Netgate pfSense Reviews

I've set up Netgate pfSense for my friend's law practice for his access to VPN after the AT&T service dropped their FortiGate. It was so much easier to use. The VPN and VLAN support I needed that Meraki and AT&T tried to give me was crap. I also use Netgate pfSense at home as my router or office network.

I also have the tool set up for a remote person in Texas for a site-to-site VPN when she needs it to do some work. I've currently got three of them that I use personally and professionally.

I love the solution's flexibility. You can buy their hardware, get support, and use other people's hardware. Netgate is constantly releasing patches and updates, which is nice. There is also tons of free material on the web and on YouTube on how to set it up.

We saw the benefits of Netgate pfSense within weeks of deploying it because it gave me the ability to segment my network quickly. It was pretty straightforward and much easier than some of the competitors out there.

Netgate pfSense gives me a single pane of glass management. It gives me everything I need with regard to the firewall.

Netgate pfSense Plus provides features that help us minimize downtime. The ability to do high availability and failover of LAN links is a nice feature.

The visibility that pfSense Plus provides helps us optimize performance. I can see traffic analysis and tune it a little better.

I'd say the solution's total cost of ownership will replace itself within a year. The stability of being able to download a different package if someone needs it has made my life a lot easier.

Some of the functions are not menu-driven. You have to know to click here, then go over to this setting and click here. 

It would be nice if the solution had a wizard for some of the complex functions. When trying to walk people through something, I have to look at the video or read their document.

I have been using Netgate pfSense for three years.

I haven't had any stability issues with Netgate pfSense. The tool might get bogged down if I add more things. I still reboot mine once a month. Other than that, I haven't had any crashes.

It'd be nice if I could add memory to their appliances to improve their performance. Scalability, to me, is really another hardware device. I haven't seen an option to change the hardware.

The solution's technical support team is very responsive. Regarding the quality of their answers, the support team is excellent and very knowledgeable.

Positive

We had the FortiGate firewall that AT&T was providing, which they discontinued. Unfortunately, their replacement was less compatible than the FortiGate, so we jumped to Netgate pfSense. We were doing managed services at AT&T. I dumped their managed service at my firewall because Netgate pfSense was so easy to use.

Since I've been in IT for years, the solution's initial setup is simple for me. If you have a device that doesn't have a keyboard and you're using a serial console, it's a little bit kludgy on what to do. You can figure it out if you read the documents ahead of time.

Deploying the solution for my home use took me about a day and a half. It was all about design and learning all the functions. Deploying the solution for the business took me about two weeks because I had to figure out all the rules. Software-wise, it was easy, but we had to figure out what the customer wanted.

The solution's pricing is comparable to other products. The basic plan provides the support I need.

Depending on what you're trying to do, adding and configuring features to Netgate pfSense is somewhere in the middle between easy and difficult. Some things are really simple, while others are difficult.

Remembering everything you have to do is challenging because sometimes you have to click somewhere, and then you don't remember where you clicked. So, it'd be nice if everything was better tied together.

I initially started with the free version on third-party hardware, and then they discontinued it, so I just bought the appliance.

I prefer to do manual updates myself, but the solution lets me know if there's an update. I regularly do firmware updates when they are available.

The solution provides great support, articles, and a lot of documents.

New users should document what they want to do upfront and then try to look at all the documents on the Netgate site. My biggest advice would be not to try to do it cold. If you're going to use the VLANs, figure out all that information for your routing. If you don't have a document, you won't be able to implement it very easily.

Overall, I rate the solution a nine out of ten.

We use pfSense for firewall, ad-blocking, and IPS functions. We have two pfSense instances on Dell hardware, and one exclusively does IPS/IDS. I have the firewall features turned off on that. The other use case is for the firewall features, reporting, and VPN.

The first benefit is that pfSense offers an affordable firewall solution. It's open source and available on any platform. If you wanted to pull an old machine out of your garage, you could set up a pretty decent pfSense installation. Having learned a little more about pfSense and some of the additional packages that can be bolted onto pfSense, I've used it now for quite a few different things.

