Netgate pfSense Reviews

THe solution is used as a primary gateway with two lease lines of 450 Mbps total. Around 200 users are under it. 

There is no server or database in the environment. Users use only the internet extensively. We have three separate locations in the same building. Web filtering, IDS/IPS are the obvious requirements. Squid and Snort open-source packages are installed. 

Our organization is ISO 27001 certified. 

An active directory was implemented to control IAM. Synology NAS with RAID for file sharing and off-premise data backup on the cloud. We have mostly L-2 switches to connect nodes. 

Endpoint security product is another layer of security there. 

The Netgate 6100 Max Model is equipped with pfSense Plus software. We configured it last week and replaced the Mikrotik router. There are many improvements, including more visibility, more control over Internet usage, and a robust VPN (no license required). 

There are multiple lease lines and load balancing, reserve or restrict bandwidth based on traffic priority, and user data transfer quotas.

We have almost no complaints about low speed, choking of the internet, or link problems. Now we can see and observe connections logs also. Usage reports are another improvement. 

It's an ideal gateway solution for small and medium businesses, i.e., around 300 devices can be easily handled. 

We received a simple router, however, there are various tools/software to install to activate the full feature of pfSense plus products such as Squid for proxy, Snort for IDS/IPS, Squidguard for content filtering, etc. You can find many open-source software under the package manager tab on the dashboard of pfSense. 

Traffic shaping and load balancing are excellent features. 

pfSense Plus software is a powerful firewall, router, and VPN solution that leverages a number of highly-regarded open-source projects. The software competes effectively with far more expensive commercial alternatives and is used by hundreds of thousands of businesses, educational institutions, and government agencies all over the world. Leading secure-networking features and capabilities include:

Ad blocker (pfBlockerNG)
Captive Portal
CARP/HA
DNS Server
DHCP Server
HTTP transparent/web/reverse proxy (Squid)
IP/Country block list (pfBlocker)
IDS/IPS - Snort
Packet capture/inspection
Port forwarding
QOS/rate limiters
Software load balancer (HA Proxy)
Traffic monitoring
Traffic logging, statistics, and graphs
Traffic shaping
VLAN
Wake-on-LAN
Website blocker (pfBlocker)

and many more packages. Just install and play with it.

There must be a wizard section as per the use case. For example, if we need a simple firewall there must be an auto-install of most required packages. In the same way, if we need a more strict firewall, then different configuration settings.

There must be a more easy-to-use GUI.

More documentation should be available within the package manager.

A visible ON/OFF button must be there and can be easily configured as required. 

An additional non-us electrical plug must be inside the box.

There should be an option to upgrade RAM (i.e. 8GB to 16GB). It can enhance the capacity of the proxy server. 

I bought this solution 15 days back and configured it last week. 

It's an enterprise product and very stable. 

The solution is very easily scalable. 

As of now, we have not taken support. 

Positive

We were using a simple Mikrotik router with the limited capabilities of a firewall. 

It's not straightforward to set up. That said, it is not complex. Just use Netgate documentation and get help from YouTube resources.

We implemented it via an in-house team. My system admin configured it with the help of available documentation. 

The solution offers matchless ROI. There is no license for the VPN and no annual fees. It is a simple product. 

The product is very cost-effective and has no requirement for additional licenses.

The setup is not easy. Users need more technical expertise to configure it. This is not advisable for non-IT users. 

We checked Sophos and Sonicwall. Due to more configurable options and lower prices, and even no requirement of licenses, we decided to move to pfSense. 

This is the best solution with very impressive cost-effectiveness. 

On-premises

I have used Netgate pfSense for a range of purposes. Initially, I employed it for VPN connections, mainly for personal and professional use. I also relied on it to maintain network equipment in a professional context. In the professional sphere, I have experience with both pfSense and Juniper, but eventually, I decided to phase out Juniper due to its high costs, especially for updates and the addition of new functionalities. pfSense's cost-effectiveness and the flexibility to transition to new hardware while retaining configurations made it a preferred choice. pfSense also stands out in terms of its rapid algorithm evolution compared to competitors like Juniper. Its scalability is another advantage, where adding a new box or reconfiguring can boost the firewall's capacity.

