I USE Netgate pfSense for home networks, lab environments, and R&D. In production, professional career-wise, I have built pfSense production firewalls that run in various configurations and high availability for different organizations serving a different number of clients and servicing any amount of requests throughout any given day.
It also serves thousands to tens of millions of requests a second a day from small to large deployments.
Netgate pfSense is an extremely flexible solution. It is an open-source tool that has a very large community of professionals, enthusiasts, and hobbyists alike. There is a lot of flexibility in doing whatever you want with it. It also offers enterprise-grade support so that you can have something equivalent to the Cisco enterprise-grade data center firewall product. You could build that with pfSense or OpenSense, which is a derivative of pfSense.
The initial benefit I saw of pfSense was way before I ever used it professionally. It is a robust tool that can replace your consumer-grade firewall router solution. I also saw immediate benefits in my professional career as it is a powerful solution that can be compared to other solutions like Palo Alto or Meraki today.
Netgate pfSense can be a fully functional L7 firewall. You can not only have the base Layer 3 functionality of the firewall, but you can add things like Snort and pfBlockerNG to build out and become an L7 firewall doing actual inspection and security analysis.
It is very easy to add and configure features to Netgate pfSense.
pfSense has a built-in auto-configuration backup. While that is technically data loss from the sense of protecting the firewall, it is a feature Netgate offers to every pfSense user, licensed or not. You get this feature if you have a Netgate appliance. Just using pfSense won't get you that. There are third-party packages you can use to set up pfSense configuration backups if you don't have pfSense Plus.
In terms of data loss outside of that, you configure it in a way that puts it as a security device. By default, pfSense is not inherently a security device. It is a Layer 3 filtering firewall. If you want it to be a security appliance beyond basic TCP/IP Layer 3 filtering, you can run Snort or pfBlockerNG to turn it into a security appliance. Doing so can aid in data loss prevention by using the tool for basic intrusion detection prevention.
Netgate pfSense provides a single-pane-of-glass management capability. Its dashboard has a lot of prebuilt functionality, allowing you to have a single-page view of the firewall's status and everything going on with it.
pfSense Plus provides features that help us minimize downtime as a supporting part of the infrastructure.
pfSense Plus provides visibility that enables us to make data-driven decisions. The kind of data-driven decisions that could be made with information from pfSense are things like how much bandwidth I am using and what is the throughput of all my band connectivity.
I can also decide whether I need to go from a 1 Gig network to a 10 Gig network or a 2.5 Gig network and whether I need to increase my commit for my WAN circuit because we see that we are averaging above 99%, etc. The kind of decisions that it can help you make are related to your network and your connectivity.
The visibility that pfSense Plus provides helps us to optimize performance. It could help you to improve performance on the network side. It is, after all, a firewall router, so it is a network piece of equipment. It could help improve performance in that if you are actively monitoring, pulling data from pfSense, or actively reviewing the different types of information and graphs that pfSense provides, you could make decisions to see that a machine is consistently using lots of network traffic.
I have been using Netgate pfSense for 15 years.
I have pfSense Plus in production. I have both pfSense Plus and pfSense Community Edition (CE) running at home. They are essentially the same, and the only difference between them is the support and auto-configuration backup.
Overall, I rate the solution a nine out of ten.
I use pfSense for my home network firewall. I also manage two Cloud platforms that use it.
Netgate pfSense is flexible allowing for modifications to meet our needs.
With my strong security background and experience managing pfSense, adding and configuring new features is a breeze. While some might encounter challenges, my expertise allows me to navigate them with ease.
pfSense impressed me with its ease of deployment and low maintenance. It excels in protection and firewall functionality and offers a wide range of add-ins to further customize my network. After considering alternatives like OPNsense and Untangle, pfSense emerged as the perfect fit for my needs.
