Netgate pfSense Reviews

Our use case is fairly minimal. We've been slowly replacing them. We're down to one unit. However, we use it for a site-to-site VPN to another location in New York for Michigan, and we use it for OpenVPN connections with some of our third-party consultants.

Their firewall features are pretty flexible and are nice to work with.

When you get a configuration that's working, as long as you don't do High Availability, then they're they're pretty rock solid. You just set and forget. They've got a lot of really nice wizards to help with configurations of things.

There are features to help prevent data loss.

pfSense gives users a single pane of glass. They do a good job of giving a very well-done graphical interface.

It provides features that help to minimize downtime. It's a good solid firewall as a standalone firewall. It also allows you to do backups to the config, and I like the fact that it maintains a running history of changes that are made. That is helpful.

pfSense provides visibility that enables users to make data-driven decisions. Of course, it depends on what layer you're talking about. It provides good visibility when it comes to how much data is being moved. If you have full logging turned on you can get a pretty good idea of what kind of traffic is going in from where to where.

I was looking to improve my security posture. Bottom line, I just wanted really high-quality cybersecurity. When I look at appliances for cybersecurity, they can get up to almost seven figures for some businesses. So, this was a good compromise for me.

It optimizes performance right away. That is apparent to your everyday user. It makes the whole system work better and more efficiently. When there is an intrusion or an attack, it's very easy to eradicate the issue. 

Before having the cybersecurity mechanisms I have now, even with VPNs from the App Store, I faced issues like hijacks that became multi-day issues where I had to perpetually get into some type of power struggle through remote based issues from another cyber threat. For example, in October 2022 or 2023, I sat down at my computer to move files from a cloud-based drive to an external hard drive. I opened the cloud drive, and all the files had been corrupted/damaged intentionally. Someone specifically corrupted the entire iCloud Drive. I called tech support, and the next day, there was an iOS update. Since I implemented the security appliance, I haven’t had this issue. 

It means there's a better level of security in terms of what you can build into your system than is available through downloadable software.

pfSense helps prevent data loss:

I haven't had one issue of data loss since implementing it. Previously, I had to file reports with the FBI and CIA because the intrusions were so serious. These documents had criminal penalties associated with tampering. I haven't had one of those instances since using pfSense. Netgate and pfSense are good go-tos, even for the government. They often use Netgate as their server, and the military uses it too. The fact that the American military and foreign militaries use Netgate was a big selling point for me. It's good quality for what you pay.

It's a really great entry-level way to see how much, and it's scalable, too. When you talk about flexibility, the important thing to know is that the appliance and the software are scalable, too. I can start at the entry-level point, or I can build in and scale it up to enterprise-quality software, too.

pfSense Plus:

I use pfSense Plus. I use VoIP through the router. 

It minimizes downtime in terms of having to debug and things of that nature. When there's an intrusion, it doesn't turn into a multi-day issue. It took me about ten minutes to eradicate one aggressive intrusion. Simple maneuvers resolved it quickly, avoiding days on the phone with tech support. 

There was an instance where my firewall software—I don't know what happened exactly—but I did have to call tech support. Something happened where my firewall needed to be completely reconfigured.

So, are the entry-level ones invincible? No. But do they save you tons of effort in terms of preventing a lot of problems that could get worse? Yes. It's like a preventative measure to cancer before it spreads. It helps you catch things quicker before they spread and become something bigger.

The visibility that pfSense Plus provides helps us optimize performance. I feel more comfortable exchanging information and having personal conversations. It makes me more comfortable, more confident that what I'm doing is not... Some people I even work with are just not comfortable to talk openly. Some people are very email-retentive, like, "Do not click that hyperlink on this computer system. Don't do this or that." So it's understandable with some people.

It absolutely optimizes my entire computer system. In fact, I'm opening a brick-and-mortar storefront, and I'm going to use pfSense. Actually, I'm going to step it up to the TNSR software, but I use the Netgate routers because it optimizes performance. I feel comfortable to have a small to medium-sized office operating off this stackable network I'm creating. It's still a prototype, but I can have six screens, and that's really all I need. I can probably get six screens or five screens and a hardwired payment processing system at most if I need it.

Plus on Amazon EC2 VMs:

I haven't tried it recently. I did in the past, but I didn't have it configured correctly, so I can't truthfully comment on it. It was more complicated than I could set up. Like I have to pay for that. I can download the AWS EC2 application, launch the instance from a cellular device, and intermesh the cellular device into the router. That's also extremely valuable if I want to have a coworking situation where everyone's on my network a certain way, so when I do exchange information, it's highly confidential.

I can restrict IP addresses by country, for example, which is very useful. If I don't have business traffic from specific regions of the globe, I can restrict them. I loaded SNORT and started playing with some of the rules and packages.

Overall, I've experienced fewer problems since I started using it at home, so I'm very happy with it. It's very flexible. I think it's extremely flexible.

I can configure as much or as little security as I want. A lot of it comes out of the box and I can fine-tune it toward my needs according to my knowledge, obviously. I think it's pretty flexible, yeah.

Less down time, less denial of service attacks.

