Netgate pfSense Reviews

I use Netgate pfSense personally at home and the data center, our headquarters, so it is for enterprise and personal use.

The most valuable feature of the solution is that it is an open-source tool and is available at a very low cost.

In terms of flexibility, the tool is great, especially the fact that it is open source. On Netgate pfSense Community Edition, people can write stuff into it and get plugins for it. Netgate pfSense Plus version does a review process with the help of Netgate, so you don't have to have many plugins for it. The tool is very open to modification if you need to do that.

The benefits related to the product can be experienced immediately after the product is deployed, especially in terms of the speed improvement and features that we don't have with the current solution or the current technologies that we don't have with our current solution.

To deal with data loss while using Netgate pfSense, you can always export the logs or dump them into a log server, specifically a Syslog server. I don't really view the boxes in the data warehouse other than the logs. There are features in the tool that we can send out to the syslog server, which is what we do in our company.

In my enterprise, we are getting ready to push out two hundred devices, and I don't see a single pane of glass management. I don't necessarily consider Netgate pfSense to be an enterprise product because it doesn't offer a single pane of glass management. With Netgate pfSense, you have to touch all devices to make a change. My company has been messing around with Netgate pfSense for some scripting on it, but it is still not what I am used to using in the enterprise. One window for controlling all devices doesn't exist in the tool.

Netgate pfSense provides features that help minimize downtime since it offers high availability on the boxes. You can use multiple WAN interfaces, so multiple ISPs can be plugged into your device to help manage if the service from one ISP goes down.

Netgate pfSense provides visibility that enables our company to make data-driven decisions since it offers graphs, traffic graphs, and firewall graphs. I can see if there is a client on the network that is just flooding everything. Yeah. The tool has graphs, charts, and log files.

The visibility of Netgate pfSense helps optimize performance. If I see there is a network that is a guest network that is just maxing out at 100 percent, I can attempt to give them some more bandwidth. I can modify the quality of service to give them better or more bandwidth.

With the inclusion of firewall, VPN, and router functionalities, if I assess the total cost of ownership of Netgate pfSense, I would say that I get what I pay for when it comes to Netgate. I get more than I am paying for, meaning the return on investment is great. I feel reluctant to talk about the good return on investment experienced by my company from the use of the tool because I don't want Netgate to charge more money, and as a non-profit company, it can hurt us. The total cost of ownership is fine since our company does not have to spend a lot of money on it. I know that if there was a Linux conference three or four weeks ago, and they were giving me some grief points on how it dies after buying boxes from Netgate in a year, it dies, but I have not experienced that. My total cost of ownership is great. Other people would buy the box, which would die in a year, so they would just lose money.

Netgate pfSense needs to have a single dashboard for managing all devices.

As an enterprise customer, I expect Netgate's sales personnel to inform me of the new devices that are coming out. For example, there was a time when I was getting ready to buy a device, and then I thought that I needed to hold on, and so the order failed. I thought I needed to wait a few days before ordering a new device. I was getting ready to order another device, which was Netgate 1541, but after two days, Netgate 8300 was released, and it was far better than what I was getting ready to buy. I was really disappointed that the salesperson from Netgate didn't ask me to hold off on my decision to buy Netgate 1541. You don't have to tell me that something brand new is coming out if you don't want to spill the beans or anything like that, but it would have been nice if Netgate had asked me to hold off on my decision to buy Netgate 1541. I was getting ready to buy a product that would have been, immediately two days later, an old technology. I just expect more from a salesperson. When going through Netgate's website, while trying to buy Netgate 1541, I saw there was a list of features at the bottom of the product page, so I had to select the features I wanted, but I couldn't have all the features at the same time, and the website would prevent me from adding extra features, which actually was the cause for the order to fail. I had added features that you can't have at the same time, but nowhere on the website did it say anything like that, and that led to a delay in my time frame. I was trying to get something to solve a problem at a certain time, and then it wasn't until a day later, a day and a half later, that Netgate called and said that I couldn't have all of the tool's features, which was something that messed up my installation time. Issues with the product are associated with feature requests. It is not necessarily the box itself but more of the company that needs to consider improving its approach. For the box itself, everything in a single frame should be released.

I have been using Netgate pfSense for five to seven years. I am a customer of the product.

I haven't had any device crashes yet. The stability is great. I have not had a device crash. When there was a device crash, it was for the one at my home when we had five power outages, and it burned my hard drives, but that was not because of Netgate's box.

It is easy to scale up. I will be visiting a site soon that has Netgate 1100, and I am going to put in a Netgate 4200 over there. I don't think I am going to have any issues. I will be able to copy things off the config of Netgate 1100 and dump it on Netgate 4200 with a few modifications. The tool's scalability is great. If I need to add a drive or replace one of the hard drives in the tool, then that is something that can be done easily.

Based on the customer support for our account to figure out why an order didn't get through or why we can't get this part, we have contacted Netgate's team, but not for actual support. The tool's community is fantastic, and it is one of the driving pieces that I sell to my decision-makers, considering that the community supports the solution. With community support, I am not just calling out to five or ten people. Instead, it is possible to reach out to the world to respond to an issue that might have been of a lot of concern.

I have never contacted the tool's technical support team for any technical support, but it was just a question with my order.

I have experience with Juniper, NetScreen, OPNsense, Cisco, and Meraki. If I consider the box itself, Netgate pfSense is better than the other tools I have used. 

