Netgate pfSense Reviews

We use it for home solutions and 200+ enterprises. We use it to address routing issues (NATing issues through VPNs).

Our environment consists of many enterprises with many subnets.

pfSense makes everything easier compared to Cisco or Fortinet.

Policy-based firewall rules are the most valuable feature because every other brand it is 200% more complicated to accomplish the same operation.

The flexibility is easy. We can implant in small businesses for less than 500 CAD and in 5k users enterprises. The only part that needs to be improved is the hardware, everything else is out of the box.

I would rate the ease of adding features a ten out of ten. With telecom knowledge, the product is crystal clear easy.

Evaluation and contracting could be improved. 

I have been using pfSense since 2016.

The scalability is good, they should offer filtration or a next-gen firewall.

From my experience, their support is very quick. 

Positive

I haven't evaluated any solutions since 2016. With pfSense you get the bang for your buck. pfSense routing, VPN, policy rules, NAT forwarding, everything is better.

The initial setup is straightforward. It was easy. We have 16 years of experience. I did the deployment, it only required one person. 

It is cheaper than other options. 

I would rate it a 9.5 out of 10. My advice would be to take the time to do an online course if you find using the solution a bit hard. It is worth it.

I recently started using pfSense to secure my home network. As an IT consultant working remotely, I needed better security than my router offered. I run servers in a lab environment to demo software for clients, and in my previous consulting role, I managed networks for companies of all sizes, some with hundreds of thousands of devices. Since we can't modify a client's environment directly, having a secure home lab for testing is crucial. pfSense allows me to segment my network and use a VPN for secure remote access, offering more functionality than my previous setup. While a free version exists, I opted for the convenience of a pre-configured appliance.

pfSense surprised me with its ease of use, even though it's powerful enough for corporate environments. Unlike my previous complicated Cisco firewall that now collects dust in the garage, pfSense offers the flexibility and functionality I need.

pfSense offers a default rule that allows all traffic initially. While I prefer to block everything by default and only allow specific traffic, this approach led me to accidentally lock myself out of the firewall during configuration. The device functioned as intended, following my overly restrictive rule. Resetting to factory settings was a learning experience, and now I understand how to avoid self-imposed lockouts. After diagnosing my initial setup issues, I successfully corrected them and implemented filters that boosted our internet speed. This experience made clear the benefit of pfSense for our network.

The firewall acts as my first line of defense against data loss by controlling incoming and outgoing traffic. Additionally, I keep my devices updated with security patches and utilize application whitelisting, which restricts programs to those from approved vendors with verified digital signatures. This helps prevent unknown malware from executing on my system. While demonstrating data loss prevention for a government agency, I encountered a connection hurdle between my devices on different subnets. Realizing a firewall was blocking communication, I opened the necessary ports to allow the connection. This highlights the firewall's role as a first line of defense. Even if one device is compromised, the firewall helps prevent the attack from spreading to other segments of the network. However, it's important to remember that the subnet itself remains at risk, which is why I also use local firewalls on individual devices for additional protection.

When it comes to the firewall functionality of pfSense, it does provide a single-pane-of-glass to manage everything.

The most valuable aspect of pfSense for me is its firewall functionality. It allows me to set up different networks, and VLANs, and control how subnets communicate with each other, all the way down to individual nodes. This granular control is very important for my network security. Additionally, pfSense offers a variety of alternatives like VPN that I haven't explored yet, but my top priorities are the firewall features that protect my network from external threats and allow me to segment internal traffic. I also use the filter feature to filter internet ads and adult content. The filter list depends on someone keeping it updated, but the community has been great for this and it makes my internet browsing much faster because all the junk ads are blocked. 

pfSense would be much more efficient if it allowed exporting the entire configuration of a device after it's been set up. This way, the configuration could be easily imported onto another device, saving time and effort.

I have been using Netgate pfSense for one year.

Netgate pfSense is stable with zero downtime related to the firewall.