On a personal note, I use Netgate pfSense to connect to my equipment at the data center. Currently, I have a highly available installation that requires two instances of pfSense. While I considered pfSense for this setup, I had to assess whether OpenSense might offer better features for future requirements before delving deeper into pfSense.

It's worth noting that Netgate pfSense's performance is independent of the hardware it runs on. As I mentioned earlier, its scalability is a strong point. Most functions are readily available, and additional features can be obtained by downloading and installing plugins, which are generally free. When you compare this to the alternative of purchasing a firewall from a different supplier, you'll find that the latter option typically doubles the cost of the firewall itself. This cost increase is often attributed to additional licenses for deep inspection and similar functionalities. While configuring pfSense may require more time and effort upfront, the long-term cost savings make it a more cost-effective choice.   

One concern I have with Netgate pfSense is related to packet filtering. Specifically, issues can arise with certain functionalities like GP, and, at times, there may be bugs. When creating IP lists, I've noticed that synchronization doesn't always function correctly. While it's not entirely dysfunctional, troubleshooting these synchronization problems can be quite challenging.

I have been using Netgate pfSense since 2015-16.

I've experienced certain issues with Netgate pfSense in the past, particularly with the previous version, which was 2.5. It posed several problems. However, the current version appears to be more stable. Nonetheless, I still encounter troubleshooting challenges. For instance, there is an issue where it initially blocks an IP range but releases it after ten minutes. This behavior is somewhat peculiar, and it pertains to IP filtering.

The support for Netgate pfSense mainly comes from online forums. These forums are populated by a significant number of individuals who are knowledgeable in pfSense and its related areas, making it a valuable resource.

The choice of whether to use Netgate pfSense often depends on the company's preferences. In some cases, particularly in Switzerland, there is a strong preference for open source solutions. This choice is sometimes motivated by the desire for open source alternatives and can also be related to cost considerations.

The Initial setup is very easy.

Netgate pfSense is a cost-effective option. If you're not using a VPN, you can acquire a decent embedded PC for around a hundred dollars and install pfSense on it, effectively creating a robust firewall solution. With this setup, you can achieve a throughput of two hundred to three hundred megabits per second without any issues, provided you're handling relatively simple rules. The level of performance depends on the specific requirements and tasks.

If you're considering using Netgate pfSense for the first time, I would recommend giving it a try. It's relatively easy to set up and use, especially if you have some prior knowledge of network and IT work. The user manual provides helpful guidance, and the basic configuration is straightforward. Just ensure you pay attention to the hardware requirements to make the most of it.

It can be rated as an eight for simplicity. However, as you progress and introduce complexities, such as enabling deep packet inspection, adding extra features, or installing multiple plugins, the configuration can become more intricate. I encountered some issues with iOS in version 2.5, but they are expected to be resolved or have been resolved.

We use it for the backup line for the internet. When the internet is disconnected, we transfer to pfSense.

We only use it for the backup internet connection. It is effective. We have not had any problems.

We have not had any problems with it, and we also do not have a need for any new features. If anything, its reporting can be better. Sophos has better reporting than pfSense. Sophos has more detailed information. pfSense is not as detailed. It is summarized.

I have been using pfSense for six months.

It is stable. I would rate it an eight out of ten for stability.

It is scalable. I would rate it a seven out of ten for scalability.

I have not used their support.

The installation of pfSense is very easy. It took two to three hours.

It is easy to maintain. We did not have to do any maintenance of pfSense since we installed it.

It is free. It is open source.

We have not used the VPN capabilities of pfSense. We also did not have a need to integrate pfSense with any service.

I would rate pfSense a nine out of ten.

I use it as a firewall and also as a router because you can address what you want to do with it. It can do network advanced translation (NAT).

It is sitting on my own server. It is on a remote server on a private network.