I haven't had any particular instances where I felt I was under attack or the firewall was somehow inadequate. I feel very comfortable that this will do everything to protect data. The initial deployment was positive, and we started seeing the benefits within a couple of hours.

The pfSense Plus has vetted rules and software releases from Netgate. Having that extra layer of accountability from Netgate with the Plus features is a positive. 

I like the VPN features. We use WireGuard, which is part of the pfSense package. That was easy to set up, so I could connect to other customer sites seamlessly. Is there such a thing as being too flexible? It's a highly flexible platform, especially regarding support for third-party packages. It's almost like you're overfilling your grocery cart, and items are all falling on the floor. You can add too much to it. 

The single pane of glass management could be better. For example, it relies on several additional packages to provide some of the features advertised as part of its capabilities, but those packages are not visible directly through the initial pfSense dashboard. 

It is easy to add features, but configuring them takes a lot of knowledge. I would like to see an additional wizard added to pfSense when you add some of their other packages. You can add a package from pfSense to do a particular task, but you need to be a product expert or willing to spend time on the Internet for hours and hours to figure out how to configure some of those features correctly. 

We have used pfSense for about one year.

We haven't experienced any crashes or performance issues. I have pfSense loaded up with third-party packages, and it's just rock solid.

We're a small shop, so I don't have much experience deploying it in bigger, better, faster scenarios. 

I rate Netgate support nine out of 10. They were very responsive. It took some getting used to because I always used phone support. I love phone support. I like talking to people, but the support level that I paid for was email. They were on it fairly quickly. It was a licensing issue, and they told me exactly what the problem was within 24 hours.

Positive

I've used Cisco firewalls before and found them very complicated. You don't know what you're doing, and it's dedicated hardware. I've used some other common off-the-shelf products, such as Netgear and Linksys. I thought pfSense was the best fit.

The initial deployment of the pfSense firewall is easy. It took nearly four hours, including the additional configuration tweaks. We're a small environment, so it was pretty straightforward

After deployment, it doesn't require much maintenance. It's essentially fire and forget. I chose to do the updates manually, but you can set it to update automatically. I should note that I chose Dell platforms to run pfSense because there's a lot of industry knowledge regarding the combination of Dell and pfSense. Anyone deploying some no-name hardware from other companies will probably run into some trouble.

PfSense is affordable. I appreciate that it's based on a support requirement instead of bandwidth or users. We're pretty small, so we don't touch many of those levels that they might have. 

Since I'm using my own hardware instead of a Netgate appliance, this is the most bang for your buck you can deploy. I pay for the Plus and feel the benefits behind the software and configurations. The average user might be fine with the community edition, but I wouldn't go that route for a production environment. I think this is a cost-effective solution. I can amend it to manipulate the various hardware configurations without much pushback from Netgate. 

I rate Netgate pfSense nine out of 10. I highly recommend it. It isn't a perfect solution. It's a little difficult to configure. If you can afford it, I would pay for the phone support.

We're using our offices including the main endpoint VPN connections from the main office to our seller offices.

The ability to load third-party apps, et cetera,  into the firewall is pretty useful for a commercial-grade router and file, which is very customizable.

Out of the box, it's about 90% plug-and-play. The last piece, you do need to know how you're setting the firewall up for your environment. It varies on what you're trying to do with it. It can be really easy or difficult, depending on your knowledge base for the application.

We were able to witness the benefits of the product pretty much immediately.

Once you've navigated around it, it's pretty self-explanatory as to where to go. Compared to other products out there, it's pretty easy.

We do have a sort of single pane of glass for management purposes. You do have to dig around. If we had, for example, ten pfSense routers deployed, it would be nice to have one console where you could see all ten devices, update them, and keep them all central. A management portal would be very nice.

I've been using the solution for seven years. 

