Netgate pfSense Reviews

We use it as a firewall within our public cloud infrastructure. We use it in particular for IPSec, VPN, and Reverse Proxying HTTP Traffic. We have deployed multiple pfSenses and most of them are configured as HA/Failover.

We wanted to secure traffic between our main office and multiple public cloud data centers and providers. We also wanted to have access to our cloud components via VPN.

We have multiple websites that are proxied via HAProxy and secured via Let’s Encrypt TLS Certificates (generated via the ACME Plugin).

We deploy across multiple virtual data centers that are in different physical locations. Multiple teams have their own deployment. One HA / Failover cluster is the entry point to our websites so there are millions of HTTP requests per month. We also have around 20 to 30 users (Dev and Ops) who use the VPN feature. Behind the pfSense firewalls, there are around 100+ servers and no end users.

We replaced a Sophos UTM 9 Failover Cluster with a pfSense Failover Cluster and we can now make config and certificate changes without downtime. Also, the TLS certificates are rotated automatically.

The performance optimization documentation has improved our organization. The base setup is great but with higher bandwidth, it is really hard to find good documentation on how to tweak the setup to get the most out of your connection.

pfSense sort of gives us a single pane of glass management. We use the same product multiple times so we only need to know one product but it also does not offer a single management platform for all deployments. Whether this is good or bad depends on the point of view. On the one hand, we need to manage multiple setups, but on the other hand, we have a clear separation of concerns and risk zones (if the user account on one system is breached not all systems are affected).

It is hard to pinpoint a specific feature that is the most valuable. I think the big community is a major benefit. Most problems we encounter were already encountered and mostly solved by someone else. Most of the components are open-source tools, so the error messages have hits on Google which makes debugging easier.

pfSense has Plugins and is open source so everybody can add features or improve the product. For example, HAProxy, ACME Plugin, Prometheus-node-exporter, Nmap, etc. I see it as a relatively flexible product. If something is not working via the WebUI, SSH or WebKVM is always there.

Most of the time it is very straightforward to use a feature or plugin, the documentation is great and has examples that are very helpful. If something is a bit tricky, pfSense luckily has a big community. 

Performance Optimization Documentation could use improvement. The base setup is great but with higher bandwidth, it is really hard to find good documentation on how to tweak the setup to get the most out of your connection.

We have been using pfSense for eight years. 

pfSense is a very stable solution. In all the years I had around three instabilities.

Two people handle the maintenance of all pfSense Firewalls.

It can be used in small to big deployments. If the bandwidth hits more than 10GBs or 20GBs you need to optimize it to get good results. I would also not recommend it in very big ISP deployments with TBs of traffic.

I have never used the support for any technical issue. The community forums and Google always were enough.

In one of our virtual data centers, we had a Sophos UTM 9 as failover but it had some very annoying problems (Let’s Encrypt TLS Cert generation or WAF config reloads resulted in a two-minute downtime).

The old installation was straightforward, but the new installer has some bugs and does not really work.

We implemented it ourselves. 

Previous deployments were done by a System Engineer and the current deployments are done by me (DevOps Engineer) and a System Engineer. It was a one-person job.

We have better uptimes and lower support costs in comparison to the Sophos firewall and we are also saving on licensing fees.

The licensing seems fair. We owned the TAC Lite License for some time. The problem was, that the license is bound to a device ID which does not really work well with VMs where this ID changes sometimes.

We use pfSense Community Edition as our firewall within our public cloud so we only pay for the VM and the traffic.

I would rate it an eight out of ten. It is very good but has some fields in which it can improve.

You need to have an interest in the topic and also (like any security product) it needs regular attention. But it is a reliable firewall and the combination of BSD and ZFS makes it pretty solid.

We use pfSense as our router and firewall on several sites.

We implemented the pfSense open platform because we wanted to move away from SonicWall.

We use the community edition of the software and purchase the Netgate router separately. I used white boxes initially, but now I'm also using the Netgate hardware. It's a great product.

