Netgate pfSense Reviews

I mostly use basic firewall services like blocking unwanted traffic and I use the geolocation tools to predict where potential attacks could come from. That's the main purpose, to protect our business network using pfSense.

Within our organization, with a single installation, about 500 users are covered.

The flexibility of adding new kinds of services without spending any money can't be beaten. We can compare services like IP blocking, blacklisting and DNS blocking, content filtering, and even deep packet inspection with other larger enterprise firewalls.

The interface is not very shiny and attractive. Most of the people that use pfSense are highly skilled, so they don't even bother to go the extra mile when it comes to configuration or any protection mechanisms. With other firewalls, with just one click or with the assistance of a wizard, the service is already configured. With pfSense, you have to have some time to do your own research regarding how to fine-tune it. If that could be improved, then life would be much easier. This would help any entry-level users to adapt to the platform. 

Netgate, the mother organization that manages the pfSense platform, should offer organized security feeds for its users so that they can avoid configuring multiple types of feeds in multiple locations. That could generate extra revenue for the company, too.

We have been using pfSense for five years.

That's the fun part. It's completely reliable in terms of resources that it needs to run. In terms of stability, once it's configured and properly tuned, it will do its job. Still, with firewalls these days, you can't simply configure and forget — it's not like that. You have to look into it every day or every once in a while and if any new traits or new protection mechanisms need to be built, upgraded, or re-tuned, you have to do that. Otherwise, the platform is rock solid. It doesn't fail.

The expandability and the high availability configuration of the system are good.

With pfSense, we've never had to send an email to a Netgate official support organization. We follow the forum discussion — the community. We'd ask an expert in the community. That's how we deal with any issues.

One of our clients wants to switch from FortiGate to another comparable solution because FortiGate is not stable when it comes to pricing. Over the past three years, they've increased their pricing to almost double. For this reason, our client wants to explore some other options which will be more predictable in terms of costs.

It's definitely complex compared to other firewalls because you have to configure everything, read a lot of documents, and following a lot of formulas and templates. Everyone has to develop their own recipes to work with. There is no proper way forward.

That is another fun part of this solution. There is no license. You don't have to pay anything. It's completely free. The one thing that you can buy is a security feed like an IP feed or a DNS feed. This kind of thing can be easily bought, but if you have the passion and expertise, you can arrange all of these types of feeds for free. It may be slightly different between how frequently those feeds are updated compared to the paid version. Sometimes, it lags behind for 24 hours or 12 hours, but it works.

We are really happy with the system performance, overall, but it depends. For example, right now we have a client who is trying to switch from FortiGate to another solution that is less costly. We recommended and talked with them about pfSense, but despite it being a cheaper and really rock-solid solution with good performance, they were not comfortable using open source. We also offered them Sophos, SonicWall, and Palo Alto — they finally chose SonicWall. I don't know why. It completely depends on the client. 

I would absolutely recommend this solution to others. This is definitely one of the most powerful firewalls for peace of mind. The fact is, as long as you are aware of the challenges that you have to face when implementing and managing the firewall, day-to-day, then this could be the best option for you.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

In the past, we had different locations in different countries, and in every location, we had the same pfSense firewall. Therefore, the connection between our different locations was good and manageable. However, in the last two years, we have had only one location here in Belgium, thus the performance of the pfSense has been good, and we can manage great with the open ports and the closed ports, but now a firewall has to be a little bit more than just that.

I do not have any big malware in my network, partly because of pfSense. The firewall blocks every malfunctioning malware or virus. Also, the access from outside our network has to be blocked, and I know by experience that our pfSense is very closed. You have to open every port in order to make sure that there can be a connection from outside our network.

1. I can manage it easily by myself.
2. The interaction between the same firewalls is good. We can connect VPNs over the same firewall easily.
3. It is an open source solution. Therefore, the price is good.
4. OPNsense.
5. The performance and functionality are good.

A malware blocker should be included. I do not know if it is included yet. However, until now, we have not experienced a large malware invasion.

