Netgate pfSense Reviews

For security testing in network functions virtualization (NFV). 

It is a good firewall with good performance.

Stateful packet inspection. It works quite well for an open source product. 

More regular patch updates, because this is very important for a firewall.

Works with:

• Routers
• Firewalls
• Network address translation (NAT)
• VPN
• OpenVPN
• DHCP Server.

• More control of the access to network resources
• More control of the security policies
• Integration with Active Directory
• Centralized administration

Centralized administration with multiple services, which allows for execution in several important functionalities of information security.

Services on additional features: 

• SNMP Network Management 
• Managing inventory
• Generating IT reports.

I use pfSense firewall, especially as an IPSec VPN Server. There are several VPN connections with equipment of various manufacturers at the other end.

I use ServerU as hardware instead of an ordinary PC, as most other people usually do.

The gain in performance and security from configuring the VPN connections was significant, since pfSense has replaced a server with a custom Linux open source version, which was running on outdated hardware.

Security and stability. The pfSense server acts as "IPSec VPN Server" for a small financial institution, but regardless of the company size, interruptions would cause significant financial impact.

pfSense serves us very well. My only observation is about the quality of the IPSec logs, which are difficult to interpret and are poor in filters. I have more than 10 IPSec VPN connections, and when there is a need for troubleshooting, the logs are of little help.

With regard to this configuration, I consider it a stable solution.

Firewall and VPN, Internet link balancing, as the proxy was installed on another machine. Used redundant firewall as a cluster.

Improved service performance and availability through redundancy. The company already had specialists in Linux, which facilitated the project.

Ease of monitoring and placement of other packages and functionalities next to the equipment.

Improve analysis of logs and dashboards (control panel) with improved alert functionality.

Firewall system for small, medium, and large data networks. It allows you to provide security to your environment: DMZ networks, LAN, WAN, etc. A very stable product that lasts over time, easy to understand, and administer.

With pfSense, an incomparable stability is achieved with other firewall systems. It is easy to use and has integrity with other systems, such as proxies and quality of service.

Security

• Stability
• Integration with other systems
• Easy assimilation of its features
• Easy administration
• Multiple network management tools
• Load balancing
• Multiple links
• High availability, etc.

The connections should be shown in a more specific way, as Kerio Control does. It should integrate with LDAP, Active Directory, etc, to improve the way in which the traces and connections of each IP, or user connected through the firewall, are shown.

Primary we use it for bandwidth limiting and load balancing our ISPs. And Pfsense excels doing that. 

We had two ISPs, and still our Internet connection was awful. By installing pfSense and configuring load balancing and limiting bandwidth, we now have a reliable and stable connection.

Routing, load balancing, Traffic Limiter and queues. Since this company relies on an Internet connection, having these features is a must.

Reporting and real-time monitoring, since I'm used to Watchguard's reporting features, it would be nice to have an embedded solution for reporting. 

Close to none. One time, while upgrading, the system crashed and had to install from scratch. After some research, it was due to an unsupported package that I had installed which the new version didn't like. I just installed and restored my configuration and that was it. No biggy.

Haven't tested this part since the company hasn't grown much.

Haven't used the official support channels. The community forum is awesome when you're looking for quick answers.

Actually, PfSense replaced a Watchguard firewall, mostly due to costs. But I haven't missed it since.

Very straightforward. For a small company with few configuration options it works almost out-of-the-box. The firewall comes with basic outgoing and incoming rules, and you take it from there.

The implementation was made in-house. 

If you need to buy hardware onto which to install PfSense, go with their boxes on their website, they are great. If you already have the hardware, just download and install, it works great either way.

I did, I evaluated Untangle, IPCop and MikroTik.

Just go with it, can't go wrong.

I stood up pfSense in a Large Telecom providers Lab environment for their next generation products. I was able to achieve 10G throughput (about 9.1 true throughput as tested over 4 days solid), and only hit a max of 20% CPU utilization on a DL380 G7. This server also had Suricata (in IPS mode and a heavy ruleset), as well as pfBlocker running.

I use pfSense because it gives me the flexibility to greatly expand basic firewall features. It's open source (and free - as in beer and speech), but also has commercial support. This can be run on any commodity hardware on the market (I've ran it on AMD and Intel - even Atom, processors) and throughput is excellent, even with lower speed CPUs and less RAM.

The GUI. There are TONS of plugins for pfSense, as such, if a user wants to add quite a bit of functionality, the GUI will feel a little congested.

A little... BUT, this was contributed to a failing Arista switch that would do a coredump and reboot. The pfSense installation at high speeds failed over perfectly though.

No - in our high-speed tests (10G), we were not able to push the CPU over 20% utilization.

I didn't really need any technical support. But was in contact with the Developers of pfSense as we were starting to work with them for an NFV setup.

Fortinet, SourceFire, etc.... the cost... oh the cost! Why pay these guys when I can use pfSense for free AND only pay for support when and if I need it?

Very straight forward. If anyone has ever installed any kind of OS or set up a firewall, it will be a piece of cake.

Open Source - just download! If you need support, it's available.

Fortinet, SourceFire.

It's an amazing product. There really are few issues with pfSense.

The most valuable features for me and my current company are the open VPN capabilities and the firewall service.

pfSense has provided my current organization with remote access to the internal services and additional protection via its firewall.

I would like more add-ons/packages for extending pfSense which are approved by the main community.

I have been using pfSense for the last five years, in three different companies in Denmark.

We never had any stability issues, even during high load usages.

We never had any scalability issues. It's easy to add additional services, or even a second or third pfSense product which works with the others.

Unfortunately, I never used the technical support. However, the community forums provided me with answers to the implementation and configuration questions that I had.

I was using FortiGate and other firewall and VPN solutions. They were all ou0dated and too complicated to maintain. The change was made due to the ease of use of pfSense and the features that it provides.

For an IT person, the setup was more or less straightforward.

pfSense is free and open source software. Modification is easy and you can adapt it to your company's requirements.

As I already had experience with pfSense and I knew how it would help me and my company, I didn't evaluate other options.

The product is flexible, scalable, and has logic in using it. It is easy to integrate and implement into your IT environment.