Netgate pfSense can scale at an enterprise level.

Cisco's firewall device proved too complex for me, ending up unused in my garage. Thankfully, pfSense offered a much more user-friendly experience.

pfSense deployment was straightforward thanks to the available documentation and video tutorials, although I did lock myself out once due to user error. While IT professionals might not always consult the manual first, pfSense helpfully allows saving configurations without immediate application, a feature that would have prevented my mistake. Learning from this experience, I now know how to leverage the provided resources for a smoother pfSense deployment process.

I did the deployment myself but someone who is not an IT person will require the help of an integrator or consultant.

I deployed pfSense in two and a half days. It included setting up VLANs for different purposes like a DMZ, server LAN, user devices, guest network, and VMware management. I also configured a firewall with rules to isolate these networks and implemented an IPSec VPN to filter out ads and malicious sites.

The implementation was completed in-house.

pfSense offers a surprisingly affordable enterprise-grade solution for small businesses. While my own pfSense 6100 costs $700, the value it provides makes it a very cost-effective purchase.

I would rate Netgate pfSense nine out of ten.

Other than installing updates, pfSense has not required any maintenance.

Before configuring your network devices, plan out your network segmentation. This written plan will guide how you set up VLANs, servers, DHCP scopes, and DNS. Think of it as a blueprint for your network design. While implementing the plan on a Netgate device or pfSense might be straightforward, without a clear strategy, you'll be overwhelmed by the available features. 

We use pfSense as a firewall to improve our security. 

pfSense is viable and works as it's supposed to. It prevents data loss. I've used it on several networks. It's there in the background and just works. It minimizes downtime by running dual WANs and automatically switching between two connections.

pfSense is relatively easy to set up and just runs. It's easy to use. The platform is flexible. We've been able to do everything we've tried. It seems very complete. I'm not using all of the capabilities, but it does what we want to do. 

Once you find what you're looking for, it's relatively easy to add features and configure them. Google helps out. I've been able to do anything I wanted.

The learning curve is a little long.

We deployed pfSense in the last five years. 

I rate pfSense 10 out of 10 for stability. 

It's a small firewall and we have a small network. 

I rate Netgate support 10 out of 10. I've only contacted them a couple of times, and it's been fine. They've responded quickly and done the job. 

Positive

I've only used off-the-shelf routers without a truly community-built firewall product. 

My background is in IT, so the installation is relatively straightforward once you understand a few concepts, but that's normal. I got pfSense running in a day.  d

The price of pfSense is fair. We have a relatively small network, and most of the competitors are pretty expensive. 

I rate pfSense 10 out of 10. It does everything it should do.

I use the solution in my home network as the main firewall before all data heads out to the internet. I use it for DNS resolution as well.

I noticed the benefits of pfSense immediately after deployment. I was able to take complete control of my security to my house, and it gave me all the things that I needed in order to secure my home network.

The GUI and the user interface have been very clean, understandable, and feature-rich across the board.

The flexibility of pfSense is great. 

It is very easy to add features. 

There are features that help to prevent data loss. The rules engine of pfSense, a traditional firewall rule structure, has always been the same.

There's definitely a single pane of glass. There's definitely a lot there in front of you. 

pfSense provides visibility that enables users to make data-driven decisions. I'd rate the capabilities seven out of ten. 

Sometimes it's a bit of a challenge to know how to do something when you want to do something, for instance, setting up a point to point VPN.

Configuration is sometimes a challenge just due to a lack of knowledge on my side. I find that if I don't set up the rules correctly, and this goes to lack of knowledge of being an expert in the firewall space, it's a bit of a challenge sometimes in setting that up.

I would ask them to update it to a more modern interface, as it does look a little tired compared to GUIs today. However, the features are there. A redesign would be greatly appreciated, just from a human engineering aspect.

It might be easier if they separated things out a little bit more instead of putting all the aspects of what pfSense can do for you in a single menu. For instance, they have services, and they have all the services that you could have on your system. It's a lot.

