions, the Netgate pfSense is the right decision for that client.

We use it as a firewall within our public cloud infrastructure. We use it in particular for IPSec, VPN, and Reverse Proxying HTTP Traffic. We have deployed multiple pfSenses and most of them are configured as HA/Failover.

We wanted to secure traffic between our main office and multiple public cloud data centers and providers. We also wanted to have access to our cloud components via VPN.

We have multiple websites that are proxied via HAProxy and secured via Let’s Encrypt TLS Certificates (generated via the ACME Plugin).

We deploy across multiple virtual data centers that are in different physical locations. Multiple teams have their own deployment. One HA / Failover cluster is the entry point to our websites so there are millions of HTTP requests per month. We also have around 20 to 30 users (Dev and Ops) who use the VPN feature. Behind the pfSense firewalls, there are around 100+ servers and no end users.

We replaced a Sophos UTM 9 Failover Cluster with a pfSense Failover Cluster and we can now make config and certificate changes without downtime. Also, the TLS certificates are rotated automatically.

The performance optimization documentation has improved our organization. The base setup is great but with higher bandwidth, it is really hard to find good documentation on how to tweak the setup to get the most out of your connection.

pfSense sort of gives us a single pane of glass management. We use the same product multiple times so we only need to know one product but it also does not offer a single management platform for all deployments. Whether this is good or bad depends on the point of view. On the one hand, we need to manage multiple setups, but on the other hand, we have a clear separation of concerns and risk zones (if the user account on one system is breached not all systems are affected).

It is hard to pinpoint a specific feature that is the most valuable. I think the big community is a major benefit. Most problems we encounter were already encountered and mostly solved by someone else. Most of the components are open-source tools, so the error messages have hits on Google which makes debugging easier.

pfSense has Plugins and is open source so everybody can add features or improve the product. For example, HAProxy, ACME Plugin, Prometheus-node-exporter, Nmap, etc. I see it as a relatively flexible product. If something is not working via the WebUI, SSH or WebKVM is always there.

Most of the time it is very straightforward to use a feature or plugin, the documentation is great and has examples that are very helpful. If something is a bit tricky, pfSense luckily has a big community. 

Performance Optimization Documentation could use improvement. The base setup is great but with higher bandwidth, it is really hard to find good documentation on how to tweak the setup to get the most out of your connection.

We have been using pfSense for eight years. 

pfSense is a very stable solution. In all the years I had around three instabilities.

Two people handle the maintenance of all pfSense Firewalls.

It can be used in small to big deployments. If the bandwidth hits more than 10GBs or 20GBs you need to optimize it to get good results. I would also not recommend it in very big ISP deployments with TBs of traffic.

I have never used the support for any technical issue. The community forums and Google always were enough.

Positive

In one of our virtual data centers, we had a Sophos UTM 9 as failover but it had some very annoying problems (Let’s Encrypt TLS Cert generation or WAF config reloads resulted in a two-minute downtime).

The old installation was straightforward, but the new installer has some bugs and does not really work.

We implemented it ourselves. 

Previous deployments were done by a System Engineer and the current deployments are done by me (DevOps Engineer) and a System Engineer. It was a one-person job.

We have better uptimes and lower support costs in comparison to the Sophos firewall and we are also saving on licensing fees.

The licensing seems fair. We owned the TAC Lite License for some time. The problem was, that the license is bound to a device ID which does not really work well with VMs where this ID changes sometimes.

We use pfSense Community Edition as our firewall within our public cloud so we only pay for the VM and the traffic.

I would rate it an eight out of ten. It is very good but has some fields in which it can improve.

You need to have an interest in the topic and also (like any security product) it needs regular attention. But it is a reliable firewall and the combination of BSD and ZFS makes it pretty solid.

I use it for my firewall at home and when virtualizing labs to do routing between different network segments. I use it in the business that I am currently with at our main office and our other site. I worked at an MSP before that, and it was the firewall that we recommended to clients who wanted to go beyond what you'd buy at Best Buy, like the random Linksys or Netgear. I haven't touched the enterprise level, like the expensive ones where you might have 20 different Netgate segments with failover.

We deploy it either on bare metal or virtualized on our own virtualization platform. We have not deployed it on any cloud. The primary cloud services we use are software as a service, so our firewall doesn't apply to that. If we ran our own set of servers in the cloud somewhere, we'd probably consider pfSense for routing between them, but we don't have that use case.

When I started using it back in the day, someone told me that there's this firewall you can install on an old PC to get all these features that are normally only available on expensive enterprise firewalls. 

I realized the benefits immediately. When I installed it, I had access to features like multi-WAN, which is more common now. You can get small home office routers with multi-WAN these days, but when I started a decade ago, it cost thousands of dollars and required enterprise equipment. It was mind-blowing that I installed it and could hook up two Internet connections for no extra money.