The single pane of glass provided by pfSense makes it easier to determine issues related to attacks and what is being blocked. I can see live logging of the firewalls and what rules apply to what.
pfSense does a good job helping prevent data loss using Snort which identifies and blocks suspicious traffic before it enters our network.
pfSense Plus offers a visibility feature that helps me optimize network performance. The dashboard displays clear traffic graphs and device load information, and I can customize it to show exactly what I need.
The total cost of ownership is extremely reasonable. pfSense is a good option, especially for people conscious of recurring expenses.
The most valuable features of pfSense are the high availability that easily allows failover to a backup unit and the Snort integration with pfSense and WireGuard.
Netgate pfSense can improve by adding a different OS layer other than FreeBSD.
I have been using Netgate pfSense for ten years.
Netgate pfSense has been stable.
pfSense's scalability is highly dependent on the hardware you choose, but despite this, it offers a strong ability to handle increased network demands overall.
In addition to pfSense, I have used OPNsense, WatchGuard, and Cisco. The WatchGuard rules were more straightforward than pfSense. New pfSense users might find deciding between floating and interface rules for specific scenarios confusing.
The installation is easy for those who are comfortable with command-line interfaces. It is quick and straightforward but they have to be careful when assigning the internal or external net because that can be challenging for some.
One person is enough to deploy.
Netgate pfSense is competitively priced. The 4100 box is a good box for the price.
I would rate Netgate pfSense nine out of ten.
Before deploying pfSense in your lab, I recommend checking the pfSense forums to learn about any potential issues or considerations other users have encountered.
I primarily used the solution to replace Cisco, which was horrible. I wanted something super simple. We needed something that would make the change process within my network easier.
I started with a small trial when I wanted to replace my Cisco switches. I liked that this was open source and I was able to test a few things. The capabilities of configuration made it so that I didn't have to test other options and I could translate my configuration the way I wanted to.
It's easy to configure segments in a network and the routing is good.
It is super robust. The flexibility is great. It's the main reason I switched off of Cisco. Everything is very intuitive.
I have a pretty complex network. With this, I can do some segmenting. I can have specific firewall rules to make my network as secure as possible.
It's so easy to use. I use the VPN features a lot. It's great.
It's simple to add features. There's lots of documentation and Youtube guides to help you. I did not need specialized training thanks to this knowledge base. As long as you have a background in networking, it's pretty straightforward.
You can add other software packages to pfSense.
Between the free and paid versions, I do not see something that would make one better than the other. However, I bought the pfSense appliance to ensure I had a nice piece of hardware to save and protect my network.
pfSense does provide good visibility into my network so that I can make data-driven decisions. If I need to troubleshoot anything, I can go and look at the data, the statistics, and the graphs. I don't do this daily; I do it only if I notice strange behavior.
It helps us optimize performance - especially in terms of internet use.
While the software is great, they could work on improving the hardware. The interface is a little bit sluggish. When I installed it on a random computer, the performance was pretty crisp. However, on the device itself, it's slower. I'd like to see them decrease storage and increase speed. With storage, you can always add more. However, you cannot make CPUs faster.
I've used the solution since September 2022.
I've never experienced any crashes. It's quite stable.
It's a pretty beefy appliance. That said, thus far, I have no need to scale. At the time, I went with the biggest offering they had in terms of appliance size.
I've only contacted technical support in order to get a device replacement. I've never experienced any issues.
I previously used Cisco. It was difficult.
The initial setup is moderately easy. I struggled a bit. It's a bit tricky at first. However, within a couple of months, I had a really good setup. Now, it's working flawlessly. The deployment took a few months. The first month was a lot of troubleshooting. By the second month, I was fine-tuning. By the third month, it was completely up and running.
There isn't too much maintenance. The device is almost maintenance-free. Every once in a while, there are updates. The backup is automatic after configuration. I don't have to worry about that.
I handled the setup by myself.
The pricing is good. I'm not locked into any kind of subscription. Since I bought the appliance, I have it until it breaks.
I'd rate the solution eight out of ten.
I wouldn't recommend pfSense to somebody who has no limited network. While pfSense, for me, was pretty easy to set up, it does have so many features that you could easily get confused. I would recommend it to anybody with experience as a network engineer, not just a beginner.