From an enterprise perspective, I can't say Netgate pfSense is better than all the tools I have used because it doesn't have that enterprise management capability. As soon as they get that enterprise management capability, Netgate pfSense is the best out there in the market.

The ease or difficulty in the tool's initial deployment phase that one may experience depends on the box. If I speak about Netgate 1100, I believe that using a switched network interface or ports can be a little more challenging than trying to work on VLANs. The other boxes that aren't switched, like Netgate 4100 and the models above it, work perfectly fine and function as I would typically expect, so the installation is not hard at all, but you do have to know networking. I always hire people, and they are used to having stuff done for them when it comes to tools like Meraki. You just plug it in, and it works. The people I hire have no idea how to do any type of networking or act as IT or MSP professionals, and they can only work in the framework for which they have been trained. You do need to understand fundamental networking technology to make the tool work. For me, the installation is easy. If you don't understand fundamental networking technology, it can be hard to install the tool.

One person can manage the product's deployment phase.

There is a requirement to maintain the product since we have to touch each and every box to do software updates. The tool does require maintenance on our part.

I use the Netgate pfSense Community Edition and the paid version called Netgate pfSense Plus.

Netgate pfSense Community Edition is great and free. For Netgate pfSense Plus, we have to buy Netgate's boxes, and the pricing is great. As a non-profit organization, I would like to have a discount from Netgate, but if you are ready to buy a hundred boxes, it would be nice to have a discount. I understand that Netgate pfSense does not charge a lot more for the box than what we are paying for them. The pricing is fine.

In terms of how difficult it is to add features to Netgate pfSense and configure them, if I talk about writing from scratch, it is something that I don't do. If someone has a plugin, pulling that in is ridiculously simple. If I say that I want a Tailscale plugin, then I can put it in, and it is already in the system, and as long as I know how to do networking, you can figure out how to use a plugin since it is not hard at all in regards to Netgate pfSense Community Edition and Netgate pfSense Plus.

I have not used Netgate pfSense on Amazon EC2 virtual machines.

One needs to realize the difference in the switched version, and to do so it is important to understand Netgate 1100 and Netgate 2100 and the individually addressable ones since it is the area that threw me when I first got Netgate 1100, I was like, what in the world am I working on currently. Managing the VLANs on the tool threw me a ton, and it took me about an hour to figure out what was going on with the solution.

As the tool really needs centralized management, I rate it an eight to nine out of ten.

We use pfSense as the main firewalls coming into most of the companies we support. I work for an MSP. We've used different things. Our higher-end customers even run pfSense high availability clusters, and those work like a champ.

It has made deploying firewalls a faster process due to ease of configuration.

One of the features we use the most is the OpenVPN and IPsec VPN tunneling built within it. We have places that are headquarters and multiple locations where we create tunnels. We support police departments and stuff like that. Part of our use case is one of our police departments that does their own dispatching, so they have software that they run in-house. So we set their points out where the points themselves dial back in through OpenVPN using client certificates to create that always-on tunnel. Prior to us taking that over, they were using FortiGates, and the FortiGate FortiVPN was constantly dropping, and they were constantly having to re-authenticate. They would have to put 2FA back in. Since we've put in pfSense, we have the cradlepoints in cars establish the VPN connection, and we hardly ever hear from them since there seem to be no issues.

pfSense's flexibility is great. If you don't have the money to buy the NetGate hardware, anything works with it. You can toss it on any low-end piece of hardware or virtualize it if you choose to virtualize it. It is super flexible.

It's easy to add features to pfSense or configure them, especially if you're familiar with pfSense. They have a complete repository of apps that you can choose from and different types of monitoring packages you can put on it. They're all very, very straightforward and very easy to set up. I even run a pfSense for my home firewall. I've got AT&T fiber coming into my house. I bridge the public IP through, patch the modem into my pfSense, and have no issues whatsoever. I even run multiple VLANs off of it.  I replaced a FortiGate with this setup.

The benefits are witnessed immediately after you deploy it. Immediately after you deploy it you're no longer having to read articles to figure out what flaw has been found in this version of FortOS or what flaw has been found in this version of SonicWall that's being run. You just you don't seem to have that in the pfSense platform.

pfSense provides with a customizable dashboard landing page.  You can add widgets to show you any piece of information you want to see. I can add in a widget where, from the dashboard, it'll show me, what OpenVPN clients I have connected. It'll show me traffic graphs from LAN, optional ports, uptime, what version of BSD I'm on, what version of pfSense I'm on, whether there's an update available for PFSense, IP information, et cetera. It gives me all this within the main loading dashboard screen.

To manage multiple devices, you would have to subscribe to a third-party service to have the ability to do that.

This is truly set it and forget it. We didn't quite run into that as much with FortiGate. Even with the third-party add-ons, we don't seem to run into issues with the pfSense product where we have to be so hands-on.

There are two versions of pfSense, the community edition, which is free, and the paid version, Plus. We run both. We're getting more away from the community edition since we're starting to just purchase NetGate appliances. We're buying it strictly through NetGate. At this point, we're even starting to add on the tech support, which is top-notch.

pfSense can help to minimize downtime. You can set them up in a high-availability cluster, and that pretty much minimizes all downtime. Your secondary appliance picks up if your primary appliance goes down. It makes it really easy to apply updates or reboot the one firewall. It switches over so seamlessly. Your users never know the difference. When the primary firewall comes back up, it'll take over the primary function again, and then you can reboot your secondary firewall.