There are a few features not included, and when you have to use those features, you have to pay for them.

I know that I should change the current pfSense solution. I should change it because we have only one key port on it. Our internet access also has a key port now, I should have two key ports, one to the LAN and one to the WAN.

Therefore, I want to change it, because it gives us less speed. I could provide the speed, but there are not two key ports on it. Therefore, I now have to choose a new pfSense solution, or I could look at another vendor similar to what we have.

I am satisfied with the stability.

Scalability was less important. When we started, we did not have to scale the pfSense. In the seven years that I have used the pfSense, once I had to renew it because the hardware was broken or was defective. The second one was a little bit faster and had more memory, so I did not have to scale it again. Therefore, the scalability has not been so important to us until now.

We came from OneStart. OneStart was out of data and at end of life. Thus, we had to switch. pfSense was originally proposed to us by the dealer and our external IT help.

The initial setup was straightforward, therefore I wanted to continue using the product.

I did not do it alone. I had help from the dealer. Once installed, I can manage now to change little things. For the initial setup, I was involved with it, but I did not do it myself.

It was straightforward to buy from pfSense.

From Sonic Wall, their price is much higher, because for every feature that you want to add, you have to pay. I can do the same things with pfSense, but everything is included in one price.

We originally evaluated Cisco, WatchGuard, and Barracuda. We chose pfSense because of the price and it was open source software. At the time, our team was called OpenERP (now called Odoo), so open source software was an advantage.

I would recommend it. It is manageable and straightforward. It is not so complex. You have to know the different rules, but you can manage it easily. The performance is good.

• Open source
• Proximity security
• Content filtering

It has provided us with a low cost security solution using a quality router at a fraction of the cost of our previous solution.

• Testing prior to deployment
• Packages need better support

I've used it for eight years.

Rarely as long as the right precautions are taken during migration.

Sometimes there are issues with package deployment and one must refer to the forums for support.

Being open source, scalability is not limited. The limits in place, are only set by available resources and time.

Customer service is available at a rate of $399 for 2 incidents, $899 for 5 incidents and $1,699 for 10 incidents. Most people refer to the forum and/or chat room.

Over 10/10.

Yes, I have used many other routers but nothing offers the options pfSense does without spending a fortune. pfSense is constantly being improved on.

I switched due to router limitations and vulnerabilities.

It's straight forward for anyone that's installed an OS before, however, I wouldn't recommend it for the novice.

It has been implemented in house and at client locations. If implemented at client locations it does require some care if Snort (The proximity security system) is used as it needs to be fine tuned and touched up from time to time due to newly found vulnerabilities that cause legitimate sites to be blocked.

You can invest as little or as much as you want. Granted, some features require more hardware than others but some end users use old machines that no longer have a purpose.

It's between US$50 to US$1500 depending on the hardware that is used.

We also looked at -

• Smoothwall
• Moonwall
• SonicWall
• Netgear
• IPCop

Become familiar with the router before implementing it at customer sites. Realize that basic features require a basic amount of hardware. Advanced features require more RAM and if using an SSD, use the embedded installer to reduce wear and tear on your drive.

I would recommend having the following hardware as a minimum:

• At least 8GB for storage
• 256MB+ RAM
• A dual core 1.8Ghz CPU for single typical Internet connection
• The faster the internet connection, a faster CPU and more RAM are required
• If you run Snort and Squid it is recommended you have between 4GB to 8GB of RAM

I use pfSense as a firewall. I use it also as a VPN server and for the captive portal. Those are the main purposes.

It's difficult to say how it has made a difference in my organization.

The most valuable features are the VPN and the captive portal. Captive portal and VPN are easy to deploy.

I haven't experienced many problems when dealing with the solution, so I don't know if there are areas that need improvement.

If a user doesn't have a large amount of experience in Linux systems, they will have problems using this solution. Users need to be highly skilled in troubleshooting competency. Users who do not have such skills will find the product difficult to use.

