Netgate pfSense Reviews

We use pfSense as an edge router for customers. I use pfSense Plus. We're using Netgate boxes preconfigured with pfSense.

PfSense gives our customers high security, and it's easy to implement. Most customers are looking for a VPN, so we set up a static IP that makes the VPN easy. The benefits of pfSense are immediate. It has a few features that prevent data loss, such as backups and creating rules. It does packet inspection to ensure large known malware does not get through to the end users.

It offers features that help us prevent downtime, but that doesn't apply to our customers. It has failover, so if an internet line were to go bad, you could failover to another line. That doesn't apply to our customers because they can't afford a second internet line. 

I appreciate the depth of what you can do with pfSense and the simplicity of the initial setup. One thing we've done is create an image, and when we get a new customer who needs a device, we can put that image on there. The image gets them up to 90 percent of what we need them to have, and we only have to customize the remaining 10 percent. PfSense is incredibly flexible. It's complicated, but it's incredibly flexible.

We do a lot of managed services and are currently trying to get people off of L2TP VPN. Apparently, we can download a mobile config file from a configured NetGate device, and we're primarily Apple. We've experimented with it on a device that's not a production device, and we can't seem to get the phase one IPSec set correctly so that the Apple config will accept it. 

We've tried looking at the documentation but haven't found anything. While it's not the highest priority, it is rather frustrating. We'd like to do this, and the feature is right there, but we can't get it configured. We certainly don't want to try it on a production machine because it will break the current VPN. 

I would like to download the Apple mobile config so that I can tell it to configure my VPN connection to do that. We have some cross-platform things. So there's also a Windows VPN. You can download a script or a PowerShell, put it on a Windows machine, and it can connect to the VPN. It would be nice if I could say I want Mac only, Windows only, or both. I wish it could configure the IPSec phase one and phase two, or at least give me solid instructions on how to configure that.

It doesn't supply out-of-the-box visibility to drive decisions. You get 75 log lines, so if you're trying to troubleshoot something, you have to look at one log and then another. It integrates with SysLog systems, but our customers are not at the level where they want to pay for some third-party SysLog system. Usually, we can get things taken care of fairly quickly.

I would like to have the ability to control all my devices from one place. With Ubiquiti, you can get a controller that allows you to control all of your Wi-Fi devices, switches, and routers. From one area, you can switch to that customer and see what's happening in their environment. That's not part of pfSense. I understand why it's not because pfSense is open source and community supported. That's something that someone in the community needs to pick up and run with. It's not something the pfSense can easily implement. If they could, that'd be great.

We did have one issue with sales. Contacted them with a question and never received a response.

I have used pfSense for 12 years.

I give it an eight out of 10. I've never had any lag or downtime.

The higher-end boxes have a lot of scalability. You can run pfSense on a Unix box and add cards or all sorts of things. If you had a powerful Unix box and hot spot-able, there would be a lot of scalability to it. I primarily use their Netgate appliances from the 1100 to 2100 hundred, so the scalability is limited. 

The old 3100 had a lot more scalability than its replacement the 2100. But the next step up now is to the 4100, which gives you an additional preconfigured WAN port that allows you to easily separate networks. It jumps from $400 to $900.

I rate Netgate support eight out of 10. They're great. I called about an issue with a bad box. They answered the phone and I got somebody who was highly familiar with the product. He had me try several troubleshooting things, identified that the box was bad, and got me a replacement. 

Positive

We’ve used SonicWall and switched due to cost. Though SonicWall is easier to manage, the on-going costs are prohibitive.

The deployment difficulty depends on what you need to do. Let's say you get a box and plug it into your network, but you can't get it to work, so you call the folks at pfSense. They will help you configure it so that you can ping a remote device. That's pretty easy. 

I gave one of the pfSense boxes to one of my people who has minimal knowledge about setting up network devices. He could get it to ping in about 25 minutes. Then, I asked him to add a VLAN, and he's still working on that. That's been two and a half months. If someone needs something to put on their network, it's pretty easy, but if you want the full benefit of a firewall, it may take a while. One person is enough to do it. After deployment, you just need to do some periodic firmware updates. 

PfSense's pricing is reasonable. However, support is relatively expensive for smaller customers, and you need to pay per device to get it. So if Customer A is having an issue, I have to get support, and then I have to get support for Customer B, and so on. It would be nice as a managed services provider to get support for my company rather than individual devices.

I would compare the total cost of ownership to SonicWall. We can compare the basic functions of the Netgate 2100, the model we use most, to the SonicWall 3500. They have very similar functionality. The cost of the 3500 was closer to $4,000.

I rate Netgate pfSense eight out of 10. I recommend doing a lot of research or spending the $500 to get the extended support. 

I use it for my firewall at home and when virtualizing labs to do routing between different network segments. I use it in the business that I am currently with at our main office and our other site. I worked at an MSP before that, and it was the firewall that we recommended to clients who wanted to go beyond what you'd buy at Best Buy, like the random Linksys or Netgear. I haven't touched the enterprise level, like the expensive ones where you might have 20 different Netgate segments with failover.