The visibility in pfSense enables us to make data-driven decisions. You can use traffic graphs and the historical data of those traffic graphs, especially if you're monitoring your WAN connection, to know whether you're oversaturating your line and whether you need to update your bandwidth coming into your building or not. That way, if you're seeing slowdowns on the internet, you can go back to your traffic graphs and figure out if you are seeing the slowdown from your provider or just oversaturating the line. If that's the case, I just need to call and order some more bandwidth.

As far as optimizing the performance goes, I like the fact that you can take interfaces within pfSense and put bandwidth limits on them. If I have a guest network, I can put a throttle limit on it to make sure that somebody doesn't hook to my guest and eat up so much bandwidth that my primary network can't function.

They're very affordable for what they offer. However, they should become more MSP-centric. They could design a centralized dashboard that I, as an MSP provider, can create sites and load my pfSense in there. That way, I can schedule updates to run after hours and things along those lines. They need to design for MSPs that are using their products and make centralized management easier.

I've been using pfSense for at least a decade. 

pfSense doesn't ever crash. If I had any gripe about these things, it's the fact that sometimes the update process will break the appliance. I'm not sure what causes it. I've had a few appliances where they've been running fine, and I go to apply an update, and then they just don't boot back normally. At that point, I reach out to support. They give me the reload file that I need. I reload the appliance. I dump the config back on it, and then it's good to go.

As long as you're buying an appliance that will support the bandwidth that you need to push through it, scalability is fine.We've got some of them running 10 to 12 VLANs. We've got one particular one that has no less than five different OpenVPN setups depending upon the department you're in.

Their paid support is top-notch.

With the community edition, and this probably is one of my gripes to pfSense, and this is more on the NetGate side, is that they don't make their images readily available to you. So you have to open a support ticket. You have to give them the hardware ID. You have to give them the serial number of the appliance, and then they will send you the file that you need to reload the operating system. Even so, we're talking about less than an hour of waiting time, and somebody will respond to the ticket and give you a link where you can download the software to reload it.

Positive

We've used SonicWall. We've used FortiGate. We always seem to go back to the Netgate and the PS pfSense just due to the fact being open source, they seem to have fewer security flaws in them than running something that is a closed proprietary system. With FortiGate, you constantly need to update, since they're constantly finding flaws in the FortiOS, and we just don't seem to have that from pfSense and the NetGate supply of products.

There was more hands-on work with FortiGate. If you're doing any type of web filtering, they would come out with an update where a website that did work would start getting miscategorized. And then all of a sudden, it would stop working. And you would have to go in and make a white list and an exception for it.

We buy the appliances and then install the appliances on our customer sites.

The initial deployment is easy. How long it takes depends on how simple or how complicated it is. As far as just a simple firewall goes, I can have one of them up and running in 15 to 20 minutes.

Even if you are not too knowledgeable, it would be very easy. When you first boot into it and go to the web interface, it has a wizard that walks you through setting the IP address on your LAN and configuring whether you're using DHCP or static on the LAN. That wizard that walks you right through what to do right out of the box.

Just one person is generally needed for deployment. 

After the deployment, it's pretty much set it and forget it. I will go in and I will check quarterly if an update needs to be applied, however, they don't come up with updates that often. Maybe once a quarter, once every six months, an update has to be applied to the appliance. Other than that, I am only logging into these appliances if I need to make rule changes or if I need to bring up an additional VLAN in the network.

The licensing model is good. It's probably a little expensive for the hardware that you get. However, a part of that price is the support. And their support is top-notch. Even if you're only using the community support, and you're not paying for the extra support, they probably pad the hardware prices a little bit to help offset their support people. 

I love the TCO (Total Cost of Ownership) of pfSense. That's one of our selling points to our customers. You can buy this, buy once, or, you can look at going to Meraki or FortiGate or something like that, but, be paying licensing fees every single year to keep that product up and running.

I'm an MSP.

I'd rate the solution ten out of ten.

If you're going with the NetGate appliance, I'd let new users know that they are already optimized for pfSense. If it's something that you're looking to virtualize or if you're looking to use a community edition on your own hardware, my recommendation would be just to make sure that you use Intel network cards. I have never had a problem out of an Intel NIC for getting the OpenBSD underlying platform to recognize those network cards and load the proper drivers for them. That way, they show up within the pfSense software.

I'm an independent IT consultant specializing in pfSense router deployments. I use pfSense not only in my home and my parents' homes but also at ten of my clients' locations.

The pfSense router can be deployed on-premises, in the cloud, or on a hybrid platform, but I only deploy it on-premise.

pfSense's flexibility overall is excellent. I can't think of a feature that it doesn't have.

Once I got the hang of it, pfSense became easy to use to add new features. However, there are occasional complexities, like configuring a RADIUS server, which initially seemed overly complicated. Thankfully, the documentation helped me navigate the process successfully.

I immediately saw the benefits of pfSense based on the cost savings alone. The routers are low-cost, to begin with, and there are no annual licensing fees like those required by Cisco routers and other brands. I have replaced many Cisco routers with pfSense because of the ridiculous licensing fees.

pfSense, as long as it is properly configured, is excellent at helping us prevent data loss.

Netgate hardware devices come pre-installed with pfSense Plus, which means all of our installations benefit from pfSense Plus because they run on Netgate hardware.

pfSense provides visibility that enables us to make data-driven decisions. The package manager lets us add a lot more visibility. I use the softflowd add-on package, and there are a few other add-ons if we need more visibility.