Sometimes if your network goes down, you might experience an issue on the captive portal. This may require a restart and it also may require that you load it again. I'm used to the system, so I know what to do, but it can happen from time to time.

It can be really easy  to deal with Technical support. Technical support is avaible every time I call . But sometime if Technical support do not privide you the solution, so you should double check and solve the issue by your self.

I've been using the solution for about five or six years. 

The stability isn't bad, but there can occasionally be bugs within the system. The likelihood is lessened if you follow a few key protocols.

It's important to have a proper license, otherwise, you run the risk of bugs.

It's important to upgrade the solution regularly. This also helps users avoid running into bugs. If you experience a bug, it's a good idea to check the release and make a grid.

Those that have experience in troubleshooting will benefit from their knowledge when using this solution. Sometimes packages will not work and you'll have to be strategic with workarounds.

The support can be really difficult to deal with. I wouldn't say that we have been satisfied with them in any way.

It's not very complex to set up. However, it can become complex as you're using it, and when you are learning the systems. In that sense, it might not be straightforward for everyone.

When it comes to using pfSense, you need to have extreme skills in Linux and in troubleshooting. If you don't have any form of troubleshooting competency, it could be very difficult to use, and very hard to set it up.

I'm very proficient in the solution. I managed the implementation on my own. We didn't need to hire a consultant or bring on an integrator or reseller.

The pricing of the solution is fair. I've also paid for a license that includes Entreprise support. Our license lasts for two years.

We're just customers. We don't have a special relationship with the solution. We just use it on a regular basis.

I'm not sure if I'm using the latest version of the solution or not.

I'd rate the solution ten out of ten since I've never had any major issues with it.

The biggest thing a new user or company needs to be aware of, however, is that whoever the team is that's using it, they need to be very experienced Linux users. The system will be extremely difficult otherwise.

New users will need patience. However, it is easy to use due to its very good web interface. It's also easy to deploy and the process can be handled quickly. There's no need to have a really big fancy long-winded deployment process. That said, especially if you are using it within a complex Linux environment, you absolutely must have high skills in both Linux and security.

I use pfSense for various reasons, including implementing IPsec technology due to having limited branches. I use a VPN for secure connections, control the Internet or network flow, employ it as an NTP server, facilitate conference calls, and set up VLANs. I use it to run a proxy server.

I use the free version of Netgate pfSense software. I installed it on my servers with mini network cards, allowing me to create mini gateways and implement different plans.

The Netgate forums and community don’t provide extensive discussions and topics related to every pfSense service.

I have been using Netgate pfSense for five years. We are using the V23.09 of the solution.

Everything is very smooth, with a user-friendly interface. You can use the user interface or CLI as a command.

We have 250 employees using this solution.

We have Git Community forums with a million topics about all issues regarding Netgate pfSense. We can save this information to address various concerns.

I have several reasons for choosing Netgate pfSense. Firstly, it serves my purposes effectively and is entirely free. Secondly, when I search on Google or inquire about past experiences with firewall workloads, its reliability and cost-effectiveness stand out.

The initial setup is too easy.

The product is free of cost.

I recommend using Postgres. However, if you need a firewall without additional tools and prefer a pool of well-established services, pfSense offers suitable features."

Other solutions like Postgres, Sophos, and Palo Alto are in the market. We've used firewalls for a long time, but in the last three years, I worked with pfSense, and it's efficient for all devices.

Overall, I rate the solution a seven out of ten.

We just use the solution as a straight-up firewall. There is no VPN access or anything like that. We just use it as a straight-up firewall and we run Suricata on it as a defense.

The built-in open VPN and the VPN Client Export are the solution's most valuable aspects.

I cannot recall any features that are lacking.

There's a bit of a learning curve during the initial implementation.

You do have to pay extra for better customer service.

We've been using the solution for about six months. It hasn't been too long.

The solution is very stable. We've had zero issues. There aren't bugs or glitches. It doesn't crash or freeze. It's been reliable.

