Netgate pfSense Reviews

It's a straight-up front edge router used in various scenarios for front-ending multiple websites and multiple web applications for various marketing scenarios which require certain back-end firewalling that you would need to utilize. We found that it works much better than others. It's not like the Ciscos, which, at the time, were incredibly expensive and difficult to work with unless you had a CCNA who was programming it for you.

I was looking for routers that were capable of doing multiple firewalling, which it does. We wanted it for setting up demilitarized zones and setting up some failover for WAN for the internet. We looked at that, and we played around a little bit with Untangle. pfSense was just far easier to get configured and working, and there were no hidden costs or fees involved, which made it very nice to use.

They have a whole section of package management that you can add stuff to. We use pfSense to do a little bit more than what we would or what I would normally do today in a medium to large enterprise.

The flexibility of pfSense is fantastic. You can use it in a number of situations. I have it running on my home Netgate. At the same time, I can just put it on a slightly larger machine and run a massive, highly trafficked web environment. It will run anywhere.

It's easy to add features to pfSense and configure them assuming about web networking and routing and traffic through an edge router scenario. For a home user, it's probably a lot more than they would get through, but they wouldn't need to since you can just install it, and it just works right out of the box. Just about everything is easy. It's extremely well documented, and the amount of help that's available is fantastic.

I saw the benefits of pfSense immediately. When you need your router to do something more than, for example, a store-bought router for home, you immediately see it since now I can do things. I can set up multiple LANs. I can create a firewall between the LANs. I can open up a full demilitarized zone or just port forward into specific LANs and have the LANs porting between themselves in various ways. You don't get that stuff in your normal consumer-grade solution. You have to spend a lot of money to get a serious data center router - and on top of that, you need to get somebody to program that from the command line, which is very expensive. In contrast, pfSense has a graphical user interface, which makes it all very straightforward and easy to use to set up some pretty sophisticated routing scenarios.

I don't use pfSense to prevent data loss as I have backups, both on-site and off-site backups. It's effective for preventing data breaches.

pfSense gives users a single pane of glass as a type of management. There is everything in one instance. It has a graphical user interface. It'll come up with a dashboard that you can customize to put whatever you need to see up on there. I can customize the dashboard to show me the most important things to me. It's incredibly intuitive.

Managing multiple devices is easy enough. You just log in remotely to the device, and it's all connected through the IP. It's really quite simple.

There are two versions of pfSense: the community edition, which is free, and the plus version, which is paid. I'm using the paid one presently.

The solution minimizes downtime. Once it's configured, it works. I don't have to worry about it. I fully know it backwards and forwards since I've been using it for 15 years now and it pretty much just works. I have certain instances of pfSense that haven't even been rebooted in years since it's up and running and it keeps running, and it runs well. I rarely need to touch certain my installs after they've been set and configured.

The solution provides visibility that enables data-driven decisions. It has logging. It has intrusion detection systems, which will give you a whole lot of data that you can make decisions on. For example: Who do I need to block? Is somebody trying to attack me? It'll allow me to collect all that information to make critical decisions regarding exposing certain resources to the internet.

pfSense helps optimize performance in combination with the hardware that it's running on. That will determine what kind of performance you're going to be getting out of the box. It's a very lightweight software package. Depending on the hardware, you can hit it with lots of traffic, and it won't even hiccup.

I would like to see more active updates coming out of the developers. I like the FreeBSD. That said, the developers in FreeBSD are less productive than what you see out of the Linux community, where there are millions and millions of developers. Being FreeBSD-bound, it seems they're short of developers who have to specialize in that operating system.

I've used the solution since 2009.

The solution never crashes and never lags. It works. You fire it up, and it will work for the next 50 years. As long as the hardware is working, pfSense will just go on and do its thing.

Scalability all comes down to hardware. When you put pfSense on more robust hardware, it performs pretty well. 

For the paid version, if I have an issue, I need to open a ticket. Before I had my business going, I used the community, and it worked it worked just as well. I haven't had a need to call support. However, I pay for pfSense Plus support in case something happens that's over my head that I need to speak to an expert about.

I contacted them when I had a question about a Snort setup, which is for intrusion detection and prevention. It turns out you have to contact their specialist, and that Snort requires you to pay extra for that help. It's a third-party plugin for pfSense. However, in relation to pfSense, issues, I have not needed help. 

I've used Untangle and Cisco routers, and I've tried OPNsense.

I prefer pfSense. I'm comfortable with it. It's rock solid. I've never had an issue with it. I tell it to do something, and it does exactly what I tell it to do.

I have purchased NetGate appliances for customers. For my business, I have hardware that I've repurposed for pfSense.

The initial deployment, either way, is very easy. It would probably be easier than most commercial routers that people buy.

A simple instance where you're just using a firewall router with one LAN can take less than five minutes. You just install the software. It picks up the WAN IP and gives you a LAN IP, and it's up and working as quickly as the software will install, which is usually less than five minutes on most devices and most hardware.

I do the deployments myself. I don't see where a team would be required for this. It's just a firewall router. If you need a complicated setup, it might take one person, a couple of days of planning, and then implementation. That said, I don't see where you would need a team to do that unless you're installing a bunch of other network hardware at the same time, multiple switches, or a ten-gig, one-gig type of scenario. However, that's not a pfSense issue.

In terms of maintenance, generally, there is none. It will update itself. I see very few critical security updates. Most of them are our feature updates. I have certain installs that have been running without rebooting for five years, and it just installed them. Mostly, I'm leaving it alone.

The pricing is reasonable for what it is. I usually put it on my own hardware. The licensing for me is relatively inexpensive for what I'm getting out of it.

The Total Cost of Ownership (TCO) is fantastic. You can use the community edition and get expertise from the manufacturer. It's quite reasonable. It's quite a good setup.

I'd rate the solution nine out of ten.

I'd advise potential new users to install it, plug it in, get to know it, log into it, and you'll start to see how easy and robust it is. The more you use it, the more you learn, and you'll like it as much as I do.

We currently use pfSense firewalls at our branch offices and central server locations. I have implemented TAC enterprise support on three of these firewalls, with the installation of the third scheduled for this weekend. Our network infrastructure relies on VPN tunnels between sites, and I have successfully deployed an always-on OpenVPN solution that significantly outperforms our previous SonicWall VPN system.