The visibility provided by pfSense helps optimize performance. The data flows across the different subnets, which is helpful if there is a performance issue.

pfSense stands out for its full features and adherence to industry standards. Unlike competitors introducing proprietary variations like UniFi or Omada, pfSense prioritizes compliance. This is crucial in manufacturing environments where diverse systems need to integrate seamlessly. In such multi-brand settings, standard compliance becomes a critical factor for successful system interaction.

pfSense doesn't offer a central management system for multiple sites, which wouldn't be a big deal for most of my customers, who typically manage just one site. However, for larger companies with many sites, logging into each pfSense router individually to manage them could become cumbersome.

Previously, we were able to download an offline installer for our firmware. For example, if our router crashes, we must reinstall the OS. We would have it on a USB stick that is available to reinstall. Now, with the current version of pfSense, they are no longer providing an offline installer. We have to be connected to the internet to download the OS in real time, which, in some cases, is not possible. Some routers need to be air-gapped for compliance controls. They are not supposed to have access to the internet. In other cases, we can't disconnect the company's internet to connect the replacement router because that would take down the company. So we don't have a way to install the OS. I went back and forth with Netgate's support, trying to get that through their heads, and eventually, a manager gave me the offline installer but told me this would be the last one and not to expect this ever again. They have provided offline installers for 15 years, so I don't understand why they would remove them now. They are not considering all of the use cases. If we have a large company and the router goes down, we could be losing thousands of dollars an hour, and we don't want to sit there trying to troubleshoot an internet connection when we could use a USB stick to reinstall it in two seconds and restore the config. This is an essential need for some organizations and an area where Netgate pfSense can improve.

I've been a Netgate pfSense user for nearly 15 years, practically since its launch.

Netgate pfSense has been excellent in terms of stability. I have never had an issue with any of the business-grade routers. Their lowest-end model runs on MMC storage instead of regular hard drive storage, and I have had some of those crash.

Netgate pfSense has different tiers, so the higher we scale, the more expensive it gets, but as long as we match it appropriately, it works great.

I have never paid for Netgate support, but when we purchase a new router, they allow us to send a config of the old router and provide one-time support for free. So, I have interacted with them a few times under these terms. The results have been mixed. Sometimes, I can tell I am speaking to a competent person, and others don't understand what I'm saying. In the past 15 years, I have been working with pfSense routers. I have contacted the support team 15 times, and the results have been 50/50.

Neutral

I have used Cisco routers, which were a real hassle to manage. I have also used Linksys and Apple AirPort routers.

The initial deployment for a new user is moderate. It all depends on their experience level. The documentation on their website is suitable for beginners. For a basic deployment, there are many articles from other people and YouTube videos on how to deploy.

Compared to other business routers, pfSense's pricing is reasonable. It also offers a free community version that can't be beaten.

With the inclusion of firewall, VPN, and router functionality, pfSense's total cost of ownership is low compared to other routers like SonicWall, which licenses the VPN feature. 

When I compare pfSense to other routers like TP-Link and Omada, I see that it has all the standard network features, whereas the others are missing a few. The challenge with pfSense is learning to use it because of all the features it includes. I have never felt like I needed to change brands because pfSense was missing a required feature.

I would rate Netgate pfSense eight out of ten. It is a great product.

I recommend new users do a test setup on their home network first to understand how it works before moving it into their business.

We use the solution as the main firewall and a proxy for load balancing our web servers.

The best feature of the tool is its all-in-one capabilities. It is a firewall with built-in IDS and IPS, load balancing, and VPN connections. The VPN integration, particularly with internal AD environments, provides stable connections. Centralized authentication is a notable benefit as well. We primarily use it for these features on our server level and are planning to expand their use in our complex environment to connect employees and services. 

Netgate pfSense is cost-effective because you can start using it for free. You can research how to install and configure everything, then install it virtually on any device or partition some hardware. This allows you to start using a firewall without any initial cost.

For larger companies, if you have one or two people skilled with the tool, they can design the complete network using it. That's all you need. You don't have to invest in expensive subscriptions or big hardware setups.

My only suggestion is that Netgate pfSense implement more graphical monitoring. While there are accounts with add-ons for graphical monitoring of data networking, IPS, IDS, and firewall-level events, having more graphical representations like blocks would make the tool more capable. Although it has commercial support and a good GUI, it can still be challenging for someone without firewalls, command lines, and networking knowledge.

Adding features to the solution through packages is somewhat limited. The marketplace doesn't have as many options as you might expect.

One example is the IPS/IDS system. Netgate pfSense still uses Snort 2.9, even though version 3.0 has been out for about a year. Version 3.0 offers important improvements like multi-core support, significantly speeding up processing. The solution seems slow to update to newer versions of these third-party packages.

The tool should provide beta versions with the latest package updates sooner so users can benefit from new features and improvements.

Another issue is the lack of a package marketplace. Despite being open source and customized by many developers globally, there isn't a wide selection of community-created packages. The reasons for this aren't clear to me - it could be security concerns or other factors.

Based on my experience using Netgate pfSense for about four years, I can't say the improvements in our environment are solely due to the product. It's a combination of Netgate pfSense and another monitoring tool we use.

Monitoring is crucial. The easier the monitoring and user interface, the simpler our team can work on and investigate issues. Accessing data becomes more difficult when you use commands or other complex methods.

