Netgate pfSense Reviews

• Firewalling
• Routing
• DHCP
• Transparent proxy
• DNS cache
• VPN, etc.

• Outstanding support
• Great packages to expand the solution to your needs
• The same config can easily be migrated to better hardware when you need it.

• Super easy to manage. Anyone who has been working with firewalls can handle it.
• There is good documentation with a fantastic community and enterprise support.
• The strongSwan IPSec is a great implementation.
• Proxy features are excellent (except MITM).

• The central point of management, like the long-rumored pfCenter.
• Better parsing of logs: At the moment, you have to use an external server for this if you want a deeper analysis. 
  

Our appliance is under constant heavy load by several services, and it's rock solid stable.

I had stability issues only with a GUI that used to hang. It didn't affect any services, but it was a little annoying that we needed to restart the PHP often.

pfSense scales well.

They are just fantastic. They usually respond super fast, and usually with a solution if you describe the problem correctly. In more complex situations, they will set up a personal lab environment based on the customer's case.

We used to use a lot of different solutions.

After comparing a lot of solutions, the choice was Netgate pfSense.

It is very straightforward and much easier than the previous Clavister FW. Config is easy. 

99 percent in-house implementation and 1 percent Netgate implementation. Netgate has the highest level of expertise you can get.

This solution was about $150,000 cheaper than the closest competitor over a three year period. 

All costs are low compared to other solutions. The hardware is stable and cheap.

There is no licensing fee except for the enterprise support, if you want it.

We evaluated Cisco, Fortinet, and Sophos.

If you don't have a policy that says "only proprietary software" in your company, there is no reason not to go for pfSense. If you are still in doubt, take the cheap (and excellent) Netgate academy course. It's only for two days, and you will learn how to manage pfSense at a comprehensive level.

• We only use our pfSense as a stateful packet inspection firewall. 

• We have around 10 VLAN interfaces with many allow/block policies, VIPs, and NATs. 
• Running on VMware as a virtual machine.

The main improvement was we were able to replace our old hardware-based firewall with a virtual machine having HA.

The ability to perform packet captures on the command line and via the GUI is useful for diagnosing problems.

• I would like to see multiple DNS servers running on individual interfaces. 

• It would be useful to manage firewall policies on a source interface and destination interface basis.

We have mainly been using for our internet workstations.

After we started with testing with it a bit, it showed that it can be utilized in a way that we wanted to utilize it.

I have not had one issue with pfSense at all, which is amazing.

Layer 7 filtering has been taken away from pfSense. They would like us to use Snort, which is a good thing, but I would like them to make the Layer 7 thing easier.

The one reason that we did not go with pfSense is that it is not centrally managed like Meraki, where you log into the website and can see all your services there. This is the only reason why we are going with Meraki.

We would like to be able to see is all the configurations from a central interface on all our pfSenses.

Stability has been excellent. We have experienced no issues; it never fails.

There is a lot of stuff that you can add-on. You can actually write your own APIs to connect to it and so on. So, there is a lot of scalability in pfSense that other products do not have.

We have not using technical support. We have only been using the community version.

We used to use Empalis. We actually started to replace our Empalis with pfSense first to do testing, and see if it would actually work for us. This was just a test phase, before we went over to Meraki. So far, pfSenses outperform Merakis.

I setup all of it. I set it up for our country, and I did it all remotely. I learned from the community how to do it. The process to install and configure is very straightforward.

It is a free solution.

We originally looked at SonicWall, but we chose pfSense because of pricing (since it is free) and it has issues that pfSense does not have. 

We are currently migrating over to Meraki and are having a lot of issue with it. Also, with Meraki, you pay through your neck for it.

I would not have made the decision to move away from pfSense. pfSense has been giving us better options than what Meraki is giving us at the moment. I have got login problems with Meraki which takes about two days for them to sort out. If I was on pfSense, I would sort it out myself.

They need to look at all the communities, comparisons, etc. and read up about the issues and problems people are having with some of the solutions, then see if those problems might be related to what they may be experiencing.

Main criteria when selecting a vendor: 

• How easy is it to learn.
• How easy is it to implement.

I have used it in town halls with a number of employees ranging between 40 and 60. I have also used it in educational institutions.

The use and results may vary according to the objectives of the institutions. 

In the case of city councils, I have taken the maximum advantage, taking into account that they were small institutions for which the tools provided by pfSense were sufficient according to the requirements of those institutions. 

However, in educational institutions, it was more difficult. Sometimes, the tools have fallen short.

• The part of the firewall and aliases
• The content filter in non-transparent mode and transparent mode with Squid and SquidGuard
• The possibility of adding packages to perform network analysis
• Creation of certificates
• The facility to administer services

The product is good in many of its departments, but this should make HTTPS filtering more efficient since Squid falls short when using man in the middle. It works, but it is not 100% efficient. It requires more attention to provide a better alternative for open source to small government or educational institutions with reduced budgets in terms of technology.

For security testing in network functions virtualization (NFV). 

It is a good firewall with good performance.

Stateful packet inspection. It works quite well for an open source product. 

More regular patch updates, because this is very important for a firewall.

Works with:

• Routers
• Firewalls
• Network address translation (NAT)
• VPN
• OpenVPN
• DHCP Server.

• More control of the access to network resources
• More control of the security policies
• Integration with Active Directory
• Centralized administration

Centralized administration with multiple services, which allows for execution in several important functionalities of information security.

Services on additional features: 

• SNMP Network Management 
• Managing inventory
• Generating IT reports.

I use pfSense firewall, especially as an IPSec VPN Server. There are several VPN connections with equipment of various manufacturers at the other end.

I use ServerU as hardware instead of an ordinary PC, as most other people usually do.

The gain in performance and security from configuring the VPN connections was significant, since pfSense has replaced a server with a custom Linux open source version, which was running on outdated hardware.

Security and stability. The pfSense server acts as "IPSec VPN Server" for a small financial institution, but regardless of the company size, interruptions would cause significant financial impact.

pfSense serves us very well. My only observation is about the quality of the IPSec logs, which are difficult to interpret and are poor in filters. I have more than 10 IPSec VPN connections, and when there is a need for troubleshooting, the logs are of little help.

With regard to this configuration, I consider it a stable solution.