Netgate pfSense Reviews

I primarily use it for hybrid home/business power usage at a very small scale. It is both home and business because of working from home. pfSense is serving us as the main routing firewall and network configuration tool. It is the front-end brain for everything in our mixed environment.

pfSense allows me to manage both home needs and business needs and keep them relatively separate or at least appropriately separate. A key feature was to be able to use a small-scale device. I am using Netgate SG-1100, which is built to run pfSense on an RM platform. It has low power consumption, and it is economical. I did not need massive amounts of compute power, but I did need the feature set that typically, you can only get in enterprise-grade product lines such as Cisco.

pfSense is extremely flexible. The areas where I find it very flexible are the sheer number of configuration tools that are available and the extra packages that can be used to augment the core functionality. Even within the core functionality, it is capable of adapting to a massive number of different scenarios and network environments and needs. You can adapt to the needs of your network environment to the outside with ISP and internal needs. You can accomplish what you want to achieve internally with the product. It seems to have pretty much everything under the sun laid out.

It is pretty easy to add features to pfSense and configure them. If I am adding something for the first time, the web GUI is the most helpful tool because the layout is pretty logical in terms of how the forms are organized and fields are named and described. There are help callouts, and, of course, documentation. I have always found the official documentation to be helpful, but it is not uncommon to do some forum searching and read the discussions. Other people might be following a workflow that does not fit quite cleanly in there, but they made it match. Typically, it is pretty easy. Some of the things that I have done with pfSense are not inherently easy processes, but I feel that pfSense has made them much easier than they would be on different platforms.

I was able to realize its benefits immediately. I am an IT professional, but my use of pfSense is not as an IT professional. It is more like a solo entrepreneur for my wife and her business. When I look at the network administration that I am doing here, it says a homeowner and a business co-owner. IT and networking are not the kinds of things I want to dominate my time. It should not be dominating my time spent. From that standpoint, I was able to get the baseline configuration set up so quickly when I first set it up about seven years ago. I definitely felt a big value-add with the configuration backup and restore process. The first time I broke something on pfSense, I was able to revert my last configuration very quickly. That was a big win.

In terms of pfSense helping to prevent data loss, auto configuration backup is probably the number one feature. When I think about data loss in pfSense, I would mostly be concerned with losing the configuration itself. Having my own backups but also having Netgate backups available for me to pull down helps. I just have to make sure I keep the encryption password, and we are good to go. That is a big win.

I use pfSense Plus. I am pretty sure that auto configuration backup is a Plus feature. I am on my second generation of official Netgear appliance, so my experience with the Community Edition is limited. I am not sure if this feature is available to others, but for minimizing downtime, having the auto configuration backup is a big one. There is a restore option for quick reverts if a change did not go quite well. They are incremental, so reverting to whatever snapshot or revision version I need to revert to is very easy.

pfSense does not give a single pane of glass management, but I also would not expect that because it is doing so much and is capable of doing so much. In my environment, it is managing so many different aspects of the whole Netgate, but there is not a single pane. I use the logs a lot, but I have to look through individual logs. I am not aware of any log aggregation and analysis components that are already baked into pfSense. As I understand it, I need to ship my pfSense logs into another system to do a higher-level analysis and insight querying. An area that I am interested in working on is effective outbound traffic filtering. It is on our priority list because it is a tricky one. You do not want to let any outbound traffic go, but you also need to be careful how you are filtering outbound traffic so that you do not break things you are relying on for your functionality. A lot of people use a web proxy, but that only catches web traffic. With smart home devices and business stuff going on, you have to pay attention to it. I am very interested in being able to analyze the traffic logs that are being captured by pfSense with an IO, the outbound traffic, and the existing and potential firewall rules that I have in place for those. My current efforts have been focused on doing so with a different product because I do not believe that pfSense delivers that. I honestly did not expect that it would.

iperf helps with performance. We are able to do iperf bandwidth tests as both client and server to various endpoints and turn on a quick listener and see what is going on with who can get where fast. The diagnostic menu list is probably the longest one in there. That is a good sign because it just means that they have got a lot of tools available for me to use if something is not quite working right. If I want to improve performance, I have to take a measurement and take a look at what is going on currently and compare that to what I would expect to see. There is a wide variety of toolsets. I am not asking for this because it is not the kind of system that I would want to run, but there is no troubleshooting or performance improvement wizard that kind of walks you in a logical step. I know that there is one initial configuration wizard that is meant to get people going quickly for the first time and in a fairly simple setup, but even that was not a great value to me because I want to get quickly into more advanced configurations. It has what I expect for performance tuning.

Being able to configure VLANs on such a small device is one of the key unique features that made it attractive to me.

pfSense is very flexible, but my only drawback in terms of flexibility is that it is web GUI-driven. I know that there are some shell interfaces, but it is not a very heavily developed API when it comes to automation or configuration-as-code management. I would love to see that developed in the future so that I am able to manage my network configuration in YAML and TOML text format, have those changes applied in a source code environment, and have those changes read into an API that could then drive the configuration rather than have always having to use the web GUI just to make some layout changes. Web GUI has its advantages, but there are times when being pinned into that workflow is less efficient.

They should support the idea of configuration management as code from source code and provide a more robust API for managing the pfSense configuration. I know that with the web GUI, everything is dumped into an XML file. That is how it is backed up, and that is how it is imported. It is machine-readable and all that, but it is not necessarily a modern data format that would be used with API typically. They are maybe thinking of moving to REST API and SQLite backend. I do not know what they have in mind. I do not really care how they do it, but I would love to have the ability to interact with my configuration and make incremental changes via source code and utilize the API to implement those changes and roll them back with configuration as code as a strategy for managing my pfSense.

It has been about seven years.

The device is rock solid. I have not had any hardware concerns or issues. I do not have to reboot it. If I am having some kind of network issue, I do not have to restart my pfSense. Why I wanted the free BSP base is that I know that the core layer is rock solid. It is possible that something could happen where I would need to restart, but it almost never does.

It may have been with the older device for which I have worked with them twice. I opened a ticket to get the download link for recovery firmware on the SG-1000, and they gave it to me. That was very easy. That was fine. They responded quickly, no big deal. I appreciate it. I did not really need support. It was something that I could not get directly from the website myself.

I am not sure, but when I bought SG-1000, I might have had to send it back. They sent a replacement. It was less than a year since I had it. I still had a full warranty on the hardware. At some point, everything froze, and all functionality completely stopped. I tried the power cycle, and it would not even boot anymore. They did the serial console connection, and it literally was not even booting. They opened up a case and verified the same symptoms that I described. They replaced the board and sent it back to me, and it worked. It was solid from that point for five years that I continued to use it. After that, I upgraded it. Every once in a while you get bad hardware, but I was glad I could just send it back. The biggest fear I have, and probably the only reason I still have the old one lying around is that if something were to happen to this hardware and I had to send it back for support, I need to be able to keep my network running in the meantime. Even as a home and home business user, you start to creep into that space where you start to think that this is critical. How do you get by without the Internet? I know that I could get Internet back up, and I could plug in any off-the-shelf routers lying around and get basic Internet service back up, but the question is how much work would I have to put in to restore other services that pfSense is performing. I recognize that I did not invest in a high availability solution for my home and home business, so that is just a risk that I have to take.