With our third-party tools, log viewing is very straightforward. The tool logs everything important. This was helpful when our site was slow, and we needed to determine why. The logs from Negate pfSense and our IT systems help us identify issues.

However, the solution's combination with a third-party monitoring tool provides a graphical interface. This makes it much easier to review logs and pinpoint problems.

If Netgate pfSense had a better graphical interface, it would be one of the best products available. I think the graphical interface should be much better and easier to monitor. For example, I encountered errors when I installed HAProxy, a load balancer available in the solution. It was difficult to determine the errors because the backend wasn't working properly. It took us a long time to identify the exact issue because more detailed error information isn't directly available in the current interface. You must go through different steps to trace and see what errors are coming up.

If the tool could improve in this area and provide more error details directly in the interface, that would be beneficial. As for packages, if they could update to newer versions of third-party packages more quickly, that would be helpful. I understand they might not be able to use the very latest versions immediately, but if they could provide updates within three to six months of a new package release, users could try new features sooner.

One additional feature that would be helpful is SAML authentication. Many companies now use Azure or AWS; in our case, we use Office 365 for email and authentication. If SAML authentication was available in pfSense, we could have integrated it with Office 365, allowing users to log in directly using their existing credentials.

The tool can integrate with Azure AD internally, but SAML or two-factor authentication, such as SMS, would provide better security. Firewalls are usually kept behind the scenes and not exposed, but this feature would be useful in some cases.

We've offered Netgate pfSense to many clients, managing it for them and migrating them from existing firewalls. They're generally happy with the change. However, some clients were looking for these additional authentication features. While we can integrate with Office 365, a direct connection option would be beneficial.

I have been working with the product for four years. 

I use Netgate pfSense Plus. We mainly chose it for early updates and commercial support, as advertised on their site. I've only used the support once, though. We started with the free version, which worked fine without issues. After three to four months, we upgraded to the Netgate pfSense Plus environment. Since then, it's been very stable. We've never had problems that required rolling back changes after updates. The updates are very stable - we don't have issues when we update the firewall. So overall, it's been quite stable for us.

I rate the solution's stability a ten out of ten. 

My company has five users using the solution in two locations. The solution's documentation shows that it is scalable. 

There is a lot of support material available on the Internet. You need to do some research. In my experience, I've only had to contact Netgate pfSense support once in the last four years, and that was because I messed up the operating system in our virtualized environment. 

We were previously using Cisco ASA 5500. After three years, we needed to upgrade the hardware and the subscription. At that time, we were moving from an on-premise solution to the cloud, so we decided to try Netgate pfSense. Our vendor recommended it. We wanted to get at least six months of experience with it to ensure its features were stable and it could handle higher loads without breaking. That was one of the main reasons we chose the solution.

The solution's deployment is straightforward. The basic setup took us just about two to three hours. However, designing our custom network configuration took a bit longer. Overall, we got the tool up and running in about three to four days in my environment. There were three people involved in the deployment process: myself and two other team members.

Netgate pfSense doesn't require much maintenance on our end. It's pretty smooth. We monitor alerts. When there's a new update, we test it in our staging environment to see if it affects anything. If it's smooth, we upgrade.

The tool has helped us save money. 

The tool is flexible; even the free, open-source version offers many features. From a cost perspective, even the subscription model for commercial support isn't too costly. However, it's important to have someone knowledgeable about Netgate pfSense to take advantage of it. While there are online resources, a professional or someone experienced can get much more out of the solution. I've heard that the IPS/IDS licenses and other features can be costly.

The solution is very cheap. It's so affordable that even students can use it on their laptops. It's a good, cost-effective product.

The solution has a single web interface, which you could consider a container. Within this container, there are multiple interfaces or sections. You must navigate to different settings to manage different aspects of the system.

So, while it's all contained within one web interface, you can't see or manage everything from a single screen.

I recommend the tool to our clients. We help them implement and support it. I rate it an eight out of ten. 

The solution's most valuable features are high availability and the VPN options. Netgate pfSense has the ability to support multiple interfaces and spin up virtual IPs.

What drew me to Netgate pfSense from the beginning is that it's free, open-source software. I wanted the solution for additional control over firewall routing, and there wasn't really anything else on the market that would do that.

Netgate pfSense is very flexible. I like that it can run on enterprise bare metal and Raspberry Pi. Obviously, Netgate has a lot of appliances ranging from extremely small to extremely large.

pfSense Plus is extremely low-cost. Its comparative features include high availability, the ability to tune system variables, and support for hundreds of interfaces.

It would be great for the solution to have better logs. Some of the solution's graphs that show visibility on system performance or session count lack resolution. For example, you may only be able to see the session count by day if you want to look back more than a month.

In contrast, we would want to see the session count fluctuate by an hour or five-minute increments. It would be helpful to be able to query larger data sets, even if you had to break them up into smaller subsets.

I have been using Netgate pfSense for seven years.

The solution's scalability is very poor past 5,000 clients and impossible past 10,000 clients.

I had a very poor experience with the solution's technical support.

Negative

I switched from Netgate pfSense to Fortinet. Scalability and high availability are significantly better with Fortinet. It took me about 10 to 15 hours to set up high availability in Netgate pfSense just because of the way it works with virtual IPs and CARP.

On the other hand, it takes about 15 minutes with Fortinet. It's just a completely different experience. Also, the performance availability for appliances is a thousand times better with some of the higher-end offerings at Fortinet versus the highest-end offerings that Netgate has.