Installing packages on pfSense is straightforward, although the quality of package documentation varies. While I understand this isn't Netgate's responsibility, the installation and configuration process for these packages is remarkably user-friendly, relying almost entirely on the GUI. In my experience, I've rarely needed to resort to the command line, but I'm certainly not averse to it when necessary.

I immediately recognized the advantages of pfSense. Its ability to support custom hardware installations allows me to tailor solutions to the specific needs of each branch location. While I've had excellent results with Netgate's pre-built hardware, the option to construct higher-specification systems myself, all while maintaining support, is incredibly valuable. The difference compared to our outdated SonicWall is night and day. I previously built a pfSense firewall on a Dell server for a business handling high traffic volumes, and its performance was exceptional.

pfSense helps me prevent data loss by utilizing firewall aliases and other DNS-based filtration methods to block access to shadow IT and third-party cloud data transfer sites, providing some control over data movement.

While pfSense doesn't offer a centralized overview of multiple firewalls, it provides extensive customization options for each firewall's homepage. This allows for detailed monitoring of VPN tunnels, interfaces, and other components. I appreciate the ability to add, remove, and customize widgets on the homepage for tailored information display.

Helps minimize downtime. I have set up the high availability with one location, which works flawlessly.

Provides visibility that enables us to make data-driven decisions about network capacity, including throughput and the ability to handle traffic.

pfSense has significantly improved our performance by optimizing our always-on VPN. The recent release of the OpenVPN data channel offload feature, which was quickly adopted and supported by Netgate pfSense, has revolutionized our Windows laptop VPN solution. This new feature is nearly ten times faster than the previous OpenVPN without data channel offload, and its thorough documentation encouraged us to implement our always-on VPN ahead of schedule.

pfSense's greatest strength lies in its customizable package installation, detailed logging capabilities, and ability to manage log history, including sending it to Vault Logs via Syslog. OpenVPN support is exceptional. When I inquired about setting up an always-on VPN, the engineer swiftly and fully understood my needs and provided expert guidance. Netgate support's in-depth knowledge of included features is truly impressive.

I would like clear guidance on supported network interface cards, including detailed performance metrics for various models. While I understand the focus on selling appliances, more comprehensive documentation for those building their own systems would be beneficial. Specific throughput numbers and other statistics for Intel, Broadcom, Mellanox, and other cards are needed. Additionally, reinstating the ability to visualize long-term RRD data through built-in graphs would be valuable, as the current live traffic display offers limited insights.

I have been using Netgate pfSense for ten years.

I have not experienced any crashes in the production systems. The only crashes I've encountered have been while running unstable development builds, which is expected. However, excluding power outages, pfSense itself has been one hundred percent reliable in my experience.

If you invest in hardware capable of handling increased bandwidth, performance remains unaffected. We haven't observed any spikes in CPU utilization or memory usage. Even with a jump from a 50 megabit to a 500 megabit internet connection and approximately 65 active VPN clients, our firewall operates smoothly without any strain. Our small businesses handle the load effortlessly.

I have exceptionally high praise for the Netgate technical support team. In the three or four times I've called support, I've always reached an engineer within 20 minutes, which was the longest wait time. Every time, they've quickly addressed the issue once verifying firewall support. Their knowledge and willingness to assist are impressive.

Positive

I have experience with FortiGate, Dell, SonicWall, Cisco, and numerous consumer-level firewalls. While I am not the most seasoned network engineer, I have worked in the field for a considerable time, encountering a variety of solutions. Among these, pfSense stands out as exceptionally customizable and intuitive. Given the inherent complexity of networking, pfSense has made the subject as accessible as possible.

Deploying a pfSense box is straightforward when I'm physically present. Remotely guiding someone unfamiliar with operating system deployment presents more challenges. However, on-site deployment is remarkably easy, even simpler than installing a Linux server. 

Deploying a Netgate pfSense appliance is straightforward, even for network engineers without experience with the platform. The setup wizard is intuitive, requiring minimal networking knowledge. Subsequently, the configuration interface is user-friendly, allowing those with moderate networking experience to navigate and manage settings efficiently. Building a custom solution would depend on hardware expertise and operating system deployment skills, but utilizing Netgate appliances is notably easier.

The Netgate appliance I recently purchased took less than an hour to install, with most of that time spent gathering necessary information from the internet provider.

pfSense pricing is reasonable. Whether purchasing appliances or support, I hope they're charging enough to sustain their exceptional support services. Whether you opt for a bundled appliance and support or standalone support for a custom-built device, the pricing remains impressively fair.

When considering the total cost of ownership, pfSense is a compelling choice for a solution that incorporates firewall, VPN, and router functionality. Initially, I explored purchasing the OpenVPN access server, which would have required a virtual machine due to the lack of a dedicated physical server. However, integrating the VPN endpoint into the firewall aligns better with our design goals. It eliminates the need for a separate VPN appliance, resulting in significant cost savings and improved performance. Testing pfSense with OpenVPN in a virtual environment confirmed that it operates more efficiently on bare metal hardware. Moreover, the licensing cost for the OpenVPN access server would have been comparable to the support fees for pfSense.

The TAC enterprise support is $800 a year per firewall.

I would rate Netgate pfSense ten out of ten. If I could choose a product that was among the least frustrating and nearly flawless I've used, pfSense would likely be at the top of my list.

In addition to initial configuration tasks like routing and applying patches, minimal maintenance is required. Once the interfaces are set up, we configure firewall rules and are ready to go. Patching will be necessary for all platforms, but no specific requirements exist beyond standard practices.

I use pfSense as my primary home router and edge gateway. My professional background is primarily in security engineering, though I focus more on pre-sales technical engineering. Due to my extensive experience in direct and security information management over the past decade, I leverage pfSense's capabilities to generate much of the data in my SIM system. This data is essential for laboratory purposes, testing, rule development, and use case creation. As a result, pfSense is a crucial component in securing both my home network and laboratory environment.

I appreciate pfSense's flexibility because I previously encountered issues with hardware reliability. While I'll eventually order dedicated pfSense hardware, I experienced consistent problems with SSD corruption. Frustrated with this, I considered switching to OpenSense. However, I discovered its potential after running pfSense in a virtual environment. The ability to easily create snapshots and recover from mistakes is invaluable. Ultimately, I've decided to continue using pfSense virtually due to its flexibility and convenience.

The ease of adding features and configuring them in pfSense depends on a user's familiarity with FreeBSD and network analytics. While I have extensive experience building firewalls from raw FreeBSD, pfSense offers a user-friendly interface that accelerates setup for newcomers. Its underlying FreeBSD foundation allows advanced users to access and configure low-level features. I appreciate pfSense's intuitive GUI and the secure default configuration provided during initial installation.