We deploy it either on bare metal or virtualized on our own virtualization platform. We have not deployed it on any cloud. The primary cloud services we use are software as a service, so our firewall doesn't apply to that. If we ran our own set of servers in the cloud somewhere, we'd probably consider pfSense for routing between them, but we don't have that use case.

When I started using it back in the day, someone told me that there's this firewall you can install on an old PC to get all these features that are normally only available on expensive enterprise firewalls. 

I realized the benefits immediately. When I installed it, I had access to features like multi-WAN, which is more common now. You can get small home office routers with multi-WAN these days, but when I started a decade ago, it cost thousands of dollars and required enterprise equipment. It was mind-blowing that I installed it and could hook up two Internet connections for no extra money.

It doesn't directly prevent data loss because pfSense doesn't have a DLP function, but the security aspects, like the pfBlocker, ClamAV plugin, and proxy, are all great. The security components help prevent data loss by securing the network. As far as I know, pfSense doesn't have a data loss prevention function that scans for somebody trying to exfiltrate data. 

The failover or load-balancing WAN helps reduce downtime. It also supports high availability between two firewalls, although I've never set that up. Those would minimize downtime of the firewall individually and the company as a whole.

We don't use it that way, but it has extensive logging. If you were to dump all those logs into something like Graylog, Elasticsearch, etc., you could analyze and decide based on that data. We don't use it like that, but I know that with the extensive logging that it has, it could be used that way.

PfSense has an excellent ability to optimize performance, especially with the plugins. It helps me determine where my bandwidth is going and get reports on latency, jitter, etc. I use all of these features regularly. If the internet is slow, I can go see who's hogging it by downloading giant files, or I can identify where there's a lot of latency on a particular gateway.

I like that there's a community edition that I can install on my own virtual machines or hardware. I can test things without messing with them in production, which is incredibly useful. If you have a Juniper or Cisco, you can typically only afford one. 

You're forced to make changes in production and hope they don't break anything because there's no easy way to have a testing environment. The free version of pfSense offers load balancing or failover WAN, which is also helpful. Most commercial firewalls don't have that in the cheapest iteration of the hardware. 

The community edition makes it easy to learn because you can try it before buying it and putting it in production. There's no equivalent if you want to buy FortiGate, WatchGuard, or any of those and fiddle with them on your hardware before putting it in production.

Many plugins for pfSense are easy to install off the store, and they work. The basic function that you want to do are pretty easy. However, it is more complicated than your average home office router, but that's to be expected. The fact that it is an open-source project that's trying to be all things to all people does mean that sometimes things can get a little bit complex, sometimes unnecessarily. For example, the IPSec VPN setup has five hundred options, probably more than anyone needs, but it works. Their documentation is excellent. In instances where you might not figure it out on your own or the interface might not be super clear on how to do something, the documentation is usually good 99 percent of the time. 

I appreciate pfSense's flexibility. I can buy supported hardware from Netgate with it already on there, buy support for my own hardware, or run the community edition on my own hardware or a virtual machine and get all of the same functionality. 

Snort or Suricata don't block things they should out of the box. It's always been a pain point of pfSense. If you turn on Snort or Suricata for IPS or IDS, no setting is effectively set and forget. Turning any commercial firewall to the lowest setting will provide you with a decent amount of security with almost zero false positives, but pfSense is not that way. You've got a babysit Snort and Suricata to the point where sometimes you turn it off.  

I know one of their rising competitors, OPNsense, has the ETS rules. I forget who provides it, but you turn on a rule set, and they just work. They have a built-in set of rules for Snort and Suricata that you turn on and it provides a reasonable amount of security. That has always been a pain in the neck with pfSense. It's the single biggest thing that they could do to improve it. Honestly, they're losing business OPNsense for that one reason. 

I have used pfSense for at least 10 years.

As long as you don't use bad hardware, it's fine. PfSense has issues with some Realtek network chips. If you use bad hardware and get bad results, it's your own fault. I usually have as much uptime as there is between patches. It's highly solid after reboot other than installing the most recent patch.

I've never used pfSense at the high-end enterprise scale, but it can scale nearly infinitely as far as I can tell. There's a higher-level pfSense that's carrier grade that can handle hundreds of gigabit routing. We've got a Netgate plan and never had any problems. 

We see solid performance no matter what we're running on it. The fact is that it can run on a low-end, low-power fanless ARM CPU for a branch office. PfSense is usable in a lot of situations. It's also extremely scalable, which is also flexible in the sense that you can install it on some random old PC that you have at your house and use it for your home firewall. You can also use it in an enterprise with a multi-gigabit incoming connection and thousands of clients.

I rate Netgate support nine out of 10. I have contacted them a couple of times over the years. Each time I called them, they solved my problem or gave me a workaround within a reasonable time. It seemed like the people I talked to knew what they were doing. Sometimes, you call technical support and end up with first-level tech support who reads off a script. They don't listen to a word that you say and tell you to do all the things you've already done. 