The solution is very stable. Issues are rare unless a box gets hit with a power surge or something. 

I found the solution very scalable. I can load multiple VMs on it and add a second port onto it. Depending on your deployment, it is very scalable. 

I've only contacted support for corrupted systems. If the unit loses power and comes back on every once in a while, the file system gets corrupted, or it won't boot the device, and you have to reimage the whole thing, in those instances, I've had to reach out to them. They are pretty quick. I can get help within an hour even with just the free version. I imagine the paid version has good support. 

Positive

We used to use Ubiquiti, which was not a great solution. We also used something previously to that. Their interface was very clunky. You'd have to go through multiple different routes to get to the same thing that pfSense has on a single drop-down. pfSense has a more user-friendly setup. Plus, it has CLI integration, which is great. You can make configurations in the command prompt too, which is a lot easier.

To me, the setup is fairly easy. That said, I already knew what I was doing to set it up. If I were coming fresh out into the network and environment, I'd never switch one of the firewalls; there may be a challenge to go through and figure out what the router can do to make the deployment work. When you get the box, you plug it in. There are a lot of features that are ported in that don't come pre-installed. However, they have a complete database listed in their browser. You just go down and pick what services you need. If you don't know what is there, it may take you a while to figure out what the unit is capable of. 

There is no maintenance beyond occasional updates. They don't push those out too often. However, when they do come out, you have to go through them one by one to make sure the update is successful. It would be easier if you could do everything all at once and be done with it.

How long it takes to deploy varies as each office is different. If I'm building three or four VLANs, that's going to take time. In my role, I built one base configuration that contains the VLANs IP servers that I want to use. I've extracted that as a file that I can modify and push to different boxes. So if I get 100 2100 or 4100, it doesn't matter. All I have to do is change the interface names and push it back to the box. So to me, it's pretty fast, and it already has my settings ready to go.

I handled the initial setup myself. 

I use the community version. For configurations and troubleshooting, you do need to pay. I'm not sure what the pricing is for Plus.

I'd rate the solution ten out of ten. 

I'm a customer and end-user. 

My company uses Netgate pfSense firewall routers for some clients, but I choose the device based on their needs. For locations like restaurants that require constant internet, I use a different device with cellular failover built-in. The cost-effective Netgate pfSense is a good option in simpler locations like doctors' offices. I can leverage Netgate's ability to handle multiple ISPs for clients with large internet demands. Ultimately, the choice depends on the client's budget and specific requirements.

In my role, I decide what our clients should implement for their network security. I want to create a secure environment by separating the business network from the Wi-Fi and phone networks. To achieve this separation, pfSense uses different subnets to effectively block any incoming traffic attempting unauthorized access to the network.

pfSense is highly configurable, offering flexibility to tailor its features and functionality to each client's network needs.

pfSense offers a wide range of plugins and add-ons, making initial configuration straightforward. However, since I primarily rely on endpoint security products installed on clients' workstations for their overall protection, my pfSense setup focuses on basic functionality. This includes configuring the firewall for my in-house network and leveraging its ability to handle multiple WAN connections. Ultimately, pfSense's affordability and ease of use make it a great choice for me as a secure and customizable router/firewall solution.

Network segmentation offers the biggest benefit for my clients. By creating separate Wi-Fi, phone systems, and business network segments, I can isolate any security breaches and prevent them from spreading throughout the entire network. As the decision-maker, I prioritize client security without needing them to understand the technical details. My focus is ensuring their networks are secure.

I have never had any downtime using pfSense Plus.

The most valuable features of pfSense are its ability to segment networks, create different subnets, create different VLANs, and use the VPN, as well as its affordability.  

pfSense lacks a centralized web dashboard for viewing all my clients' pfSense dashboards. A single pane of glass for both web access and management would be a game-changer. This missing interface is my biggest frustration with pfSense, and improvement is sorely needed. I have clients all over the United States and would deploy many more pfSense firewalls if it had a centralized web dashboard.