It is very simple to use. I'm working faster now. I don't have to configure a switch and sync some VLANs on the switch. I can concentrate more on my work because I know that pfSense is guarding my network. It improves my workflow a lot. 

The plugins or add-ons are most valuable. Sometimes, they are free of charge, and sometimes, you have to pay for them, but you can purchase or download very valuable plugins or add-ons to perform internal testing of your network and simulate a denial-of-service attack or whichever attack you want to simulate. You can also remote and monitor your network and see where the gap is. Did you forget a printer port? Most attacks at the moment are happening through printers, and they can tell you immediately that you forgot to close the port of the printer. There are more than one million printers that are in danger, and everybody knows that hackers are using them to enter the network. So, you can download plugins to protect your network.

It is not only a firewall; it can also do some routing or network advanced translation (NAT), which makes it very powerful.

It is very simple to use. As long as you understand the basics or fundamentals of networking, you can manage everything very quickly with it.

The web is evolving every day. So, the product should be constantly improved with more regular updates. Things are constantly changing. There are obsolete protocols, and then there are new protocols. For my own use, it is not an issue, but for somebody who is more at the forefront of internet browsing, it could be a problem.

There could be a way to remote to it through a mobile app. You can always browse through your browser on your mobile phone or tablet, but it would be good to have a dedicated app. I understand that iOS and Android developers are expensive, but there should be a mobile app.

I have been using this solution since May.

It is very stable as long as you don't change the winning theme. When it is working, leave it working. My rule number one is one computer, one function. So, pfSense does that one function, and I don't try to use it for anything else. I could do some File Transfer Protocol or things like that, but it is not made for them. I don't restart it and move it. I only do the security updates and change the username and password very often.

I don't require much scalability. It is fine for a small-scale company with about 30 devices, such as printers, computers, etc. I'm only working with a few people, and I don't have any traffic problems, but a company with 50 or 60 users could have problems with it. Currently, there are four to five users, and I'm providing multimedia services to four to five people. 

It is being used extensively. Sometimes, its usage is 50 times a day, and sometimes, there is no usage. I don't work on it on a daily basis. It also depends on the project I'm working on. We have plans to increase its usage.

Their support is good.

I didn't use any other solution previously. I didn't have a need for it. Only in May, I had the need to deploy my own service.

It is easy to set up if you understand the protocols. If you understand the theory of what is a firewall and what is a router, its initial setup is straightforward.

Its deployment took one week. The strategy was simple. It involved blocking certain traffic, allowing certain traffic, and making ACL or a list of undesired operations such as cookies so that if it is impossible to sniff, and there is complete security. If someone is trying to enter, I immediately get a message on my phone, whether I am in the county or abroad. I immediately get a message saying that somebody is trying to enter, and I am able to counterattack immediately. That's a big advantage of it.

I did it on my own with the advice of some of my friends who have much deeper knowledge than me. It is also very well-documented on the web, and there is a big community.

I am also taking care of its maintenance. I don't have any maintenance except that sometimes, the server on which this solution is implemented has issues. Its maintenance mainly involves regularly checking the systems.

There is a big return on investment because FortiGate is 60 to 70 times more expensive, which could be a big problem for me. It is more expensive than my car. I have a small budget and a small car.

It is about €1,000. It is a one-time payment. I do not have a monthly or yearly subscription. I don't subscribe to any subscription because I hate cloud services.

There are no additional costs.

I would advise others to try it and see if it is good for them. It is a very good product for me, but that might not be the case for other users. There are so many solutions, but I'm really happy with it. For my scale, it is good. If you are Amazon or a company with one million connections every minute, don't ever use this. It is not made for that. It is perfect for small-scale networks.

I would rate it a nine out of 10. It needs more regular updates, so I can't rate it a 10, but it is very easy to use, stable, and solid. 

On-premises

We use it for its firewall features and VPN.

I provide it to my customers, and I also use it in my office. It is a very good solution for enterprises that need a VPN for their employees. It is the best way to provide a remote work facility to employees at a very low cost. Other solutions that I have had in the past were very expensive. Enterprises don't always have that kind of money to invest.