The solution's initial setup is difficult because of the extensive setup it takes to achieve high availability.

In our case, it took us around 40 hours to fully deploy the solution from start to finish.

I think Netgate pfSense's TAC or support is a little expensive, considering how inexpensive everything else is. Netgate's most expensive appliance costs around $5,000. However, an annual subscription to TAC costs around $1,000, which is roughly 20% of what you pay for the hardware. It seems a little excessive.

I would say it's pretty easy to add and configure features to Netgate pfSense. However, if you add features that Netgate does not officially support, you can run into issues with your support contracts. It's easy to add features, but it's extremely difficult to support something that is not an official Netgate plug-in.

We saw the benefits of Netgate pfSense pretty immediately after deploying it. We have been scaling, though. As we got to a very large deployment across different sites, we started to see additional problems, but then we also saw additional value added. Initially, there's a lot of value, which increases over time, but eventually, you hit a wall where it's just not that valuable.

On the surface, it looks like pfSense Plus provides visibility that enables data-driven decisions. Unfortunately, after many back-and-forths with support, they say that it looks like the firewall has done something, but there's nothing in the log. There's no data to support their theories. On the surface, it looks like it should, but we found in practice that it was missing a lot of data that would help us make decisions that we needed to make.

The solution's total cost of ownership is good for what it is. I don't think I would ever use it in an enterprise environment anymore. As a value proposition, it's really good for a small business application or a company with multiple sites that you need to be able to interconnect.

You can set up an entire ecosystem for $ 5,000 to $ 6,000 with top-of-the-line hardware from Netgate. Unfortunately, with our user account, throughput, and bandwidth, we've just outgrown it and can't use it anymore.

We've bought appliances for Netgate pfSense's deployment, and we've also deployed the solution on separate machines. Most recently, we used the appliances.

Technically, we never got Netgate pfSense to a good solid state. For the four to six months we had it in production, it was constantly down and needed at least 20 hours of maintenance a week.

Overall, I rate the solution a six out of ten.

The benefits I have seen in my organization from the use of Netgate pfSense rewards around the fact of how quickly we can implement changes that are needed with the tool are definitely one of the main things. Overall, we have experienced less downtime with the tool. In my organization, we have had downtime with Cisco. Overall, we have noticed some performance increases as well with the use of Netgate pfSense.

The solution's most valuable feature is that I really like the third-party add-ons, as they give the firewall a ton of flexibility and extra functionalities.

My organization plans to solve costs-related problems by using Netgate pfSense. We were using Cisco's firewall products, and the license and hardware costs were just too high. With Netgate pfSense, I think we can get a full firewall tool with support and no need for licensing for under 5,000 USD, saving a ton of money.

There were no specific security issues or challenges I was trying to address using Netgate pfSense.

In terms of the overall flexibility offered by the product, I would say that it is very easy to implement, make changes, and adapt to different challenges that we may have with it. It offers a lot of different options, including VPN options for site-to-site client VPNs. Overall, it is a great tool. It is a highly adaptable solution that is, most importantly, very easy to implement.

It is extremely easy to add features to Netgate pfSense and configure them. If you are talking about third-party stuff, it is something that is within the firewall itself. You can go into the Package Manager and install it.

From a configuration point of view, it is extremely easy to use the tool. With third-party stuff, it can be a pain, but overall, it is extremely easy to manage Netgate pfSense since it is mainly a GUI-driven tool. It is super easy to configure overall.

If I assess the solution for helping our organization prevent data loss, I think it has been great for us. Everything has room for improvement, but it has been great right now.

Netgate pfSense provides our organization with a single pane of glass management. The tool offers great flexibility and is awesome. In our organization, we haven't had any issues with it. It just makes changes that need to be done extremely quickly and efficiently by the end of the day.

I have worked with Netgate pfSense Plus. I buy the hardware from Netgate, and it comes with pfSense Plus.

Netgate pfSense Plus provides 100 percent features that help minimize downtime. In extreme situations, implementing connections that were super helpful in the past and just the ease of deployment, the product offers is helpful since even if something happens to the firewall itself, I can have a virtualized firewall doing the same thing within less than an hour. It can help with that downtime. I know that Netgate pfSense is extremely reliable and a great tool.

Netgate pfSense provides 100 percent visibility, enabling my organization to make data-driven decisions. Netgate pfSense is very much configurable. It gives you 100 percent of everything you need to make decisions. It gives you details of all kinds of different graphs, traffic, and firewall rules, along with the things that you definitely need in the form of the data that you need to be able to just make quick data-driven decisions.

Netgate pfSense visibility helps me optimize performance. The data is just so easily accessible that you can make decisions very quickly. It also helps improve performance. In our organization, we have noticed a very noticeable performance increase since we shifted from the old firewall from Cisco to Netgate pfSense.

If I were to assess the total cost of ownership of Netgate pfSense, I would say it is extremely low and affordable. I think it is a really very simple and extremely budget-friendly tool.

In our organization, we have had such a good experience with Netgate pfSense over the last four years. In terms of improvements, I have not really thought much, to be quite honest. Maybe faster releases for the software or the firewall itself can be areas where improvements are possible. The tool is just a little bit slow to release patches, so it is probably one of the things where the tool can improve. In general, the tool is not bad at all at the end of the day.

Speaking about whether any enhancements are required in the tool, I would say that the tool has everything that we need for our usage. We have an extremely complex environment, the most complex of which is how we use Netgate's BGP to connect to our ISP. Netgate pfSense is extremely feature-rich for our specific use scenarios, and we have not encountered any shortcomings in the solution.

