Netgate pfSense Reviews

My primary use case for pfSense is as a firewall. We also use it for intrusion detection, intrusion prevention, website filtering, and quality of service (QoS).

My company mainly works in the health and educational domain, schools and universities. I prevent the improper use of content from schools and universities. I defend the medical records for the patients in our hospitals. That is the main use case for me for the firewall.

One of the most valuable features of this solution is that it's almost entirely free and I can do everything with it.

It has everything I need, but the main drawback of pfSense is that it's not user-friendly. I hope to have something to make the interfaces more user-friendly. I would also like to see some documentation that can help with use cases or that has advice and tips. I have found some documentation available but it's usually from an earlier version. If they develop this, pfSense will be the best. The only thing that Fortigate is better than pfSense is that they have 24/7 support. pfSense also needs improvements in the intrusion detection area.

I depend on and use VMware ESXi with vSphere in my deployment, virtualization. pfSense is more stable and reliable if you install it directly on the server, i.e. not being installed as a virtual machine. That makes it very stable.

The scalability is good. You can integrate some nodes of pfSense but it's not very user friendly.

I would be more relieved and more happy to have support. You need to have some people who can help you in any use case.

Lots of reading and trial and error. It's tough for the network engineer, but it is magnificent in performance from my point of view.

We implemented in-house. Not user friendly, but if you want to do anything you can do it with pfSense.

Free. Would purchase for better customer support.

It is completely free.

We also evaluated Fortigate.

I would rate this solution an eight out of ten. I give it this rating because of the rich features available. pfSense is free and I can do everything with it. It works as a firewall for servers also.

We use pfSense as our firewall. 

We install it for clients that don't have a network available or the network is not ready for phone deployments. We're a phone company. We use pfSense to connect to the router and normally we connect clients to client VPNs, and then from there, we can have access to the internal network so that we can see all of the files.

We generally use it because it's cheap. When we need something more robust we use Barracuda and Sony Wireless Routers. For certain clients, we use pfSense because it's compatible with the VoIP platform.

I would like to see SD1 integration into the software. That would be fantastic.

The solution is pretty stable, that's why we use it. There aren't any problems.

The scalability is fine. If you need to have a bigger client or something like that, it's simple. You do a backup and then you restore into a new appliance and go from there. 

We provide technical support for our clients so we don't use a third party company for the support, we do the support in-house.

We also use MikroTik, Barracuda, and StoneWall.

The initial setup is fairly simple, not complex. We can get the deployment done in around half an hour. 

We deploy pfSense for our clients. We have one technician maintaining the whole thing.

Our return on investment is fast. We see a return on investment from day one, it's a fairly cheap router.

Any network engineer will understand how this solution works. It's not so complex to understand and be familiar with. It will require a certain level of networking knowledge to use it but we're at an enterprise level and we're a small-medium business and it works.

I would rate it a nine out of ten. 

• Firewalling
• Routing
• DHCP
• Transparent proxy
• DNS cache
• VPN, etc.

• Outstanding support
• Great packages to expand the solution to your needs
• The same config can easily be migrated to better hardware when you need it.

• Super easy to manage. Anyone who has been working with firewalls can handle it.
• There is good documentation with a fantastic community and enterprise support.
• The strongSwan IPSec is a great implementation.
• Proxy features are excellent (except MITM).

• The central point of management, like the long-rumored pfCenter.
• Better parsing of logs: At the moment, you have to use an external server for this if you want a deeper analysis. 
  

Our appliance is under constant heavy load by several services, and it's rock solid stable.

I had stability issues only with a GUI that used to hang. It didn't affect any services, but it was a little annoying that we needed to restart the PHP often.

pfSense scales well.

They are just fantastic. They usually respond super fast, and usually with a solution if you describe the problem correctly. In more complex situations, they will set up a personal lab environment based on the customer's case.

We used to use a lot of different solutions.

After comparing a lot of solutions, the choice was Netgate pfSense.

It is very straightforward and much easier than the previous Clavister FW. Config is easy. 