It doesn't directly prevent data loss because pfSense doesn't have a DLP function, but the security aspects, like the pfBlocker, ClamAV plugin, and proxy, are all great. The security components help prevent data loss by securing the network. As far as I know, pfSense doesn't have a data loss prevention function that scans for somebody trying to exfiltrate data. 

The failover or load-balancing WAN helps reduce downtime. It also supports high availability between two firewalls, although I've never set that up. Those would minimize downtime of the firewall individually and the company as a whole.

We don't use it that way, but it has extensive logging. If you were to dump all those logs into something like Graylog, Elasticsearch, etc., you could analyze and decide based on that data. We don't use it like that, but I know that with the extensive logging that it has, it could be used that way.

PfSense has an excellent ability to optimize performance, especially with the plugins. It helps me determine where my bandwidth is going and get reports on latency, jitter, etc. I use all of these features regularly. If the internet is slow, I can go see who's hogging it by downloading giant files, or I can identify where there's a lot of latency on a particular gateway.

I like that there's a community edition that I can install on my own virtual machines or hardware. I can test things without messing with them in production, which is incredibly useful. If you have a Juniper or Cisco, you can typically only afford one. 

You're forced to make changes in production and hope they don't break anything because there's no easy way to have a testing environment. The free version of pfSense offers load balancing or failover WAN, which is also helpful. Most commercial firewalls don't have that in the cheapest iteration of the hardware. 

The community edition makes it easy to learn because you can try it before buying it and putting it in production. There's no equivalent if you want to buy FortiGate, WatchGuard, or any of those and fiddle with them on your hardware before putting it in production.

Many plugins for pfSense are easy to install off the store, and they work. The basic function that you want to do are pretty easy. However, it is more complicated than your average home office router, but that's to be expected. The fact that it is an open-source project that's trying to be all things to all people does mean that sometimes things can get a little bit complex, sometimes unnecessarily. For example, the IPSec VPN setup has five hundred options, probably more than anyone needs, but it works. Their documentation is excellent. In instances where you might not figure it out on your own or the interface might not be super clear on how to do something, the documentation is usually good 99 percent of the time. 

I appreciate pfSense's flexibility. I can buy supported hardware from Netgate with it already on there, buy support for my own hardware, or run the community edition on my own hardware or a virtual machine and get all of the same functionality. 

Snort or Suricata don't block things they should out of the box. It's always been a pain point of pfSense. If you turn on Snort or Suricata for IPS or IDS, no setting is effectively set and forget. Turning any commercial firewall to the lowest setting will provide you with a decent amount of security with almost zero false positives, but pfSense is not that way. You've got a babysit Snort and Suricata to the point where sometimes you turn it off.  

I know one of their rising competitors, OPNsense, has the ETS rules. I forget who provides it, but you turn on a rule set, and they just work. They have a built-in set of rules for Snort and Suricata that you turn on and it provides a reasonable amount of security. That has always been a pain in the neck with pfSense. It's the single biggest thing that they could do to improve it. Honestly, they're losing business OPNsense for that one reason. 

I have used pfSense for at least 10 years.

As long as you don't use bad hardware, it's fine. PfSense has issues with some Realtek network chips. If you use bad hardware and get bad results, it's your own fault. I usually have as much uptime as there is between patches. It's highly solid after reboot other than installing the most recent patch.

I've never used pfSense at the high-end enterprise scale, but it can scale nearly infinitely as far as I can tell. There's a higher-level pfSense that's carrier grade that can handle hundreds of gigabit routing. We've got a Netgate plan and never had any problems. 

We see solid performance no matter what we're running on it. The fact is that it can run on a low-end, low-power fanless ARM CPU for a branch office. PfSense is usable in a lot of situations. It's also extremely scalable, which is also flexible in the sense that you can install it on some random old PC that you have at your house and use it for your home firewall. You can also use it in an enterprise with a multi-gigabit incoming connection and thousands of clients.

I rate Netgate support nine out of 10. I have contacted them a couple of times over the years. Each time I called them, they solved my problem or gave me a workaround within a reasonable time. It seemed like the people I talked to knew what they were doing. Sometimes, you call technical support and end up with first-level tech support who reads off a script. They don't listen to a word that you say and tell you to do all the things you've already done. 

I've been able to get people who ask pertinent questions and ask for logs. They remote into my machine or SSH into the firewall, so I'm happy with it. It was worth the money that we paid when we needed it.

Positive

I have used Smoothwall and OPNsense. Back then, I used to have a weird firewall that I can never remember. If you count OpenWRT, a replacement firmware for Linksys, as a firewall. However, you can't install it on any x86 OS that you want.