After the initial setup process, I immediately recognized the value of pfSense. The straightforward configuration questions provided a solid foundation, making the benefits apparent. While every implementation requires tailored adjustments, pfSense offers a versatile platform to explore various use cases. My primary focus was extracting in-depth information beyond standard firewall logs, such as detailed Suricata events and DNS server activity. As I delved deeper, I discovered pre-built packages that simplified data export to tools like Prometheus and InfluxDB, often meeting most of my requirements without extensive customization.

The advanced pfSense firewall rules offer significant advantages, such as implementing threat intelligence to block malicious actors from accessing our network. Configuring pfSense for radius or two-factor authentication can enhance security by preventing unauthorized access to our environment. These features are among the reasons I appreciate pfSense.

pfSense offers a centralized view of network data, but its built-in dashboards are sufficient for many users. As a fan of Grafana, I prefer a consolidated approach and could utilize pfSense data through either Prometheus or InfluxDB. However, extracting all data for central aggregation, as I'm accustomed to in threat management, aligns more with my preferred workflow. Nevertheless, the ability to customize dashboards within pfSense to monitor firewalls, DNS, and other critical services is valuable and meets the needs of many users, including those focused on point-of-service operations.

pfSense offers several features designed to minimize downtime, including failover, synchronization between routers, and ZFS snapshotting. While these tools effectively reduce downtime, I believe virtualization snapshotting and backups provide the best solution for my needs. Ideally, I would have multiple pfSense routers with a redundant setup, but budget constraints currently limit me to virtualization. Ultimately, the best approach depends on individual requirements and resources.

pfSense provides visibility that enables me to make data-driven decisions.

pfSense's visibility into system performance enables optimization at various levels. The initial user interface provides valuable information about RAM usage, active services, and general health. In contrast, more advanced users can access in-depth kernel-level data for granular insights into system behavior. By offering tools for novice and experienced users, pfSense empowers practical understanding and management of system resource allocation.

I appreciate pfSense's foundation on FreeBSD, which enables me to leverage additional FreeBSD packages for expanded functionality. WireGuard, a core feature I constantly rely on, facilitates my home and mobile devices' constant connection to my home network, allowing complete traffic monitoring and filtering. I value Pia ad-block's effectiveness in network traffic filtering, ad blocking, and malware prevention. Unbound's flexible DNS server complements the robust firewall, which is user-friendly and flexible for rule creation.

I've encountered persistent issues with the solid-state drives built into pfSense hardware devices. The devices consistently malfunctioned despite repeated attempts to resolve the problem, including complete reinstallation. Power outages significantly contributed to the issue, as frequent system corruption occurred following these events. Even after reformatting, bad sectors persisted on several drives across at least three purchased devices. Unfortunately, this has rendered some units utterly unusable due to recurring disk corruption.

While there seems to be support for virtual environments, I believe some modules specifically support VirtualBox. Unfortunately, I've had to customize my own setup again. To accommodate users on platforms like Proxmox, I need to install the QEMU Guest package to provide native support for such environments, similar to other open-source virtualization solutions like KVM. Out-of-the-box QEMU Guest support would be beneficial. I appreciate the inclusion of Suricata, Snort, WireGuard, and Telegraph, which work well behind the scenes. The Prometheus node exporter is also present. Having used pfSense for a decade, I continually discover new functionalities. Surprisingly, some features I needed were already available, but better discovery mechanisms within the product could help users explore them. I would like to see out-of-the-box QEMU support.

I have been using Netgate pfSense for ten years.

Stability has been a concern for me. Hardware-wise, performance has been inconsistent. Software stability has also been an issue, particularly during significant upgrades. I've encountered various problems that required troubleshooting. However, I've noticed a substantial improvement in stability and ease of use for upgrades and patching over the past year or two. While there have been occasional setbacks, such as with the new packet exporter feature, pfSense has become much more reliable overall.

The scalability is good because I started with a simple network, WAN, and LAN setup and expanded it to multiple LANs, VPNs, and internal networks.

Technical support has been good, especially for hardware issues. Whenever my image was corrupted, I could always count on them to send a new NISO image within a few days without questions. However, I don't need much support for configurations or other technical aspects as I prefer to experiment and learn by trial and error in my lab environment. That's the fun part for me.

Positive

I was going to move to OpenShift, but I never made the jump. Eventually, I think my saving grace was my ability to virtualize pfSense. Once I do that, I can bounce back from misconfigurations or something wrong. I have had no problems with pfSense since I got off the harness.

A skilled networking engineer unfamiliar with pfSense can easily configure a firewall. Setting up a NAT barrier between internal and external networks is straightforward; this functionality is included by default. VLAN configuration and other initial setup questions are addressed during the product's initial setup process, the specifics of which depend on the intended use case.

The average time to set up one pfSense box is 15 to 20 minutes.

One person is enough to deploy pfSense. 

I prefer the software licensing model. In contrast, hardware costs can be substantial; I once paid around $400 for a piece of equipment, perhaps two or three years ago. I believe they've made improvements since then, although I can't recall the exact model number, as I moved from the smaller SG 1100 to the SG 2100 to accommodate more advanced features requiring additional RAM. Unfortunately, I encountered another hardware failure with the latter.

The cost of ownership is low, especially when purchasing the pfSense Plus and virtualizing it.

I would rate Netgate pfSense eight out of ten.

I use the paid version of pfSense because I constantly was replacing faulty hardware. The previous physical appliances struggled to handle the network load, so I switched to a virtualized solution.

pfSense can be essentially set and forgotten in basic configurations, but utilizing advanced features like Suricata IDS and TF blocking necessitates regular maintenance to ensure rule updates and system synchronization. Consistent care and attention are required for optimal performance in these scenarios.

I recommend that new users keep things simple with pfSense. While I enjoy pushing my products to their limits, simplicity contributes to a more stable system overall.

I am using pfSense for its firewall, gateway, and intrusion detection. I used the Community Edition for years and then switched to the pfSense Plus free-from-home edition. There was a bit of turmoil when IXSystems announced that they would no longer offer the free-from-home edition

We immediately realized the power when we deployed it a few years ago. It exceeded our expectations. As time went on, I discovered more features in the different packages they provide and whether they fit my needs. Over time, it's been a learning process, and I've been greatly impressed with almost every aspect of this product. It has all the things I wanted but found lacking in other products.