Sometimes I find it difficult to find the data visibility that I would need in the interface to then go make a data-driven decision.

pfSense helps optimize performance. From a performance standpoint, setting up firewall rules does a great job of laying out exactly what those rules are. The layout of the firewall rules makes it easy to create a secure environment on my home network, albeit not very big. However, all the features are within the firewall, and I can create individual rules and organize the rules.

I've used the solution for six years. 

I have never experienced downtime from my pfSense device. I'd rate stability ten out of ten.

The scalability is very good. I'd rate it a ten out of ten.

I contacted technical support when there was a major upgrade a few years back, and I needed some assistance.

The quality was perfect. They were fast and very helpful. Even though I wasn't a paying customer for support, they still gave me great guidance and helped me focus on the issues at hand.

Positive

I've always had my service provider, Verizon, with their main router, and that router usually has a firewall built into it. I've never used anybody else besides pfSense outside of that.

The initial setup is straightforward. I've done it for my son at college in a matter of two hours, from unboxing to operation. It's easy to deploy a box. I can deploy it by myself.

It does not require any maintenance.

The ROI and the TCO are significant. You get a lot of features under one product. However, I don't use it as a router. I only use it for firewall and VPN capabilities and DNS.

The pricing and licensing are spot on. It's well below the industry average.

I did not look into other options. I knew of pfSense as being a leader in the industry, and that it is utilized by major corporations in large environments. To that end, I assumed it wouldn't hurt for me to have familiarity with the product and use it at home.

I'm an end-user.

I use the Plus version of pfSense. However, I do not pay for support.

I would rate the solution eight out of ten.

I prefer this product because it is open source. Another thing is that it is Unix-based, so it is not affected by viruses or attacks. Support is also available.

With the right hardware, its VPN capabilities and performance are amazing.

From my usage, controlling the bandwidth for each user is valuable. Also, the availability of working as a backup or aggregating downloads is useful. All these capabilities are key.

Its interface is simple and easy.

Maybe they can add two-factor authentication.

I have been working with this solution for almost four to five years.

It is very stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

We have 60 to 65 users.

I have not taken any technical support from Netgate. I was able to get all the information from the web or Netgate forums. I did not use their technical support because it is an open-source and free edition.

Neutral

I used OPNsense.Using the module for controlling the bandwidth for the users in OPNsense required payment. There was also a subscription, and I dislike subscribing to any service.

It was not complex. It was straightforward. They had a wizard with ten steps. I just had to fill in the information.

It took me about 45 minutes to be completely up and running with my configuration.

There were no third parties involved. It was implemented on-site.

I am using the free version. 

I would recommend pfSense to others. It is free. Overall, I would rate it a nine out of ten. 

After successfully using pfSense at home to manage IoT devices and separate their traffic from my computers and gaming consoles, I'm now evaluating its suitability for our hospital system. As the IT manager, I'm impressed and considering replacing our current firewalls with Netgate pfSense appliances.

I implemented pfSense at home to proactively prevent security issues on my home devices.

Netgate pfSense is flexible allowing us to add plugins.

It has improved my home network's security, making it significantly harder for attackers to access my data.

Netgate pfSense works well to prevent data loss and helps optimize performance.

As a first-time NetGate pfSense user, I've been impressed by several features: easy integration for blocking traffic by country, straightforward creation and management of firewall rules, and the ability to extend functionality through plugins.

I'd love a centralized management system for multiple pfSense appliances. This is where Netgate could improve. Redesigning my network for seven pfSense units sounds like a daunting task, especially with the need for individual configuration. A single pane of glass for managing everything at once would be a game-changer, streamlining the process significantly.

I have been using Netgate pfSense for five years.

I would rate the stability of Netgate pfSense ten out of ten.

Based on what I have heard from other users and what I have read, Netgate pfSense can scale.