I would rate their support a ten out of ten. There is nothing difficult about it.

Positive

Prior to my first pfSense appliance, back in 2017, I was running DD-WRT, which is not a commercial alternative. It is an open-source project that does not even have a paid or commercially supported version. It is meant to be flashed onto OEM hardware as a replacement for their firmware. pfSense can be used like that, but Netgate is doing something different with the commercial support and building the appliances and all that. In terms of the baseline functionality, DD-WRT is very similar.

In terms of comparison, pfSense is much more robust. It is a comprehensive solution for networking needs that bridges the gap between a shelf router and building a full enterprise stack, which would be overkill. Most small businesses and home users would not want to do that, make that kind of investment, and keep that kind of compute running all the time. pfSense lands right in that sweet spot. I know that OPNsense and a few other software products are out there. There are some Linux-based ones. I am definitely a fan of pfSense being built on free BSD. That gives me greater peace of mind with the networking stack and everything. I am a Linux guy too, but when it comes to core services, I prefer free BSD. If I have to, I might just go with the vanilla, free BSD system and build it out with automation from scratch, but pfSense does all that for me. I do not have to do all that initial work. They have got the configuration and tuning done already.

If you have general networking knowledge and understand the terminology, it is very easy. It depends on how detailed or how extensive is your configuration and what is the target use case. Are you using a VPN? One of the features I use is OpenVPN.

I go through the box. I have a single WAN connection. I have half a dozen VLANs configured. I have a VPN remote access interface configured. I have got DHCP servers. I also have IPv6 configured. I have extra configurations for each interface that need to be considered, including the VLAN interfaces. There are also firewall rules.

You can start with the baseline, and you can get the thing up and connected to the Internet easily within five to ten minutes. Once you start doing your internal configurations and firewall rules, it scales pretty quickly. With a couple of VLANs, like I have, you spend another half hour to get the VLAN to spec out. With OpenVPN, you have to work on certification generation and certificate matching and exporting. Configuring the client's side tends to be time-consuming. If you have four clients, it could take another hour to three, and then there are firewall rules. It depends on how you write them. If you write your rules well, you do not need to have so many of them. It also depends on how you configure your space. I have a lot of interfaces and a lot of rules. With a good, clear plan and no guessing and backpedaling, you could probably redeploy what I did in three to four hours, but it would actually take longer because of mistakes, troubleshooting, and all that.

In terms of maintenance, I certainly keep up with updates from upstream and make sure that I am aware of any software updates that I need to install. I like to stay updated with patches and all that. That was the main reason I finally upgraded from SG-1000. It was no longer getting the updates. There is always a bit of extra maintenance. It is not because pfSense demands maintenance. It is because the environment demands continual maintenance and monitoring. Paying attention to logs is a healthy practice.

I always make updates via pfSense whenever I am making updates in the environment for adding new DHCP reservations for various hosts in the environment and other things like that. I moved my local DNS services from pfSense because I had to go into the web GUI and clumsily add in new host entries. It was getting burdensome. I just wanted to be able to do this in a text file like I could on a Linux server. You just add your entry to the host file and you are done. I moved to DNS services on the Pi-hole software. Pi-hole is a partial competitor because it does not do everything pfSense does, but it can do some of the things. It focuses on ad blocking and filtering as well as providing local DNS resolution. A nice thing with Pi-hole is that you can literally open up a text file and add your entries there, and they just start working. You do not have to move from a terminal-based workflow to get that change made. Clicking through a web browser is not my favorite. It is a disruption to a workflow. So, maintenance is directed by requirements in the environment.

I buy the appliance and accept whatever comes with it, but I am not bought into paid support. When it comes to the pricing of the appliances, they are pretty competitive. The price is pretty competitive.

I just bought a Netgate SG-1100. Within the past year, I upgraded my Netgate SG-1000 from 2017 to Netgate SG-1100. I looked at some of the higher-spec products, but they started to get pricier. For example, Netgate 2100 was a consideration. The difference between the 1100 and 2100 is double. I looked at the specs of 2100 and what it could deliver. I did not need all the extra specs. I do not need to perform at that level although it might be nice to have some extra ports on my box. I then looked at 1100. I could get by with those specs. It was an improvement over the tiny SG-1000 that I was running, so it was a win, but the question always is whether there is something competitive and similar that I can build for less money and whether it would deliver the same value. You can get these Small Form Factor PCs. You can get ARM systems and x86 systems and similar form factors. You can get them with multiple NICs already installed. This is more or less your hardware with no support. You get a warranty on the hardware, but they are not selling you the software. You put whatever you want on it and build your system. You can install pfSense CE on that or build your own router on a device like that. Why I chose to buy it from Netgate was the peace of mind of the full stack support because it is probably the most critical portion of my entire home network. I decided to invest a little bit more and trust somebody else a little bit more to have my back. Peace of mind comes from having bought the official appliance. It has a very reasonable and competitive price model.

In terms of the total cost of ownership, you have the hardware price. You are combining the price of any hardware support contracts that you may or may not be paying for and somehow estimating the administrative time that is required to actually manage the system itself and billing somehow for that appropriately. That is a tough one because that is where there is a gray area of home business usage. Aside from that gray area, the investment rolls off very quickly. I can recoup this investment within a year.

I would rate pfSense a nine out of ten. It is delivering on my needs. There is little room for improvement. They can just close the gap. You always want to keep closing that gap when it comes to usability, inconvenience, and meeting the workflow, but it is definitely delivering to my expectations very well.

I use pfSense at home, and my friends and family use it in their homes. I'm also the IT solutions administrator for a council of governance organizations, and I use it for them. I use pfSense Plus at home and the community edition at some of my friends and family's houses.

I pfSense Plus at home and use the community edition at my friends and family's houses. I have used the community edition multiple times in labs, but I use pfSense Plus for all of my enterprise applications.

I started seeing the benefits when I began playing with it at home 10 years ago. It was an immediate success when I put it in enterprise locations because it was much cheaper than WatchGuard. I was familiar with pfSense, so I quickly trained my staff on it. They know how to operate everything well in pfSense.

With pfSense, you can do a failover. I have used that before, and I see it as a benefit, but there are some drawbacks. You have to use multiple external IP addresses to set it up, but it works well. However, I don't use the failover anymore because of the price. You can have two of these things on the shelf, and in the event of a failure, you can get another one up within five minutes by throwing it on there, configuring it, and plugging it in. That's my failover plan for all my main locations.

PfSense's visibility enables me to make data-driven decisions. I love the way they do geoblocking. You can see where you're improving. The logging ability is diagnostic. You can see all kinds of data. For example, when I make a new rule, Immediately know what's going through that rule. That visibility is very helpful in knowing immediately if my rules are being applied correctly. 