Its firewall ability is very good. It is very good and smooth at stopping attacks. It is better than others because we have to perform quite a bit of programming.

It is a very good and affordable solution for enterprises.

Other solutions provide more scope for growth. For instance, we can have only 10 to 20 employees on VPN, but other solutions can support more users. We also have more capabilities to increase the performance of the solution.

I have been using this solution for four years. I am using it now, and I have also used it in the past.

It is very stable. Both pfSense and Netgate appliances are very stable. I have had some of these solutions working non-stop for about a year and a half.

It is very scalable. It is being used in an enterprise with 70 employees and about 30 terabytes of communication per month. I also have other small enterprises with 10 to 20 employees. In my office, I have four users. 

I usually use community forums for any tech support. I get very good information there.

I have also worked with Netgate appliances in the past. Both Netgate and pfSense are very stable.

It is not very easy, but it is straightforward. We have an agreement with the clients to have the equipment and install the appliance in three or four days.

It is very suitable in terms of the price. If a client cannot acquire a Netgate appliance, I provide a custom-made appliance, and I install the Community edition of pfSense. It is a very good and affordable solution for enterprises. Some of the clients pay monthly but usually, it is annually.

The maintenance cost varies depending on the kind of solution we have implemented. It could be €100 per month or around €800 per year.

I would absolutely recommend this solution. I would rate it a nine out of 10.

On-premises

We're using pfSense as a firewall and for web filtering.

The firewall sensor is highly effective, and it's easy to deploy. You can deploy pfSense with limited hardware resources. It's not necessary to have an appliance with much RAM to make it work. It's cost-effective and performs well.

The solution could be more user-friendly, and the graphical interface needs some work so that someone without an IT background can use the application. I would like the ability to manage the on-premise appliance from the cloud. When I'm not in the office, it would be great to connect to the pfSense server and administer the network remotely.

I've used pfSense for two and a half years.

pfSense is stable. 

You can scale up pfSense with multiple clusters for higher availability. It has that capability. It gives you that flexibility to set up a hybrid with part of the deployment in the cloud and a mural copy or to grow your network. 

At my previous company, we used a Cisco firewall and a router, but they kept having issues with the firewall and the device.  When I joined this company,  we introduced pfSense and haven't had any issues since. 

Setting up pfSense is easy, but it depends on your experience level. The average person with an IT background who is grounded in ICT can do install and configure pfSense in 15 to 30 minutes. 

PfSense is an open-source product, but you need to buy a license to get some features. 

I rate pfSense eight out of 10. It's an open-source solution that you can deploy on data warehouses with various resources. You're not tied to specific hardware. It's easier to manage and use.

Before deploying, you should find out the details about the environment where you will install pfSense. I would recommend pfSense for an enterprise environment with around 1,000 to 2,500 users.

On-premises

I build my own firewalls, and I use pfSense.

It is very easy to use. The interface is quite understandable. There is a good community, and I can take over at any time I want. If there is anything wrong with it, I could just reinstall the whole thing and start all over again, and I'll be up again in less than a few minutes.

More documentation would be great, especially on new features because sometimes, when new features come out, you don't get to understand them right off the bat. You have to really spend a lot of time understanding them. So, more documentation would be awesome.

In terms of features, for my use, I don't see anything wrong with it. I basically get what I need from it by default. I build my firewall, so I only rely on the software. On the software side, there is not much to improve right now. So, at this point in time, I don't see anything, but I always welcome any kind of upgrades that they do. I always try them out and see if I can use them in the company or not, but so far, there are no complaints on my end.

I have been using this solution for more than eight years.

It is a very stable product.

It is quite scalable.

I don't have any experience dealing with technical support directly from the makers of pfSense. I am using its Community Edition. That's why when it comes to technical support, I rely on myself, the community, and the information on the internet, especially from those who are more adept at it than me.

It is quite easy. It is up in a few minutes even though I reinstalled the whole thing. For me, it is as straightforward as it can get. I'm a long-time user, and I don't see any problems with the configuration.