99 percent in-house implementation and 1 percent Netgate implementation. Netgate has the highest level of expertise you can get.

This solution was about $150,000 cheaper than the closest competitor over a three year period. 

All costs are low compared to other solutions. The hardware is stable and cheap.

There is no licensing fee except for the enterprise support, if you want it.

We evaluated Cisco, Fortinet, and Sophos.

If you don't have a policy that says "only proprietary software" in your company, there is no reason not to go for pfSense. If you are still in doubt, take the cheap (and excellent) Netgate academy course. It's only for two days, and you will learn how to manage pfSense at a comprehensive level.

• We only use our pfSense as a stateful packet inspection firewall. 

• We have around 10 VLAN interfaces with many allow/block policies, VIPs, and NATs. 
• Running on VMware as a virtual machine.

The main improvement was we were able to replace our old hardware-based firewall with a virtual machine having HA.

The ability to perform packet captures on the command line and via the GUI is useful for diagnosing problems.

• I would like to see multiple DNS servers running on individual interfaces. 

• It would be useful to manage firewall policies on a source interface and destination interface basis.

We have mainly been using for our internet workstations.

After we started with testing with it a bit, it showed that it can be utilized in a way that we wanted to utilize it.

I have not had one issue with pfSense at all, which is amazing.

Layer 7 filtering has been taken away from pfSense. They would like us to use Snort, which is a good thing, but I would like them to make the Layer 7 thing easier.

The one reason that we did not go with pfSense is that it is not centrally managed like Meraki, where you log into the website and can see all your services there. This is the only reason why we are going with Meraki.

We would like to be able to see is all the configurations from a central interface on all our pfSenses.

Stability has been excellent. We have experienced no issues; it never fails.

There is a lot of stuff that you can add-on. You can actually write your own APIs to connect to it and so on. So, there is a lot of scalability in pfSense that other products do not have.

We have not using technical support. We have only been using the community version.

We used to use Empalis. We actually started to replace our Empalis with pfSense first to do testing, and see if it would actually work for us. This was just a test phase, before we went over to Meraki. So far, pfSenses outperform Merakis.

I setup all of it. I set it up for our country, and I did it all remotely. I learned from the community how to do it. The process to install and configure is very straightforward.

It is a free solution.

We originally looked at SonicWall, but we chose pfSense because of pricing (since it is free) and it has issues that pfSense does not have. 

We are currently migrating over to Meraki and are having a lot of issue with it. Also, with Meraki, you pay through your neck for it.

I would not have made the decision to move away from pfSense. pfSense has been giving us better options than what Meraki is giving us at the moment. I have got login problems with Meraki which takes about two days for them to sort out. If I was on pfSense, I would sort it out myself.

They need to look at all the communities, comparisons, etc. and read up about the issues and problems people are having with some of the solutions, then see if those problems might be related to what they may be experiencing.

Main criteria when selecting a vendor: 

• How easy is it to learn.
• How easy is it to implement.

I have used it in town halls with a number of employees ranging between 40 and 60. I have also used it in educational institutions.

The use and results may vary according to the objectives of the institutions. 

In the case of city councils, I have taken the maximum advantage, taking into account that they were small institutions for which the tools provided by pfSense were sufficient according to the requirements of those institutions. 

However, in educational institutions, it was more difficult. Sometimes, the tools have fallen short.

• The part of the firewall and aliases
• The content filter in non-transparent mode and transparent mode with Squid and SquidGuard
• The possibility of adding packages to perform network analysis
• Creation of certificates
• The facility to administer services

The product is good in many of its departments, but this should make HTTPS filtering more efficient since Squid falls short when using man in the middle. It works, but it is not 100% efficient. It requires more attention to provide a better alternative for open source to small government or educational institutions with reduced budgets in terms of technology.

For security testing in network functions virtualization (NFV). 

It is a good firewall with good performance.

Stateful packet inspection. It works quite well for an open source product. 

More regular patch updates, because this is very important for a firewall.