Netgate pfSense Reviews

We use pfSense as an edge router for customers. I use pfSense Plus. We're using Netgate boxes preconfigured with pfSense.

PfSense gives our customers high security, and it's easy to implement. Most customers are looking for a VPN, so we set up a static IP that makes the VPN easy. The benefits of pfSense are immediate. It has a few features that prevent data loss, such as backups and creating rules. It does packet inspection to ensure large known malware does not get through to the end users.

It offers features that help us prevent downtime, but that doesn't apply to our customers. It has failover, so if an internet line were to go bad, you could failover to another line. That doesn't apply to our customers because they can't afford a second internet line. 

I appreciate the depth of what you can do with pfSense and the simplicity of the initial setup. One thing we've done is create an image, and when we get a new customer who needs a device, we can put that image on there. The image gets them up to 90 percent of what we need them to have, and we only have to customize the remaining 10 percent. PfSense is incredibly flexible. It's complicated, but it's incredibly flexible.

We do a lot of managed services and are currently trying to get people off of L2TP VPN. Apparently, we can download a mobile config file from a configured NetGate device, and we're primarily Apple. We've experimented with it on a device that's not a production device, and we can't seem to get the phase one IPSec set correctly so that the Apple config will accept it. 

We've tried looking at the documentation but haven't found anything. While it's not the highest priority, it is rather frustrating. We'd like to do this, and the feature is right there, but we can't get it configured. We certainly don't want to try it on a production machine because it will break the current VPN. 

I would like to download the Apple mobile config so that I can tell it to configure my VPN connection to do that. We have some cross-platform things. So there's also a Windows VPN. You can download a script or a PowerShell, put it on a Windows machine, and it can connect to the VPN. It would be nice if I could say I want Mac only, Windows only, or both. I wish it could configure the IPSec phase one and phase two, or at least give me solid instructions on how to configure that.

It doesn't supply out-of-the-box visibility to drive decisions. You get 75 log lines, so if you're trying to troubleshoot something, you have to look at one log and then another. It integrates with SysLog systems, but our customers are not at the level where they want to pay for some third-party SysLog system. Usually, we can get things taken care of fairly quickly.

I would like to have the ability to control all my devices from one place. With Ubiquiti, you can get a controller that allows you to control all of your Wi-Fi devices, switches, and routers. From one area, you can switch to that customer and see what's happening in their environment. That's not part of pfSense. I understand why it's not because pfSense is open source and community supported. That's something that someone in the community needs to pick up and run with. It's not something the pfSense can easily implement. If they could, that'd be great.

I have used pfSense for 12 years.

I give it an eight out of 10. I've never had any lag or downtime.

The higher-end boxes have a lot of scalability. You can run pfSense on a Unix box and add cards or all sorts of things. If you had a powerful Unix box and hot spot-able, there would be a lot of scalability to it. I primarily use their Netgate appliances from the 1100 to 2100 hundred, so the scalability is limited. 

The old 3100 had a lot more scalability than its replacement the 2100. But the next step up now is to the 4100, which gives you an additional preconfigured WAN port that allows you to easily separate networks. It jumps from $400 to $900.

I rate Netgate support eight out of 10. They're great. I called about an issue with a bad box. They answered the phone and I got somebody who was highly familiar with the product. He had me try several troubleshooting things, identified that the box was bad, and got me a replacement. 

Positive

We’ve used SonicWall and switched due to cost. Though SonicWall is easier to manage, the on-going costs are prohibitive.

The deployment difficulty depends on what you need to do. Let's say you get a box and plug it into your network, but you can't get it to work, so you call the folks at pfSense. They will help you configure it so that you can ping a remote device. That's pretty easy. 

I gave one of the pfSense boxes to one of my people who has minimal knowledge about setting up network devices. He could get it to ping in about 25 minutes. Then, I asked him to add a VLAN, and he's still working on that. That's been two and a half months. If someone needs something to put on their network, it's pretty easy, but if you want the full benefit of a firewall, it may take a while. One person is enough to do it. After deployment, you just need to do some periodic firmware updates. 

PfSense's pricing is reasonable. However, support is relatively expensive for smaller customers, and you need to pay per device to get it. So if Customer A is having an issue, I have to get support, and then I have to get support for Customer B, and so on. It would be nice as a managed services provider to get support for my company rather than individual devices.

I would compare the total cost of ownership to SonicWall. We can compare the basic functions of the Netgate 2100, the model we use most, to the SonicWall 3500. They have very similar functionality. The cost of the 3500 was closer to $4,000.

I rate Netgate pfSense eight out of 10. I recommend doing a lot of research or spending the $500 to get the extended support. 

I was looking to improve my security posture. Bottom line, I just wanted really high-quality cybersecurity. When I look at appliances for cybersecurity, they can get up to almost seven figures for some businesses. So, this was a good compromise for me.

It optimizes performance right away. That is apparent to your everyday user. It makes the whole system work better and more efficiently. When there is an intrusion or an attack, it's very easy to eradicate the issue. 

Before having the cybersecurity mechanisms I have now, even with VPNs from the App Store, I faced issues like hijacks that became multi-day issues where I had to perpetually get into some type of power struggle through remote based issues from another cyber threat. For example, in October 2022 or 2023, I sat down at my computer to move files from a cloud-based drive to an external hard drive. I opened the cloud drive, and all the files had been corrupted/damaged intentionally. Someone specifically corrupted the entire iCloud Drive. I called tech support, and the next day, there was an iOS update. Since I implemented the security appliance, I haven’t had this issue. 

It means there's a better level of security in terms of what you can build into your system than is available through downloadable software.

pfSense helps prevent data loss:

I haven't had one issue of data loss since implementing it. Previously, I had to file reports with the FBI and CIA because the intrusions were so serious. These documents had criminal penalties associated with tampering. I haven't had one of those instances since using pfSense. Netgate and pfSense are good go-tos, even for the government. They often use Netgate as their server, and the military uses it too. The fact that the American military and foreign militaries use Netgate was a big selling point for me. It's good quality for what you pay.