I've been able to get people who ask pertinent questions and ask for logs. They remote into my machine or SSH into the firewall, so I'm happy with it. It was worth the money that we paid when we needed it.

Positive

I have used Smoothwall and OPNsense. Back then, I used to have a weird firewall that I can never remember. If you count OpenWRT, a replacement firmware for Linksys, as a firewall. However, you can't install it on any x86 OS that you want.

It depends on whether the user is familiar with general concepts like putting an ISO on a flash drive and booting off of it using some basic command line. It's very easy if they've installed operating systems before and understand how to boot off a flash drive. Flash the image to a flash drive and boot off it, then follow the prompts. If they don't have that basic experience, I wouldn't tell them to deploy it themselves. I'd tell them to buy a box from Netgate with support. 

That can be tricky if you've never done it or don't understand the concept of moving off of a flash drive and installing an OS. There's not anything Netgate can do about that because there are thousands of different pieces of hardware you can try deploying pfSense to, and pfSense can't give specific detailed instructions for every one of them. That's when you go buy Netgate. 

The first time, it took me days because I had no idea what I was doing. Now, I can set up a pfSense with good basic functionality in an hour. It doesn't take very long. I've probably done it hundreds of times now.

After deployment, you've got to install patches periodically. If you're using Snort or Suricata, you've got to pay attention to those. If you're using pfBlocker, you've got to install patches. If you're not using any of the plugins like Snort, Suricata, pfBlocker, Grid, or any of those sorts of things for advanced functionality, then there isn't any maintenance other than periodically installing your patches like anything else. 

The community edition provides all of the basic functions for free on your own hardware, and pfSense Plus comes with a Netgate appliance. It's a reasonable $200 bucks or so to buy pfSense for your hardware, and then it's $800 or $900 a year for commercial support, which is also reasonable for a firewall.

It's hard to gauge the total cost of ownership because there's a free, open-source version that, if you know a lot about pfSense already, it's almost zero cost. You can run it on any old hardware you've got. If you need support and multi-gigabit IPSec WAN speeds, you'll need to pay for that, but you will with anybody. 

I rate Netgate pfSense eight out of 10. They could polish up a few things, especially regarding IDS/IPS rules. A few interface things are a little more complicated than necessary. 

If you're moving to pfSense from a random Linksys or Netgate router, you need to realize it will be more difficult, and you'll need to learn more about networking concepts than you necessarily had to do with the random router that you've got. It's more complicated like that. 

That's to be expected because you're either a techie kind of person who thinks building your own firewall is fun, and they're willing to spend the time and effort to learn it. Or you want an alternative to FortiGate, Juniper, or whatever, and you want to buy a commercial Netgate product. This is going to be more complicated than the Linksys router I bought for $80 dollars from Best Buy.

I can restrict IP addresses by country, for example, which is very useful. If I don't have business traffic from specific regions of the globe, I can restrict them. I loaded SNORT and started playing with some of the rules and packages.

Overall, I've experienced fewer problems since I started using it at home, so I'm very happy with it. It's very flexible. I think it's extremely flexible.

I can configure as much or as little security as I want. A lot of it comes out of the box and I can fine-tune it toward my needs according to my knowledge, obviously. I think it's pretty flexible, yeah.

Less down time, less denial of service attacks.

I received a great deal of guidance and help from the technical user group, the forums are awesome and the community is outstanding.

Netgate technical support is also very good although it incurs a cost.

The software is easy to use and rather flexible, it is just a matter of getting to know it. 

You can buy the appliance pre-configured, there are many models available, to suit your needs and your budget.

However, you don't need to buy the hardware, which is what I'm really excited about, in other words, you can buy the service on the AWS cloud.

Since I purchased the service, I have not had as many denial of service attacks, it minimizes downtime by reducing the number of computer crashes, so yes, it increases uptime.

The solution is very flexible, you can configure as much or as little security into it as you want, a lot is available right out of the box, you can fine-tune it.

I saw results of using the solution immediately. You can start restricting IP addresses by country right away. That's very useful. It's easy to restrict regions.

Overall, I have experienced fewer problems since using the solution. 

pfSense does provide a configurable dashboard, however, you have to connect to it through a browser. I can see a lot of stats in a single pane that is quite flexible. It does what I need it to do so far, you can add or remove sections.

It doesn't directly minimize downtime, however it does indirectly, by minimizing the number of DDoS attacks. This increases uptime. Since using pfSense, I don't have as many attacks. 

I use pfSense on an Amazon EC2 virtual machine. It works well in the cloud. This implementation optimizes resource utilization because it doesn´t rely on static hardware which quickly reached EOL support, I can grow/re-size easily.

I can take it with me wherever I go - as long as I have a network connection, laptop or cell phone without being tied to hardware.

I'm not knowledgeable enough to suggest new features. The use has been very straightforward. Whatever questions I've had, I've found videos to help me on YouTube, or I've been able to ask the forums.

I've also reached out to technical support and I've received help although there could be more videos or tutorials from Netgate, in addition to third parties who have already implemented it, which is great. 

I have suffered a lot of problems over time but I don't think the problems are related to the hardware or the software. I am convinced that the problems have been related to hacking during configuration.