The pfSense offers exceptional flexibility, far surpassing SonicaWall's capabilities. Its intuitive interface, complete with a better layout of management screens, makes it a breeze to use. While Cisco routers may be overkill for many applications, pfSense performs well.

Using pfSense is easy. It has intuitive management screens. And if I ever run into a blockade, I pay for the technician annually. I am confident in sticking with that platform. It's always worked for me. It's tried and true.

I hired a seasoned professional with extensive experience using pfSense on white boxes for years, specifically the community edition. His mastery of configuration was evident, and I was impressed by his expertise. After he walked me through several scenarios, I was convinced of the benefits of the Netgate product and began replacing my aging SonicWall devices with it, drawn to the ease of use that Netgate offered.

Netgate pfSense provides a single-pane-of-glass to manage all our firewall needs.

It's relatively straightforward for a novice to deploy pfSense, likely easier than SonicWall. However, I've used SonicWall extensively and am gradually phasing them out. While SonicWall is a solid product, pfSense is remarkably easy to set up.

The intuitiveness and ease of use are the most valuable features of pfSense.

One thing that has always bothered me is that when I buy an appliance, there are two tiers of support: email-only and a premium tier, like TAC, that allows me to speak to someone on the phone. If I'm purchasing their hardware, I should have phone support for a certain period, even at the lower price point. My only complaint is that I need phone support, not just email, because if there's a support issue, I don't have time to wait for an email response. I need to speak to someone immediately. Therefore, I think I should receive TAC support for the Netgate pfSense for at least the first year after purchasing the hardware.

I have been using Netgate pfSense for six years.

I have never experienced any stability issues with pfSense.

To scale we need to add a unit.

I had email support for about a week before calling Netgate to request telephone support. I explained that if I'm calling for assistance, I'm likely experiencing an urgent issue and need immediate help. I decided to pay $699 or so for annual telephone support, which has been excellent. The support is prompt and effective, making it well worth the investment.

Positive

I previously used SonicWall but migrated to pfSense because it is a more intuitive router and firewall.

Compared to Cisco, Netgate is definitively the product that is better for my use case. I know there's a want in the industry for Cisco devices. However, in the hotel vertical, I just don't need it, nor do I need to pay for the expertise in configuration of that platform.  

The first time I deployed a pfSense, a seasoned professional guided me through the process, making it incredibly easy to complete.

Netgate pfSense is fairly priced. It's probably the most powerful router firewall I've come across.

The total cost of ownership of pfSense is reasonable, considering the value it provides. I appreciate the VPN, router, and firewall functionality it offers, which is essential for my business operations. In fact, the ongoing costs associated with pfSense do not significantly exceed the initial purchase price.

I would rate Netgate pfSense nine out of ten.

Other than firmware updates, pfSense requires minimal maintenance. I update the firmware every two to three months for routine maintenance or immediately if a security vulnerability is discovered.

For a new user, I would recommend TAC support. I've spoken with others in my industry who have had positive experiences with TAC, particularly compared to email support. They've reported being up and running within five minutes of contacting TAC. Additionally, problem resolution is also swift and effective. So, I highly recommend new users invest in TAC support. It's well worth the money.

We deploy the pfSense firewall to our customers' networks.

The solution provides customers with reliability and additional security.

The interface is very good. The configuration options are excellent. All of its capabilities are quite useful. It's more capable than what we need it for. I like having the ability to have additional capabilities compared to others.

pfSense's flexibility is great. I would rate it pretty high based on that.

We immediately witnessed the benefits of pfSense.

The IPS intrusion protection system helps prevent data loss. It works really well. It's a little bit manual process, however, it works really well overall.

pfSense provides high availability to help minimize downtime. They all have built-in high availability, which fails over to another box.

The solution provides visibility that enables users to make data-driven decisions. That said, that's a capability that we really don't need due to how small our customers are.

The visibility in pfSense helps to optimize performance. Just being able to see network traffic and the load on the firewall on the box, or the response times from packets going back and forth is helpful. There is a lot of visibility into network performance.

pfSense does not provide a single pane of glass type of management. That's one of the biggest downfalls. We take care of more than 60 customers, so it would be nice to have the ability to have all of the pfSense boxes that we deploy under one pane of glass so we can manage them centrally. 