It's a really great entry-level way to see how much, and it's scalable, too. When you talk about flexibility, the important thing to know is that the appliance and the software are scalable, too. I can start at the entry-level point, or I can build in and scale it up to enterprise-quality software, too.

pfSense Plus:

I use pfSense Plus. I use VoIP through the router. 

It minimizes downtime in terms of having to debug and things of that nature. When there's an intrusion, it doesn't turn into a multi-day issue. It took me about ten minutes to eradicate one aggressive intrusion. Simple maneuvers resolved it quickly, avoiding days on the phone with tech support. 

There was an instance where my firewall software—I don't know what happened exactly—but I did have to call tech support. Something happened where my firewall needed to be completely reconfigured.

So, are the entry-level ones invincible? No. But do they save you tons of effort in terms of preventing a lot of problems that could get worse? Yes. It's like a preventative measure to cancer before it spreads. It helps you catch things quicker before they spread and become something bigger.

The visibility that pfSense Plus provides helps us optimize performance. I feel more comfortable exchanging information and having personal conversations. It makes me more comfortable, more confident that what I'm doing is not... Some people I even work with are just not comfortable to talk openly. Some people are very email-retentive, like, "Do not click that hyperlink on this computer system. Don't do this or that." So it's understandable with some people.

It absolutely optimizes my entire computer system. In fact, I'm opening a brick-and-mortar storefront, and I'm going to use pfSense. Actually, I'm going to step it up to the TNSR software, but I use the Netgate routers because it optimizes performance. I feel comfortable to have a small to medium-sized office operating off this stackable network I'm creating. It's still a prototype, but I can have six screens, and that's really all I need. I can probably get six screens or five screens and a hardwired payment processing system at most if I need it.

Plus on Amazon EC2 VMs:

I haven't tried it recently. I did in the past, but I didn't have it configured correctly, so I can't truthfully comment on it. It was more complicated than I could set up. Like I have to pay for that. I can download the AWS EC2 application, launch the instance from a cellular device, and intermesh the cellular device into the router. That's also extremely valuable if I want to have a coworking situation where everyone's on my network a certain way, so when I do exchange information, it's highly confidential.

I get a mesh VPN network. I can have an enterprise-grade VPN for the business without spending too much. That's important for some people. 

For me, I liked the pfBlocker, which is pfSense's firewall. I get a couple of different options with the firewall. I can use AWS as your provider to pass data through AWS's workstations to the router. There are a ton of important features. 

I can build an instance, have it move through the router, and then be just cellular. There are so many great features. 

I haven't even completely finished configuring it, and it's an ongoing process. There are always new, innovative, great things I learn. It's like a little gadget with a lot of great features. It's hard for me to decide what I like best and don't like.

It's pretty easy to customize. Once anyone gets past the technical jargon, it's highly flexible.

I would like to see a subscription-based tech support option as opposed to this flat yearly rate. I'd like to see more of a monthly tech support feature. I think that would be helpful for a different type of consumer. So, there could be more room for Netgate to expand. To me, it would have been nice to have a little bit more tech support at first. 

But since I'm becoming so satisfied with this system I'm developing, I'm gonna step up anyway into the TNSR software. And when I do that, I get unlimited tech support.

So, it's kind of like this: if I don't want to pay for tech support, I teach myself and learn how the device works. And that's what I've basically done to this point. It's pretty plug-and-play  but some of it is, like, if you don't configure it correctly, it just doesn't work.

I had a couple of instances where I was setting it up, and I set it up a certain way twice where I just didn't configure it in a way that it worked. I put so many security features in that I had locked myself out from even being able to log in. 

So, it would be better to make tech support more accessible because they're really good at what they do, like behind the scenes. They know how to configure things through the terminal differently than I was.

System Reports:

Reports would be good, like system reports and functionality. Dumbing it down a bit more would help, too. We do have a Setup Wizard , but it is even less complicated in terms of setting it up because the user guide is 2,000 pages long.

So, the manual itself is, like, 2,000 pages for this device. If Netgate could make it a little bit less complicated for users. But, part of this appliance goes to IT departments anyway. So, they're more adept at setting it up than your average consumer. So that's generally who buys these things and sets them up. It's like your IT community usually gets involved with these because they understand that when you buy a computer, and you just start logging into the Internet, you've created a sort of dangerous atmosphere that not everybody understands by not making it safer. Everybody understands that when you log in if you don't even play with the settings on your computer. You're basically just setting yourself up to put your data out there like it's some type of free-for-all.

I bought my first router from pfSense in early 2023. It was pfSense's entry-level appliance, around January last year. I was so impressed with it that I stepped up to the 8200 level, which is one step beneath a TNSR-grade server. pfSense has two models of appliances that are higher than the one I have before I get into more elaborate appliances with different companies. 

I've stayed with this one for a year and a half now. I still have the original, which is nice. I bought it to use for a prototype concept that was built in. It worked, so I stepped it up.

I don't really know how to compare it to anything more elaborate. For my purposes, it's been a ten out of ten in terms of what I was expecting.

Scalability was definitely what I was looking for, so I would give it a ten out of ten for my business needs. It's perfect right now. 

If I can't get that level of security or sense of security, I can always stack the units more cost-effectively than going with something like Fortinet or Cisco. 

I'd almost rather stack the appliances at this price point than get into a $7,000 to $ 10,000 appliance. I get a lot of security just by stacking them, too. So, I'd rate it as highly scalable. I'd give it a ten.

The customer service and support are excellent, especially when they're supposed to charge you and they don't. When my entry-level router was fried and needed to be rebuilt, they did it from scratch, they made it seem easier than I would have ever been able to do. 

I had to download software onto a USB drive, insert the USB drive into the router, and then rebuild it from scratch because, for whatever reason, it was completely trashed.