All of the features work together to prevent data loss or any compromise of your data. It all boils down to the rule set. I have mine configured so that all the data goes out depending on my Netgate device. Some machines go through a particular VPN connection. If that connection goes down, I've got the rule set configured like a dead man's switch. It's cut off from the outside world, and I get an alarm, and it allows no more attempts to let traffic pass through that connection.

It helps to prevent downtime. Whenever there is an issue, it's the first place I look because I can check the statuses of various interfaces to check whether they're up and then zoom further out to see if it's something in my internet provider, like a faulty cable. It enables me to reduce downtime by quickly determining where the problem might be.

PfSense provides the visibility I need to make data-driven decisions. For example, if I have a spike in bandwidth usage, it shows me which devices on my network are suddenly eating more bandwidth. I can see what's causing that. It also greatly reduces the time spent maintaining my network, so there's a productivity boost.

PfSense has a learning curve, but once you've mastered that, it isn't that difficult. It's very flexible, and you can do almost anything necessary to secure a home network. It has packages that expand its capabilities. For example, you can install Snort if you want intrusion detection. If that's unimportant to you, you can use it to check the bandwidth of all the machines in your network.

Adding features is simple. You go into the menu to check which ones are available and click on the ones you want to install. If you've done your research on the packages you want and the settings you'd like to use, it's a matter of walking through the configuration in the menu. When removing the package, it will revert the settings 99 percent of the time. 

I like the interface. You can arrange the windows to see the important information and put them in the order you want. You can see the various interfaces you have at a glance in a single pane of glass. I have certain bits of information I want to see first, and there are secondary or tertiary pieces of information. If you are using VPN connections, you can see their statuses. You can see hacking attempts, which are logged. 

It's powerful. You can get quite granular in setting up a highly topical application of pfSense, but if you want just basic protection, you can do that easily. It depends on your needs and how brave you are. You can go deep into the system and do some cool things with it or set up the bare protection you would get from any firewall.

I'm trying to set up a gaming server for multiplayer games like 7 Days to Die. I spent three or four days trying to publish a private IP address through pfSense to the outside world. Some commercial and consumer-grade routers can do this, specifically gaming routers, but pfSense is not intended for this usage. 

That's a feature I'd like to see added, where you can go into a submenu, turn it on, and specify which machine or IP address you want to publish. It's not a must-have, but it would be nice to have. I spent a long time trying to figure that out. Ultimately, I was successful, but it was not intuitive.  

I have used pfSense since 2016.

I rate Netgate support 10 out of 10. You must have a license for pfSense Plus, and I called them about an unexpected hardware issue that caused me to switch machines. I emailed explaining the situation and got a response the same day. I provided all the information on the new box, and they gave me a license. It was a pleasant, non-stressful experience. 

I have used Smoothwall and a few other things that have been abandoned. I liked the look and performance of Smoothwall's interface. It had many of the same features as pfSense, but its capabilities weren't deep enough. I've also used basic Linux distros set up as firewalls, but pfSense is oriented toward an enterprise-level deployment, and I find myself between hobby and enterprise. I also like the added features pfSense provides. 

I am not using a Netgate appliance. I deployed pfSense on a very small machine that has plenty of RAM for the overhead, logs, and speeds I want for my network. 

When I first installed pfSense, there was a bit of a learning curve. I had to sit down with the documentation and figure out what to do. It wasn't difficult— just time-consuming. That information has carried forward with me. Other people look at me like I'm some kind of expert but I'm really a few pages ahead of them in the manual. 

PfSense isn't something you can turn on and forget about. You need to configure the solution and test it. Then you can turn it on and let it run. From time to time, you have to come back periodically to make sure everything is still fine. The initial deployment takes about 30 minutes. It was a one-person job.

I would like to see the price of pfSense lowered by about $50, or maybe they could create a category for home lab users like me with one device. I'm not running a business or profiting from it. I realize that people need to get paid for the work that they do, so I can't complain. They decided that they needed to change their model after providing the product for free for many years. 

Before they changed and started to charge for pfSense, the total cost of ownership was phenomenal. It still offers tremendous value, but that was an adjustment. You can choose to go back to the community edition or just pony up the money.

I rate Netgate pfSense nine out of 10. I only give it a nine due to that recent issue setting up the game server. I eventually figured it out and published my solution to the forums. Otherwise, it would be a perfect 10. 

We primarily use the solution as a replacement for commercial firewalls. We use it as an Internet Gateway Firewall product and use the VPN features.

pfSense helped solve the limitations of proprietary software. I find it frustrating when the hardware capabilities of a particular piece of equipment are doled out piecemeal for a fee. For example, when certain features are locked until you pay for them. The proprietary nature and the extra computing power that's used to basically enforce the copyright on some of the competitive products I resent. I like that this has a community option. I'm an open-source advocate. I started using Linux in 1999, and I prefer that developer model.

There are many capabilities within pfSense, that I've never used, and that's true of a lot of products. It's very flexible, and they have plug-ins.  You can add features to pfSense. It is moderately difficult. That said, the web interface is great.

I like that I can use it with OpenVPN. It's not licensed and is not run by some corporation that watches you.

It has an advanced file system so that you can configure it with multiple drives and have redundancy within the router itself. I've never used it as a file server. I've never used it as a data store. It's really more about security and not reliability.

It's keeping the bad guys out and allowing connectivity when you need it.

The configuration could be a little more intuitive. It's a little trickier to set up - things like the OpenVPN - than it should be. However, once you get this configured, it seems solid as a rock, and it just works. 

The solution needs better error messages in the VPN. It's kind of a bear to configure. That could be streamlined or smoothed out. That said, I do not do this 40 hours a week like some people. I wear a lot of different hats. Still, when it comes to configuring, it always seems to be a little more involved. 

I've been using the solution for three or four years. 

The solution has been very solid.The BSD file system is a little more fragile than a Linux file system. I've had situations where a power failure causes a hard drive not to get corrupted but to need to run maintenance on it when it reboots. However, that's not a pfSense issue. Overall, it's been great.

I'm not a power user. For me, the capabilities are fine. It runs pretty fast even on modest hardware. 

Technical support was good. It was way better than the twenty-four hours that the contract said. They usually get back to me in a matter of a few minutes. 

They are very good at answering and solving specific problems. If something doesn't work, you can give them access. They can figure it out and make it work. 