It depends on whether the user is familiar with general concepts like putting an ISO on a flash drive and booting off of it using some basic command line. It's very easy if they've installed operating systems before and understand how to boot off a flash drive. Flash the image to a flash drive and boot off it, then follow the prompts. If they don't have that basic experience, I wouldn't tell them to deploy it themselves. I'd tell them to buy a box from Netgate with support. 

That can be tricky if you've never done it or don't understand the concept of moving off of a flash drive and installing an OS. There's not anything Netgate can do about that because there are thousands of different pieces of hardware you can try deploying pfSense to, and pfSense can't give specific detailed instructions for every one of them. That's when you go buy Netgate. 

The first time, it took me days because I had no idea what I was doing. Now, I can set up a pfSense with good basic functionality in an hour. It doesn't take very long. I've probably done it hundreds of times now.

After deployment, you've got to install patches periodically. If you're using Snort or Suricata, you've got to pay attention to those. If you're using pfBlocker, you've got to install patches. If you're not using any of the plugins like Snort, Suricata, pfBlocker, Grid, or any of those sorts of things for advanced functionality, then there isn't any maintenance other than periodically installing your patches like anything else. 

The community edition provides all of the basic functions for free on your own hardware, and pfSense Plus comes with a Netgate appliance. It's a reasonable $200 bucks or so to buy pfSense for your hardware, and then it's $800 or $900 a year for commercial support, which is also reasonable for a firewall.

It's hard to gauge the total cost of ownership because there's a free, open-source version that, if you know a lot about pfSense already, it's almost zero cost. You can run it on any old hardware you've got. If you need support and multi-gigabit IPSec WAN speeds, you'll need to pay for that, but you will with anybody. 

I rate Netgate pfSense eight out of 10. They could polish up a few things, especially regarding IDS/IPS rules. A few interface things are a little more complicated than necessary. 

If you're moving to pfSense from a random Linksys or Netgate router, you need to realize it will be more difficult, and you'll need to learn more about networking concepts than you necessarily had to do with the random router that you've got. It's more complicated like that. 

That's to be expected because you're either a techie kind of person who thinks building your own firewall is fun, and they're willing to spend the time and effort to learn it. Or you want an alternative to FortiGate, Juniper, or whatever, and you want to buy a commercial Netgate product. This is going to be more complicated than the Linksys router I bought for $80 dollars from Best Buy.

I use Netgate pfSense as my office firewall.

I implemented pfSense as a firewall, VPN, and content filtering solution using pfBlocker and configured it to verify HAProxy certificates.

Most of our pfSense deployments are on existing machines with a small amount in the cloud.

pfSense offers excellent flexibility and works well with both physical appliances and virtual machines.

The ease of adding features to pfSense and configuring them depends mainly on the user's experience. I find it extremely easy.

Firewalls and Network Address Translation offer immediate benefits once configured, as they are foundational security measures. Other features, however, require more extensive configuration and testing before their advantages become apparent.

Compared to other firewall solutions, pfSense's interface is user-friendly and straightforward.

pfSense allows us to configure multiple internet connections and firewall rules to minimize downtime.

It provides visibility into our network by capturing and delivering log data, such as Syslog, firewall logs, and other relevant information. This enables us to make informed decisions based on data analysis.

pfSense can help optimize network performance. When using appliances, we can install more than ten gigabit network interface cards and add more as needed, depending on the hardware capabilities. Typically, new appliances come equipped with ten-gigabit network adapters or ports. We can significantly enhance network and server communication speeds by fully utilizing these ten-gigabit connections.

The most valuable features of pfSense are the pfBlocker, HAProxy, NAT, and VPN.

I am unsure if it's feasible, but I have previously utilized a web VPN interface with Cisco Firewalls that allows VPN connections through a website, eliminating the installation of VPN software. Such a feature would be a valuable addition to pfSense. Additionally, an easy method to monitor pfSense within other monitoring software would be beneficial.

I have been using Netgate pfSense for ten years.

We have encountered only minor and infrequent stability issues.

Netgate pfSense is highly scalable.

The quality of the technical support is good, but if we cause an issue, we have to pay for the support hours.

Positive

I have previously used WatchGuard Firebox and OPNsense, but I prefer pfSense for its excellent usability within my company. Other firewalls like WatchGuard and OPNsense are often retained due to customer preference or specific requirements, but most of my deployments utilize Netgate's pfSense.

Deploying a single pfSense box is relatively straightforward. However, the process can become more complex if outdated hardware is used and network cables must be reconfigured. Deployments using Netgate appliances tend to be more straightforward.

We can have the Web GUI up and running in under 30 minutes, and a complete deployment can last up to four hours. One person is required for each deployment.

The pricing is reasonable.

Netgate pfSense offers effective total cost of ownership by combining firewall, VPN, and router functionalities into a single solution.

I would rate Netgate pfSense nine out of ten.

pfSense does not have any built-in features specifically designed to prevent data loss. Instead, we must configure various functions to indirectly protect against data loss, primarily as a preventative measure against unauthorized access to our servers and equipment.