So, I get tech support, and I pay for it. Unless I get the enterprise software, which includes unlimited tech support. Initially, I called tech support for help, and they were always willing to assist but reminded me of the limitations because I hadn't bought the support packages. Their tech support is excellent, 24-hour, and multinational.

Positive

I used some other DNS-quality firewalls, but they were cloud-based.  Like cloud-based DNS providers, but not an appliance base. That's why I bought Netgate pfSense bottom-line product to test out a prototype concept. I was satisfied with it, so I set it up to be highly competitive against everything virtually, except maybe a really high-end computer lab that could cause some type of intrusion.

Buying it, brainstorming, and waiting for it, as they build each one for you, which takes about two weeks. 

I wanted it partially because it's not one of these fantastically elaborate routers that you would just want to be completely encapsulated and protected a certain way. This is the kind of router that I wanted to be able to bring around with me, too, because I created a mobile stackable cellular network with it.

I have it attached to an entry-level desktop that was not custom-made or custom-built but premanufactured. But it worked well. I wanted more processing speed than I have now. I just didn't have time to step up my processor. But, unfortunately, with the system I'm on now, you can't switch them. So it's fine. It's a grade lower than what I wanted, but it's fine.

Creating a Portable Network:

But what is good about this is that it does work for what I was trying to do, making it mobile, stackable, and cellular. I can put a laptop. I can get a laptop as long as it has, like, a hard drive, and I can download the SI Labs, the Silicon Labs software onto the laptop. Then, I can connect the router to the cellular, like a cellular modem, which is what I have. I have one of these Netgear Nighthawk mobile cellular so it's like a cellular modem. So, I put in a SIM card with unlimited data. I connect the the Netgate router to the cellular modem, and now I connect the computer to the router. And if it's a laptop, I can connect all of this to, like, a portable network, and now you have a portable network. So I have, like, a portable point server if I want for significantly less.

Security Considerations:

You're not gonna get that level of cybersecurity on a mobile device unless you configure it that way. I mean, you could. You'd have to be getting into, like, your your, like those kinds of vans that you see on movies where they have, like, like, those vans where they're doing, like surveillance and intelligence work.  Netgate pfSense is pretty excellent quality if you wanna sit at a cafe and feel comfortable doing business and things, not being on their Wi-Fi.

Future Deployment Plans:

Right now, I'm getting ready to put enterprise-grade software on my devices exclusively; that's what I'm going to do until I get the business off the ground. 

The real deployment will be once I'm transacting service-related business against the appliance. I'm going to open a healthcare practice in Europe. I have a business in the United States that I structured to be a multinational business. I'm going to take this network and put it into a 30 to 60-square-meter office space.

I'll probably have about ten employees, but none of it will be for their personal devices. The purpose of the network will be to offer a secure Wi-Fi network to my patrons and to set up payment processing and other business-related tasks. It's going to be a small scale, with maybe six computer screens tops.

I have seen ROI, it saved me time by preventing frustration and loss of content, data, and time. The confidence it provides also pays for itself. 

I used to deal with intrusions weekly, spending anywhere from an hour to several hours each time. Now, it's less tedious and frustrating to optimize and eradicate threats and intrusions. 

It’s like a high-maintenance car that needs fine-tuning but ultimately runs smoothly.

It's highly cost-effective for both the average consumer and business users. It's highly competitive, which is why so many people use it. It's extremely down-to-earth compared to Fortinet or Cisco, Netgate doesn't reach that financial tier but is extremely competitive and extremely cost-efficient. They offer superb levels of service for what we pay. 

Currently, my setup is for a small to medium office. My first one was more for a home-based office—you could have a printer, computer, some gaming systems, TV. I would do a personal office with my first one, and this next one for a small to medium-sized office business for myself and others. I feel comfortable with that.

And they're also stackable, so I can scale it that way. It's highly scalable. It's really something worth playing with. And they offer a return policy, which is fair too, for the security appliance too.

The total cost of ownership of Netgate pfSense:

It's basically a one-off deal, which is good. You might consider building in installment payment options on the Netgate website, possibly with services like Afterpay or Klarna. This could appeal to noncommittal consumers. Personally, I would just pay cash upfront for my clients.

I'm clearly recommending it to others. It's scalable, cost-effective, practical, and down-to-earth. It's enterprise quality. It has a reputation that even the military endorses openly. When you buy something described as indestructible, and even the military uses it for their security, it says a lot. The government also uses it, testing prototypes and various things of that nature with it. 

If someone looks at the website, they'll see a large naval ship where cadets are operating off that prototype, testing if they could use the step-up with the pfSense software. They were using a higher-grade appliance with pfSense software to see if it was feasible. This shows that it's practical because the price point is unbeatable for that level of quality.

The solution for me is a ten. It's still a prototype, but I'm confident I can meet the needs of a medium-sized office with ten to twenty employees. However, scaling it up for something like an Airbnb with a high level of traffic is uncertain. It's not like a navy ship with a hundred military personnel. For my needs, it's perfect. 

It's a solution for my personal needs, and I feel confident about it. Looking into the future, scalability-wise, I think it meets my needs. But when you get to a different level of e-commerce, I'd be interested to hear their perspectives too.

I use it for my firewall at home and when virtualizing labs to do routing between different network segments. I use it in the business that I am currently with at our main office and our other site. I worked at an MSP before that, and it was the firewall that we recommended to clients who wanted to go beyond what you'd buy at Best Buy, like the random Linksys or Netgear. I haven't touched the enterprise level, like the expensive ones where you might have 20 different Netgate segments with failover.

We deploy it either on bare metal or virtualized on our own virtualization platform. We have not deployed it on any cloud. The primary cloud services we use are software as a service, so our firewall doesn't apply to that. If we ran our own set of servers in the cloud somewhere, we'd probably consider pfSense for routing between them, but we don't have that use case.

When I started using it back in the day, someone told me that there's this firewall you can install on an old PC to get all these features that are normally only available on expensive enterprise firewalls. 