I've used the solution for two years. 

I've had no issues with stability; I'd rate it ten out of ten. 

While we do not scale the solution, I can see it being very scalable. 

Technical support is of excellent quality, and they have fast response times. 

Positive

We've never used any alternative to pfSense.

We're buying the machines from Netgate. It's very easy to deploy. I'd rate the ease of implementation as eight out of ten. Even if someone didn't have much experience with pfSense, it would be pretty easy.

It's low maintenance; we may only need to worry about an occasional firmware update. 

I did not use an integrator or consultant during the implementation. I handled the process myself. 

The total cost of ownership is very good. It's low maintenance. Once you get it up and running, you really don't have to touch it. It's very favorable to have the inclusion of firewall, VPN, and router functionalities.

The pricing is excellent. 

We're an end-user.

We use the pfSense Plus version. 

I'd rate pfSense nine out of ten.

New users should be aware that it is more complex than just a consumer-grade product. Users need to be prepared for a lot of features that they might not understand or know how to implement at first. Check your resources in preparation.

I use Netgate pfSense as my office firewall.

I implemented pfSense as a firewall, VPN, and content filtering solution using pfBlocker and configured it to verify HAProxy certificates.

Most of our pfSense deployments are on existing machines with a small amount in the cloud.

pfSense offers excellent flexibility and works well with both physical appliances and virtual machines.

The ease of adding features to pfSense and configuring them depends mainly on the user's experience. I find it extremely easy.

Firewalls and Network Address Translation offer immediate benefits once configured, as they are foundational security measures. Other features, however, require more extensive configuration and testing before their advantages become apparent.

Compared to other firewall solutions, pfSense's interface is user-friendly and straightforward.

pfSense allows us to configure multiple internet connections and firewall rules to minimize downtime.

It provides visibility into our network by capturing and delivering log data, such as Syslog, firewall logs, and other relevant information. This enables us to make informed decisions based on data analysis.

pfSense can help optimize network performance. When using appliances, we can install more than ten gigabit network interface cards and add more as needed, depending on the hardware capabilities. Typically, new appliances come equipped with ten-gigabit network adapters or ports. We can significantly enhance network and server communication speeds by fully utilizing these ten-gigabit connections.

The most valuable features of pfSense are the pfBlocker, HAProxy, NAT, and VPN.

I am unsure if it's feasible, but I have previously utilized a web VPN interface with Cisco Firewalls that allows VPN connections through a website, eliminating the installation of VPN software. Such a feature would be a valuable addition to pfSense. Additionally, an easy method to monitor pfSense within other monitoring software would be beneficial.

I have been using Netgate pfSense for ten years.

We have encountered only minor and infrequent stability issues.

Netgate pfSense is highly scalable.

The quality of the technical support is good, but if we cause an issue, we have to pay for the support hours.

Positive

I have previously used WatchGuard Firebox and OPNsense, but I prefer pfSense for its excellent usability within my company. Other firewalls like WatchGuard and OPNsense are often retained due to customer preference or specific requirements, but most of my deployments utilize Netgate's pfSense.

Deploying a single pfSense box is relatively straightforward. However, the process can become more complex if outdated hardware is used and network cables must be reconfigured. Deployments using Netgate appliances tend to be more straightforward.

We can have the Web GUI up and running in under 30 minutes, and a complete deployment can last up to four hours. One person is required for each deployment.

The pricing is reasonable.

Netgate pfSense offers effective total cost of ownership by combining firewall, VPN, and router functionalities into a single solution.

I would rate Netgate pfSense nine out of ten.

pfSense does not have any built-in features specifically designed to prevent data loss. Instead, we must configure various functions to indirectly protect against data loss, primarily as a preventative measure against unauthorized access to our servers and equipment.

I use both the paid and community versions of pfSense. Most of my appliances use the paid version. In the cloud, some virtual machines come with the free community version.

Maintenance is required to open ports and create VPN users.