I use both the paid and community versions of pfSense. Most of my appliances use the paid version. In the cloud, some virtual machines come with the free community version.

Maintenance is required to open ports and create VPN users.

I work in IT at a German insurance company, and I studied computer science. I also work in the network sector, so I know a lot about network solutions. I work with VPN solutions, Fortinet, and other products. For me, pfSense is a private home solution for my family. It's not the solution in my company.

I use pfSense as a firewall appliance, and the function is very good. But I think it's for users with more experience. It's not a solution for beginners.

If you are a professional, it's not difficult to add features to pfSense and configure them. But it is difficult if you are not. 

I utilize the core features. I have pfBlockerNG, SquidGuard, OpenSSL, and WireGuard. So, these are the core features I need.

The core benefits are that I can virtualize it with platforms like Proxmox or VMware, and I can buy third-party appliances. And Netgate offers a lot of hardware possibilities.

pfSense offers a lot of things that help to prevent data loss and intrusion, protect telemetry information, and so on. 

pfSense gives a single pane of glass management. But for me, it's not a problem because I have one appliance, but I think if you manage a lot of appliances, it could be better. It's important to be able to centralize management if I have 10 or 20 appliances.

I use pfSense Plus, it's called the "Zero-to-Ping" license [TAC Lite]. It's a very good solution, but it's a bit too expensive for private use. pfSense Plus is very good, but, for example, if I want to add another pfSense appliance for a cluster, it requires two licenses. For private use, if I want two licenses, it's very expensive.

pfSense Plus provides features to minimize downtime. One of the key features is ZFS. It's the file system. ZFS is very important for backups. I can make snapshots, and that is very good to make backups.

I am satisfied with the visibility that is provided by pfSense Plus. It is very good and optimizes performance because the hardware acceleration is very good for IPsec, SSL VPN, OpenSSL, and so on. This is very good support from pfSense.

The best feature is a function called pfBlockerNG. In pfSense, you can whitelist and blacklists for IP addresses or dangerous DNS sites. The top feature is the VPN. It's a very good SD-WAN solution and a very good VPN engine. It supports a lot of VPN techniques; it supports IPsec, SSL VPN, and WireGuard. It's the core feature of pfSense.

The flexibility is very good; we have a lot of possibilities. You can connect it with different WAN connections, whether you have a cable provider or fiber.

The feature list is good. For me, it's more important that we have fewer patches and better stability compared to OPNsense. I think OPNsense is too big. They support a lot of things, but pfSense is better. I think pfSense is better for stability.

The only thing that could be better is the hardware compatibility for LTE devices. This is a bit tricky for me; I wish the hardware compatibility were better for LTE devices.

I wish the FQ_CODEL limiters were improved. They're very good, but the FQ_PIE limiters don't work well. FQ_PIE limiters are important for cable modem connections. In Germany, we have a lot of cable providers for these interfaces, and the FQ_PIE limiters don't work well in pfSense.

I have been using it for eight to ten years. It has been a very long time. pfSense is very popular in Germany.

I use the latest pfSense Plus version.

The stability is very good.

I use it for my family, for maybe 20 or 30 devices. It's not a big environment.  

I utilize the pfSense forum and the community forum, and it's okay for me.

My preference in comparison with OPNsense is pfSense. I think it is better; it is stable.

The difference is that OPNsense has more features, but also has more bugs.

For me, pfSense is stable. It's better for my use case.

The deployment process is very good. For example, I can set up a new appliance and boot directly from a config file. This is very good.

It's very simple. I download new images, and during the boot process, if you make an image, you have a directory. In the directory, you make the config file, and then you can directly boot with the setup. You can boot a finished version. It's a good thing.

I use it on-premises. The on-prem version is very good. The software is good.

Maintenance depends on the features you use. If you have a proxy server with SSL introspection, sometimes it creates a small firewall size. If you have an easy firewall setup, then it's not so complicated. It depends on your environment and feature settings.

I did the deployment myself without the help of third parties or anything like that. It's very simple. I have enough skills because I studied computer science and work in the network sector. It's not a problem for me.

It took me ten minutes to deploy it. 

The ROI is good. pfSense is a very good solution, not only for home use, but also for middle-sized or larger companies.

In comparison with pfSense CE (Community Edition), pfSense Plus is a little bit too expensive. The pricing is a little bit high for private users. 

With the inclusion of the firewall, VPN, and router functionalities, the total cost of ownership of the pfSense Plus solution is very good because pfSense Plus has a lot of features. For the VPN features, it is good for the total cost of ownership.

I can recommend it if you are a professional or if you know what a firewall is.

It is a very good solution for the home sector, for companies, and for larger companies. I would recommend it to a lot of companies.

Overall, I would rate it an eight out of ten.