I realized the benefits immediately. When I installed it, I had access to features like multi-WAN, which is more common now. You can get small home office routers with multi-WAN these days, but when I started a decade ago, it cost thousands of dollars and required enterprise equipment. It was mind-blowing that I installed it and could hook up two Internet connections for no extra money.

It doesn't directly prevent data loss because pfSense doesn't have a DLP function, but the security aspects, like the pfBlocker, ClamAV plugin, and proxy, are all great. The security components help prevent data loss by securing the network. As far as I know, pfSense doesn't have a data loss prevention function that scans for somebody trying to exfiltrate data. 

The failover or load-balancing WAN helps reduce downtime. It also supports high availability between two firewalls, although I've never set that up. Those would minimize downtime of the firewall individually and the company as a whole.

We don't use it that way, but it has extensive logging. If you were to dump all those logs into something like Graylog, Elasticsearch, etc., you could analyze and decide based on that data. We don't use it like that, but I know that with the extensive logging that it has, it could be used that way.

PfSense has an excellent ability to optimize performance, especially with the plugins. It helps me determine where my bandwidth is going and get reports on latency, jitter, etc. I use all of these features regularly. If the internet is slow, I can go see who's hogging it by downloading giant files, or I can identify where there's a lot of latency on a particular gateway.

I like that there's a community edition that I can install on my own virtual machines or hardware. I can test things without messing with them in production, which is incredibly useful. If you have a Juniper or Cisco, you can typically only afford one. 

You're forced to make changes in production and hope they don't break anything because there's no easy way to have a testing environment. The free version of pfSense offers load balancing or failover WAN, which is also helpful. Most commercial firewalls don't have that in the cheapest iteration of the hardware. 

The community edition makes it easy to learn because you can try it before buying it and putting it in production. There's no equivalent if you want to buy FortiGate, WatchGuard, or any of those and fiddle with them on your hardware before putting it in production.

Many plugins for pfSense are easy to install off the store, and they work. The basic function that you want to do are pretty easy. However, it is more complicated than your average home office router, but that's to be expected. The fact that it is an open-source project that's trying to be all things to all people does mean that sometimes things can get a little bit complex, sometimes unnecessarily. For example, the IPSec VPN setup has five hundred options, probably more than anyone needs, but it works. Their documentation is excellent. In instances where you might not figure it out on your own or the interface might not be super clear on how to do something, the documentation is usually good 99 percent of the time. 

I appreciate pfSense's flexibility. I can buy supported hardware from Netgate with it already on there, buy support for my own hardware, or run the community edition on my own hardware or a virtual machine and get all of the same functionality. 

Snort or Suricata don't block things they should out of the box. It's always been a pain point of pfSense. If you turn on Snort or Suricata for IPS or IDS, no setting is effectively set and forget. Turning any commercial firewall to the lowest setting will provide you with a decent amount of security with almost zero false positives, but pfSense is not that way. You've got a babysit Snort and Suricata to the point where sometimes you turn it off.  

I know one of their rising competitors, OPNsense, has the ETS rules. I forget who provides it, but you turn on a rule set, and they just work. They have a built-in set of rules for Snort and Suricata that you turn on and it provides a reasonable amount of security. That has always been a pain in the neck with pfSense. It's the single biggest thing that they could do to improve it. Honestly, they're losing business OPNsense for that one reason. 

I have used pfSense for at least 10 years.

As long as you don't use bad hardware, it's fine. PfSense has issues with some Realtek network chips. If you use bad hardware and get bad results, it's your own fault. I usually have as much uptime as there is between patches. It's highly solid after reboot other than installing the most recent patch.

I've never used pfSense at the high-end enterprise scale, but it can scale nearly infinitely as far as I can tell. There's a higher-level pfSense that's carrier grade that can handle hundreds of gigabit routing. We've got a Netgate plan and never had any problems. 

We see solid performance no matter what we're running on it. The fact is that it can run on a low-end, low-power fanless ARM CPU for a branch office. PfSense is usable in a lot of situations. It's also extremely scalable, which is also flexible in the sense that you can install it on some random old PC that you have at your house and use it for your home firewall. You can also use it in an enterprise with a multi-gigabit incoming connection and thousands of clients.

I rate Netgate support nine out of 10. I have contacted them a couple of times over the years. Each time I called them, they solved my problem or gave me a workaround within a reasonable time. It seemed like the people I talked to knew what they were doing. Sometimes, you call technical support and end up with first-level tech support who reads off a script. They don't listen to a word that you say and tell you to do all the things you've already done. 

I've been able to get people who ask pertinent questions and ask for logs. They remote into my machine or SSH into the firewall, so I'm happy with it. It was worth the money that we paid when we needed it.

Positive

I have used Smoothwall and OPNsense. Back then, I used to have a weird firewall that I can never remember. If you count OpenWRT, a replacement firmware for Linksys, as a firewall. However, you can't install it on any x86 OS that you want.

It depends on whether the user is familiar with general concepts like putting an ISO on a flash drive and booting off of it using some basic command line. It's very easy if they've installed operating systems before and understand how to boot off a flash drive. Flash the image to a flash drive and boot off it, then follow the prompts. If they don't have that basic experience, I wouldn't tell them to deploy it themselves. I'd tell them to buy a box from Netgate with support. 

That can be tricky if you've never done it or don't understand the concept of moving off of a flash drive and installing an OS. There's not anything Netgate can do about that because there are thousands of different pieces of hardware you can try deploying pfSense to, and pfSense can't give specific detailed instructions for every one of them. That's when you go buy Netgate. 

The first time, it took me days because I had no idea what I was doing. Now, I can set up a pfSense with good basic functionality in an hour. It doesn't take very long. I've probably done it hundreds of times now.

After deployment, you've got to install patches periodically. If you're using Snort or Suricata, you've got to pay attention to those. If you're using pfBlocker, you've got to install patches. If you're not using any of the plugins like Snort, Suricata, pfBlocker, Grid, or any of those sorts of things for advanced functionality, then there isn't any maintenance other than periodically installing your patches like anything else. 