We are using its Community Edition, which is free. My company is a government school, and we don't have much budget.

There is a steep learning curve and you have to spend a lot of time with it to understand how you're going to use it and how you're going to customize it yourself. That's where you're going to have to spend a lot of time, but by the time you're done with everything and you have played with all the features you want, you will understand everything you need. You will always be up in minutes, even if it gets "destroyed" during the night, you can come back to it and reinstall the whole thing, and everything will be good.

I would rate it a 9 out of 10. It cannot get a 10 right now because it changes every day. It might be 10 today, but in a few seconds, it won't be a 10 because the whole internet changes in a few seconds, and the whole way of serving your clients can change in a few seconds. So, it can't get that perfect 10. 

On-premises

We have one Head Office and two main offices and other small branches. We want to secure our network from external and internal threats and block all unnecessary ports. We want to create a WAN with firewalls installed at all other offices and branches to connect to Head Office directly.

Overall, our experience with pfSense has been good. We're satisfied with what we're doing, but we have to move forward. It's covering what we require now, but maybe we might need something else in the future. For example, we are implementing ISO 2701, and the regulators could demand something else for compliance if they conduct an audit. And if we're following the policies required by ISO 2701 best practices, then perhaps we need to implement new hardware too because we can't do everything with our existing hardware infrastructure. 

For instance, say I want to block USB access, but I don't have the software. Currently, we use our antivirus software, which is a proper endpoint management tool. We can use it to modify the Windows registry and block everything, I can do whatever I want with the PC on the endpoints. We need to have that, but not everything works without the hardware infrastructure. 

The GUI is easy to understand. 

We had one issue with hardware support. The department head who was managing the solution became the director of the company, but he still has administrator access. And usually, whenever a WAN goes down, we always have a backup, but the hardware doesn't support more than one WAN. And then, if he wants to switch, he doesn't know how to reconfigure it. So we have to wait for the ISP to resume their services, which is not professional.

Also, the GUI is helpful, but it's not user-friendly. It's complicated. It should be more intuitive for the average user and have an excellent graphical view. Of course, the user will typically know about network administration, but it still should be easy to understand. A user should be able to find the feature they're looking for easily, but pfSense isn't so good in that sense.

We're using a flavor of pfSense. It's called XNET. It's a flavor of the pfSense main pfSense build because it's open-source, but it's basically similar to the pfSense build, and we've been using it since 2008.

Not very stable.

Scalable but only if one has expertise of open source configuration of software such as pfsense.

Customer support for any open source product is mostly based on the individuals who have expert knowledge while otherwise we have to resort to other internet sources.

I've used TMG by Microsoft, and it's much easier to manage domains and websites. For example, pfSense has IP-based blocking, but websites like YouTube and Facebook keep using different IPs. TMG blocks the actual domain name. That is one downside to pfSense I've noticed as a basic user.

It was complex and done by the vendor.

We implemented it through a vendor who had build upon the pfsense open source to create a package titled Xnet firewall.

We only paid for the hardware and savings were quite high.

This is a good option. If a vendor is trying to sell Fortinet and Sangfor, but the customer's requirements are basic, they'll have a hard time convincing someone who believes in free, open-source software that pfSense is not suitable for them. The only cost is the hardware. But pfSense doesn't have after-sales support or some of the other features you might find in a commercial solution. 

I've heard that Fortinet is slightly more expensive than Sangfor. Then again, if Sangfor comes into the picture, maybe you would consider Sangfor.

I rate pfSense six out of 10. We want a product that has at least two WANs as well as fault tolerance or load balancing features, which pfSense also has, but we don't have the hardware or support. That's why we need to switch. However, if cost is a big issue, then I recommend pfSense for customers who can't afford a paid hardware and software solution. That was our issue because we're a government company, so our assets belong to the government. We have to think about where we want to spend money because it's the taxpayers' money. If your management doesn't understand the need to invest in IT, then you can consider this alternative.

On-premises