I started installing Netgate pfSense for clients almost three years ago.

I would rate the stability of Netgate pfSense ten out of ten.

I would rate the scalability of Netgate pfSense ten out of ten.

We've worked with almost every firewall: SonicWall, Cradlepoint, Ubiquiti, Fortinet, and UniFi devices. You get into the licensing of some of those with SonicWall and Fortinet, and it's just not the product that I like to sell to my clients. I'm always client-friendly. I want to find the most affordable product for them that does the best job. NetGate pfSense is the right one for some but not for others.

The deployment is simple. We preconfigure the device in the shop and then take it out and hook it up in less than one hour.

We have three people total who deploy the firewalls, including myself.

Netgate pfSense is a set-and-forget product other than deploying and periodically updating the firmware. pfSense has been solid for me.

Unlike many firewalls that require annual licensing fees, making them expensive for small businesses, pfSense is an affordable option.

I would rate Netgate pfSense seven out of ten. The only area of improvement is the web dashboard, which is currently lacking in pfSense.

I use other products to control data security. Most of my clients don't have an in-house server. I work with small businesses, and that's why the Netgate pfSense device works well. For my larger clients, we go to the cloud for data storage and data security with redundancy. So, I don't use pfSense for data security at all.

pfSense is a good value for some clients; it's client-specific. It depends upon other things we are deploying there, such as what kind of Wi-Fi network we use. If we are adding a VoIP phone system. It just depends on what the client's needs are, but It is the right device for the right client.

A lot of our clients are small businesses. I've got one fairly large business. It is a restaurant group nationwide with 700 employees, but its main office has maybe 30 to 50 employees. So, that's probably my largest deployment of the Netgate device.

The only maintenance required for the pfSense firewalls is applying the occasional firmware updates.

Some MSPs are more focused on making money. I'm not. I'm focused on the right fit for the client, and the money takes care of itself. pfSense is a great device. I'm not focused on what will make me money. I'm focused on what is best for the client. In many decisions, the Netgate pfSense is the right decision for that client.

We use it as a firewall within our public cloud infrastructure. We use it in particular for IPSec, VPN, and Reverse Proxying HTTP Traffic. We have deployed multiple pfSenses and most of them are configured as HA/Failover.

We wanted to secure traffic between our main office and multiple public cloud data centers and providers. We also wanted to have access to our cloud components via VPN.

We have multiple websites that are proxied via HAProxy and secured via Let’s Encrypt TLS Certificates (generated via the ACME Plugin).

We deploy across multiple virtual data centers that are in different physical locations. Multiple teams have their own deployment. One HA / Failover cluster is the entry point to our websites so there are millions of HTTP requests per month. We also have around 20 to 30 users (Dev and Ops) who use the VPN feature. Behind the pfSense firewalls, there are around 100+ servers and no end users.

We replaced a Sophos UTM 9 Failover Cluster with a pfSense Failover Cluster and we can now make config and certificate changes without downtime. Also, the TLS certificates are rotated automatically.

The performance optimization documentation has improved our organization. The base setup is great but with higher bandwidth, it is really hard to find good documentation on how to tweak the setup to get the most out of your connection.

pfSense sort of gives us a single pane of glass management. We use the same product multiple times so we only need to know one product but it also does not offer a single management platform for all deployments. Whether this is good or bad depends on the point of view. On the one hand, we need to manage multiple setups, but on the other hand, we have a clear separation of concerns and risk zones (if the user account on one system is breached not all systems are affected).

It is hard to pinpoint a specific feature that is the most valuable. I think the big community is a major benefit. Most problems we encounter were already encountered and mostly solved by someone else. Most of the components are open-source tools, so the error messages have hits on Google which makes debugging easier.

pfSense has Plugins and is open source so everybody can add features or improve the product. For example, HAProxy, ACME Plugin, Prometheus-node-exporter, Nmap, etc. I see it as a relatively flexible product. If something is not working via the WebUI, SSH or WebKVM is always there.