During the setup process, while experimenting, the device would stop working or the password would suddenly not allow access, requiring re-installation and re-configuration, it was very slow going until I moved to the cloud.

The dashboard is a little bit slow and the reporting isn't always current or immediate but acceptable. I'm not sure I can make data-driven decisions due to insufficient volume. I would need enhanced reporting, statistics, playback. 

I haven't looked at the reports a lot since because you have to access the log files, time is an issue, I use it in a home office environment.

I have been using pfSense on and off since August 2015 when I bought my first device with the pre-loaded operating system. I've been working ON it ever since, on and off.

I suffered a lot of problems but they are not related to the hardware or the software. They were related to hacking that I was subjected to. The device would stop working. The password stop working suddenly. I had to reinstall the whole thing. So it would be very slow going. 100% up time since I went to the cloud. There you have it in a nutshell. 

I'm not tied to the size of the hardware that I'm using. An SGA 2440 is a really nice device for a home office. However, if I should grow into a business, then all I need to do is resize the virtual machine capacity. I don't need to buy a new device and reconfigure it. I can just grow the device that I already have. That might imply a migration but not reconfiguring from scratch.

The support is excellent quality, yet it's expensive. 

They're very quick to rule out things if they're not cutting edge. In other words, if it's not a new device, if the device is near its end of life, they tend to kind of say, "well, you know, no. We don't deal with that anymore." 

My device was still supported, although older. In any case, it was clear that they were not going to give it as much effort as something in its main life cycle. My impression was that it I was summarily brushed off on account of age.

User groups helped me a great deal. Support offers a certain amount for free when you get the subscription in the cloud which I purhased. However, if you have a really big issue, then you have to pay for support. 

Positive

I looked at another Netgate option which also runs in the cloud on AWS. I haven't used/evaluated it. I don't remember the name of it although it looked very interesting. I settled on Netgate because my friends recommended it.

Malicious behavior is something that I've noticed over the years and it is growing.

I sought help and joined a nonprofit organization locally whose charter is to educate people about the dangers of being on the Internet and how to modify their behavior to minimize the risks and protect themselves. 

This solution is very configurable, reliable and approachable open-source software. When I re-nstalled the latest version on my home device, I downloaded it for free, I got an invoice from Netgate for zero dollars. 

Netgate makes money from subscriptions on the cloud or selling the hardware with the installed operating system. However, the operating system is still free. It's still open source. 

The community is wide, and there's a lot of help available. It's relatively cheap if you buy your own hardware and very configurable. 

I can't say that I went into a very exhaustive investigation of other options. When you're ignorant or inexperienced like me, it requires a huge time investment to make the evaluation, I discarded over the counter solutions.

So you try to approach people who have already evaluated a whole bunch of products, and ask them to tell you which one they think is best, most flexible and configurable, NETGATE pfsense was the overall winner.

The initial setup in the cloud is easy and I received good instructions and a fair amount of coaching when I purchased the service. 

The on-premise appliance, which was also pre-configured did not come with instructions, so it was less straight forward. I didn't have a guide. It didn't come with a manual. It was more difficult for me and I struggled a great deal. 

The second time around, I already had seen the operating system its interface, configured it, reset passwords, the whole thing so I was more comfortable with that, received more help and had more documentation available online.

The cloud version was easier since even if I did not have a lot of experience, I had more help. Maybe it's just the perception. While it wasn't difficult for an inexperienced IT person, it might be a little more complicated for a regular user.

Netgate has TOP of the line expertize and customer service.

Not measurable in the USD but considerable in terms of productivity.

It's a little expensive in my region. I really want to buy a device, a hardware device, and have it on-premises. I want my own security gateway appliance at home, my own router to log into, configure and play with. 

However, I don't have that, my SG-2440 just died from a power surge, it's a huge up front investment and it is also more vulnerable in more ways than one.

An average device costs around $500, is vulnerable, can be stolen, damaged by electrical surges, tampered with. 

If I buy the subscription in the cloud, I eliminate the danger of theft and losing my investment, and I can take it wherever I go. I feel more secure with the cloud version, even though I know it's more expensive. 

The cloud lease cost $50 a month at the time I was interviewed, about $120 now, a lot of money for me. However, it has been worth it. I can access all of the resources remotely, manage, configure, upgrade, use at home and on the road.

No, I asked around for recommendations.

I'm just a customer considering a partnership.

I now have a pfSense subscription on AWS, I've installed it on my laptop and mobile devices. I can use it at home and away from home. My cell can share Wi-Fi and extend the benefits to others around me.

I'm considering alternate architectures to split my home office network using an on-premise device here at home. 

That will allow the mobile component on the  AWS Cloud for my cell and my laptop if I travel, since the OpenVPN is installed on them, as well as the ethernet connection from the home appliance for wired access to repeater, TV, laptop. 

It doesn't matter if it's Ethernet or Wi-Fi everything will be covered. 

Overall the product rating is nine out of ten.