The most valuable feature of pfSense is that it's a stateful firewall. I also like the way the rules are implemented on the firewall. It makes things much easier to see at a glance. 

PfSense is the most flexible device I've ever used. It's open-source software. I've used all the big names, including Palo Alto, WatchGuard, and Sophos. In terms of dependability, this is the best of them. 

It's simple to add and configure features and easier than some of the big competitors like WatchGuard. The front dashboard on pfSense is very customizable. You can get it at first glance. Everything you need to do is in that single box. It shows you if your LAN and interfaces are up. You can see what kind of traffic is going across each interface because they give you a traffic graph that you can do for each interface. 

You can see if your gateway is up and precisely how much data passes through each interface. I like how you can get direct visibility over your IP address updates. If you're not running a static IP address, there's another cool thing on the front page where it shows when the dynamic DNS updates. The way you can customize that dashboard is cool. I haven't seen that with other firewalls, and pfSense gives you good visibility at first glance.

I don't think pfSense's web filtering solution is the best, so I don't use it for that purpose. They could add a little better web filtering solution to pfSense. They have solutions in place, like SquidGuard, but they aren't very good. 

Another feature about pfSense I would improve is adding a single pane of glass management for multiple units I manage across the municipal district. I would love to manage all those devices through one single pane of glass, but that's not a deal breaker for me.

We have used pfSense for around 10 years.

I rate pfSense 10 out of 10 for stability. I've never had a Netgate system fail on me.

The scalability of pfSense is great. It costs very little to expand to multiple systems across multiple locations. It'd be better if they had a mass edit platform where you're running multiple systems. I've heard quite a few people in the community talking about that. I heard someone in France was developing a dashboard that gives you visibility across multiple boxes, but the cost of deployment is very cheap. It's easy to put boxes out there and write rules for them. 

I rate Netgate support 10 out of 10. Most of the tech people I have contacted seem to know exactly what they're doing. They've got, like, 10 people named Chris working support. Every Chris that I've ever spoken to has been spot on. Every once in a while, if I call after hours or something, I might get someone who isn't as adept at it, but they quickly escalate it to someone who can fix the issue. 

Positive

I have used Palo Alto, WatchGuard, and Sophos, and all the major competitors, but I would compare pfSense to WatchGuard, the one I have the most experience with. In my type of environment, pfSense wins hands down over WatchGuard because it's a stateful firewall. One thing I've hated about WatchGuard is that it's not a stateful firewall. It's rules in and rules out. You end up getting thousands of rules over a four or five-year period. PfSense enables you to put notes on your rules. 

If you have a question about a rule, you can read the note you made when you made that rule. Having the ability to document your rules in the dashboard has been a game-changer for me. After you have used a stateful firewall, it's hard to go back because it's much harder to make rules on both sides. 

Deploying pfSense is as easy as any other system. It helps that pfSense has a massive user community and some great YouTubers, so you can go to YouTube University and become a professional with pfSense quickly. You can learn to do some complicated edits and set up complex VPNs. It takes only 20 minutes from start to finish. For maintenance, you only need to update it when the updates come out and change the configuration of your rules as needed. 

PfSense offers huge savings. The price is the lowest in the business. The only thing you can use in place of pfSense is a fork like OPNsense. I'm more familiar with pfSense, so I never got on the OPNsense bandwagon. 

I rate Netgate pfSense 10 out of 10.

I use pfSense as my primary home router and edge gateway. My professional background is primarily in security engineering, though I focus more on pre-sales technical engineering. Due to my extensive experience in direct and security information management over the past decade, I leverage pfSense's capabilities to generate much of the data in my SIM system. This data is essential for laboratory purposes, testing, rule development, and use case creation. As a result, pfSense is a crucial component in securing both my home network and laboratory environment.

I appreciate pfSense's flexibility because I previously encountered issues with hardware reliability. While I'll eventually order dedicated pfSense hardware, I experienced consistent problems with SSD corruption. Frustrated with this, I considered switching to OpenSense. However, I discovered its potential after running pfSense in a virtual environment. The ability to easily create snapshots and recover from mistakes is invaluable. Ultimately, I've decided to continue using pfSense virtually due to its flexibility and convenience.

The ease of adding features and configuring them in pfSense depends on a user's familiarity with FreeBSD and network analytics. While I have extensive experience building firewalls from raw FreeBSD, pfSense offers a user-friendly interface that accelerates setup for newcomers. Its underlying FreeBSD foundation allows advanced users to access and configure low-level features. I appreciate pfSense's intuitive GUI and the secure default configuration provided during initial installation.

After the initial setup process, I immediately recognized the value of pfSense. The straightforward configuration questions provided a solid foundation, making the benefits apparent. While every implementation requires tailored adjustments, pfSense offers a versatile platform to explore various use cases. My primary focus was extracting in-depth information beyond standard firewall logs, such as detailed Suricata events and DNS server activity. As I delved deeper, I discovered pre-built packages that simplified data export to tools like Prometheus and InfluxDB, often meeting most of my requirements without extensive customization.

The advanced pfSense firewall rules offer significant advantages, such as implementing threat intelligence to block malicious actors from accessing our network. Configuring pfSense for radius or two-factor authentication can enhance security by preventing unauthorized access to our environment. These features are among the reasons I appreciate pfSense.

pfSense offers a centralized view of network data, but its built-in dashboards are sufficient for many users. As a fan of Grafana, I prefer a consolidated approach and could utilize pfSense data through either Prometheus or InfluxDB. However, extracting all data for central aggregation, as I'm accustomed to in threat management, aligns more with my preferred workflow. Nevertheless, the ability to customize dashboards within pfSense to monitor firewalls, DNS, and other critical services is valuable and meets the needs of many users, including those focused on point-of-service operations.

pfSense offers several features designed to minimize downtime, including failover, synchronization between routers, and ZFS snapshotting. While these tools effectively reduce downtime, I believe virtualization snapshotting and backups provide the best solution for my needs. Ideally, I would have multiple pfSense routers with a redundant setup, but budget constraints currently limit me to virtualization. Ultimately, the best approach depends on individual requirements and resources.

pfSense provides visibility that enables me to make data-driven decisions.

pfSense's visibility into system performance enables optimization at various levels. The initial user interface provides valuable information about RAM usage, active services, and general health. In contrast, more advanced users can access in-depth kernel-level data for granular insights into system behavior. By offering tools for novice and experienced users, pfSense empowers practical understanding and management of system resource allocation.

I appreciate pfSense's foundation on FreeBSD, which enables me to leverage additional FreeBSD packages for expanded functionality. WireGuard, a core feature I constantly rely on, facilitates my home and mobile devices' constant connection to my home network, allowing complete traffic monitoring and filtering. I value Pia ad-block's effectiveness in network traffic filtering, ad blocking, and malware prevention. Unbound's flexible DNS server complements the robust firewall, which is user-friendly and flexible for rule creation.