We have a tiny business that uses pfSense to create a secure VPN between our two locations.
It's a reliable platform. We also value pfSense's security features because we have to comply with PCI for credit card payments. We need to be confident that we'll have the security. PfSense offers that.
We realized the benefits of pfSense almost immediately. I read about a company using it and thought it would be the most secure thing. It's a bit daunting at first because you have to configure it. However, they create ISP versions, so you can leave those alone and not configure them. This does the whole thing in one box, whereas, with the ISP thing, you have to think about how many different appliances you'll need to make it work.
I like how easy it is to access VPNs and stuff like that. It's so simple to set up a site-to-site VPN. The solution is flexible enough to do just about anything. It's super easy to configure the features as long as you have the details you need, or you can build out stuff if it lacks what you're after because it has a plugin architecture.
It depends on how you run it, but pfSense can help you prevent data loss. Still, it's more about preventing people from getting in and having the confidence that you won't be compromised. And if you need those extra features, you can always add them and all those things that can monitor what's happening in your website or organization.
The web interface allows you to see bandwidth, how things connect, and much more. PfSense Plus prevents downtime. It has a feature that records everything you do so that if a unit fails, you can swap it out and enter your details, and then it loads your configuration on a new device. PeerSpot Plus provides visibility that enables data-driven decisions. You can set it up to do that if you want it.
They could always make pfSense slightly more user-friendly and modernize the interface a little.
I have used pfSense since 2015, so it's been around nine years.
I've never seen pfSense crash.
It's at the scale that I need it, but you can certainly scale it up to the enterprise level if you want to have a better product. It depends on the hardware.
I rate Netgate support 10 out of 10. I only contacted them once. It was very quick and efficient. I had a sensible solution within five minutes. I couldn't imagine having better support.
Positive
I used some Netgear hardware, but I don't remember the model because it was eight years ago. When I switched to pfSense, I stuck with it because it works reliably.
Deploying pfSense was pretty easy. I'm an IT guy, so I did it myself. After deployment, you need to do some routine maintenance, like upgrading occasionally and checking your file logs. Apart from that, it does everything for you.
They have a free community version and a paid version. The free version works if you are a home user who needs a fixed cost, but that's not my use case.
I rate Netgate pfSense 10 out of 10. I can't think of a way to make it better. Before deploying pfSense, prepare your area and your network. Understand your entire network and what you want to do before you start doing anything then follow the documentation.
We primarily use the solution for firewalling, site-to-site VPNs, and VPN management.
We largely needed a good firewall solution. We wanted to find a suitable firewall for our company size and what we're doing with it.
It's open-source and everything is available to me without having to pay subscription fees.
The support with NetGate probably is the most value I've seen from it. They've been really, really helpful. The open-source nature of pfSense, paired with the amount of support we receive, has been great.
The flexibility is great. It does everything I need it to do. The amount of open apps for it is extensive. I was able to help track some networking issues using the pfSense to scan the network.
It's significantly easier than expected to configure the solution and simple to handle add-ons.
pfSense can help prevent data loss. In our environment, things are fairly strict. However, it makes it easy to manage and configure the firewall and handle inter-VLAN routing and firewalls between them.
We do have access to a single pane of glass management. It's easy to review traffic, usage between VLANs, threat monitoring, and user connectivity. I'd have to monitor items separately without this single pane which would make monitoring difficult.
We do use pfSense Plus. It provides us with the features we need to minimize downtime. The updates and everything that comes with it have been great.
The visibility provided allows us to make data-driven decisions. The modules I have access to for network monitoring and management have been very helpful.
We've been able to optimize performance. With NetGate support, I've been able to utilize traffic shaping and performance optimizers.
I'd like to see it become more of a next-gen firewall or deep packet inspection, however, I'm very happy with the way it is as of now.
I've used the solution personally for about two years. My company has been using it for about eight years now.
The stability is very good.