The deployment was easy, but I took a cautious, phased approach to avoid disrupting household internet access. Once complete, the upgrade from my previous Netgate appliance allowed me to take advantage of SFP+ ports, so I put ten gigabytes into it and continued fine-tuning the system.

The initial deployment for basic functionality was completed within a few hours, but achieving full functionality took approximately two weeks. 

Netgate pfSense stands out as a cost-effective option that delivers excellent value. While I haven't personally used their support at home, a vendor I spoke with praises it highly. Their reputation suggests phenomenal hospital-grade support might be worthwhile for a critical environment like ours.

Netgate's maintenance contracts are significantly more affordable compared to other vendors, demonstrating their competitive pricing and commitment to customer value.

I would rate Netgate pfSense ten out of ten.

Netgate pfSense is low maintenance.

Before committing to any network or security hardware, including Netgate pfSense, I recommend a Proof of Concept to ensure it meets your specific needs. Don't rely solely on others' suggestions. Thankfully, pfSense offers downloadable virtual images, allowing you to experiment with its features before purchasing physical equipment.

The solution is primarily used for anything to do with security. SMEs are using it to protect their businesses.

The companies we work with are fairly generic. What we see most is companies using the solution since it's affordable.

The price point is the most valuable aspect of the solution. Customers really value that.

Customers value the following features:  

• It's highly configurable
• It's flexible. 
• The features are easy to use.

The interface is somewhat challenging if you compare it to other commercial products. If you compare it to something like Sophos, where someone with decent firewall knowledge can get it up and running in a very short time, you need to be a fairly skilled security worker for this product.

Configuring the interface can be a bit hard.

We've found working with SAP networks challenging. The model that they have in terms of partner networks works very well in the US. However, it's very challenging in our part of the world. What works very well here (Kenya) is a distributor-reseller model, where you have the vendor appoint a distributor. Then the reseller can quickly serve the client. The partner support could be better here.

We've been selling the product for two or three years. 

The solution is quite stable. I'd rate stability nine out of ten. I rarely have a failure.

We largely work with SMBs. 

Support is excellent. 

Positive

We have used other products as well in the past. For example, I do have knowledge of Sophos. We are a reseller.  We've had it longer than pfSense. Sophos is a bit easier to set up. pfSense pricing is very good, however. It does need a more friendly UI.

The initial setup is a bit complex. There are other products that are easier to set up. The installation is not a problem, however, the complexity comes in with the configuration. The installation itself, which is basic, won't take long. The configuration process is longer since it can be from challenging to quite complex. 

There is some maintenance required. There are updates every quarter. Previous to the last update, you couldn't do an update without breaking. It's easier now, however, there is still maintenance. 

The solution is cost-effective, however, that does come at a cost to the client. They do have to buy the product in the US and ship it to Kenya. The total cost of ownership, including acquisition and support, can be quite competitive. 

We are resellers. 

I'd recommend the solution to other users.

I'd rate the product seven out of ten. There are a few challenges. However, it is stable and offers good support. 

One of our clients operates multiple branches, and we've implemented a solution involving feature and IP address tunnels connecting these branches. The main branch serves as the hub, housing the Central PBX and providing services to the other branches.

We use pfSense to handle VPN connections, extending to remote workers in our various branches as well.

The feature I find most valuable for fulfilling network security requirements is pfBlockerNG. It offers exceptional visibility and filtering capabilities, without the need for dedicated hardware or recurring expenses. Unlike other solutions, pfBlockerNG operates seamlessly and continuously without additional costs or maintenance concerns.

The traffic shaping and bandwidth management features of pfSense significantly enhance our network performance. The inclusion of a QoS wizard simplifies the process, eliminating the complexity often associated with configuring QoS on other platforms like Cisco routers. With pfSense, utilizing the wizard streamlines the setup process, making it accessible and effective for users without requiring an advanced understanding of networking intricacies.

