Netgate pfSense Reviews

We use pfSense as our firewall. 

We install it for clients that don't have a network available or the network is not ready for phone deployments. We're a phone company. We use pfSense to connect to the router and normally we connect clients to client VPNs, and then from there, we can have access to the internal network so that we can see all of the files.

We generally use it because it's cheap. When we need something more robust we use Barracuda and Sony Wireless Routers. For certain clients, we use pfSense because it's compatible with the VoIP platform.

I would like to see SD1 integration into the software. That would be fantastic.

The solution is pretty stable, that's why we use it. There aren't any problems.

The scalability is fine. If you need to have a bigger client or something like that, it's simple. You do a backup and then you restore into a new appliance and go from there. 

We provide technical support for our clients so we don't use a third party company for the support, we do the support in-house.

We also use MikroTik, Barracuda, and StoneWall.

The initial setup is fairly simple, not complex. We can get the deployment done in around half an hour. 

We deploy pfSense for our clients. We have one technician maintaining the whole thing.

Our return on investment is fast. We see a return on investment from day one, it's a fairly cheap router.

Any network engineer will understand how this solution works. It's not so complex to understand and be familiar with. It will require a certain level of networking knowledge to use it but we're at an enterprise level and we're a small-medium business and it works.

I would rate it a nine out of ten. 

We use this at all of our locations as our edge device, IPSec site-to-site VPN functionality between our offices and our AWS EC2. No matter what is thrown at this, the system handles it like a champ. We have both dedicated hardware and virtualized versions running in our infrastructure. So far we haven't found a reason why we need to spend thousands for an appliance like Cisco ASA when this handles all of our needs.

We're a small business growing rapidly. We recently overhauled the IT infrastructure, and after looking at a number of other competitors, pfSense has been a lifesaver, allowing us to scale up and provide compliance without the need to purchase additional licenses to offer services to our employees.

There are so many packages you can install which extends pfSense's capabilities including consuming from lists such as FireHOL, Pi-Hole, etc. Here are a few packages we use:

• IPSec: pfSense allows for both v1 and v2 IPSec configurations to secure your connections.
• IPS: You can use Snort or Suricata along with Snort packages, even subscribe to commercial packages if you wish. This alone starts making pfSense on par with Cisco.
• Proxy/content filtering: You can install Squid and SquidGuard to act as a proxy and content filter. Yes, it does filter HTTPS, and there's a number of ways you can do it out of the box.

pfSense also reformatted their logs so that they're compliant and standardized. We have our logs shipped to our SIEM and Logstash servers.

While I agree spam filtering is not included or an option with the system, I don't necessarily hold that against the product as there are a number of other services that do it far better than a firewall could. If you use Office 365, Microsoft's implementations are likely to be far superior to what you'll get from a firewall. However, with that said, the one item I wish it included, even if it was a subscription-based service, is the inclusion of an AV and/or threat intelligence. This would elevate the solution well above other alternatives. 

We have not encountered any stability issues and have upgraded to each version over the years. They've really made a rock solid solution.

Extremely high. We tested it on VMs running different configurations from extremely lightweight to overkill. It will run on anything and maintain it's high performance. Obviously the more you give it, the more amazing the solution becomes. 

I had one question, and they got back to me extremely quick. Not only are they knowledgeable about their product, but they're kind and courteous.

Old and outdated infrastructure procured before I joined the company.

Not only was it straightforward, but if you know nothing about firewalls, you can install this. Especially since they recently made their entire guidebook free to use. Not to mention the countless blogs and how to's. Low to intermediate level IT pros should be able to handle this baby.

In-house.

From day one you get a 100% ROI. If all you have is an older server you recently decommissioned, with multiple NICs, I strongly recommend installing this software on it and giving it a shot. Doing that alone will beat out any competitor hands down.