We have two locations. I have yet to uncover any scalability limitations.
Support is quick to respond. For the amount we pay a year, the support has paid for itself. I'm very happy with the level of support we get.
Positive
I do have experience with Meraki and NetGate devices. I've used FortiGate devices in the past. The expense and support were not near the quality of pfSense.
The initial setup was easy to set up and straightforward to configure. It did take a moment to learn where each tool set was. However, after that, it's really good. I handled the deployment myself. I was able to implement it within 16 hours.
There isn't really any maintenance; it is pretty much set and forget. I do updates every three months or so and that's it.
90% of the setup was handled in-house; I referred to NetGate support for a few items along the way.
We do pay about $600 a year for NetGate support. pfSense is free, however, NetGate, that made the appliance, charges for a support package. I'm very happy with the quality of service that I get for the price.
We would have paid another $7,000/year for subscription fees if we went anywhere else.
I'd recommend the solution to others. I'd rate it ten out of ten.
We use pfSense as our main router.
We implemented pfSense to address the instability and limited customization options we experienced with our previous router.
pfSense is highly flexible, allowing for creating IPsec tunnels and various other configurations.
Adding features to pfSense is easy.
Since implementing pfSense, our overall stability has improved significantly over the last ten years as we transitioned from Prosumer equipment to a more robust tool. This success has allowed me to implement more pfSense routers in other locations. We saw the benefits of pfSense in less than a couple of weeks. Having that added stability is great.
pfSense Plus provides us with the visibility to make data-driven decisions. We can see historical data and bandwidth utilization, allowing us to make informed decisions about our internet connection based on that information.
The most valuable aspects of pfSense are the stability, hardware compatibility, and low cost.
I want pfSense to add some next-generation firewall features.
The scalability has room for improvement.
I have been using Netgate pfSense for ten years.
I rate the stability of pfSense ten out of ten.
Due to the absence of a single pane of glass management feature, scaling out pfSense becomes quite challenging. I'd rate its scalability a three out of ten, as the process is far from straightforward at present.
The few times we've had to engage support, they have been professional and incredibly knowledgeable. If we encounter someone who doesn't have the answer immediately, they can find it very quickly. In the past, they have even joined meetings with us and a client to work on a problem, providing a lot of insight and assistance throughout the process.
Positive
We previously used Prosumer routers, but their capabilities were insufficient for our needs.
Initially, it was a bit complex when I started using the system over ten years ago. pfSense required a deeper understanding than the Prosumer devices I had used before. I had to grasp the ramifications of every action. However, once I overcame that learning curve, it became knowledge I possessed.
It took us about two weeks to implement and learn how to use pfSense. I've noticed that with pfSense, I'm always learning something new. Just because we've used something for a long time doesn't mean we know all of its functionality. For example, I needed to establish an IPsec tunnel for the first time last year. I called in support, and we successfully established the tunnel to another location. There's always something new to learn, whether pfSense adds new features or we encounter a need for functionality we haven't used before.
pfSense Plus is cost-effective for what we're getting. I've been using Netgate hardware for a long time, and including the pfSense Plus license with the hardware offers significant value. Additionally, using pfSense software for free is of great value.
The total cost of ownership is very low. We've used pfSense historically in a simple configuration, and I've been able to train peers on how to use the Netgate hardware and pfSense Plus effectively.
I rate Netgate pfSense seven out of ten only because of the lack of ability to manage all our switching and WAP from one location.
We have three locations, and two to 25 users use a combination of wired and wireless devices and a typical broadband connection.
pfSense requires maintenance when new versions or patches are released. This does not happen often, but it does happen.
I recommend pfSense to others. Once you overcome the learning curve, it becomes almost second nature to use. The cost is also a major factor. Every year or so, I explore alternatives to Netgate hardware, but almost everything I find is subscription-based, like Cisco Meraki or other brands. I'd struggle to justify renewing a router license every 18 months or risk it stopping working. So, using a platform like pfSense without an annual fee is a huge benefit for our budget.