We use pfSense for IT security and load balancing the internet traffic across our three lines. We also use a package available in pfSense called pfBlocker that blocks some DNS records. For example, it doesn't allow ads to appear on the website. We have a site-to-site VPN with our different sites. 

The benefits from pfSense were immediate. We tested pfSense on a third-party machine, and soon after, we purchased a Netgate machine. PfSense prevents data loss by blocking malicious sites or apps with pfBlocker and the Suricata package, which acts as an IPS. 

PfSense has multiple WAN ports, helping to reduce downtime. We can set multiple Internet lines. If one line has an issue, we can still access the Internet from the other or communicate with the other sites. We also have a high availability feature with pfSense. For example, if we have two or three pfSense devices, we can have high availability. If one goes down, we can still work with the other one.

The visibility that pfSense has enables us to make data-driven decisions. From the logs, we can see blocked or allowed traffic. We generally see what goes into the firewall and change the rules or configuration. 

From the dashboard, we can see the utilization and how our lines behave during working hours. We can see if we need a higher-performance device, a line upgrade, or a feature.

I like pfBlocker and the ability to install more packages from the pfSense console. It's easy to add features, but you can check the user communities and videos if you encounter any difficulties. You have the flexibility to choose VPNs with WireGuard or OpenVPN and make firewall rules. It's easy to create a group with multiple IPs, hostnames, or areas and create a rule for that group.

You can make your own configurations on every module and create custom packages, which makes it more flexible. The dashboard is customizable, so you can create your dashboard based on what you would like to see and have all the data there on the dashboard. You can start and stop everything on the dashboard. 

PfSense could better utilize the interface and dashboard and include some packages in the built-in solution. For example, pfSense is sharing some other packages. You have to download and configure them within the package manager of pfSense. Some of those important ones, like the IPS and the monitor, could be installed on the solution's image and configured.

I have used pfSense for four years in business and at home.

I didn't notice any performance issues. 

pfSense is scalable.

I rate Netgate support nine out of 10. I have contacted them twice in the last six months, and they responded and resolved my issue quickly. 

Positive

We used UniFi UDM, Hillstone, and OPNsense, which is similar to pfSense.

Deploying pfSense is straightforward. It took about an hour to install and configure. After deployment, the only maintenance required is periodically checking for new updates or security fixes. 

pfSense's price is excellent and similar to its competitors. It has a low total cost of ownership for all these features. 

I rate Netgate pfSense eight out of 10. 

We are a reseller. We resell the product to our customers as we are an MSP. We use it for various different verticals, from manufacturing to schools to typical offices. That is mainly the use of this solution.

There are a lot of limitations with competitors like WatchGuard and SonicWall where there are a lot of costs for licenses to utilize their products. We felt that by going to pfSense, we have a little bit more freedom. We can use certain features without having to pay exorbitant costs for licensing. It is better for the small to medium-sized customers.

They are the most flexible, for sure. In my experience, it is quite easy to add features to pfSense and configure them. There is a lot of support from the local community. Because it is an open-community-built platform, there is a lot of support out there. Adding features and configuring them seems to be quite simple from my experience so far.

There is an overall performance increase. The hardware is much more performance-driven. The constant upgrades certainly make it easier to keep up with the evolving environment. The community-driven platform certainly helps to ensure that things are kept current.

pfSense gives us a single pane of glass management. There is a user interface and also the command line. The user interface is very friendly and easy to navigate. The single pane of glass management certainly increases productivity. The ability to look at one single pane of glass, add different widgets, and see things at a glance certainly helps to cut down the time of looking for certain statuses or things like that. It makes things more efficient.

We deal with pfSense Plus in a few cases. It can help minimize downtime. We have not experienced it in any sort of live environment, but I am confident that it would.

pfSense Plus provides visibility that enables us to make data-driven decisions.

It optimizes performance, and in most cases, it affects operations and makes things more efficient. Efficiency means money.

The ability to utilize the features instead of having to pay a license fee for every single thing that you want to use on a firewall is valuable. A lot of other companies give you a firewall out of the box that has very basic functionality, whereas pfSense gives you all the good features, and if you want to have more advanced features, you can pay a fee. You are able to use a lot of the features that you cannot use on other products. That is the best thing.