The community edition provides all of the basic functions for free on your own hardware, and pfSense Plus comes with a Netgate appliance. It's a reasonable $200 bucks or so to buy pfSense for your hardware, and then it's $800 or $900 a year for commercial support, which is also reasonable for a firewall.

It's hard to gauge the total cost of ownership because there's a free, open-source version that, if you know a lot about pfSense already, it's almost zero cost. You can run it on any old hardware you've got. If you need support and multi-gigabit IPSec WAN speeds, you'll need to pay for that, but you will with anybody. 

I rate Netgate pfSense eight out of 10. They could polish up a few things, especially regarding IDS/IPS rules. A few interface things are a little more complicated than necessary. 

If you're moving to pfSense from a random Linksys or Netgate router, you need to realize it will be more difficult, and you'll need to learn more about networking concepts than you necessarily had to do with the random router that you've got. It's more complicated like that. 

That's to be expected because you're either a techie kind of person who thinks building your own firewall is fun, and they're willing to spend the time and effort to learn it. Or you want an alternative to FortiGate, Juniper, or whatever, and you want to buy a commercial Netgate product. This is going to be more complicated than the Linksys router I bought for $80 dollars from Best Buy.

I usually use it on premises, and I use it for different purposes. I use it for network security for my infrastructure, and I use it for my web servers and data servers that are on-premises.

My main use cases for Netgate pfSense are proxy servers and IDS/IPS, blocking ads, clearing the network for adware and malware, and monitoring the network flow. 

As an open-source solution, Netgate pfSense is highly flexible because a person with kernel-level or code-level experience can control the firewall as per their requirements, and there are multiple packages and tools readily available to integrate with Netgate pfSense. In the IT industry, most of the tools can be integrated with pfSense.

Adding packages to Netgate pfSense is very easy. I just need to search for the required package and then install and configure it.

Netgate pfSense has a very intuitive dashboard. The information is readily available on the dashboard.

Netgate pfSense has routing facilities that help minimize downtime while having multiple internet connections. If one bandwidth goes down, it automatically diverts to the other. 

Netgate pfSense helps prevent data loss by monitoring data transactions and network protocols, allowing us to block certain amounts of data and implement policies to reduce malware and firewall threats. 

From my perspective, the best feature of Netgate pfSense is the load balancer, as I usually take multiple internet connections. I can use both internet providers' bandwidth as a single network bandwidth, which helps in a very smooth network traffic flow. Netgate pfSense has a very interactive and intuitive dashboard that provides all the major and informative information that is readily available.

Netgate pfSense has positively impacted my organization because when we look at other firewalls or alternatives, they are costly. 

For my requirements and use cases, it is sufficient for me, and I have never faced a need for additional features. AI would always be a plus point, and if pfSense could change its framework from FreeBSD and PHP to a different language and Linux OS, that could enhance security.

I have been providing services for network solutions and network security, and I have been using Netgate pfSense for almost four to five years.

Netgate pfSense is definitely stable; I've multiple sites using it, and they are live right now. I've at least 20 sites operational.

It is a scalable product. I would rate its scalability a seven out of ten.

I have never used the services of Netgate, but I can rate the product itself as a 10 out of 10 because it has been very helpful to me.

Neutral

I have previously used Fortinet and Sophos. The major reason I switched from Fortinet and Sophos to Netgate pfSense was to mitigate the financial aspect, as those alternatives were costing us lakhs.

Deploying Netgate pfSense is very easy because I used to deploy it on my personal hardware. Whatever spare hardware I have, I install it directly on that. Installing and configuring it is very easy for me.

I deploy Netgate pfSense for various companies. There are many startups in India that require a cost-effective solution that allows them to use their hardware and provide basic security. 

Deploying infrastructure for a new company takes me approximately one day, unless there are separate requirements to configure, such as creating usernames and passwords for each user, which may take two to three days.

I do everything in-house by myself. I am the only person involved in the deployment.

I have seen a return on investment with cost savings after implementing Netgate pfSense, as other firewalls would cost me lakhs of rupees while pfSense is free.

Everything we need is covered in the free version of the open-source pfSense. I have never used the licensed version or required certified partner help to implement or deploy anything.

If we are not purchasing any support or incurring any Netgate costs, the total cost of ownership for Netgate pfSense is zero, as it is freely available to download and install, requiring only hardware for deployment.

The cost of other firewalls goes to thousands and lakhs of rupees compared to pfSense, which costs zero. If we opt for Fortinet, it costs about one lakh thirty thousand Indian rupees for the firewall, and then it costs up to almost fifteen to twenty thousand annually for the user subscription. With Netgate pfSense, all those things get covered at zero cost.

I did not evaluate any other options aside from Netgate pfSense because it was the only solution I could find that effectively met my needs. It works for our use cases.

In terms of data-driven decisions, there is a package that can help me understand each and every packet and time. I have not gone through that avenue yet, but it allows us to get all the data for data-driven decisions.

There is a paid feature to increase performance, but there are multiple tweaks available in the advanced settings that can help increase bandwidth or usability based on requirements.

I have not used pfSense Plus on Amazon EC2 VMs because there was no requirement. 

I would rate Netgate pfSense a ten out of ten.

I run a company that is a managed service provider. We supply our clients with products and purchase on their behalf. We install pfSense in their offices or main client offices.

What I like most about the product is that it is simple to use. I use it at home and in other locations. It offers great value for money because there are no licensing issues apart from the support package. I don't have to worry about licenses expiring or the firewall not working. The overall security gain is stable and reliable.

Multi-appliance monitoring and management, like a single pane of glass, would be very nice to have. A centralized management console would help us. There might be improvements to the web UI, which could benefit from a new look. It looks a little dated, although everyone knows where the options are.

I have used the solution for four years.