I was less satisfied when I tried to ask a question like, "Is this the best way to have this configured?" It's a slippery slope of going beyond the typical tech support and actually getting consulting on it. I understand that maybe that's not their problem. However, it did seem like there's this hard wall where they will answer specific questions, but they are not going to give you general consulting advice about how to use the product. That is a little frustrating. 

Positive

I've used SonicWall and I've used various commercial firewalls, for example, Cisco. However, I haven't evaluated other things in the same category based on open source. There are a lot of them; I haven't looked at anything else, to be honest.

It's easy to get it going as a firewall. It's moderately difficult to get the VPN features running. I was able to deploy it within a couple of days. 

Maintenance is needed for upgrades or renewal of certificates.

I managed the setup myself with the help of the pfSense support staff. 

I use the community version, although there is a paid version as well. I've also downloaded it, registered myself, and paid for it to get support. I'm not sure of the exact features that differ between free and paid. 

I'd rate the solution eight out of ten.

The only shortcomings are somewhat obscure configuration issues. However, the scope of what they're trying to do is very good. While there could be more polish on some configurations, it's very capable and very flexible. 

If I had to do it over again, I would probably have actually gotten the hardware from NetGate. You're paying for the support, and bundling the hardware and support together might be better. I sense that you'd kick yourself up a notch in terms of the priority that they give you. Not that there's ever been a problem. Getting the hardware directly from pfSense might cut out the middleman and reduce the possibility of issues when something goes south. Other than that, I'm a pretty fairly satisfied customer.

The tool is partly for home-based usage and partly for business usage. I am in the IT industry, taking care of the security and technology parts. I also run a private business in my spare time when I am not working. I use Netgate pfSense as my firewall to separate those two entities: my home and business. I also participate in providing server space for projects involving Azure Flex and Azure Core, which is kind of like an AWS situation but in a more centralized manner. I use Netgate pfSense to ensure that everything is separate. I use Suricata to weed out any malicious type of activity and to keep an eye on just to ensure that all the other functions, both personal and business-related, remains unaffected, intact, and devoid of any type of attacks or the other type of malicious kind of activity.

The product has helped improve my organization's environment and personal environment since before the use of Netgate pfSense, and I really didn't even have a hardened firewall. With the implementation of Netgate pfSense, I am able to monitor my various network streams, so I have my servers, VLAN, my home VLAN, EMC, my WAN, and the specific VLAN for IoT devices. I even segregate some of my outgoing intranets as well, and I see how Netgate pfSense has allowed me to have a full and high-end visibility of a lot of the traffic that comes and goes, which for me is important because part of the job that I do is crypto related. When dealing with crypto-related business, you need to be careful as far as what you allow in and out of your network.

I wouldn't say the simplicity of the tool is its best feature. In a way, there is a simplicity to it, but I like the expandability of the packages that could be used. I like the data and the information that I can collect while observing network traffic. The whole layout of the application is pretty decent. The tool is not super expensive. It is quite an affordable tool. There used to be the free Netgate pfSense Plus that was provided earlier at one point, and I understand now, of course, that it is based on the yearly licensing model, and I think that took a lot of people aback. There is not a lot of money to be paid for the tool, and you get more than what you paid for, especially if I think about its use and consider what it does.

If I assess the flexibility of Netgate pfSense, I would say that I can not just run a firewall, but I could use HAProxy and run a bunch of other kinds of server-based applications that normally would occupy a different server, so it amalgamates a few services into one package, which is nice single point of contact. I like not having to go to two or three servers to run the services needed, especially the ease of the firewall, as far as the creation of rules and the security aspect are concerned. The updates that come in are pretty decent, and though not too often, they are often enough to keep things secure. I like the tool's flexibility in the sense that you do not have to buy an appliance. You can put it on your own hardware, and it can be very simplistic hardware with simple configurations. There are a lot of abilities to be used in the product, and benefits can be gained from the tool without having to incur a huge upfront cost in purchasing hardware. If you have a computer lying around, you can easily install it, and you can go with it. With the tool's free version, you can use the tool for free. It is quite a friendly tool in the sense that it provides access not only to regular people but also to high-end corporates and business individuals.

Getting extra features or added packages in Netgate pfSense is very easy since the GUI and the menus basically take care of everything. When you go to do the installation, you see the log messages come up, and it's very clear when it is complete. It is a pretty simplistic process.

As per my assessment regarding Netgate pfSense's role in helping prevent data loss, I would say that as far as data loss is concerned, I think part of it is the firewall preventing access to my network shares aside from the typical kind of blocking ports and not allowing traffic. I think very much the segregation of the VLANs is possible, and my server VLAN will have all kinds of data, information, databases, and file repositories, and all of that is completely segregated from my DMZ. Any kind of the shared services that I offer or kind of crypto-based services that I do, the connections, both incoming and outgoing, can't gain access to my server VLAN at all, and such segregation really protects my data aside from some of the built-in, immutable type of services that the kind of network repositories that I have that do outside of Netgate pfSense. The key thing actually is just keeping things separate and being able to get alerts if something funky is happening.

Netgate pfSense gives a single pane of glass management view since the dashboard is always the first thing that I look at, and I have got to configure it in a way where I see my traffic graphs. I have the gateways and interfaces that I look at, along with the interface statistics, services, and a lot of other functions that I can quickly just glance at, including my Suricata alerts, the filtering, and other alerts. I can look at the UPS and the run time for the battery. I could take a quick glance and kinda see all the information I need without getting too deep, making the tool's dashboard a pretty cool feature. It really saves a lot of time.

I use Netgate pfSense Plus. I generally have experienced zero downtime with the tool. If there is some downtime, it is because of my own doings. As far as the benefits of Netgate pfSense are taken into consideration, I can see it has a lot of the extras that you get, and it worked. At a certain point in time, Netgate pfSense Plus was free to upgrade. I don't remember how much Netgate pfSense Plus and pfSense CE software differ from each other, but I know they differ quite a bit. The one thing I will say is the major difference that I have used is the boot environment. If I am doing an upgrade, I will basically take a snapshot of my current boot environment. Even though it does it automatically when you do an upgrade, I just take another backup. If I do something that is a very specific change that makes me a little nervous, I take a snapshot, and then I always have something that I could boot back into if things go horribly wrong, which is a big plus and one way of eliminating downtime since you can go back to a previous instance that is fully functioning.