There have been specific incidents where the reporting and monitoring tools of pfSense played a crucial role in identifying and resolving network issues. In one instance, we received complaints about internet connectivity problems affecting productivity across the business. Upon investigation, I discovered that the issue stemmed from excessive bandwidth consumption caused by multiple HD camera streams being watched simultaneously. Utilizing pfSense's reporting and monitoring tools, I quickly pinpointed the source of the problem and implemented measures to alleviate the network congestion. These tools are invaluable for identifying resource-intensive processes and resolving performance issues effectively.

The process of integrating pfSense with other tools and services has proven to be quite straightforward thus far. While there may be a slight learning curve at the outset, particularly for those less familiar with networking concepts, it becomes manageable with experience.

The most valuable feature, for instance, is the ease of migrating configurations between different Netgate devices housed in the same box. This capability simplifies troubleshooting, as it allows for faster identification of DNS discrepancies or any other issues compared to proprietary systems. With pfSense, network configurations adhere to standard practices, facilitating troubleshooting without the need for complex overlays or policies. The interface, prioritizes network principles, making it intuitive for those familiar with networking concepts to navigate and achieve desired outcomes efficiently.

It lacks a solution for SD-WAN integration. I believe improving integration with various antivirus vendors could be beneficial. Partnering with trusted antivirus providers such as Bitdefender or Sophos as an add-on feature could enhance the antivirus capabilities of pfSense. Incorporating a centralized management console for easier administration would be a valuable addition.

I have been working with it for over five years.

The stability of pfSense is exceptional. I've only encountered one instance of hardware failure, which was due to an electrical issue. Otherwise, all other deployments have been reliable. I would rate it nine out of ten.

The scalability of pfSense is impressive. I've witnessed its capabilities firsthand, especially when it was deployed in environments supporting up to seven thousand employees. I would rate it nine out of ten. Currently, pfSense is our top recommendation for clients, tailored to their budget and specific requirements. Depending on the client's needs, such as compliance with PCI or HIPAA regulations, we may suggest models that offer corresponding features and evaluations of network security. This flexibility allows us to cater to clients with varying compliance needs, ensuring they receive suitable recommendations.

In terms of technical support, I primarily rely on the forums whenever I have a question or need technical information. I've found that the answers I seek are often readily available there. While pfSense does offer paid support packages, I haven't had the opportunity to utilize them yet.

The main difference between Fortinet and pfSense lies in their integration with different vendors. While pfSense offers integration with multiple commercial antivirus solutions, Fortinet primarily provides its own antivirus offering. However, the effectiveness of the antivirus provided by pfSense may not be as high as some other options available in the market. In terms of cost, pfSense offers a one-time payment for cloud services, providing continuous service without ongoing fees. On the other hand, Fortinet's pricing structure may seem appealing initially, but if you wait until close to the license expiration date, the renewal cost significantly increases, which could result in unexpectedly high expenses.

The initial setup was straightforward.

To set up pfSense, you start by configuring firewall rules to allow the necessary traffic. Once that's done, you can explore and download additional security packages from the package manager to enhance your environment's security. The initial setup is quick, typically taking around ten minutes for a basic configuration. However, if you're integrating features like pfBlockerNG, it may take a bit longer as you need to ensure you're not inadvertently blocking any essential services. Despite this, the task can be managed by a single person, such as an IT manager.

Maintenance tasks, such as checking logs and ensuring updates are running smoothly, are typically handled by two designated individuals. They connect to the firewall periodically to perform these checks. While we do have a management console, it's not fully integrated with the pfSense Manager (PSM) solution. Having a dedicated management console that allows remote management of all wireless devices would be ideal, as it would streamline the process of making changes across multiple devices.

The price point is highly competitive. The cost varies depending on the license type, such as licenses for eight to five support or twenty-four seven support. Opting for twenty-four-seven support significantly increases the price, reaching around ten thousand to thirteen hundred dollars. I would rate it four out of ten.

Overall, I would rate it nine out of ten.