The solution is stable. I'm happy with the stability, I would rate it a nine. I had some minor issues, like hardware power supply failure after two to three years, but it was rock-solid until it failed.

The solution is pretty much scalable. I would say nine, although I'm not sure why.

I used their support about two times. I don't need much support, as I've managed to fix everything by myself. I would rate it ten because they went above and beyond expectations.

Positive

Sophos was used in some cases. Some clients require products which are used in their other offices.

The initial setup takes about one hour. It is fairly simple and sometimes only takes half an hour, depending on what needs to be done.

We implemented it in-house with one person.

Because we are familiar with the product, the ROI is between ten to twenty percent. We have been saving by having a stable, well-known product.

I estimate it to be between four or five, something like that. I cannot say it is cheap, but it is not expensive either, so let's say three or four.

I usually advise having a solid firewall with a low cost of ownership, which is why I rate it nine. There's room for improvement, as I would love to have more control over the packets. Overall, I would rate the product nine out of ten.

I use pfSense as a home firewall and router. I don't use it for anything professional. When I first deployed pfSense, I was using my ISP-provided gateway, and there were a few things that I felt a little frustrated about. I didn't have control over the networks in my home and lacked some features, such as dynamic DNS, the ability to split different VLANs, multiple gateways, etc. There are a lot of features I use now, such as DNS or GeoIP blocking, that I knew about but couldn't take advantage of. 

The gateway failover helps prevent downtime. The ZFS Boot Mirror would also help prevent downtime in the event of a disk failure. The dynamic DNS is nice because when my IP changes, my web services won't be affected because it automatically caches my new IP.

PfSense has features that drive data-driven decisions. I was using pfSense years ago on a capped internet connection. It was a Comcast connection with a set amount of data I could use monthly. One useful thing was that it had the traffic totals as a package, so I could track the amount of data I was using and the clients that were using it broken down by client and network. I can determine how much data I use to ensure I don't exceed that limit. That's something I couldn't find in any other similar product.

From a performance perspective, it can help in terms of bandwidth and things like that because I know that the machine I'm using has enough processing power to establish all of my routes, DNS blocking, IDS, IPS, etc. I can utilize the full spectrum of my connection and a custom 10-gig NIC. If I had a smaller off-the-shelf product or an ISP-provided gateway, it wouldn't have the performance I need.

I'm using pfSense Plus, which has several features I like, such as the ZFS boot environment. I support Netgate because they're one of the biggest contributors to FreeBSD, so I'm happy to contribute. The most valuable feature to me is the gateway failover.  The area where I live has a lot of natural disasters and times when my Internet connection will go down. I work from home sometimes, and my wife works from home all the time, so it's essential to have a reliable connection. I like that it can automatically pick the connection based on packet loss.

The flexibility seems to be excellent. It has a large set of features to choose from that are built into the UI, so I can do 99 percent of it through the interface. It's also nice that I can run it on my own hardware. I don't necessarily need to buy a Netgate appliance, even though they make good products. It's nice that I can run it just about on any x86 PC with a dual NIC.

If we're adding a plug-in to the pfSense platform, that can be difficult, but I don't mind because Netgate vets the plugins before they make them available. That said, I found FreeBSD easy to deploy, and adding custom packages to it is simple. 

It doesn't prevent data loss in other machines, but pfSense has ZFS built in and can mirror it in two disks in different boot environments. If I have a corrupt OS, a bad update, or something else that goes wrong so that I can't connect to my Netgate, that's something built in so I don't have data loss on my firewall.

The dashboard is extremely easy to use. I like that I can go to one page and see the status of my hardware, packages, gateways, interfaces, disks, RAM, thermal sensors, and traffic graphs. It's a one-stop to look at each item and see everything operating properly. I can see them in different menus in the UI, but having one page where I can view them together is nice.

I would like them to have more security platforms. The pfBlocker is nice, but they don't have anything native for CrowdSec or Fail2Ban. I'm running CrowdSec on a web server instance on my server instead, but I'd like to move more of these services to the edge and put them in pfSense. I think that's something that's coming. I don't know if Failed2BAN is, but I'm sure CrowdSec is a popular platform, so it would be nice to have a package that's native to the platform. 

I've used pfSense for about five years.

I rate pfSense 10 out of 10 for stability. I've never seen it crash, and I have deployed two of them without any problems.

I think the scalability should be pretty good. I can put two of them into high availability. If I add more clients and start to deploy a lot of these for a small business, it would be able to handle that. I don't have experience doing that personally, so I can't speak to that, but I have seen evidence of it being used in a more scaled environment.

I rate Netgate support nine out of 10. I only needed help from the support team to transfer a license because I bought new hardware. They could answer my questions pretty easily.

Positive

I've tried UniFi gateways. The feature set was lacking, and it ran on substandard products. Unlike pfSense, I could not run it on my equipment. I've run OPNsense, which was a fork of pfSense at one point. I didn't like the UI or their documentation, but it seems like a fine product. I've also tried OpenWRT back in the day. 

Deploying pfSense is easy. I'm not a network administrator, but I'm familiar with computers. I can install it on a USB and set it up like any other operating system. The documentation is excellent. I can configure it based on that, and many YouTubers cover it.

The only people who would have any problems installing it would be people who don't know how to use a computer beyond basic functions. Anyone who's installed Windows can easily install pfSense, and anyone who has used an off-the-shelf consumer router would know how to use it. If you don't change anything, it doesn't require any maintenance besides updating packages twice or thrice annually.

The price of pfSense seems reasonable. I pay around a hundred dollars a year for pfSense Plus, which is inexpensive for such a complex product. It's also good that they can still release a community edition. If it started to get extremely expensive to the point where it was more of an enterprise-only product that costs thousands of dollars a year or something like that, I might consider stepping down to the community edition or looking elsewhere.

The total cost of ownership seems pretty low because you have the cost of the OS and VPN. If I'm paying for a VPN that's probably five to 10 dollars a month, and the firewall is already included.  