I've encountered persistent issues with the solid-state drives built into pfSense hardware devices. The devices consistently malfunctioned despite repeated attempts to resolve the problem, including complete reinstallation. Power outages significantly contributed to the issue, as frequent system corruption occurred following these events. Even after reformatting, bad sectors persisted on several drives across at least three purchased devices. Unfortunately, this has rendered some units utterly unusable due to recurring disk corruption.

While there seems to be support for virtual environments, I believe some modules specifically support VirtualBox. Unfortunately, I've had to customize my own setup again. To accommodate users on platforms like Proxmox, I need to install the QEMU Guest package to provide native support for such environments, similar to other open-source virtualization solutions like KVM. Out-of-the-box QEMU Guest support would be beneficial. I appreciate the inclusion of Suricata, Snort, WireGuard, and Telegraph, which work well behind the scenes. The Prometheus node exporter is also present. Having used pfSense for a decade, I continually discover new functionalities. Surprisingly, some features I needed were already available, but better discovery mechanisms within the product could help users explore them. I would like to see out-of-the-box QEMU support.

I have been using Netgate pfSense for ten years.

Stability has been a concern for me. Hardware-wise, performance has been inconsistent. Software stability has also been an issue, particularly during significant upgrades. I've encountered various problems that required troubleshooting. However, I've noticed a substantial improvement in stability and ease of use for upgrades and patching over the past year or two. While there have been occasional setbacks, such as with the new packet exporter feature, pfSense has become much more reliable overall.

The scalability is good because I started with a simple network, WAN, and LAN setup and expanded it to multiple LANs, VPNs, and internal networks.

Technical support has been good, especially for hardware issues. Whenever my image was corrupted, I could always count on them to send a new NISO image within a few days without questions. However, I don't need much support for configurations or other technical aspects as I prefer to experiment and learn by trial and error in my lab environment. That's the fun part for me.

Positive

I was going to move to OpenShift, but I never made the jump. Eventually, I think my saving grace was my ability to virtualize pfSense. Once I do that, I can bounce back from misconfigurations or something wrong. I have had no problems with pfSense since I got off the harness.

A skilled networking engineer unfamiliar with pfSense can easily configure a firewall. Setting up a NAT barrier between internal and external networks is straightforward; this functionality is included by default. VLAN configuration and other initial setup questions are addressed during the product's initial setup process, the specifics of which depend on the intended use case.

The average time to set up one pfSense box is 15 to 20 minutes.

One person is enough to deploy pfSense. 

I prefer the software licensing model. In contrast, hardware costs can be substantial; I once paid around $400 for a piece of equipment, perhaps two or three years ago. I believe they've made improvements since then, although I can't recall the exact model number, as I moved from the smaller SG 1100 to the SG 2100 to accommodate more advanced features requiring additional RAM. Unfortunately, I encountered another hardware failure with the latter.

The cost of ownership is low, especially when purchasing the pfSense Plus and virtualizing it.

I would rate Netgate pfSense eight out of ten.

I use the paid version of pfSense because I constantly was replacing faulty hardware. The previous physical appliances struggled to handle the network load, so I switched to a virtualized solution.

pfSense can be essentially set and forgotten in basic configurations, but utilizing advanced features like Suricata IDS and TF blocking necessitates regular maintenance to ensure rule updates and system synchronization. Consistent care and attention are required for optimal performance in these scenarios.

I recommend that new users keep things simple with pfSense. While I enjoy pushing my products to their limits, simplicity contributes to a more stable system overall.

We primarily use the solution as a replacement for commercial firewalls. We use it as an Internet Gateway Firewall product and use the VPN features.

pfSense helped solve the limitations of proprietary software. I find it frustrating when the hardware capabilities of a particular piece of equipment are doled out piecemeal for a fee. For example, when certain features are locked until you pay for them. The proprietary nature and the extra computing power that's used to basically enforce the copyright on some of the competitive products I resent. I like that this has a community option. I'm an open-source advocate. I started using Linux in 1999, and I prefer that developer model.

There are many capabilities within pfSense, that I've never used, and that's true of a lot of products. It's very flexible, and they have plug-ins.  You can add features to pfSense. It is moderately difficult. That said, the web interface is great.

I like that I can use it with OpenVPN. It's not licensed and is not run by some corporation that watches you.

It has an advanced file system so that you can configure it with multiple drives and have redundancy within the router itself. I've never used it as a file server. I've never used it as a data store. It's really more about security and not reliability.

It's keeping the bad guys out and allowing connectivity when you need it.

The configuration could be a little more intuitive. It's a little trickier to set up - things like the OpenVPN - than it should be. However, once you get this configured, it seems solid as a rock, and it just works. 

The solution needs better error messages in the VPN. It's kind of a bear to configure. That could be streamlined or smoothed out. That said, I do not do this 40 hours a week like some people. I wear a lot of different hats. Still, when it comes to configuring, it always seems to be a little more involved. 

I've been using the solution for three or four years. 

The solution has been very solid.The BSD file system is a little more fragile than a Linux file system. I've had situations where a power failure causes a hard drive not to get corrupted but to need to run maintenance on it when it reboots. However, that's not a pfSense issue. Overall, it's been great.

I'm not a power user. For me, the capabilities are fine. It runs pretty fast even on modest hardware. 

Technical support was good. It was way better than the twenty-four hours that the contract said. They usually get back to me in a matter of a few minutes. 

They are very good at answering and solving specific problems. If something doesn't work, you can give them access. They can figure it out and make it work. 

I was less satisfied when I tried to ask a question like, "Is this the best way to have this configured?" It's a slippery slope of going beyond the typical tech support and actually getting consulting on it. I understand that maybe that's not their problem. However, it did seem like there's this hard wall where they will answer specific questions, but they are not going to give you general consulting advice about how to use the product. That is a little frustrating. 

Positive

I've used SonicWall and I've used various commercial firewalls, for example, Cisco. However, I haven't evaluated other things in the same category based on open source. There are a lot of them; I haven't looked at anything else, to be honest.

It's easy to get it going as a firewall. It's moderately difficult to get the VPN features running. I was able to deploy it within a couple of days. 

Maintenance is needed for upgrades or renewal of certificates.

I managed the setup myself with the help of the pfSense support staff. 

I use the community version, although there is a paid version as well. I've also downloaded it, registered myself, and paid for it to get support. I'm not sure of the exact features that differ between free and paid. 

I'd rate the solution eight out of ten.

The only shortcomings are somewhat obscure configuration issues. However, the scope of what they're trying to do is very good. While there could be more polish on some configurations, it's very capable and very flexible. 

If I had to do it over again, I would probably have actually gotten the hardware from NetGate. You're paying for the support, and bundling the hardware and support together might be better. I sense that you'd kick yourself up a notch in terms of the priority that they give you. Not that there's ever been a problem. Getting the hardware directly from pfSense might cut out the middleman and reduce the possibility of issues when something goes south. Other than that, I'm a pretty fairly satisfied customer.