Most of the time it is very straightforward to use a feature or plugin, the documentation is great and has examples that are very helpful. If something is a bit tricky, pfSense luckily has a big community. 

Performance Optimization Documentation could use improvement. The base setup is great but with higher bandwidth, it is really hard to find good documentation on how to tweak the setup to get the most out of your connection.

We have been using pfSense for eight years. 

pfSense is a very stable solution. In all the years I had around three instabilities.

Two people handle the maintenance of all pfSense Firewalls.

It can be used in small to big deployments. If the bandwidth hits more than 10GBs or 20GBs you need to optimize it to get good results. I would also not recommend it in very big ISP deployments with TBs of traffic.

I have never used the support for any technical issue. The community forums and Google always were enough.

Positive

In one of our virtual data centers, we had a Sophos UTM 9 as failover but it had some very annoying problems (Let’s Encrypt TLS Cert generation or WAF config reloads resulted in a two-minute downtime).

The old installation was straightforward, but the new installer has some bugs and does not really work.

We implemented it ourselves. 

Previous deployments were done by a System Engineer and the current deployments are done by me (DevOps Engineer) and a System Engineer. It was a one-person job.

We have better uptimes and lower support costs in comparison to the Sophos firewall and we are also saving on licensing fees.

The licensing seems fair. We owned the TAC Lite License for some time. The problem was, that the license is bound to a device ID which does not really work well with VMs where this ID changes sometimes.

We use pfSense Community Edition as our firewall within our public cloud so we only pay for the VM and the traffic.

I would rate it an eight out of ten. It is very good but has some fields in which it can improve.

You need to have an interest in the topic and also (like any security product) it needs regular attention. But it is a reliable firewall and the combination of BSD and ZFS makes it pretty solid.

One of our clients operates multiple branches, and we've implemented a solution involving feature and IP address tunnels connecting these branches. The main branch serves as the hub, housing the Central PBX and providing services to the other branches.

We use pfSense to handle VPN connections, extending to remote workers in our various branches as well.

The feature I find most valuable for fulfilling network security requirements is pfBlockerNG. It offers exceptional visibility and filtering capabilities, without the need for dedicated hardware or recurring expenses. Unlike other solutions, pfBlockerNG operates seamlessly and continuously without additional costs or maintenance concerns.

The traffic shaping and bandwidth management features of pfSense significantly enhance our network performance. The inclusion of a QoS wizard simplifies the process, eliminating the complexity often associated with configuring QoS on other platforms like Cisco routers. With pfSense, utilizing the wizard streamlines the setup process, making it accessible and effective for users without requiring an advanced understanding of networking intricacies.

There have been specific incidents where the reporting and monitoring tools of pfSense played a crucial role in identifying and resolving network issues. In one instance, we received complaints about internet connectivity problems affecting productivity across the business. Upon investigation, I discovered that the issue stemmed from excessive bandwidth consumption caused by multiple HD camera streams being watched simultaneously. Utilizing pfSense's reporting and monitoring tools, I quickly pinpointed the source of the problem and implemented measures to alleviate the network congestion. These tools are invaluable for identifying resource-intensive processes and resolving performance issues effectively.

The process of integrating pfSense with other tools and services has proven to be quite straightforward thus far. While there may be a slight learning curve at the outset, particularly for those less familiar with networking concepts, it becomes manageable with experience.

The most valuable feature, for instance, is the ease of migrating configurations between different Netgate devices housed in the same box. This capability simplifies troubleshooting, as it allows for faster identification of DNS discrepancies or any other issues compared to proprietary systems. With pfSense, network configurations adhere to standard practices, facilitating troubleshooting without the need for complex overlays or policies. The interface, prioritizes network principles, making it intuitive for those familiar with networking concepts to navigate and achieve desired outcomes efficiently.