I rate Netgate pfSense nine out of 10. It's an excellent product. I advise new users that you don't need a Netgate product if you're deploying it at home. It's one way to go, but pfSense works on any old mini PC or PC you have lying around. You can get something off eBay and throw a 20-dollar network interface card into it and you're off to the races. It's not as expensive as you think to get started. The basic routing and firewall rules aren't too complicated. Don't be intimidated, and it's not expensive.

I do some consulting work for a couple of organizations on the side, and I have a few personal home lab builds of pfSense, so I use it in both a professional and personal home lab environment. I'm using the community edition and pfSense Plus.

I began seeing the benefits of pfSense immediately. The use cases for pfSense were creating remote VPN servers and satellite offices where remote employees connect. I've been using it for so long now that I have some baseline configurations. When I bring a new site online, I load that default configuration and ship it out to where it's needed. They plug it in, and the system comes online. It's fantastic from that from that perspective.

PfSense gives you much control and visibility into your boundary that helps you identify nefarious actors and things that could lead to eventual data loss.

It helps minimize downtime from a boundary perspective. They have some features. I have used Plus in boot environments quite regularly to test out some things before going live into production, which has been nice because I've made some configuration changes that I regretted. 

The boot environments help you get back into kind of what you had. Both the community and Plus editions have a fantastic configuration export. Your boundary device is relatively static once you can configure it how you need it. You can export those configs relatively easily so that when something goes catastrophically wrong, the hardware fails, or something along those lines, you can reload the configuration onto that device or the replacement device and go about your day. 

One thing I can say about pfSense specifically and the Netgate hardware is that it is not something I worry about from a security or a resiliency perspective. It's stable. It works. I have the ability to forget about it. As an IT professional, I have so many things to worry about daily, and it's incredible to minimize those things. I think pfSense has done a great job in that area.

There's a lot of logging that produces a ton of data I can pull into a data analytics platform and make data-driven decisions about bandwidth increases or changes to firewall rules, intrusion detection rules, or employee access.

It also enables us to optimize performance, one of the biggest things you do when you get a new Internet service provider or a modem replacement or something along those lines. There are tons of tools built into pfSense that let you look at how that's working, and even some tools online that allow you to tailor that experience based on your real-world use case.

In the time that I've used pfSense, I'm continuously blown away by the quality of the product, its attention to security, and all of the features it has. It's easy to use. The web-based interface is great. The tutorials on the website are fantastic. I wouldn't say it's necessarily one feature. It's the full offering of all of the features that make it for me. I use firewalling, intrusion detection, and two of the VPN features: WireGuard and OpenVPN. 

The flexibility is great. PfSense will run on homebrew hardware and Netgate. The interface is excellent on the web and through the console. There's a lot of flexibility through the console. It lets you get into a low bandwidth environment to do the things that you need to do when you're remotely administering some of these things. 

I enjoy the fact that the web interface is customizable. A seldom-used feature is the ability to change to one of several built-in themes. I use those themes to tell which system I'm administering because they're all remote to me, and the interfaces all look the same. I don't have those little tells about changing the colors of certain things. 

Sometimes, it takes some back and forth to figure out which one I'm on. I never thought the themes would be a feature I would use. I use it all the time. The user interface is fantastic and responsive. The tooltips are in the right areas and help you build out your firewall and boundary device.

The ease of deploying and configuring features depends on the feature. Most of their features are designed to be implemented with some basic knowledge level, but some are super-advanced, and you need that knowledge level. They have excellent guides for just about every feature on their website or that's inside pfSense. They're great. They explain all the different things about adding new features and each package's function. I don't think that there has been a feature that I wanted that someone didn't already have a package built for.

I would like to see a better plugin for data analytics. They have some things that you can do, but it's not purpose-built to get data out super easily. That's kind of an advanced feature, and you do have to do some configurations that are a little more advanced than some people might be comfortable with. 

I would also like some type of fleet management, like a dashboard where I can see multiple pfSense and their statuses. I'd also like that to be self-hosted. I don't necessarily want a cloud version of it. I'd like to host that at a parent site and have the satellite offices push their status there. 

I have to manage each of the devices individually. There is no interface where I can manage multiple devices. I wouldn't call it single pane of glass management. It does give me a single pane of glass for everything related to the boundary, including VPN intrusion detection, DNS, DHCP, VPN, and firewall rules. But it doesn't have that fleet management piece. I would love to see something like that.

The last thing that I would like is not a feature. It's Netgate as an organization. I would like more transparency from them when they make some decisions that sometimes appear to be made in a vacuum. Most recently, the change in licensing and some of those things did not go over well in the community in general. I think some transparency from their organization would be valuable to the community at large.

I've been using pfSense for around 15 years.

I rate pfSense 10 out of 10. I have never had a system fail in more than 15 years. I've never had one fail on-site. They are incredibly stable and resilient

PfSense is highly scalable depending on the hardware you buy. Their hardware is well-documented. If you buy a device designed to scale with your business needs, I don't think there would be any issues with that.

I rate Netgate support 10 out of 10. I have never had a bad interaction with any of their folks. They respond quickly, and their answers are always extremely thorough. 

Positive

I used the old m0n0wall, which I migrated away from. I have also used SonicWall and OPNsense in a lab environment and various Cisco and HP devices throughout my career.

PfSense offers the best bang for your buck from a feature and cost perspective. Many other systems have some cool features that either aren't necessary or are significantly more costly than pfSense.

The initial deployment is easy, and it's even easier once you've spent some time with it. If you buy devices from Netgate, they provide you with "zero to ping." 

Even if you have some kind of odd setup or something weird you can't figure out, you can call their technical support, and they will help you get online. They'll even remote into the device to help you get online or solve a problem, which is incredible. 

Now, I have a standard image that I use from a configuration perspective, so it takes me about half an hour. It is typically a one-person job. The only reason why I put a caveat on that is I am fully remote from all the services that I support, so I do need a person on-site to at least plug the thing in, but the rest of the setup is a one-person job. After deployment, it doesn't require any maintenance aside from standard firmware updates. 