We currently use pfSense firewalls at our branch offices and central server locations. I have implemented TAC enterprise support on three of these firewalls, with the installation of the third scheduled for this weekend. Our network infrastructure relies on VPN tunnels between sites, and I have successfully deployed an always-on OpenVPN solution that significantly outperforms our previous SonicWall VPN system.

Installing packages on pfSense is straightforward, although the quality of package documentation varies. While I understand this isn't Netgate's responsibility, the installation and configuration process for these packages is remarkably user-friendly, relying almost entirely on the GUI. In my experience, I've rarely needed to resort to the command line, but I'm certainly not averse to it when necessary.

I immediately recognized the advantages of pfSense. Its ability to support custom hardware installations allows me to tailor solutions to the specific needs of each branch location. While I've had excellent results with Netgate's pre-built hardware, the option to construct higher-specification systems myself, all while maintaining support, is incredibly valuable. The difference compared to our outdated SonicWall is night and day. I previously built a pfSense firewall on a Dell server for a business handling high traffic volumes, and its performance was exceptional.

pfSense helps me prevent data loss by utilizing firewall aliases and other DNS-based filtration methods to block access to shadow IT and third-party cloud data transfer sites, providing some control over data movement.

While pfSense doesn't offer a centralized overview of multiple firewalls, it provides extensive customization options for each firewall's homepage. This allows for detailed monitoring of VPN tunnels, interfaces, and other components. I appreciate the ability to add, remove, and customize widgets on the homepage for tailored information display.

Helps minimize downtime. I have set up the high availability with one location, which works flawlessly.

Provides visibility that enables us to make data-driven decisions about network capacity, including throughput and the ability to handle traffic.

pfSense has significantly improved our performance by optimizing our always-on VPN. The recent release of the OpenVPN data channel offload feature, which was quickly adopted and supported by Netgate pfSense, has revolutionized our Windows laptop VPN solution. This new feature is nearly ten times faster than the previous OpenVPN without data channel offload, and its thorough documentation encouraged us to implement our always-on VPN ahead of schedule.

pfSense's greatest strength lies in its customizable package installation, detailed logging capabilities, and ability to manage log history, including sending it to Vault Logs via Syslog. OpenVPN support is exceptional. When I inquired about setting up an always-on VPN, the engineer swiftly and fully understood my needs and provided expert guidance. Netgate support's in-depth knowledge of included features is truly impressive.

I would like clear guidance on supported network interface cards, including detailed performance metrics for various models. While I understand the focus on selling appliances, more comprehensive documentation for those building their own systems would be beneficial. Specific throughput numbers and other statistics for Intel, Broadcom, Mellanox, and other cards are needed. Additionally, reinstating the ability to visualize long-term RRD data through built-in graphs would be valuable, as the current live traffic display offers limited insights.

I have been using Netgate pfSense for ten years.

I have not experienced any crashes in the production systems. The only crashes I've encountered have been while running unstable development builds, which is expected. However, excluding power outages, pfSense itself has been one hundred percent reliable in my experience.

If you invest in hardware capable of handling increased bandwidth, performance remains unaffected. We haven't observed any spikes in CPU utilization or memory usage. Even with a jump from a 50 megabit to a 500 megabit internet connection and approximately 65 active VPN clients, our firewall operates smoothly without any strain. Our small businesses handle the load effortlessly.

I have exceptionally high praise for the Netgate technical support team. In the three or four times I've called support, I've always reached an engineer within 20 minutes, which was the longest wait time. Every time, they've quickly addressed the issue once verifying firewall support. Their knowledge and willingness to assist are impressive.

Positive

I have experience with FortiGate, Dell, SonicWall, Cisco, and numerous consumer-level firewalls. While I am not the most seasoned network engineer, I have worked in the field for a considerable time, encountering a variety of solutions. Among these, pfSense stands out as exceptionally customizable and intuitive. Given the inherent complexity of networking, pfSense has made the subject as accessible as possible.

Deploying a pfSense box is straightforward when I'm physically present. Remotely guiding someone unfamiliar with operating system deployment presents more challenges. However, on-site deployment is remarkably easy, even simpler than installing a Linux server. 

Deploying a Netgate pfSense appliance is straightforward, even for network engineers without experience with the platform. The setup wizard is intuitive, requiring minimal networking knowledge. Subsequently, the configuration interface is user-friendly, allowing those with moderate networking experience to navigate and manage settings efficiently. Building a custom solution would depend on hardware expertise and operating system deployment skills, but utilizing Netgate appliances is notably easier.

The Netgate appliance I recently purchased took less than an hour to install, with most of that time spent gathering necessary information from the internet provider.

pfSense pricing is reasonable. Whether purchasing appliances or support, I hope they're charging enough to sustain their exceptional support services. Whether you opt for a bundled appliance and support or standalone support for a custom-built device, the pricing remains impressively fair.

When considering the total cost of ownership, pfSense is a compelling choice for a solution that incorporates firewall, VPN, and router functionality. Initially, I explored purchasing the OpenVPN access server, which would have required a virtual machine due to the lack of a dedicated physical server. However, integrating the VPN endpoint into the firewall aligns better with our design goals. It eliminates the need for a separate VPN appliance, resulting in significant cost savings and improved performance. Testing pfSense with OpenVPN in a virtual environment confirmed that it operates more efficiently on bare metal hardware. Moreover, the licensing cost for the OpenVPN access server would have been comparable to the support fees for pfSense.

The TAC enterprise support is $800 a year per firewall.

I would rate Netgate pfSense ten out of ten. If I could choose a product that was among the least frustrating and nearly flawless I've used, pfSense would likely be at the top of my list.

In addition to initial configuration tasks like routing and applying patches, minimal maintenance is required. Once the interfaces are set up, we configure firewall rules and are ready to go. Patching will be necessary for all platforms, but no specific requirements exist beyond standard practices.

The tool is partly for home-based usage and partly for business usage. I am in the IT industry, taking care of the security and technology parts. I also run a private business in my spare time when I am not working. I use Netgate pfSense as my firewall to separate those two entities: my home and business. I also participate in providing server space for projects involving Azure Flex and Azure Core, which is kind of like an AWS situation but in a more centralized manner. I use Netgate pfSense to ensure that everything is separate. I use Suricata to weed out any malicious type of activity and to keep an eye on just to ensure that all the other functions, both personal and business-related, remains unaffected, intact, and devoid of any type of attacks or the other type of malicious kind of activity.

The product has helped improve my organization's environment and personal environment since before the use of Netgate pfSense, and I really didn't even have a hardened firewall. With the implementation of Netgate pfSense, I am able to monitor my various network streams, so I have my servers, VLAN, my home VLAN, EMC, my WAN, and the specific VLAN for IoT devices. I even segregate some of my outgoing intranets as well, and I see how Netgate pfSense has allowed me to have a full and high-end visibility of a lot of the traffic that comes and goes, which for me is important because part of the job that I do is crypto related. When dealing with crypto-related business, you need to be careful as far as what you allow in and out of your network.