It lacks a solution for SD-WAN integration. I believe improving integration with various antivirus vendors could be beneficial. Partnering with trusted antivirus providers such as Bitdefender or Sophos as an add-on feature could enhance the antivirus capabilities of pfSense. Incorporating a centralized management console for easier administration would be a valuable addition.

I have been working with it for over five years.

The stability of pfSense is exceptional. I've only encountered one instance of hardware failure, which was due to an electrical issue. Otherwise, all other deployments have been reliable. I would rate it nine out of ten.

The scalability of pfSense is impressive. I've witnessed its capabilities firsthand, especially when it was deployed in environments supporting up to seven thousand employees. I would rate it nine out of ten. Currently, pfSense is our top recommendation for clients, tailored to their budget and specific requirements. Depending on the client's needs, such as compliance with PCI or HIPAA regulations, we may suggest models that offer corresponding features and evaluations of network security. This flexibility allows us to cater to clients with varying compliance needs, ensuring they receive suitable recommendations.

In terms of technical support, I primarily rely on the forums whenever I have a question or need technical information. I've found that the answers I seek are often readily available there. While pfSense does offer paid support packages, I haven't had the opportunity to utilize them yet.

The main difference between Fortinet and pfSense lies in their integration with different vendors. While pfSense offers integration with multiple commercial antivirus solutions, Fortinet primarily provides its own antivirus offering. However, the effectiveness of the antivirus provided by pfSense may not be as high as some other options available in the market. In terms of cost, pfSense offers a one-time payment for cloud services, providing continuous service without ongoing fees. On the other hand, Fortinet's pricing structure may seem appealing initially, but if you wait until close to the license expiration date, the renewal cost significantly increases, which could result in unexpectedly high expenses.

The initial setup was straightforward.

To set up pfSense, you start by configuring firewall rules to allow the necessary traffic. Once that's done, you can explore and download additional security packages from the package manager to enhance your environment's security. The initial setup is quick, typically taking around ten minutes for a basic configuration. However, if you're integrating features like pfBlockerNG, it may take a bit longer as you need to ensure you're not inadvertently blocking any essential services. Despite this, the task can be managed by a single person, such as an IT manager.

Maintenance tasks, such as checking logs and ensuring updates are running smoothly, are typically handled by two designated individuals. They connect to the firewall periodically to perform these checks. While we do have a management console, it's not fully integrated with the pfSense Manager (PSM) solution. Having a dedicated management console that allows remote management of all wireless devices would be ideal, as it would streamline the process of making changes across multiple devices.

The price point is highly competitive. The cost varies depending on the license type, such as licenses for eight to five support or twenty-four seven support. Opting for twenty-four-seven support significantly increases the price, reaching around ten thousand to thirteen hundred dollars. I would rate it four out of ten.

Overall, I would rate it nine out of ten.

I have three firewalls running my entire county and 11 smaller versions of the firewalls doing OpenVPN tunnels to my remote sites through StarLink. 

PfSense has been highly flexible, and it's worked out great for us for the most part. The Plus version has support, which we will pay for since it is our edge firewall. I have not had an issue with adding features.

We're doing a lot of OpenVPN tunnels, and some of the fields in the OpenVPN setup on the server side do not lend themselves to multiple sites. It's kind of ugly. It's a big list of allowed IP addresses. I'd much rather see that via the table individually. 

The individual firewalls have a single pane of glass view, but we have so many of them. You need to log into each to manage them.

 I'm officially about two years into using pfSense and one year in production.

I have not had any crashes happen. 

Overall, I've been happy with these firewalls.

I rate Netgate support eight out of 10. They were highly responsive. It was strictly email support. I didn't buy phone support.

We were running a Sophos firewall as the edge router of everything we did, and it wasn't meeting our expectations. I've used Cisco firewalls for most of my career. The Sophos firewall was underpowered and overburdened. It was constantly causing issues, such as filling up the logs and crashing the firewall in the middle of the day. I have not had that issue with the pfSense.