It is very good from a troubleshooting perspective. Things like logging are very good. We have been using these firewalls with filtering very successfully, and VPN has been very successful on them. We have not had any issues with that.

One thing that stuck out to me was the move to use plastic chassis on the Netgate devices or products. They are moving away from using metal chassis, and I find that the plastic seems to get hotter than the metal. Other than that, they are such great devices. They always seem to have all the cool things and bells and whistles.

One thing I would like to see Netgate do is to have a cloud-based management portal, similar to SonicWall, WatchGuard, Ubiquiti, etc. With all these platforms, you create an account, and you have a way to cloud-manage these products. Currently, one of the challenges that we face is not being able to manage those things from a centralized platform. It has always been one thing I have dreamt of for Netgate. That is the only place where it falls short. Apart from that, they are far superior in building, keeping up with the times, and keeping things current.

It has been probably eight or nine years.

A couple of times we have had some strange issues that have been unexplainable, but overall, it is stable. I would rate it a nine out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

They have been fantastic. I have never had an issue, and it has always been very good. They are a highly intelligent and very resourceful team. I would rate them a ten out of ten.

Positive

We have used everything, such as Cisco, SonicWall, and WatchGuard. You name the flavor. We have used them all, and Netgate is definitely a much better product than those. It also depends on the use cases. 

It has been very straightforward to very complex. We have set up entire data centers run by Netgate devices to small offices using a 2100. We have gone from the most complex to the least complex. We have seen everything in between.

Its deployment is a matter of hours. Our clients are small to medium size. We have about ten people working with pfSense.

It requires general maintenance. We have to keep up with firmware and updates. From a physical perspective, there is no maintenance.

It is very cost-effective. There is 100% ROI.

They are on the higher end, but you do not get stuck with spending thousands of dollars every year. You do not have recurring license costs to have people use a simple feature like VPN. That makes it more cost-effective in the long term. There is a very good price point. No one ever complained, and I have not ever thought that they were overpriced. That is for sure.

If you are looking to deploy a product that is reliable and high-performing and that is going to be cost-effective for yourself or your customer in the long term, you are doing the right thing by looking at Netgate.

I would rate Netgate pfSense a ten out of ten.

I use pfSense as our primary firewall and router. We use several functions of pfSense, including the OpenVPN capabilities for mobile VPN and pfBlocker for DNS blocklisting. We also use Snort for IPS capabilities. 

The solution helped us secure the perimeter against vulnerabilities. I'm confident in the team's ability to keep things updated and all the security holes patched. It also has security add-ons like IDS, IPS, etc. We realized the benefits immediately.

My favorite thing about pfSense is its overall stability of the product. It's rock solid and low maintenance. I like that aspect. It doesn't cost much, and it's feature-rich, including mobile VPN, pfBlocker, and IPS. You have the flexibility to deploy it as bare metal or VM. 

It's very easy to add features to pfSense and to configure them. The solution's management page offers a single pane of glass view. You can clearly see the various features on the main page, and it isn't difficult to drill down into the other sections for more details. 

I can't say which features Plus provides that the community edition doesn't. I only knew that the Plus edition was the path forward. I was previously on a community edition for many years, but I've been on the Plus edition for at least a couple of years now.

One area of improvement would be better communication. They kind of left a lot of people in the dark and misled them about the pfSense Plus Edition. I feel like they automatically switched people over and then followed that up with a required subscription model. That aggravated a lot of customers, including me, but I stuck with it regardless.

I have used pfSense for nearly a decade.

I rate pfSense 10 out of 10 for reliability. 

pfSense is highly scalable. The only limitation is the hardware you have behind it. As long as you can upgrade your hardware when you scale, pfSense will be able to support it. 

I rate pfSense support nine out of 10. I've typically gotten all the answers I sought when needed. They are highly responsive. I don't think I've ever had to wait more than an hour to get a reply. 