I wouldn't say the simplicity of the tool is its best feature. In a way, there is a simplicity to it, but I like the expandability of the packages that could be used. I like the data and the information that I can collect while observing network traffic. The whole layout of the application is pretty decent. The tool is not super expensive. It is quite an affordable tool. There used to be the free Netgate pfSense Plus that was provided earlier at one point, and I understand now, of course, that it is based on the yearly licensing model, and I think that took a lot of people aback. There is not a lot of money to be paid for the tool, and you get more than what you paid for, especially if I think about its use and consider what it does.

If I assess the flexibility of Netgate pfSense, I would say that I can not just run a firewall, but I could use HAProxy and run a bunch of other kinds of server-based applications that normally would occupy a different server, so it amalgamates a few services into one package, which is nice single point of contact. I like not having to go to two or three servers to run the services needed, especially the ease of the firewall, as far as the creation of rules and the security aspect are concerned. The updates that come in are pretty decent, and though not too often, they are often enough to keep things secure. I like the tool's flexibility in the sense that you do not have to buy an appliance. You can put it on your own hardware, and it can be very simplistic hardware with simple configurations. There are a lot of abilities to be used in the product, and benefits can be gained from the tool without having to incur a huge upfront cost in purchasing hardware. If you have a computer lying around, you can easily install it, and you can go with it. With the tool's free version, you can use the tool for free. It is quite a friendly tool in the sense that it provides access not only to regular people but also to high-end corporates and business individuals.

Getting extra features or added packages in Netgate pfSense is very easy since the GUI and the menus basically take care of everything. When you go to do the installation, you see the log messages come up, and it's very clear when it is complete. It is a pretty simplistic process.

As per my assessment regarding Netgate pfSense's role in helping prevent data loss, I would say that as far as data loss is concerned, I think part of it is the firewall preventing access to my network shares aside from the typical kind of blocking ports and not allowing traffic. I think very much the segregation of the VLANs is possible, and my server VLAN will have all kinds of data, information, databases, and file repositories, and all of that is completely segregated from my DMZ. Any kind of the shared services that I offer or kind of crypto-based services that I do, the connections, both incoming and outgoing, can't gain access to my server VLAN at all, and such segregation really protects my data aside from some of the built-in, immutable type of services that the kind of network repositories that I have that do outside of Netgate pfSense. The key thing actually is just keeping things separate and being able to get alerts if something funky is happening.

Netgate pfSense gives a single pane of glass management view since the dashboard is always the first thing that I look at, and I have got to configure it in a way where I see my traffic graphs. I have the gateways and interfaces that I look at, along with the interface statistics, services, and a lot of other functions that I can quickly just glance at, including my Suricata alerts, the filtering, and other alerts. I can look at the UPS and the run time for the battery. I could take a quick glance and kinda see all the information I need without getting too deep, making the tool's dashboard a pretty cool feature. It really saves a lot of time.

I use Netgate pfSense Plus. I generally have experienced zero downtime with the tool. If there is some downtime, it is because of my own doings. As far as the benefits of Netgate pfSense are taken into consideration, I can see it has a lot of the extras that you get, and it worked. At a certain point in time, Netgate pfSense Plus was free to upgrade. I don't remember how much Netgate pfSense Plus and pfSense CE software differ from each other, but I know they differ quite a bit. The one thing I will say is the major difference that I have used is the boot environment. If I am doing an upgrade, I will basically take a snapshot of my current boot environment. Even though it does it automatically when you do an upgrade, I just take another backup. If I do something that is a very specific change that makes me a little nervous, I take a snapshot, and then I always have something that I could boot back into if things go horribly wrong, which is a big plus and one way of eliminating downtime since you can go back to a previous instance that is fully functioning.

Speaking of whether the tool provides visibility that enables our company to make data-driven decisions, I can check my graph, and through monitoring, I will be able to check my WAN and see the quality of the WAN to the point I was utilizing a router or modem provided by my service provider I was able to through the graph when there was a drop in the traffic and the quality of the connectivity, and that led me to basically scrap the modem and actually configure my own setup to get the internet into my home.

In terms of the total cost of ownership of Netgate pfSense, I think that for somebody like me who uses it in a cozy home corporate business environment, it is quite an affordable option. The tool is not expensive, and when it comes to the cost of ownership, if you have something lying around, like an old server that I repaired for Netgate pfSense. The benefit is that I am able to put it on an older server, so there are no hardware costs. The tool is not something that would go into a landfill. I think that the tool has been quite affordable and has paid itself over quite a few times. You could go cheap and use an ASUS router at home, which a lot of people do, but it may not have the stability, and it doesn't have the kind of horsepower on your engine speed or expandability of a polished product like Netgate pfSense.

The maintenance that is needed in the tool is just to make sure that the tool is up to date. It's not necessary to do the maintenance, and it's not just about updating Netgate pfSense but also updating the packages. It is great that you have a good product that can keep your environment safe. If you don't patch or have unknown vulnerabilities that surface, then you will end up wasting your money. I do have a patch process, so I check at least once a week for new installs or packages or if there is a version released and apply them shortly after. The total time to install the tool is probably a couple of hours in a month.

I

There are a lot of features I want to see simplified in the product. I want to see the licensing model part to be improved in the product. Those who need to do certain functions from their house would purchase Netgate pfSense Plus while configuring their machine, but if they have another network added to it, then it would basically change the ID of the device, and they have to go and request to get relicensed. Netgate pfSense will help you with the relicensing part for one time, but if you need to do it a second time, then you will have to pay for a new license, and that, to me, is not very fair. I think if you have paid for a year of service, it shouldn't matter how many times you need to request to rekey the license as long as it is not every other day. Two to three requests in a year shouldn't be an issue, and if I add another network card, why should I pay for a new license when there is not much of a difference.

The only thing that I would like to get some better utilization of is the ability to do free switching. If I need to go between different VLANs, I have VLAN 19.1 and VLAN 19.2, and I strictly use Netgate pfSense, but it doesn't route very efficiently and works quite slowly. I understand that it is not the router, but a lot of times, Netgate pfSense advertises it as a tool that is able to route traffic. I had to go in and purchase a separate router to manage my internal VLANs because Netgate pfSense was just choosing between the VLANs I had.

I have been using Netgate pfSense for a year and a half. I am just a customer of the tool.

Stability-wise, I rate the solution a nine out of ten.

I haven't had an instance where the tool has gone down, and if it has, then that wasn't my fault. The stability is there in the tool. I have had the tool p and running a few times, and the only time I have had to reboot it is when there was a new release.

The scalability is really dependent on your hardware. If I want to scale it up, I can throw in network adapters, more memory, more CPU, and scale it up. It is quite a scalable tool, and it is really just dependent on what you throw at it. Scalability-wise, I rate the solution an eight out of ten.

The solution's technical support is not bad, and they are pretty quick to respond. It is quite average as far as the technical part goes. There has been no bad experience with the support team. I rate the technical support a seven out of ten.