I primarily use this for a small single-site, multi-source setup with multi-WAN inputs. I have a main fiber connection and a couple of failovers, and I manage different networks across different segments.

I really enjoy the flexibility of the interface setup configuration for my network VLANs. It is very easy to configure and set, and when I am doing multi-inputs with internet providers coming in, it is very easy to manage and set up with very little effort.

I think the package management and the updating process in Netgate pfSense could be better. Whenever there is a release, knowing that you cannot update any of the packages until you have done the actual operating system update can be confusing. Beyond that, I do not have any major issues. There are generally some user interface updates and tweaks here and there, but this is a lower priority.

They come out about every 12 months, and I know that is one criticism against Netgate pfSense that they are a little slower on development, but honestly, that is probably preferable because it is not constantly updating.

I have been using Netgate pfSense for about eight years in my career.

Netgate pfSense rates a 10 for stability, and I have experienced no issues there.

Scalability works well. I would say it is probably going to be a nine.

They are very responsive. Within an hour, two hours, or three hours, I generally get a response. I have only had to contact them maybe two or three times for very minor issues, but there is no issue there. I think they are very responsive.

Positive

I have used UniFi primarily in the last couple of years, probably three years now, and I have it as a separate site. It is nice, but it is not nearly as configurable. The biggest differentiator is the Netgate pfSense software, particularly the ability to do VPN with regard to Tailscale and OpenVPN, which is very easy to use, whereas UniFi is not ideal. Additionally, the security in UniFi is open by default versus Netgate pfSense, which is closed, and closed is always going to be preferable.

For an entirely new site, it would take some time to configure and set up. If you are coming from an existing setup or configuration, you effectively export the configuration, upload it, and make some minor updates. Even with a booting environment, it is easy to go back or revert to an existing configuration if you make a mistake, so it might take some time, but it is not overly complicated. I would say it requires minimal effort, especially if there is a plan in place ahead of what the structure will be.

One person can do it, but you are going to need to be testing. Honestly, it is not anywhere near as complicated as a larger, more legacy offering, so I think it is very easy.

You are going to have manual updates in terms of the releases, checking those out, doing some testing, and confirming in non-prod environments. It is not that complicated. Even if you have the boot states, you can pretty easily do an operating system update and it is easy to manage. 

I use Netgate pfSense for my side gig customers' firewalls, and also for my home firewall.

One aspect I appreciate most about Netgate pfSense is that it is easy to administer and very straightforward.

I see the benefits of Netgate pfSense immediately due to cost. It costs significantly less than Ubiquiti, Cisco, or other firewalls out there, and it is just easy to manage, which saves me and my customers money.

The packet inspection feature of Netgate pfSense is valuable; I have had to use it for troubleshooting and it provided the necessary data.

The dashboards for managing network traffic patterns and security threats in Netgate pfSense are simple and give me what I need.

Netgate pfSense's plugin ecosystem is very easy to manage; I simply point and click on the plugin and it installs directly, which is very well done.

The stability of Netgate pfSense is rock solid; I have never had any problems with stability.

The initial deployment of Netgate pfSense is very easy; you install it and it just works on the first try.

The downsides of Netgate pfSense include a lack of graphics to show a customer. I would prefer to see a more graphical UI similar to Ubiquiti.

Setting up fault tolerance on Netgate pfSense is difficult to do, and I do not enjoy that part.

I have been using Netgate pfSense for approximately 15 years.

The stability of Netgate pfSense is rock solid; I have never had any problems with stability.

I have contacted Netgate technical support regarding Netgate pfSense once. I had a hardware failure in one of my Netgate pfSense nodes and they provided an easy fix and got the customer back online quickly.

Negative

The initial deployment of Netgate pfSense is very easy; you install it and it just works on the first try.

For a new technician with no experience with any Netgate pfSense products, it would be easy for them to deploy for the first time because they can reference Google or the Netgate pfSense community web pages.

One person can easily do this.

Netgate pfSense costs significantly less than Ubiquiti, Cisco, or other firewalls out there, and it is easy to manage, which saves me and my customers money.

The pricing of Netgate pfSense is incredible; I love the pricing, which is the best part.

I prefer Ubiquiti because of the ease in setting up fault tolerance and the user interface on Ubiquiti.

Netgate pfSense requires just a monthly reboot on the firewalls and that is all. I would give them a 10 out of 10 as they are good. I give this product an overall rating of 8.

I usually use it on premises, and I use it for different purposes. I use it for network security for my infrastructure, and I use it for my web servers and data servers that are on-premises.

My main use cases for Netgate pfSense are proxy servers and IDS/IPS, blocking ads, clearing the network for adware and malware, and monitoring the network flow. 

As an open-source solution, Netgate pfSense is highly flexible because a person with kernel-level or code-level experience can control the firewall as per their requirements, and there are multiple packages and tools readily available to integrate with Netgate pfSense. In the IT industry, most of the tools can be integrated with pfSense.

Adding packages to Netgate pfSense is very easy. I just need to search for the required package and then install and configure it.

Netgate pfSense has a very intuitive dashboard. The information is readily available on the dashboard.