For the cost and what's included, you can't beat it, no way no how. If you're worried about enterprise solutions, the only thing you need to do then is to purchase a support contract, and you have an enterprise solution. You can even purchase hardware from the vendor if you choose.

Cisco, WatchGuard, Sophos, Fortinet, Untangle, Juniper.

I strongly recommend giving pfSense a hard look. I've been in IT for 20+ years, and I've run the gambit on other firewalls. pfSense definitely can hold it's own against any of them. 

• Firewalling
• Routing
• DHCP
• Transparent proxy
• DNS cache
• VPN, etc.

• Outstanding support
• Great packages to expand the solution to your needs
• The same config can easily be migrated to better hardware when you need it.

• Super easy to manage. Anyone who has been working with firewalls can handle it.
• There is good documentation with a fantastic community and enterprise support.
• The strongSwan IPSec is a great implementation.
• Proxy features are excellent (except MITM).

• The central point of management, like the long-rumored pfCenter.
• Better parsing of logs: At the moment, you have to use an external server for this if you want a deeper analysis. 
  

Our appliance is under constant heavy load by several services, and it's rock solid stable.

I had stability issues only with a GUI that used to hang. It didn't affect any services, but it was a little annoying that we needed to restart the PHP often.

pfSense scales well.

They are just fantastic. They usually respond super fast, and usually with a solution if you describe the problem correctly. In more complex situations, they will set up a personal lab environment based on the customer's case.

We used to use a lot of different solutions.

After comparing a lot of solutions, the choice was Netgate pfSense.

It is very straightforward and much easier than the previous Clavister FW. Config is easy. 

99 percent in-house implementation and 1 percent Netgate implementation. Netgate has the highest level of expertise you can get.

This solution was about $150,000 cheaper than the closest competitor over a three year period. 

All costs are low compared to other solutions. The hardware is stable and cheap.

There is no licensing fee except for the enterprise support, if you want it.

We evaluated Cisco, Fortinet, and Sophos.

If you don't have a policy that says "only proprietary software" in your company, there is no reason not to go for pfSense. If you are still in doubt, take the cheap (and excellent) Netgate academy course. It's only for two days, and you will learn how to manage pfSense at a comprehensive level.

• We only use our pfSense as a stateful packet inspection firewall. 

• We have around 10 VLAN interfaces with many allow/block policies, VIPs, and NATs. 
• Running on VMware as a virtual machine.

The main improvement was we were able to replace our old hardware-based firewall with a virtual machine having HA.

The ability to perform packet captures on the command line and via the GUI is useful for diagnosing problems.

• I would like to see multiple DNS servers running on individual interfaces. 

• It would be useful to manage firewall policies on a source interface and destination interface basis.

We have mainly been using for our internet workstations.

After we started with testing with it a bit, it showed that it can be utilized in a way that we wanted to utilize it.

I have not had one issue with pfSense at all, which is amazing.

Layer 7 filtering has been taken away from pfSense. They would like us to use Snort, which is a good thing, but I would like them to make the Layer 7 thing easier.

The one reason that we did not go with pfSense is that it is not centrally managed like Meraki, where you log into the website and can see all your services there. This is the only reason why we are going with Meraki.

We would like to be able to see is all the configurations from a central interface on all our pfSenses.

Stability has been excellent. We have experienced no issues; it never fails.

There is a lot of stuff that you can add-on. You can actually write your own APIs to connect to it and so on. So, there is a lot of scalability in pfSense that other products do not have.

We have not using technical support. We have only been using the community version.

We used to use Empalis. We actually started to replace our Empalis with pfSense first to do testing, and see if it would actually work for us. This was just a test phase, before we went over to Meraki. So far, pfSenses outperform Merakis.

I setup all of it. I set it up for our country, and I did it all remotely. I learned from the community how to do it. The process to install and configure is very straightforward.

It is a free solution.

We originally looked at SonicWall, but we chose pfSense because of pricing (since it is free) and it has issues that pfSense does not have. 