I have been using Netgate pfSense for around four years. The box itself says Netgate pfSense XG-1540. I don't remember the software version we are using right now, but all I know is that I keep it up to date. In my organization, it will be the latest version of the product.

I have not faced any issues with the stability of the product. I have one firewall in a very bad physical environment. It was very dusty, but it has been 100 percent reliable.

It is an extremely scalable solution.

In our school, we have close to 1,800 students and 210 teaching staff overall. With administrative staff, I think there are about 50 people.

I have the tool in different locations and on different campuses.

If I can call someone from the product's technical support team, l can have a technical person on the phone with me in less than five minutes. If you have any questions for them, they will come and try to give you the answer as quickly as they can, and if they don't have a reply, they will reply to you later via email. For the amount that it costs per year, the level of service that you get is unbeatable, honestly. I rate the technical support a ten out of ten.

Positive

The product's initial setup phase was extremely straightforward.

When we deployed the product for the first time, we went through its documentation and how to do things. Otherwise, the strategy is usually based on the fact that we have four campuses, and they run in a similar manner. At least for us, we have a master configuration sort of thing, which we can kind of load into Netgate pfSense and make the small changes that we need, like VLAN changes and small things that apply to the location that the device will be deployed to, and it takes less than probably an hour or two to kind of have a firewall deployed working with the bare minimum, which is extremely fast compared to what it takes with Cisco.

In terms of maintenance, it has been pretty much like we do the setup and then forget it. The firmware updates, or physical maintenance, like cleaning the device, are there. From a greater overview, it is just kind of a set-it-up-and-forget kind of solution for us.

The product's deployment was done in-house, and it involved just me. The enterprise-level support from Netgate helped my organization a lot, especially during the first two deployments, but after that, it was easy.

Personally, I do not have any metrics or data points associated with the ROI that I can share with anyone. My CFO is the person who has information related to ROI.

In our organization, the whole point of moving to Netgate pfSense was that we wanted something that wasn't hard to use or where the licensing wasn't so expensive. We looked at different open-source options, but I can't remember their names. We also looked at UniFi's firewall, but Netgate pfSense came on top for us, considering the support provided and the fact that Netgate's team is the main set of people that keep up with pfSense's open-source project. With Netgate, we work directly with people who use Netgate pfSense, and it is great. We did look at other options, one of which was UniFi, but I cannot remember the name of the other alternative to Netgate pfSense. I think it is called OPNsense.

Suppose I compare the other tools I evaluated with Netgate pfSense, and I feel that the pros of pfSense revolve around the area associated with the product's cost in terms of hardware requirements and licensing. There are no existing costs for the licensing or the hardware. You can deal with the licensing part yourself and get it at a cheap rate from elsewhere or buy it from Netgate's boxes directly from the solution company. Another pro would be the ease of management the tool offers since it is possible to have everything that you need in the GUI, which is a little bit controversial because a lot of people like CLI, but sometimes you need to get something quickly without having to have hundreds of different things.

I haven't come across any cons in the product since most of our company's scenarios are simple and small since we are just a school compared to what other big companies have. Everything that Cisco's firewall was doing for us, Netgate pfSense's firewall does for us for a fraction of the cost and even offers a better performance. I would not know the tool's cons since I do not have anything on my mind right now.

I do not use Negate pfSense Plus on Amazon EC2 VMs. In our organization, we are using Negate pfSense Plus on Netgate's hardware. We use Netgate pfSense XG-1540.

To others who plan to use the solution, I would say that the support offered by the product is 100 percent worth it. The enterprise support is also extremely worth it. In a general sense, if people don't know much about implementation, they just need to read the documentation because many things, like the GUI part, could throw some people off. If you come from a CLI-based tool, the GUI aspect can throw you off, and I know it since it threw me off a little bit initially, but we were able to get through the implementation phase very thoroughly as the tool offers great documentation. By thoroughly going through the documentation, you will have a fairly easy time configuring the tool very methodologically. I really don't think I would recommend anything else apart from the fact that others need to read the documentation and take their time.

I rate the tool a nine out of ten.

It's the main firewall for my household. It's also what I'm using to gain access to my employer's website and VPN. It acts as a gateway to my employers. My wife uses the device as a VPN to do her job as well.

I wanted something that is robust and makes it easy to diagnose if anything goes wrong. I'm also used to the system. I've used it since 2006 or 2007. So it was something that was really familiar with. I used to use the free solution. Last year, I decided to jump into the actual hardware devices that these guys sell. I didn't have time anymore to deal with aftermarket hardware. It saves me some time to have their devices.

The main benefit is peace of mind and no downtime or minimal downtime as compared to other solutions that I've used before.

Its ability to put some plug-ins into the system is helpful. There are a couple of packages that I'm using. Since I'm using it mainly as a firewall and sometimes as a VPN endpoint, it's really great.

The flexibility is good. The fact that you can add packages makes the device quite flexible. Also, it's quite overpowered for my needs right now, so that's a good thing. 

Price-wise, the quality to price is pretty much up there, especially when you consider that you don't have to tinker with anything. With hardware, you don't know where you know, how long it's going to last or anything like that. However, with pfSense, you have guaranteed support with NetGate, and this is great.

It's quite easy to configure. It's very intuitive. Maybe that's because I know the interface. There's also tons of of information available online. They have a very good user manual for the software as well. It's very detailed, and it's it's easy to work with. 