Netgate pfSense has routing facilities that help minimize downtime while having multiple internet connections. If one bandwidth goes down, it automatically diverts to the other. 

Netgate pfSense helps prevent data loss by monitoring data transactions and network protocols, allowing us to block certain amounts of data and implement policies to reduce malware and firewall threats. 

From my perspective, the best feature of Netgate pfSense is the load balancer, as I usually take multiple internet connections. I can use both internet providers' bandwidth as a single network bandwidth, which helps in a very smooth network traffic flow. Netgate pfSense has a very interactive and intuitive dashboard that provides all the major and informative information that is readily available.

Netgate pfSense has positively impacted my organization because when we look at other firewalls or alternatives, they are costly. 

For my requirements and use cases, it is sufficient for me, and I have never faced a need for additional features. AI would always be a plus point, and if pfSense could change its framework from FreeBSD and PHP to a different language and Linux OS, that could enhance security.

I have been providing services for network solutions and network security, and I have been using Netgate pfSense for almost four to five years.

Netgate pfSense is definitely stable; I've multiple sites using it, and they are live right now. I've at least 20 sites operational.

It is a scalable product. I would rate its scalability a seven out of ten.

I have never used the services of Netgate, but I can rate the product itself as a 10 out of 10 because it has been very helpful to me.

Neutral

I have previously used Fortinet and Sophos. The major reason I switched from Fortinet and Sophos to Netgate pfSense was to mitigate the financial aspect, as those alternatives were costing us lakhs.

Deploying Netgate pfSense is very easy because I used to deploy it on my personal hardware. Whatever spare hardware I have, I install it directly on that. Installing and configuring it is very easy for me.

I deploy Netgate pfSense for various companies. There are many startups in India that require a cost-effective solution that allows them to use their hardware and provide basic security. 

Deploying infrastructure for a new company takes me approximately one day, unless there are separate requirements to configure, such as creating usernames and passwords for each user, which may take two to three days.

I do everything in-house by myself. I am the only person involved in the deployment.

I have seen a return on investment with cost savings after implementing Netgate pfSense, as other firewalls would cost me lakhs of rupees while pfSense is free.

Everything we need is covered in the free version of the open-source pfSense. I have never used the licensed version or required certified partner help to implement or deploy anything.

If we are not purchasing any support or incurring any Netgate costs, the total cost of ownership for Netgate pfSense is zero, as it is freely available to download and install, requiring only hardware for deployment.

The cost of other firewalls goes to thousands and lakhs of rupees compared to pfSense, which costs zero. If we opt for Fortinet, it costs about one lakh thirty thousand Indian rupees for the firewall, and then it costs up to almost fifteen to twenty thousand annually for the user subscription. With Netgate pfSense, all those things get covered at zero cost.

I did not evaluate any other options aside from Netgate pfSense because it was the only solution I could find that effectively met my needs. It works for our use cases.

In terms of data-driven decisions, there is a package that can help me understand each and every packet and time. I have not gone through that avenue yet, but it allows us to get all the data for data-driven decisions.

There is a paid feature to increase performance, but there are multiple tweaks available in the advanced settings that can help increase bandwidth or usability based on requirements.

I have not used pfSense Plus on Amazon EC2 VMs because there was no requirement. 

I would rate Netgate pfSense a ten out of ten.

I use pfSense as a home firewall and router. I don't use it for anything professional. When I first deployed pfSense, I was using my ISP-provided gateway, and there were a few things that I felt a little frustrated about. I didn't have control over the networks in my home and lacked some features, such as dynamic DNS, the ability to split different VLANs, multiple gateways, etc. There are a lot of features I use now, such as DNS or GeoIP blocking, that I knew about but couldn't take advantage of. 

The gateway failover helps prevent downtime. The ZFS Boot Mirror would also help prevent downtime in the event of a disk failure. The dynamic DNS is nice because when my IP changes, my web services won't be affected because it automatically caches my new IP.

PfSense has features that drive data-driven decisions. I was using pfSense years ago on a capped internet connection. It was a Comcast connection with a set amount of data I could use monthly. One useful thing was that it had the traffic totals as a package, so I could track the amount of data I was using and the clients that were using it broken down by client and network. I can determine how much data I use to ensure I don't exceed that limit. That's something I couldn't find in any other similar product.

From a performance perspective, it can help in terms of bandwidth and things like that because I know that the machine I'm using has enough processing power to establish all of my routes, DNS blocking, IDS, IPS, etc. I can utilize the full spectrum of my connection and a custom 10-gig NIC. If I had a smaller off-the-shelf product or an ISP-provided gateway, it wouldn't have the performance I need.

I'm using pfSense Plus, which has several features I like, such as the ZFS boot environment. I support Netgate because they're one of the biggest contributors to FreeBSD, so I'm happy to contribute. The most valuable feature to me is the gateway failover.  The area where I live has a lot of natural disasters and times when my Internet connection will go down. I work from home sometimes, and my wife works from home all the time, so it's essential to have a reliable connection. I like that it can automatically pick the connection based on packet loss.