Speaking of whether the tool provides visibility that enables our company to make data-driven decisions, I can check my graph, and through monitoring, I will be able to check my WAN and see the quality of the WAN to the point I was utilizing a router or modem provided by my service provider I was able to through the graph when there was a drop in the traffic and the quality of the connectivity, and that led me to basically scrap the modem and actually configure my own setup to get the internet into my home.

In terms of the total cost of ownership of Netgate pfSense, I think that for somebody like me who uses it in a cozy home corporate business environment, it is quite an affordable option. The tool is not expensive, and when it comes to the cost of ownership, if you have something lying around, like an old server that I repaired for Netgate pfSense. The benefit is that I am able to put it on an older server, so there are no hardware costs. The tool is not something that would go into a landfill. I think that the tool has been quite affordable and has paid itself over quite a few times. You could go cheap and use an ASUS router at home, which a lot of people do, but it may not have the stability, and it doesn't have the kind of horsepower on your engine speed or expandability of a polished product like Netgate pfSense.

The maintenance that is needed in the tool is just to make sure that the tool is up to date. It's not necessary to do the maintenance, and it's not just about updating Netgate pfSense but also updating the packages. It is great that you have a good product that can keep your environment safe. If you don't patch or have unknown vulnerabilities that surface, then you will end up wasting your money. I do have a patch process, so I check at least once a week for new installs or packages or if there is a version released and apply them shortly after. The total time to install the tool is probably a couple of hours in a month.

I

There are a lot of features I want to see simplified in the product. I want to see the licensing model part to be improved in the product. Those who need to do certain functions from their house would purchase Netgate pfSense Plus while configuring their machine, but if they have another network added to it, then it would basically change the ID of the device, and they have to go and request to get relicensed. Netgate pfSense will help you with the relicensing part for one time, but if you need to do it a second time, then you will have to pay for a new license, and that, to me, is not very fair. I think if you have paid for a year of service, it shouldn't matter how many times you need to request to rekey the license as long as it is not every other day. Two to three requests in a year shouldn't be an issue, and if I add another network card, why should I pay for a new license when there is not much of a difference.

The only thing that I would like to get some better utilization of is the ability to do free switching. If I need to go between different VLANs, I have VLAN 19.1 and VLAN 19.2, and I strictly use Netgate pfSense, but it doesn't route very efficiently and works quite slowly. I understand that it is not the router, but a lot of times, Netgate pfSense advertises it as a tool that is able to route traffic. I had to go in and purchase a separate router to manage my internal VLANs because Netgate pfSense was just choosing between the VLANs I had.

I have been using Netgate pfSense for a year and a half. I am just a customer of the tool.

Stability-wise, I rate the solution a nine out of ten.

I haven't had an instance where the tool has gone down, and if it has, then that wasn't my fault. The stability is there in the tool. I have had the tool p and running a few times, and the only time I have had to reboot it is when there was a new release.

The scalability is really dependent on your hardware. If I want to scale it up, I can throw in network adapters, more memory, more CPU, and scale it up. It is quite a scalable tool, and it is really just dependent on what you throw at it. Scalability-wise, I rate the solution an eight out of ten.

The solution's technical support is not bad, and they are pretty quick to respond. It is quite average as far as the technical part goes. There has been no bad experience with the support team. I rate the technical support a seven out of ten.

Neutral

I tried using OPNsense but I didn't like the whole approach, the menu system and the way it was configured. Netgate pfSense made more sense to me in a logical manner.

The product's initial setup phase is fairly straightforward. If you install an operating system, then you can install Netgate pfSense, so there is nothing to it.

The solution is deployed on an on-premises model.

The basic installation of the tool takes less than an hour. The configuration part is something that you figure out as you go ahead with the tool, which obviously takes a bit longer. The basic installation is quite quick and can be done in less than an hour.

For me, considering how much I put into the tool, right now, I would say that the ROI is around 25 percent.

When it comes to Netgate pfSense, I use the basic TAC Lite license, which comes for about 100 USD. I don't think Netgate pfSense is expensive at all. You could look at other services that offer similar types of configurations, and you can see it may cost in the thousands range. Even though I want something for free, I think it is quite a reasonable tool. The only qualm I have with the tool is that it is a little stingy on how many times they have to rekey a license.

I would recommend the tool to others since for me, it is simple, the low cost of ownership, expandability, just the way it looks, I like the numbers, and when the data is there, you throttle how much information you want to see or collect. For somebody who likes to tinker or likes to see the numbers or wants to harden their network or has a corporate business and wants to ensure things are operating smoothly, the tool is worth it.

I rate the tool an eight out of ten.

We use pfSense internally to protect our management networks and provide VPN access to our internal staff. We also use it for customers needing a more sophisticated firewall than your home or small business WiFi router firewall package.

We deployed it at work when I got hired because we needed to replace the existing hardware solution. I've used pfSense for over 10 years, so I drew upon the experience from the experimentation I do in my home lab.

We're an ISP that provides managed services. We deploy pfSense as part of a larger solution, usually a contract for managed services. We provide their Internet circuit and a managed firewall so that they don't have to do that themselves. They pay part of the hardware cost—maybe 50%—upfront, and then the rest of it is applied against a contract, after which they will then own the hardware.

We use pfSense as a hybrid within our data centers, with some virtualized instances running pfSense community edition and some as Netgate hardware running pfSense Plus (the higher-end ones because we need a firewall that can handle 10 gigs of throughput). We've got multiple different models of the official hardware deployed for ourselves and some managed customers. They range from small businesses to a professional sports venue.

We use pfSense for work because I was already aware of its flexibility for our needs. The solution provides a great base level of network protection. PfSense is not a next-generation firewall, so it doesn't do in-line virus scanning or offer out-of-the-box IPS/IDS, but that can be covered by a manged antivirus suite and following good security practices. In terms of how secure pfSense is and how secure it keeps your network, it does that very well.

The biggest benefit of pfSense is its ease of setup, especially for VPN — both the end-user VPN and site-to-site VPN. It's easy to add features to pfSense via the package management system. We can just turn things on. They have made it much easier to deploy things like free radius, where we want to have enterprise authentication for WiFi. It's by far the most flexible firewall I have ever worked with. There are also packages for ACME for Let's Encypt SSL certificates, and HA proxy.

The pfSense Plus package has given us peace of mind, but we haven't had to open many trouble tickets with NetGate. Aside from the maintenance and support contract, the only feature we use from pfSense Plus is the wizard for building site-to-site VPNs from our locations to AWS VPCs. Building site-to-site IPSEC tunnels to AWS is a fairly complicated task, so having that wizard made it easier.