Neutral

I tried using OPNsense but I didn't like the whole approach, the menu system and the way it was configured. Netgate pfSense made more sense to me in a logical manner.

The product's initial setup phase is fairly straightforward. If you install an operating system, then you can install Netgate pfSense, so there is nothing to it.

The solution is deployed on an on-premises model.

The basic installation of the tool takes less than an hour. The configuration part is something that you figure out as you go ahead with the tool, which obviously takes a bit longer. The basic installation is quite quick and can be done in less than an hour.

For me, considering how much I put into the tool, right now, I would say that the ROI is around 25 percent.

When it comes to Netgate pfSense, I use the basic TAC Lite license, which comes for about 100 USD. I don't think Netgate pfSense is expensive at all. You could look at other services that offer similar types of configurations, and you can see it may cost in the thousands range. Even though I want something for free, I think it is quite a reasonable tool. The only qualm I have with the tool is that it is a little stingy on how many times they have to rekey a license.

I would recommend the tool to others since for me, it is simple, the low cost of ownership, expandability, just the way it looks, I like the numbers, and when the data is there, you throttle how much information you want to see or collect. For somebody who likes to tinker or likes to see the numbers or wants to harden their network or has a corporate business and wants to ensure things are operating smoothly, the tool is worth it.

I rate the tool an eight out of ten.

I am using pfSense for its firewall, gateway, and intrusion detection. I used the Community Edition for years and then switched to the pfSense Plus free-from-home edition. There was a bit of turmoil when IXSystems announced that they would no longer offer the free-from-home edition

We immediately realized the power when we deployed it a few years ago. It exceeded our expectations. As time went on, I discovered more features in the different packages they provide and whether they fit my needs. Over time, it's been a learning process, and I've been greatly impressed with almost every aspect of this product. It has all the things I wanted but found lacking in other products.

All of the features work together to prevent data loss or any compromise of your data. It all boils down to the rule set. I have mine configured so that all the data goes out depending on my Netgate device. Some machines go through a particular VPN connection. If that connection goes down, I've got the rule set configured like a dead man's switch. It's cut off from the outside world, and I get an alarm, and it allows no more attempts to let traffic pass through that connection.

It helps to prevent downtime. Whenever there is an issue, it's the first place I look because I can check the statuses of various interfaces to check whether they're up and then zoom further out to see if it's something in my internet provider, like a faulty cable. It enables me to reduce downtime by quickly determining where the problem might be.

PfSense provides the visibility I need to make data-driven decisions. For example, if I have a spike in bandwidth usage, it shows me which devices on my network are suddenly eating more bandwidth. I can see what's causing that. It also greatly reduces the time spent maintaining my network, so there's a productivity boost.

PfSense has a learning curve, but once you've mastered that, it isn't that difficult. It's very flexible, and you can do almost anything necessary to secure a home network. It has packages that expand its capabilities. For example, you can install Snort if you want intrusion detection. If that's unimportant to you, you can use it to check the bandwidth of all the machines in your network.

Adding features is simple. You go into the menu to check which ones are available and click on the ones you want to install. If you've done your research on the packages you want and the settings you'd like to use, it's a matter of walking through the configuration in the menu. When removing the package, it will revert the settings 99 percent of the time. 

I like the interface. You can arrange the windows to see the important information and put them in the order you want. You can see the various interfaces you have at a glance in a single pane of glass. I have certain bits of information I want to see first, and there are secondary or tertiary pieces of information. If you are using VPN connections, you can see their statuses. You can see hacking attempts, which are logged. 

It's powerful. You can get quite granular in setting up a highly topical application of pfSense, but if you want just basic protection, you can do that easily. It depends on your needs and how brave you are. You can go deep into the system and do some cool things with it or set up the bare protection you would get from any firewall.

I'm trying to set up a gaming server for multiplayer games like 7 Days to Die. I spent three or four days trying to publish a private IP address through pfSense to the outside world. Some commercial and consumer-grade routers can do this, specifically gaming routers, but pfSense is not intended for this usage. 

That's a feature I'd like to see added, where you can go into a submenu, turn it on, and specify which machine or IP address you want to publish. It's not a must-have, but it would be nice to have. I spent a long time trying to figure that out. Ultimately, I was successful, but it was not intuitive.  

I have used pfSense since 2016.

I rate Netgate support 10 out of 10. You must have a license for pfSense Plus, and I called them about an unexpected hardware issue that caused me to switch machines. I emailed explaining the situation and got a response the same day. I provided all the information on the new box, and they gave me a license. It was a pleasant, non-stressful experience. 

I have used Smoothwall and a few other things that have been abandoned. I liked the look and performance of Smoothwall's interface. It had many of the same features as pfSense, but its capabilities weren't deep enough. I've also used basic Linux distros set up as firewalls, but pfSense is oriented toward an enterprise-level deployment, and I find myself between hobby and enterprise. I also like the added features pfSense provides. 

I am not using a Netgate appliance. I deployed pfSense on a very small machine that has plenty of RAM for the overhead, logs, and speeds I want for my network. 

When I first installed pfSense, there was a bit of a learning curve. I had to sit down with the documentation and figure out what to do. It wasn't difficult— just time-consuming. That information has carried forward with me. Other people look at me like I'm some kind of expert but I'm really a few pages ahead of them in the manual. 

PfSense isn't something you can turn on and forget about. You need to configure the solution and test it. Then you can turn it on and let it run. From time to time, you have to come back periodically to make sure everything is still fine. The initial deployment takes about 30 minutes. It was a one-person job.

I would like to see the price of pfSense lowered by about $50, or maybe they could create a category for home lab users like me with one device. I'm not running a business or profiting from it. I realize that people need to get paid for the work that they do, so I can't complain. They decided that they needed to change their model after providing the product for free for many years. 

Before they changed and started to charge for pfSense, the total cost of ownership was phenomenal. It still offers tremendous value, but that was an adjustment. You can choose to go back to the community edition or just pony up the money.

I rate Netgate pfSense nine out of 10. I only give it a nine due to that recent issue setting up the game server. I eventually figured it out and published my solution to the forums. Otherwise, it would be a perfect 10. 

I use Netgate pfSense personally at home and the data center, our headquarters, so it is for enterprise and personal use.

The most valuable feature of the solution is that it is an open-source tool and is available at a very low cost.

In terms of flexibility, the tool is great, especially the fact that it is open source. On Netgate pfSense Community Edition, people can write stuff into it and get plugins for it. Netgate pfSense Plus version does a review process with the help of Netgate, so you don't have to have many plugins for it. The tool is very open to modification if you need to do that.

The benefits related to the product can be experienced immediately after the product is deployed, especially in terms of the speed improvement and features that we don't have with the current solution or the current technologies that we don't have with our current solution.

To deal with data loss while using Netgate pfSense, you can always export the logs or dump them into a log server, specifically a Syslog server. I don't really view the boxes in the data warehouse other than the logs. There are features in the tool that we can send out to the syslog server, which is what we do in our company.