The flexibility seems to be excellent. It has a large set of features to choose from that are built into the UI, so I can do 99 percent of it through the interface. It's also nice that I can run it on my own hardware. I don't necessarily need to buy a Netgate appliance, even though they make good products. It's nice that I can run it just about on any x86 PC with a dual NIC.

If we're adding a plug-in to the pfSense platform, that can be difficult, but I don't mind because Netgate vets the plugins before they make them available. That said, I found FreeBSD easy to deploy, and adding custom packages to it is simple. 

It doesn't prevent data loss in other machines, but pfSense has ZFS built in and can mirror it in two disks in different boot environments. If I have a corrupt OS, a bad update, or something else that goes wrong so that I can't connect to my Netgate, that's something built in so I don't have data loss on my firewall.

The dashboard is extremely easy to use. I like that I can go to one page and see the status of my hardware, packages, gateways, interfaces, disks, RAM, thermal sensors, and traffic graphs. It's a one-stop to look at each item and see everything operating properly. I can see them in different menus in the UI, but having one page where I can view them together is nice.

I would like them to have more security platforms. The pfBlocker is nice, but they don't have anything native for CrowdSec or Fail2Ban. I'm running CrowdSec on a web server instance on my server instead, but I'd like to move more of these services to the edge and put them in pfSense. I think that's something that's coming. I don't know if Failed2BAN is, but I'm sure CrowdSec is a popular platform, so it would be nice to have a package that's native to the platform. 

I've used pfSense for about five years.

I rate pfSense 10 out of 10 for stability. I've never seen it crash, and I have deployed two of them without any problems.

I think the scalability should be pretty good. I can put two of them into high availability. If I add more clients and start to deploy a lot of these for a small business, it would be able to handle that. I don't have experience doing that personally, so I can't speak to that, but I have seen evidence of it being used in a more scaled environment.

I rate Netgate support nine out of 10. I only needed help from the support team to transfer a license because I bought new hardware. They could answer my questions pretty easily.

Positive

I've tried UniFi gateways. The feature set was lacking, and it ran on substandard products. Unlike pfSense, I could not run it on my equipment. I've run OPNsense, which was a fork of pfSense at one point. I didn't like the UI or their documentation, but it seems like a fine product. I've also tried OpenWRT back in the day. 

Deploying pfSense is easy. I'm not a network administrator, but I'm familiar with computers. I can install it on a USB and set it up like any other operating system. The documentation is excellent. I can configure it based on that, and many YouTubers cover it.

The only people who would have any problems installing it would be people who don't know how to use a computer beyond basic functions. Anyone who's installed Windows can easily install pfSense, and anyone who has used an off-the-shelf consumer router would know how to use it. If you don't change anything, it doesn't require any maintenance besides updating packages twice or thrice annually.

The price of pfSense seems reasonable. I pay around a hundred dollars a year for pfSense Plus, which is inexpensive for such a complex product. It's also good that they can still release a community edition. If it started to get extremely expensive to the point where it was more of an enterprise-only product that costs thousands of dollars a year or something like that, I might consider stepping down to the community edition or looking elsewhere.

The total cost of ownership seems pretty low because you have the cost of the OS and VPN. If I'm paying for a VPN that's probably five to 10 dollars a month, and the firewall is already included.  

I rate Netgate pfSense nine out of 10. It's an excellent product. I advise new users that you don't need a Netgate product if you're deploying it at home. It's one way to go, but pfSense works on any old mini PC or PC you have lying around. You can get something off eBay and throw a 20-dollar network interface card into it and you're off to the races. It's not as expensive as you think to get started. The basic routing and firewall rules aren't too complicated. Don't be intimidated, and it's not expensive.

I do some consulting work for a couple of organizations on the side, and I have a few personal home lab builds of pfSense, so I use it in both a professional and personal home lab environment. I'm using the community edition and pfSense Plus.

I began seeing the benefits of pfSense immediately. The use cases for pfSense were creating remote VPN servers and satellite offices where remote employees connect. I've been using it for so long now that I have some baseline configurations. When I bring a new site online, I load that default configuration and ship it out to where it's needed. They plug it in, and the system comes online. It's fantastic from that from that perspective.

PfSense gives you much control and visibility into your boundary that helps you identify nefarious actors and things that could lead to eventual data loss.

It helps minimize downtime from a boundary perspective. They have some features. I have used Plus in boot environments quite regularly to test out some things before going live into production, which has been nice because I've made some configuration changes that I regretted. 

The boot environments help you get back into kind of what you had. Both the community and Plus editions have a fantastic configuration export. Your boundary device is relatively static once you can configure it how you need it. You can export those configs relatively easily so that when something goes catastrophically wrong, the hardware fails, or something along those lines, you can reload the configuration onto that device or the replacement device and go about your day. 

One thing I can say about pfSense specifically and the Netgate hardware is that it is not something I worry about from a security or a resiliency perspective. It's stable. It works. I have the ability to forget about it. As an IT professional, I have so many things to worry about daily, and it's incredible to minimize those things. I think pfSense has done a great job in that area.