I would like a management console to manage and monitor multiple pfSense installs. We have several pfSense hardware devices installed and as far as I know, there is no single, unified pane of glass that I can use to manage all of them at once. That's the one thing I wish I had, just having a good single unified configuration interface for each install. 

I have used pfSense at my current company for at least four years now, but I've used it personally for over 10 years. 

I have to really dig deep to come up with any shortcomings. If you are using VLAN tagging, and making adjustments, restart the DHCP and DNS services manually, just in case.

As far as I know, there isn't a single console from which I can manage multiple installs. That is the only thing impacting their scalability. They max out at 10 gigabits per second, but anything above 10 gigs is such a niche market. To be honest, I doubt that's their target.

I rate Netgate support 10 out of 10. They turn around tickets quickly and their staff is fairly well educated. When I provide detailed information about the problem, they've been able to reply quickly with a solution or go research the problem and get back to us quickly with a fix. It's been pretty top-notch.

Positive

I've used OPNSense, a fork of the pfSense project, as well as Cisco ASA, PIX, Palo Alto, Ubiquiti's Unified Gateway, SonicWall, and FortiGate. Some bigger Ubiquiti firewall products are comparable to pfSense, and Cisco ASA has name recognition. SonicWall and FortiGate offer some enhanced features, like better threat management you get as part of a subscription, some block lists, and some more next-generation firewall features.

Overall, our chosen solution is pfSense, as it balances features and cost. It isn't the best at everything, but it's more than enough for almost everything you can throw at it, and it isn't ridiculously expensive like some solutions. It is massively flexible. Although it is missing some of the more esoteric features, you don't need those features 99% of the time. If you have the budget for it and need to do something more advanced than just the basic firewall, it remains the go-to solution we use every time. It's why I keep a couple in stock on the shelf so that I don't have to order them if we need one for an immediate customer install.

It's incredibly easy to deploy pfSense and takes no more than 30 minutes in a typical small office setup. A typical out-of-the-box setup for a small business can be running in five minutes flat. We usually have a two-person team with someone from our network engineering team responsible for the configuration and a field tech installing equipment on-site.

Regarding maintenance, you need to go back in occasionally and install the most current version of the software. We check for updates every couple of months, and that's it. That's it for maintenance. Once it's installed, we fire it and forget. It's there, and it works.

In-house

Priceless

I would say pfSense is competitively priced. It isn't the cheapest hardware, but I've never had a problem with it. It is far cheaper than big brand names like FortiGate and Cisco while delivering a feature set that's nearly the same across the entire list. The only places it falls short are esoteric features that almost nobody needs.

The support plan is reasonable. The pfSense Plus license with the warranty is either 400 or 800, depending on the level you want. For a commercial customer, that's more than reasonable and a lot cheaper than many solutions. We haven't had any sort of issues with the firewall hardware itself, so it's doing extraordinarily well on the total cost of ownership.

We did side by side comparisons of the feature sets and prices, and drew upon our experience with multiple vendors, including the equipment we had at the time.

I rate Netgate's pfSense 10 out of 10. I recommend turning on the built-in automatic configuration backup so that if you mess something up, you can easily restore the configuration from a backup and get it back up quickly. I also suggest downloading the community edition on a spare computer to play with and break because it's free. 

I use the solution in two of my homes. I have a home in the UK and one more in the US. I have two firewall tools running with a VPN link between them, and it allows me to easily administer and protect both networks, one in the UK and the other in the US.

I can discuss the product's most valuable features if you have a playbook for some of the things you want to hear about or expect me to touch upon.

The tool's most valuable features revolve around its ease of use. It is a resilient product with a very easy-to-use interface. The learning curve for the product is very simple. I also like the core packages included in the tool, making my firewall a one-stop shop for stuff like DNS and VPN usage. The tool has a lot of packages available. I like the product's in-built packages. I use WireGuard VPN, and it is very good. I use IPSec, the built-in DNS product in the tool. I can also link the tool with my UPS if the UPS has an outage in the northeast region where people experience electricity cuts. The software I use on Netgate pfSense acts as a kind of choke point and sends messages throughout my network to start shutting down during electricity cuts. My firewall is a ground zero area for me on my edge. All the packages in the tool allow me to protect my network. It serves as a Layer 4 product since Netgate pfSense doesn't do anything like other products offering Layer 7. As a Layer 4 product, Netgate pfSense is very strong since I can easily create very advanced firewall rules, which I wouldn't be able to create as easily with other solutions, especially if they don't come with more than 10,000 or 20,000 USD as the price tag. Palo Alto, Check Point, or FortiGate are expensive firewall products compared to Netgate pfSense. I don't think Netgate pfSense really competes with Palo Alto, Check Point, or FortiGate, but the latter set of tools may make it feel like Netgate is trying to compete with them. I work for a major security firewall vendor, and I don't think Netgate pfSense competes with it. Netgate pfSense provides SMEs with a significant amount of value for not a lot of cash.

It is very easy to add features to Netgate pfSense. Now remember that Netgate pfSense does not attract an average IT person. The tool attracts people with two profiles, including CCNA-certified or very sophisticated firewall administrators, hoping they can help use some of the pretty advanced features in the product. The second profile of the tool's users would consist of those who are getting started or want a better firewall than what their carriers or the provider provides them with so that they can learn about firewall devices. They want to learn about networking by using Netgate pfSense. For both profiles, the tool offers a very linear learning curve. The documentation in Netgate pfSense is very strong.

The benefits related to the product can be experienced immediately after the product is deployed. I wanted to replace EdgeRouters from Ubiquiti for my use cases, which have now gone into a deprecated mode. I wanted a tool that could offer me the functionality of EdgeRouter, and I was happy to pay more for a product that could provide such features. Compared to EdgeRouter, I had to spend 700 to 800 USD on both the final units from Netgate pfSense for both of my homes. I chose Netgate pfSense since I wanted a tool with a set of more updated functionalities and a solution that can be considered an easy replacement product for EdgeRouter. I saw immediate value in Netgate pfSense from day one.

A single pane of glass is a vast term. If I were to define a single pane of glass, I would say that it is something from which you can see everything from everywhere in a single dashboard. The single-pane-of-glass feature within the tool's user interface is one of the core aspects of the product. In my opinion, the tool has a very strong dashboard.