In my enterprise, we are getting ready to push out two hundred devices, and I don't see a single pane of glass management. I don't necessarily consider Netgate pfSense to be an enterprise product because it doesn't offer a single pane of glass management. With Netgate pfSense, you have to touch all devices to make a change. My company has been messing around with Netgate pfSense for some scripting on it, but it is still not what I am used to using in the enterprise. One window for controlling all devices doesn't exist in the tool.

Netgate pfSense provides features that help minimize downtime since it offers high availability on the boxes. You can use multiple WAN interfaces, so multiple ISPs can be plugged into your device to help manage if the service from one ISP goes down.

Netgate pfSense provides visibility that enables our company to make data-driven decisions since it offers graphs, traffic graphs, and firewall graphs. I can see if there is a client on the network that is just flooding everything. Yeah. The tool has graphs, charts, and log files.

The visibility of Netgate pfSense helps optimize performance. If I see there is a network that is a guest network that is just maxing out at 100 percent, I can attempt to give them some more bandwidth. I can modify the quality of service to give them better or more bandwidth.

With the inclusion of firewall, VPN, and router functionalities, if I assess the total cost of ownership of Netgate pfSense, I would say that I get what I pay for when it comes to Netgate. I get more than I am paying for, meaning the return on investment is great. I feel reluctant to talk about the good return on investment experienced by my company from the use of the tool because I don't want Netgate to charge more money, and as a non-profit company, it can hurt us. The total cost of ownership is fine since our company does not have to spend a lot of money on it. I know that if there was a Linux conference three or four weeks ago, and they were giving me some grief points on how it dies after buying boxes from Netgate in a year, it dies, but I have not experienced that. My total cost of ownership is great. Other people would buy the box, which would die in a year, so they would just lose money.

Netgate pfSense needs to have a single dashboard for managing all devices.

As an enterprise customer, I expect Netgate's sales personnel to inform me of the new devices that are coming out. For example, there was a time when I was getting ready to buy a device, and then I thought that I needed to hold on, and so the order failed. I thought I needed to wait a few days before ordering a new device. I was getting ready to order another device, which was Netgate 1541, but after two days, Netgate 8300 was released, and it was far better than what I was getting ready to buy. I was really disappointed that the salesperson from Netgate didn't ask me to hold off on my decision to buy Netgate 1541. You don't have to tell me that something brand new is coming out if you don't want to spill the beans or anything like that, but it would have been nice if Netgate had asked me to hold off on my decision to buy Netgate 1541. I was getting ready to buy a product that would have been, immediately two days later, an old technology. I just expect more from a salesperson. When going through Netgate's website, while trying to buy Netgate 1541, I saw there was a list of features at the bottom of the product page, so I had to select the features I wanted, but I couldn't have all the features at the same time, and the website would prevent me from adding extra features, which actually was the cause for the order to fail. I had added features that you can't have at the same time, but nowhere on the website did it say anything like that, and that led to a delay in my time frame. I was trying to get something to solve a problem at a certain time, and then it wasn't until a day later, a day and a half later, that Netgate called and said that I couldn't have all of the tool's features, which was something that messed up my installation time. Issues with the product are associated with feature requests. It is not necessarily the box itself but more of the company that needs to consider improving its approach. For the box itself, everything in a single frame should be released.

I have been using Netgate pfSense for five to seven years. I am a customer of the product.

I haven't had any device crashes yet. The stability is great. I have not had a device crash. When there was a device crash, it was for the one at my home when we had five power outages, and it burned my hard drives, but that was not because of Netgate's box.

It is easy to scale up. I will be visiting a site soon that has Netgate 1100, and I am going to put in a Netgate 4200 over there. I don't think I am going to have any issues. I will be able to copy things off the config of Netgate 1100 and dump it on Netgate 4200 with a few modifications. The tool's scalability is great. If I need to add a drive or replace one of the hard drives in the tool, then that is something that can be done easily.

Based on the customer support for our account to figure out why an order didn't get through or why we can't get this part, we have contacted Netgate's team, but not for actual support. The tool's community is fantastic, and it is one of the driving pieces that I sell to my decision-makers, considering that the community supports the solution. With community support, I am not just calling out to five or ten people. Instead, it is possible to reach out to the world to respond to an issue that might have been of a lot of concern.

I have never contacted the tool's technical support team for any technical support, but it was just a question with my order.

I have experience with Juniper, NetScreen, OPNsense, Cisco, and Meraki. If I consider the box itself, Netgate pfSense is better than the other tools I have used. 

From an enterprise perspective, I can't say Netgate pfSense is better than all the tools I have used because it doesn't have that enterprise management capability. As soon as they get that enterprise management capability, Netgate pfSense is the best out there in the market.

The ease or difficulty in the tool's initial deployment phase that one may experience depends on the box. If I speak about Netgate 1100, I believe that using a switched network interface or ports can be a little more challenging than trying to work on VLANs. The other boxes that aren't switched, like Netgate 4100 and the models above it, work perfectly fine and function as I would typically expect, so the installation is not hard at all, but you do have to know networking. I always hire people, and they are used to having stuff done for them when it comes to tools like Meraki. You just plug it in, and it works. The people I hire have no idea how to do any type of networking or act as IT or MSP professionals, and they can only work in the framework for which they have been trained. You do need to understand fundamental networking technology to make the tool work. For me, the installation is easy. If you don't understand fundamental networking technology, it can be hard to install the tool.

One person can manage the product's deployment phase.

There is a requirement to maintain the product since we have to touch each and every box to do software updates. The tool does require maintenance on our part.

I use the Netgate pfSense Community Edition and the paid version called Netgate pfSense Plus.

Netgate pfSense Community Edition is great and free. For Netgate pfSense Plus, we have to buy Netgate's boxes, and the pricing is great. As a non-profit organization, I would like to have a discount from Netgate, but if you are ready to buy a hundred boxes, it would be nice to have a discount. I understand that Netgate pfSense does not charge a lot more for the box than what we are paying for them. The pricing is fine.

In terms of how difficult it is to add features to Netgate pfSense and configure them, if I talk about writing from scratch, it is something that I don't do. If someone has a plugin, pulling that in is ridiculously simple. If I say that I want a Tailscale plugin, then I can put it in, and it is already in the system, and as long as I know how to do networking, you can figure out how to use a plugin since it is not hard at all in regards to Netgate pfSense Community Edition and Netgate pfSense Plus.

I have not used Netgate pfSense on Amazon EC2 virtual machines.

One needs to realize the difference in the switched version, and to do so it is important to understand Netgate 1100 and Netgate 2100 and the individually addressable ones since it is the area that threw me when I first got Netgate 1100, I was like, what in the world am I working on currently. Managing the VLANs on the tool threw me a ton, and it took me about an hour to figure out what was going on with the solution.

As the tool really needs centralized management, I rate it an eight to nine out of ten.