There's a lot of logging that produces a ton of data I can pull into a data analytics platform and make data-driven decisions about bandwidth increases or changes to firewall rules, intrusion detection rules, or employee access.

It also enables us to optimize performance, one of the biggest things you do when you get a new Internet service provider or a modem replacement or something along those lines. There are tons of tools built into pfSense that let you look at how that's working, and even some tools online that allow you to tailor that experience based on your real-world use case.

In the time that I've used pfSense, I'm continuously blown away by the quality of the product, its attention to security, and all of the features it has. It's easy to use. The web-based interface is great. The tutorials on the website are fantastic. I wouldn't say it's necessarily one feature. It's the full offering of all of the features that make it for me. I use firewalling, intrusion detection, and two of the VPN features: WireGuard and OpenVPN. 

The flexibility is great. PfSense will run on homebrew hardware and Netgate. The interface is excellent on the web and through the console. There's a lot of flexibility through the console. It lets you get into a low bandwidth environment to do the things that you need to do when you're remotely administering some of these things. 

I enjoy the fact that the web interface is customizable. A seldom-used feature is the ability to change to one of several built-in themes. I use those themes to tell which system I'm administering because they're all remote to me, and the interfaces all look the same. I don't have those little tells about changing the colors of certain things. 

Sometimes, it takes some back and forth to figure out which one I'm on. I never thought the themes would be a feature I would use. I use it all the time. The user interface is fantastic and responsive. The tooltips are in the right areas and help you build out your firewall and boundary device.

The ease of deploying and configuring features depends on the feature. Most of their features are designed to be implemented with some basic knowledge level, but some are super-advanced, and you need that knowledge level. They have excellent guides for just about every feature on their website or that's inside pfSense. They're great. They explain all the different things about adding new features and each package's function. I don't think that there has been a feature that I wanted that someone didn't already have a package built for.

I would like to see a better plugin for data analytics. They have some things that you can do, but it's not purpose-built to get data out super easily. That's kind of an advanced feature, and you do have to do some configurations that are a little more advanced than some people might be comfortable with. 

I would also like some type of fleet management, like a dashboard where I can see multiple pfSense and their statuses. I'd also like that to be self-hosted. I don't necessarily want a cloud version of it. I'd like to host that at a parent site and have the satellite offices push their status there. 

I have to manage each of the devices individually. There is no interface where I can manage multiple devices. I wouldn't call it single pane of glass management. It does give me a single pane of glass for everything related to the boundary, including VPN intrusion detection, DNS, DHCP, VPN, and firewall rules. But it doesn't have that fleet management piece. I would love to see something like that.

The last thing that I would like is not a feature. It's Netgate as an organization. I would like more transparency from them when they make some decisions that sometimes appear to be made in a vacuum. Most recently, the change in licensing and some of those things did not go over well in the community in general. I think some transparency from their organization would be valuable to the community at large.

I've been using pfSense for around 15 years.

I rate pfSense 10 out of 10. I have never had a system fail in more than 15 years. I've never had one fail on-site. They are incredibly stable and resilient

PfSense is highly scalable depending on the hardware you buy. Their hardware is well-documented. If you buy a device designed to scale with your business needs, I don't think there would be any issues with that.

I rate Netgate support 10 out of 10. I have never had a bad interaction with any of their folks. They respond quickly, and their answers are always extremely thorough. 

Positive

I used the old m0n0wall, which I migrated away from. I have also used SonicWall and OPNsense in a lab environment and various Cisco and HP devices throughout my career.

PfSense offers the best bang for your buck from a feature and cost perspective. Many other systems have some cool features that either aren't necessary or are significantly more costly than pfSense.

The initial deployment is easy, and it's even easier once you've spent some time with it. If you buy devices from Netgate, they provide you with "zero to ping." 

Even if you have some kind of odd setup or something weird you can't figure out, you can call their technical support, and they will help you get online. They'll even remote into the device to help you get online or solve a problem, which is incredible. 

Now, I have a standard image that I use from a configuration perspective, so it takes me about half an hour. It is typically a one-person job. The only reason why I put a caveat on that is I am fully remote from all the services that I support, so I do need a person on-site to at least plug the thing in, but the rest of the setup is a one-person job. After deployment, it doesn't require any maintenance aside from standard firmware updates. 

I don't like subscription models, and unfortunately, the latestpfSense license, pfSense Plus, went to a yearly subscription model. I think yearly is probably the best of the worst because at least I can pay it once, and be done with it for the year. I would rather see either a one-time cost or something along those lines that would be at that price point. I think the costs for their hardware are reasonable. I wouldn't call them cheap, but I also wouldn't call them expensive. I think the hardware costs are reasonable.

I personally run a couple of black box or white box servers that are custom built using pfSense Plus that I've licensed, but all of the other deployments that I support are devices purchased from Netgate.

I rate Netgate pfSense eight out of 10. I recommend that new pfSense users join the community. PfSense has an active community on Reddit and a community forum. You can also get a copy of the community edition and deploy it to a virtual machine to learn it before you put it into production. You won't be disappointed.