I use the solution in my home. It's my firewall, DNS server, DHCP server, intrusion detection server, and reverse proxy server.
The solution's web interface is very feature-rich and well-supported. There's a large community of users out there you can get to. There are many things that I'm not using at the time. It's got great support for VPNs. One of the ways that I'm using it is for VPN support as well. Netgate pfSense is a great product.
Netgate pfSense is an extremely flexible solution.
You'll see the benefits of Netgate pfSense immediately after you deploy it. The more features you use, the more benefits you get from it. I'm using the tool for VLAN support. That was something I implemented first, and it completely changed the way I was using my network. That was a real game-changer because it provided greatly enhanced security for my network and reduced the complexity of my network.
The firewall, the intrusion detection service, the VPN support, and VLAN support keep me from getting hacked and possibly having problems with ransomware and potential data loss.
pfSense Plus provides features that help us minimize downtime. You can create copies of different environments that you set up. If you want to try a setting but want to be protected from loss and downtime, you can create a copy of your current working environment.
You should try adding the new change to your pfSense configuration. If that doesn't work, you can easily go back to the working configuration with just a simple change from within the web interface. It also does automatic backups of its configuration.
The visibility of pfSense Plus helps us optimize performance. You can overcome latency issues through traffic shaping. I previously had buffer bloat issues, which I don't have currently.
If you have a slower connection, you can use traffic shaping limiters and priority queues to ensure that your VoIP traffic, internet TV traffic, or streaming traffic has enough guaranteed bandwidth. In my case, my broadband connection is wide enough, and I do not have to really use those features.
The cost of ownership of Netgate pfSense with the hardware cost was about $ 350.
It would be nice for the code optimization to run on even slower processes. It's optimized quite a bit, but there's always room for improvement.
I have been using Netgate pfSense for two years.
We haven’t faced any issues with the solution’s stability.
From my point of view, the solution's initial setup is pretty easy. Many YouTube videos are out there to help you get it up and running. There's a lot to try, a lot of things to do, and a lot of technology to play with, but I'm afraid I'm a bit of a tinkerer. To do what I initially wanted, I probably spent a day.
I would like to see the solution's price reduced.
There is some complexity to adding features to pfSense and configuring them. I would not say it's extremely complex, but it's got a high degree of complexity.
The website is all you need to configure Netgate pfSense. If you choose to, you can use its SSH terminal interface, but that's not something that most users would do. I would think they would stick with its fully developed, mature web interface.
The solution by itself does not need any maintenance. However, if you use the incursion detection plugins, you need to make sure that those are tuned properly. That involves periodic checks and possible adjustments. New users should be prepared to learn, read the manual, and utilize YouTube resources. It'll be worth it.
Overall, I rate the solution ten out of ten.
We use Netgate pfSense as a firewall solution for small and medium-sized businesses.
Netgate pfSense offers firewall protection, VPN access, and a range of monitoring tools.
Adding features to pfSense is easy to do through the wizard.
Netgate pfSense is well documented, and the interface is easy to use when we consult the documentation.
Netgate pfSense was recommended, so the benefits were immediate.
It provides a single wizard. Some third-party tools out there allow us to manage remotely. It also helps us optimize performance by enabling us to turn features on and off.
With the inclusion of firewall, VPN, and router functionality, we love pfSense's total cost of ownership.
The most valuable features are the alerting and local monitoring.
We are a security shop. It would be very useful if we could place pfSense appliances in customer environments and remotely manage them.
I have been using Netgate pfSense for four years.
Netgate pfSense is relatively stable. It has been running for four years now without any issues.
The scalability is limited without upgrading the appliance.
The technical support offers great quality and good response times.
Positive
The initial deployment is not a plug-and-play out of the box. It takes a little bit more than that. For us, it takes ten to 20 minutes for one person to deploy one pfSense firewall.
Netgate pfSense has a great pricing model.
I would rate Netgate pfSense ten out of ten.
Maintenance is required for software updates.