It was harder to order them than it was to deploy them. As a county government, we ran into purchasing issues, but we ultimately managed to make it happen. It took us about three months to deploy all of them. After deployment, you need to update the firewall codes and back it up. That's pretty typical.

PfSense was quite a bit less expensive than some other alternatives, and it's worked as well as we could hope. We have three 1500s and 11 of the 4100s. The total cost of ownership has been pretty beneficial.

We looked at some other options. I'm a Cisco guy, but pfSense firewalls provide more bang for your buck. 

I rate Netgate pfSense eight out of 10. 

We use pfSense as our router and firewall on several sites.

We implemented the pfSense open platform because we wanted to move away from SonicWall.

We use the community edition of the software and purchase the Netgate router separately. I used white boxes initially, but now I'm also using the Netgate hardware. It's a great product.

The pfSense offers exceptional flexibility, far surpassing SonicaWall's capabilities. Its intuitive interface, complete with a better layout of management screens, makes it a breeze to use. While Cisco routers may be overkill for many applications, pfSense performs well.

Using pfSense is easy. It has intuitive management screens. And if I ever run into a blockade, I pay for the technician annually. I am confident in sticking with that platform. It's always worked for me. It's tried and true.

I hired a seasoned professional with extensive experience using pfSense on white boxes for years, specifically the community edition. His mastery of configuration was evident, and I was impressed by his expertise. After he walked me through several scenarios, I was convinced of the benefits of the Netgate product and began replacing my aging SonicWall devices with it, drawn to the ease of use that Netgate offered.

Netgate pfSense provides a single-pane-of-glass to manage all our firewall needs.

It's relatively straightforward for a novice to deploy pfSense, likely easier than SonicWall. However, I've used SonicWall extensively and am gradually phasing them out. While SonicWall is a solid product, pfSense is remarkably easy to set up.

The intuitiveness and ease of use are the most valuable features of pfSense.

One thing that has always bothered me is that when I buy an appliance, there are two tiers of support: email-only and a premium tier, like TAC, that allows me to speak to someone on the phone. If I'm purchasing their hardware, I should have phone support for a certain period, even at the lower price point. My only complaint is that I need phone support, not just email, because if there's a support issue, I don't have time to wait for an email response. I need to speak to someone immediately. Therefore, I think I should receive TAC support for the Netgate pfSense for at least the first year after purchasing the hardware.

I have been using Netgate pfSense for six years.

I have never experienced any stability issues with pfSense.

To scale we need to add a unit.

I had email support for about a week before calling Netgate to request telephone support. I explained that if I'm calling for assistance, I'm likely experiencing an urgent issue and need immediate help. I decided to pay $699 or so for annual telephone support, which has been excellent. The support is prompt and effective, making it well worth the investment.

Positive

I previously used SonicWall but migrated to pfSense because it is a more intuitive router and firewall.

Compared to Cisco, Netgate is definitively the product that is better for my use case. I know there's a want in the industry for Cisco devices. However, in the hotel vertical, I just don't need it, nor do I need to pay for the expertise in configuration of that platform.  

The first time I deployed a pfSense, a seasoned professional guided me through the process, making it incredibly easy to complete.

Netgate pfSense is fairly priced. It's probably the most powerful router firewall I've come across.

The total cost of ownership of pfSense is reasonable, considering the value it provides. I appreciate the VPN, router, and firewall functionality it offers, which is essential for my business operations. In fact, the ongoing costs associated with pfSense do not significantly exceed the initial purchase price.

I would rate Netgate pfSense nine out of ten.

Other than firmware updates, pfSense requires minimal maintenance. I update the firmware every two to three months for routine maintenance or immediately if a security vulnerability is discovered.

For a new user, I would recommend TAC support. I've spoken with others in my industry who have had positive experiences with TAC, particularly compared to email support. They've reported being up and running within five minutes of contacting TAC. Additionally, problem resolution is also swift and effective. So, I highly recommend new users invest in TAC support. It's well worth the money.