Positive

I wasn't involved in deploying pfSense. I maintain an existing one. For maintenance, you just need to periodically update to the latest version of pfSense Plus and maintain the different rulesets, such as firewall, IPS, and pfBlocker rules. 

The total cost of ownership of pfSense is rather low. After the recent subscription change, it doesn't cost us more than a couple hundred bucks a year. The only other thing I have to pay for is the business Snort license for the IDaaS IPS functionality. 

I rate pfSense nine out of 10. I recommend doing a white box deployment because it's easier on the hardware. I tried pfSense on a Netgate appliance and wasn't impressed with the performance compared to the white box I already had in place. I suggest starting with a spare server you have — Dell, HP, etc. 

I use pfSense for my home network firewall.

I've installed pfSense on nearly every environment type, including Virtual Manager and most virtual machine hypervisors like Microsoft Hyper-V, ESXi, and even older versions like VM Player. Currently, it's running as a VM in Virtual Machine Manager on my NAS, showcasing its flexibility.

pfSense is a highly flexible product with a rich feature set. While designed with a graphical user interface in mind, it also offers command-line access for greater control. This versatility allows users to tailor the product to their specific needs.

Adding packages to pfSense is straightforward; navigate to the package manager and click "add." However, incorporating hardware, such as a dongle, is slightly more complex.

I saw the benefits of pfSense immediately. Going from a SOHO router to a pfSense one is night and day. pfSense is an enterprise-grade product that is easy to use and has a simple GUI.

The dashboard is very handy. I use mine almost daily. I can put up the widgets I want to see or remove widgets I don't want to see. It has pertinent information about my services running, any VPN connections I have, and clients connected. It's a nice dashboard.

The failover functionality for connectivity helps minimize downtime. It has also been simplified recently with some excellent added features. If I lose or corrupt my image, I can easily reinstall the operating system and restore my configuration. I'm pleased with these features of pfSense.

pfSense is a straightforward, feature-rich firewall. I am a big fan.

One area where Netgate could improve is communication with its user base. While they make an effort, much of their user base isn't composed of enterprise-level engineers who regularly read release notes and stay abreast of feature changes. A few years ago, they held a commendable meeting with forum moderators to discuss upcoming changes, which was appreciated. However, they could enhance their communication further by providing more precise information about changes and release timelines for new features.

I have been using Netgate pfSense for 19 years.

The only time I need to restart pfsense is when I update it.

I have not contacted technical support for any technical issues. I did contact them for a replacement box, and their support was fantastic. I received the replacement box within a couple of days. I do contact their TAC when they release a new version. That process is changing with their new Netgate, the store, and everything. Previously, if we had a Netgate appliance and wanted a new image to install natively, we had to contact TAC with a ticket. The turnaround time was always excellent, just a couple of minutes. They would provide a link where we could download the image. I've been surprised by how fast they respond sometimes. Even when they're in the middle of deploying a new version, I've reached out and received a download link within five minutes. So they're usually on the spot.

Positive

Over the years, I've played with quite a few different firewalls, but I always go back to pfSense. It's a leader in its field, with its direct competition being OPNsense. There was a feud when they forked off. pfSense is the leader in that sense.

Installing pfSense should be relatively straightforward, even for a network engineer unfamiliar with the product. The process is user-friendly and guided, similar to installing an operating system like Windows. With a basic understanding of networking concepts, setting up pfSense can be accomplished within minutes. The main challenge arises when users need more fundamental networking knowledge, such as understanding IP addresses or the difference between DHCP and static configurations. For someone with networking experience, however, the installation process is quick and straightforward.

The pricing is reasonable. It costs money to run a product. It used to be completely free, and I think that's where many people became a bit disappointed when the pricing model was introduced, but I think it's a pretty fair price point. Some users don't understand that they can't offer everything for free. The development work involved costs money.

The inclusion of firewall, VPN, and router functionalities significantly reduces the total cost of ownership. In my previous role, we utilized pfSense in some locations due to its superior cost-effectiveness compared to other enterprise solutions. For smaller companies or those aiming to reduce expenses, it's a highly affordable option, and even their hardware is reasonably priced.

I rate Netgate pfSense ten out of ten.