Netgate pfSense can minimize downtime easily since it is easy to put it in a high-availability configuration.

Considering that the tool offers a Layer 4 firewall's functionalities, I can say that Netgate pfSense provides visibility that enables me to make data-driven decisions. For example, the firewall fits into two markets. The north-to-south market is where Netgate fits in with Palo Alto, Check Point, Sophos, and Cisco. There is also the east-to-west market where I work since it is where my employer is currently. When you talk about the visibility of data, you are looking for either north to south or east to west. In terms of the visibility from east to west, which is based on application to application or data center within a data center, Netgate pfSense will not be helpful at all. From north to south, I get visibility over what is coming into my network. For example, I can easily capture dump traffic using the in-built features in the tool and run an SNIP on the traffic. I can see what's coming in and inspect those packets, and I can do that all within the user interface, which is a new feature in the tool that is very strong. I like the tool's new feature. The tool has very easy-to-consume logs, and it is very easy for me to export them into a SIEM server if I want to do some kind of mass data warehousing and sorting.

With the inclusion of firewall, VPN, and router functionalities, if I assess the total cost of ownership of Netgate pfSense, I would say it is very large.

I think the tool requires more strategic improvements than we need it to be in the present. With Netgate, considering that I work in a firewall market, I know that its problem is not just in its features. It needs improvements in terms of the strategic vision, where the product should go, and what market it should be for in the future. Netgate needs to figure out if they want to strive for the SMB business and the home market or if they want to attempt to reach out at an enterprise level. 

I don't think Netgate knows where they want to go with or without a plan. I think Netgate is still trying to devise a plan by itself as to which market it wants to fall into, which can make it more profitable for the tool. There is nothing that Netgate pfSense could do to make me feel any better about the product. I love the product, and I will use it until I die. It is a really good product. Improvements are needed in the area of the company's strategic vision and based on where the solution needs to go in the future. I spoke about north to south and east to west since the world is moving towards the concept of zero trust. If you are a CISO or a CIO and you are trying to achieve a zero-trust architecture, you need to check if Netgate is on your list of companies that would help you achieve it. If I consider the CIOs I speak to, Netgate doesn't even get mentioned in our talks.

I do not require improvements in the product. It is feature-complete. As a firewall, Netgate pfSense can be described as a very feature-complete product for the market space in which it currently operates.

Strategy and vision of the product are the areas with shortcomings where improvements can be made so that Netgate pfSense can figure out where the product should go in the future. It will provide Netgate with choices like whether it wants to go towards a zero trust architecture if it wants to go towards the east-to-west direction if it wants to go towards big enterprise or go into Layer 7 traffic. My answer regarding the need for improvement in the product is going to be more of a strategic-based one rather than from a technical point of view because the product is excellent.

I have been using Netgate pfSense for five years. I am an end user of the solution.

Stability-wise, I rate the solution a ten out of ten.

The solution's scalability is tricky, and it all depends on the context. It is infinitely scalable for me, and my company has 150 devices in my network, which may be nothing. Suppose a company like J.P. Morgan says they want to use Netgate Netgate as their north-to-south firewall. In that case, you may face big scalability problems because, at such a level, tools like Check Point or Cisco have custom silicon chip designs to support their workloads. For SMBs, the scalability part is not an issue. I don't think Netgate pfSense can offer much scalability for big enterprises.

I have contacted the solution's technical support team. The quality of the answers provided by the technical support team is good, and the responsiveness is exceptional. I rate the technical support a ten out of ten.

Positive

I have used many solutions that can be considered alternatives to Netgate pfSense. I can compare Netgate pfSense with FortiGate since Netgate is priced similarly but falls at a lower end when compared to Fortinet FortiGate. FortiGate is a better product for an enterprise. For home usage and small and medium-sized enterprises, Netgate pfSense can be a stronger choice than FortiGate. For home use, Netgate pfSense is very much preferable.

Even for an unskilled person, the tool's deployment phase would be easy to manage. It is a very easy product to consume because it has a lot of WYSIWYG and built-in wizards, along with a very easy graphical user interface.

Deploying one instance of Netgate pfSense can take around five minutes, and only one person does it. Regarding the other tasks, our company has firewall products that handle more than 100 or 1,000 workloads, and two to three people manage them.

A limited amount of maintenance is required from the end of the tool's users. It is just to adjust the firewall rules as and when necessary to meet the business needs, like in patching, where Netgate pfSense does a very good job while also being very responsible and quick to respond to zero day and CVE alerts. The tool is superb and very impressive, but it can be described as a very low-overhead product because, by nature, firewalls under the north-to-south are for static workloads, which is where Netgate's market is currently. Those workloads are not changing for now. You put Negate pfSense into your system and forget about it, which can be considered as a whole other problem in firewall products, but I won't go too deep into it because that is why there are 20 years of rules in firewalls and no one maintains it because you just set it up and forget it.

I bought Netgate pfSense Plus since I have to use the firewall in both my houses, so I have four solutions. I have made certain payments using a subscription-based model to use Netgate pfSense Plus.

If I were a part of Netgate leadership or running the company, I would clear out a few areas on the strategy side of the business. I work for a major enterprise where an SME or the tool is needed. Netgate's strategy regarding Netgate pfSense Plus for home users or labs was very misleading in nature and handled very badly. I have opted for the tool's subscription-based pricing model. a subscription, and I am very happy to pay the money money, which comes to around 130 USD for two years, which is nothing for me. Netgate handles the tool's subscription-based pricing model very badly.

I think Netgate pfSense's pricing or licensing models are fair enough. I think the way Netgate pfSense handled its previous pricing model with regards to Netgate pfSense Plus was an area that was misleading for users. Overall, what I pay for the product is very reasonable.

There are no features in Netgate pfSense that help prevent data loss. One can use a DLP tool to manage data loss.

The visibility in Netgate pfSense does not help me optimize performance, and I think it is because I am a pretty advanced user on the command line. I wouldn't rely on the visualization part for any advanced performance.

I have never used Netgate pfSense on Amazon EC2 virtual machines.

My suggestion to those who plan to use the product would be that they need to read the solution's documentation, utilize the community forums and shouldn't be afraid to fail. It is easy to recover from failure with Netgate pfSense since it has configuration change logs along with very easy rollback abilities. In the newest version, if you make a change and you reboot, it just snapshots you back to the new change, which is excellent.

I rate the solution a ten out of ten.