I don't like subscription models, and unfortunately, the latestpfSense license, pfSense Plus, went to a yearly subscription model. I think yearly is probably the best of the worst because at least I can pay it once, and be done with it for the year. I would rather see either a one-time cost or something along those lines that would be at that price point. I think the costs for their hardware are reasonable. I wouldn't call them cheap, but I also wouldn't call them expensive. I think the hardware costs are reasonable.

I personally run a couple of black box or white box servers that are custom built using pfSense Plus that I've licensed, but all of the other deployments that I support are devices purchased from Netgate.

I rate Netgate pfSense eight out of 10. I recommend that new pfSense users join the community. PfSense has an active community on Reddit and a community forum. You can also get a copy of the community edition and deploy it to a virtual machine to learn it before you put it into production. You won't be disappointed.

I have the Netgate 6100 firewall with pfSense at my house, and I also have several business clients on it. I use it for site-to-site VPN from one doctor's office to another so their PBX phone systems can replicate across the network. 

PfSense helps prevent data loss. It's a firewall, so unless you open ports, they are completely closed off, and nobody will crack into your network. You can set up various rules that will let you know if you have an intrusion or block an IP address, country, etc., for malicious threats. 

I haven't experienced any downtime with the 6100, but I've had problems with the Netgate 2100 appliances. One of the data-driven procedures is performance. If you make a change, your traffic comes up almost immediately. If I had to compare pfSense to SonicWall, I probably wouldn't use SonicWall based on the boot time. When you have to restart the system or something like that, pfSense is quick, whereas these other firewalls will take 10 minutes to come back online. 

The visibility pfSense provides helps optimize performance. Some of the stuff is visible in their charts and graphs. You can see their traffic moving in real time. That's beneficial to me, especially if I'm looking for something. For example, if you're looking for an IP address that's seeing a lot of data, you can narrow it down to what device it is.

The most valuable aspect of pfSense is the community. If you have a question, you can post it on the forum. The backups are also good. I restored it from a hard drive recently and was back up in 10 minutes. 

I like pfSense's flexibility. It lets you install it on multiple applications, such as a VM, appliance, or white box. For a short time, the community edition had a free upgrade to the Plus edition, so you could technically download the version and convert it into a Plus version. They offered support there for a while, but I don't know if they still do. 

If you log into it, it is a single pane of glass, but the features are scattered everywhere. If you make a firewall rule and you run a port, it will automatically make the firewall rule for you, so you don't have to do that. That's convenient versus some firewalls where you have to make the net rule, then you have to make the firewall rule to allow the net to operate. 

It's easy to add features, but some require configuration. Depending on the feature you're adding, that can be tricky. I wish their GUI were easier to use because it's always been scattered instead of having everything in one column. You have to click one thing to get something to work kind of like UniFi. You have to be a little techie to get it working as you want. The only other problem I've encountered is that sometimes it has buffer bloat, and you have to go in and change some firewall limiter rules to get the bloat to go away. Once you get it down and have done it a couple of times, it seems fairly straightforward. 

If the GUI interface were better, that would be a huge benefit. There's a fork of pfSense called OpenSense with a far superior interface. Everything's in the left-hand column. When you click on one item, you see everything listed under a single tab. You don't have to jump back and forth through the program. 

Everybody is sometimes scared of open firewalls, but they get updates regularly. I check them all the time. I wish it had an app or some alert feature that you could set up. That would make it a little bit easier if something went wrong because you usually don't find out until the last second.

I've used pfSense for 10 to 15 years.

PfSense is highly stable. I don't typically have any crashes. Usually, it's hardware problems, such as a hard drive or memory chip. Beyond that, I have had no issues with any appliances that pfSense installed.

The scalability is good because if you have two identical devices, you can do high availability, so it's highly scalable. 

I rate Netgate support 10 out of 10. Netgate technical support is just phenomenal. If you pay for support, they're on it right away. I've had to call them a couple of times and ask for a system image for some of their lower-end devices. I've noticed that an upgrade will sometimes break them. You can take the serial and model numbers, send them an email, and they'll send you the image. You just download the image, flash it over onto the device, and restore from the backup.

Positive

I've used UniFi's Dream Machines, FortiGate, SonicWall, and OpenSense. I've got one instance of OpenSense out there. They're all about the same in performance, but everything has its own learning curve. The learning curve of pfSense is higher than OpenSense because of the GUI, which is a little confusing and intimidating for someone brand new.

A brand-new user might be confused, especially if they don't have too much networking capability. If you have a white box and download the software, you need to configure everything, including the network interface card, but if you buy an appliance, you should be able to plug into a port and get an IP address. That's not the case with the community. It isn't. For those who want to dabble and play around with it, there's a bit of a learning curve there at the beginning on how to get it. They have some good documentation, but it's a little confusing.

I can have it running in 10 minutes. It depends on what you're doing and whether you have VLANs, which can be confusing to configure. But you can set up a simple home user with no VLANs in 10 minutes. For maintenance, it'll tell you if there's an update, but I typically wait a while before I do the update to ensure that it's solid. They do good testing on it, but I've had some problems where it breaks something else when they do an update.

The price of pfSense is on par with everything else. It depends on how big an appliance you buy and whether you're purchasing it directly from Netgate. Some rack-mounted systems are expensive—a couple thousand bucks. The one that I use at my house was $700.

The total cost of ownership isn't too high or too low. I think it's right where it needs to be. Obviously, with new appliances and faster technology, your prices will go up, but that's expected with any product you buy. It was all free when I first started using it, and you could put it in any box you wanted to buy. 

I rate pfSense eight out of 10. The reason I give it an eight is that the GUI needs to be cleaned up a little. I think Netgate would sell more if the GUI were a little more like Opensense. Before buying, I would test the community edition on a virtual machine and select an appropriate appliance based on your deployment.