I have not tried scaling, therefore, I can't really comment on how easy or hard it would be to expand the service.

There's only one person in the organization using the solution, and that's me.

The tech support is excellent if you have a support subscription. If you didn't have that, you could be lining up for a while. It could be a hit or miss, whether you get someone that's actually going to help you. 

However, we have a subscription and therefore our support is always excellent. We're quite satisfied with the level of service we're getting.

Previously, we used Dell SonicWall. There was just a high cost of licensing all the time, and, with having someone go in and troubleshoot for issues as well, it just wasn't cost-effective anymore. pfSense is simply a better solution.

The initial setup has a bit of a learning curve. It's not complex per se. It just takes some getting used to. After the initial deployment, the other six or seven were easy. I could just copy the configuration of the other ones, change some IP addresses, and I was basically done.

There aren't monthly or yearly licensing costs.

We're just cusomers. We don't have a business relationship with pfSense.

We're using the latest stable version of the solution.

I would 100% recommend the solution to others. On a scale from one to ten, I'd give it a ten.

I use the product for many enterprise clients, including building construction, government, and education.

The documentation is very good.

The pricing is okay. It's not too expensive.

The integration capabilities are great. The product can integrate well with Check Point and Fortinet. They make it a very easy process.

It's very good at defending our company.

It would be ideal if the solution could integrate with Snort and OpenVPN.

The technical support needs to be improved.

I've been using the solution for ten years at this point.

The technical support is not great. It's very slow. Sometimes it will take four days in order to connect with them, which is actually a decent timeframe for them. 

Their documentation, however, is pretty good.

The initial setup is not complex. It's pretty straightforward. The onboarding process is pretty good. They make everything very, very easy. People shouldn't have any issues with implementation.

We've found the pricing to be very fair. It's actually pretty low. The licensing is very inexpensive.

We looked at Fortinet and CheckPoint in relation to how they work with Linux.

In the case of Fortinet, the content filter is a URL content filter. It's very different and it's complex to use.

We're a pfSense partner.

I'd rate the solution ten out of ten. It's been very good to work with.

I would recommend the solution. pfSense is superior in terms of defending against attacks.

It is my main firewall into the data center and VPNs for clients. It sets up my DMZ and does a whole bunch of other stuff. I am using the latest version.

We wouldn't be able to function without it.

The intrusion detection feature is the most valuable. It is an open-source firewall, so there is a lot of material on it. I also find the open VPN capability very nice.

It is pretty customizable. The clustering and the high availability are the two biggest things to be able to get out of a firewall. 

Their support could be better in terms of the response time.

It has been pretty rock solid.

Its scalability is good. I have got web users and other kinds of users, so there can be five or thousands of users.

I paid for some support with them, and it was pretty good. They just could be a little quicker in responding. They have custom level support, so if you got something complicated, they get you up to the upper tiers, but it takes a little bit longer to do that. Once you get there, the support is good. I would rate them an eight out of ten.

I used Fortinet previously, and I used Ubiquiti prior to that. We switched partly because of the cost. It also gave me the ability to do the clustering. I can still maintain my VPNs, connections, and other things. I can take down one of the firewalls for maintenance and bring up the other one and not take down my whole user base.

It was not complex. I was able to do it myself, but we had some problems with some of the protocols, and we had to get one of their coders to get in and look at it. Because of that, it was a little complicated to do the high availability stuff.

I did it myself.

I spent a couple of $1,000 on hardware, and the OS was free. A comparable firewall would cost me probably 20 grand. It saved a lot of money.

I would advise others to go for it. I would recommend this solution. It is a good solution. No other solution can beat the price. 

There is so much stuff you can do with it. There are so many features, and I have not even scratched the surface on all of them. If it is something that someone doesn't feel like configuring, you can buy a prebuilt system from them and get support.

I would rate pfSense a nine out of ten because of the cost and flexibility. It has been pretty good.