There's a forum where you can ask questions, and people are very friendly. Within a couple of hours, sometimes days, somebody has had the issue that you're having before. So, forum responses are quite quick.

It's really easy to work with. There's peace of mind and no downtime.

In terms of preventing data loss, any solution is only as good as its weakest point. And since this is at the very edge of my network, of the outside network, I feel I'm pretty prepared and protected from data breaches. That said, at the end of the day, I'm not opening myself up to many things in the outside world. It's blocking pretty well, and I don't feel threatened. If there's data loss, it's going to be from my end users, not from the device itself.

It provides us with a single pane of glass management for my household. There's only one device that I use.

The main advantage to me right now is that I'm using their reboot environment. It's really easy for me to update, and if some things don't go well, I can go to the previous version and be back up in no time. 

pfSense is just plug-and-play. Performance-wise, once you install the system, it works even when there's been a couple of software updates. It's probably overpowered for what I need. Performance is very good.

If I had to change internal providers, I might have some difficult times. For example, going from cable to ADSL. Right now, it suits my needs, and as long as they keep it updated, I'm pretty good with that.

I've used the solution since December 2023.

The stability is great.

I haven't had to scale the solution.

I haven't had to contact technical support. 

I have used other solutions, such as Untangle, D-Link, and Linksys. There were always a lot of limitations if you didn't adopt the commercial licenses, and those would be expensive. pfSense is reliable, especially with the NetGate hardware. It's also predictable. There's never a big software change. pfSense has been very stable since it's based on FreeBSD. However, it is on a lesser-known OS.

I use a physical device. For implementation, you have to use a console interface through a serial port and then a TTY from your own computer. For some people, maybe it's a bit more difficult. For me, it was really straightforward. It's as easy as setting up a switch. 

I loaded it up the first time and the only thing I had to do was modify my previous config, change the interface names, and just throw it back in there. It takes less than an hour.

There's only maintenance if there's an update. It might be down for a few minutes during that time. It takes maybe five to 10 minutes. Even if something goes wrong, it's pretty easy. You just reimage it and reload the safe configuration. It's much easier than other solutions, like Untangle. 

I handled the implementation myself. I did not need the help of third parties. 

The pricing is reasonable. Before I got the 6000, I was on my own devices. They developed a pricing schedule last year. At first, I was worried, however, it's maybe $130 a year and it's very reasonable compared to other solutions. With the 6000, the price is included within the device itself. 

Compared to other solutions, the total cost of ownership is very good. It's not that it is so much cheaper, it's that it fulfils the needs of more people. With the level of support provided, the price is very reasonable. 

I'd advise new users to take the time to read about the device and the software beforehand. Otherwise, you're going to waste a lot of time trying things that you think are going to work. Since it's not necessarily the same thing as, let's say, Untangle, you have to familiarize yourself with the interface and with the system before actually diving in deep.

I would rate the product ten out of ten.

We're primarily using the solution for testing. We're also using it internally at our own site, mostly as a reverse proxy, but also for the speed. Not all firewalls have 2.5 and and ten gig WAN ports.

The format, the layout and the interface are excellent. We really like that it is quite simple to use and straightforward. The quality, in particular, the ones we have is the Netgate unit, is particularly robust in terms of the look and feel as well as their speed and quality.

We appreciate its flexibility. Its usability is great.

We were able to witness positive results from the product pretty much immediately.

Its SD-WAN capabilities are great. The onboard storage is nice for keeping configs and logs, et cetera.

We do get a single pane of glass for management. It's well laid out and provides clear visibility into management features. Everything is easy to find within the menu bars and options. It is all very logical.

We're using the Plus version with Netgate.

pfSense does provide features to help minimize downtime. There's a failover availability, and there are high availability configurations. We don't use that; however, that's good to have if you need it. Having multiple endpoints or configurations on all of the ports is possible. It helps keep up our site and other sites.

With the logging capabilities, the solution provides visibility and enables you to make data-driven decisions. A lot of our clients are smaller, so they are nowhere near the limits of what pfSense can do by any means. 

The ease of changing parameters helps us optimize performance. It's a lot easier than what can be done with competitors, for sure. 

The solution could improve by adding in some sort of user account credentials in the sense of accommodating more levels of users. From what I've found, everybody has basically the same access. 

A formal partnership with some sort of VPN vendor, like OpenVPN, would be nice.

I've been using the solution for a couple of years. 

The stability is very good. there is no lagging or crashing. It's reliable. 

The scalability is good. However, we and our clients aren't too large. 

I've never needed to contact technical support. 

In the past, we have used Fortinet devices. pfSense is definitely easier to configure and use. It doesn't have quite the same feature set. However, that's fine - you don't always need the full feature set. We find that the add-ons that are available are fine. You just have to find them from a third party. 

The initial deployment was easy.

There isn't any maintenance needed beyond updates. The base install probably took ten minutes and to configure it properly takes two to three hours with some internal servers and multiple ISPs. You just need one person to handle the process. 

I'm using pfSense via Netgate devices, which are reasonably priced. The solution seems to be reasonable. It's well-priced for what you get. It's a bit lower than the competition if you are trying to gauge the cost of ownership. And it adapts well to different speeds.

I'm a customer and end-user. 

I'd rate pfSense eight out of ten.

If a person is familiar with firewalls, they'll be fine adopting it. The interface is pretty easy.