We are currently migrating over to Meraki and are having a lot of issue with it. Also, with Meraki, you pay through your neck for it.

I would not have made the decision to move away from pfSense. pfSense has been giving us better options than what Meraki is giving us at the moment. I have got login problems with Meraki which takes about two days for them to sort out. If I was on pfSense, I would sort it out myself.

They need to look at all the communities, comparisons, etc. and read up about the issues and problems people are having with some of the solutions, then see if those problems might be related to what they may be experiencing.

Main criteria when selecting a vendor: 

• How easy is it to learn.
• How easy is it to implement.

In the past, we had different locations in different countries, and in every location, we had the same pfSense firewall. Therefore, the connection between our different locations was good and manageable. However, in the last two years, we have had only one location here in Belgium, thus the performance of the pfSense has been good, and we can manage great with the open ports and the closed ports, but now a firewall has to be a little bit more than just that.

I do not have any big malware in my network, partly because of pfSense. The firewall blocks every malfunctioning malware or virus. Also, the access from outside our network has to be blocked, and I know by experience that our pfSense is very closed. You have to open every port in order to make sure that there can be a connection from outside our network.

1. I can manage it easily by myself.
2. The interaction between the same firewalls is good. We can connect VPNs over the same firewall easily.
3. It is an open source solution. Therefore, the price is good.
4. OPNsense.
5. The performance and functionality are good.

A malware blocker should be included. I do not know if it is included yet. However, until now, we have not experienced a large malware invasion.

There are a few features not included, and when you have to use those features, you have to pay for them.

I know that I should change the current pfSense solution. I should change it because we have only one key port on it. Our internet access also has a key port now, I should have two key ports, one to the LAN and one to the WAN.

Therefore, I want to change it, because it gives us less speed. I could provide the speed, but there are not two key ports on it. Therefore, I now have to choose a new pfSense solution, or I could look at another vendor similar to what we have.

I am satisfied with the stability.

Scalability was less important. When we started, we did not have to scale the pfSense. In the seven years that I have used the pfSense, once I had to renew it because the hardware was broken or was defective. The second one was a little bit faster and had more memory, so I did not have to scale it again. Therefore, the scalability has not been so important to us until now.

We came from OneStart. OneStart was out of data and at end of life. Thus, we had to switch. pfSense was originally proposed to us by the dealer and our external IT help.

The initial setup was straightforward, therefore I wanted to continue using the product.

I did not do it alone. I had help from the dealer. Once installed, I can manage now to change little things. For the initial setup, I was involved with it, but I did not do it myself.

It was straightforward to buy from pfSense.

From Sonic Wall, their price is much higher, because for every feature that you want to add, you have to pay. I can do the same things with pfSense, but everything is included in one price.

We originally evaluated Cisco, WatchGuard, and Barracuda. We chose pfSense because of the price and it was open source software. At the time, our team was called OpenERP (now called Odoo), so open source software was an advantage.

I would recommend it. It is manageable and straightforward. It is not so complex. You have to know the different rules, but you can manage it easily. The performance is good.

I have used it in town halls with a number of employees ranging between 40 and 60. I have also used it in educational institutions.

The use and results may vary according to the objectives of the institutions. 

In the case of city councils, I have taken the maximum advantage, taking into account that they were small institutions for which the tools provided by pfSense were sufficient according to the requirements of those institutions. 

However, in educational institutions, it was more difficult. Sometimes, the tools have fallen short.

• The part of the firewall and aliases
• The content filter in non-transparent mode and transparent mode with Squid and SquidGuard
• The possibility of adding packages to perform network analysis
• Creation of certificates
• The facility to administer services

The product is good in many of its departments, but this should make HTTPS filtering more efficient since Squid falls short when using man in the middle. It works, but it is not 100% efficient. It requires more attention to provide a better alternative for open source to small government or educational institutions with reduced budgets in terms of technology.