I use it for my firewall at home and when virtualizing labs to do routing between different network segments. I use it in the business that I am currently with at our main office and our other site. I worked at an MSP before that, and it was the firewall that we recommended to clients who wanted to go beyond what you'd buy at Best Buy, like the random Linksys or Netgear. I haven't touched the enterprise level, like the expensive ones where you might have 20 different Netgate segments with failover.

We deploy it either on bare metal or virtualized on our own virtualization platform. We have not deployed it on any cloud. The primary cloud services we use are software as a service, so our firewall doesn't apply to that. If we ran our own set of servers in the cloud somewhere, we'd probably consider pfSense for routing between them, but we don't have that use case.

When I started using it back in the day, someone told me that there's this firewall you can install on an old PC to get all these features that are normally only available on expensive enterprise firewalls. 

I realized the benefits immediately. When I installed it, I had access to features like multi-WAN, which is more common now. You can get small home office routers with multi-WAN these days, but when I started a decade ago, it cost thousands of dollars and required enterprise equipment. It was mind-blowing that I installed it and could hook up two Internet connections for no extra money.

It doesn't directly prevent data loss because pfSense doesn't have a DLP function, but the security aspects, like the pfBlocker, ClamAV plugin, and proxy, are all great. The security components help prevent data loss by securing the network. As far as I know, pfSense doesn't have a data loss prevention function that scans for somebody trying to exfiltrate data. 

The failover or load-balancing WAN helps reduce downtime. It also supports high availability between two firewalls, although I've never set that up. Those would minimize downtime of the firewall individually and the company as a whole.

We don't use it that way, but it has extensive logging. If you were to dump all those logs into something like Graylog, Elasticsearch, etc., you could analyze and decide based on that data. We don't use it like that, but I know that with the extensive logging that it has, it could be used that way.

PfSense has an excellent ability to optimize performance, especially with the plugins. It helps me determine where my bandwidth is going and get reports on latency, jitter, etc. I use all of these features regularly. If the internet is slow, I can go see who's hogging it by downloading giant files, or I can identify where there's a lot of latency on a particular gateway.

I have the Netgate 6100 firewall with pfSense at my house, and I also have several business clients on it. I use it for site-to-site VPN from one doctor's office to another so their PBX phone systems can replicate across the network. 

PfSense helps prevent data loss. It's a firewall, so unless you open ports, they are completely closed off, and nobody will crack into your network. You can set up various rules that will let you know if you have an intrusion or block an IP address, country, etc., for malicious threats. 

I haven't experienced any downtime with the 6100, but I've had problems with the Netgate 2100 appliances. One of the data-driven procedures is performance. If you make a change, your traffic comes up almost immediately. If I had to compare pfSense to SonicWall, I probably wouldn't use SonicWall based on the boot time. When you have to restart the system or something like that, pfSense is quick, whereas these other firewalls will take 10 minutes to come back online. 

The visibility pfSense provides helps optimize performance. Some of the stuff is visible in their charts and graphs. You can see their traffic moving in real time. That's beneficial to me, especially if I'm looking for something. For example, if you're looking for an IP address that's seeing a lot of data, you can narrow it down to what device it is.

I use pfSense as a home firewall and router. I don't use it for anything professional. When I first deployed pfSense, I was using my ISP-provided gateway, and there were a few things that I felt a little frustrated about. I didn't have control over the networks in my home and lacked some features, such as dynamic DNS, the ability to split different VLANs, multiple gateways, etc. There are a lot of features I use now, such as DNS or GeoIP blocking, that I knew about but couldn't take advantage of. 

The gateway failover helps prevent downtime. The ZFS Boot Mirror would also help prevent downtime in the event of a disk failure. The dynamic DNS is nice because when my IP changes, my web services won't be affected because it automatically caches my new IP.

PfSense has features that drive data-driven decisions. I was using pfSense years ago on a capped internet connection. It was a Comcast connection with a set amount of data I could use monthly. One useful thing was that it had the traffic totals as a package, so I could track the amount of data I was using and the clients that were using it broken down by client and network. I can determine how much data I use to ensure I don't exceed that limit. That's something I couldn't find in any other similar product.

From a performance perspective, it can help in terms of bandwidth and things like that because I know that the machine I'm using has enough processing power to establish all of my routes, DNS blocking, IDS, IPS, etc. I can utilize the full spectrum of my connection and a custom 10-gig NIC. If I had a smaller off-the-shelf product or an ISP-provided gateway, it wouldn't have the performance I need.

I do some consulting work for a couple of organizations on the side, and I have a few personal home lab builds of pfSense, so I use it in both a professional and personal home lab environment. I'm using the community edition and pfSense Plus.

I began seeing the benefits of pfSense immediately. The use cases for pfSense were creating remote VPN servers and satellite offices where remote employees connect. I've been using it for so long now that I have some baseline configurations. When I bring a new site online, I load that default configuration and ship it out to where it's needed. They plug it in, and the system comes online. It's fantastic from that from that perspective.

PfSense gives you much control and visibility into your boundary that helps you identify nefarious actors and things that could lead to eventual data loss.

It helps minimize downtime from a boundary perspective. They have some features. I have used Plus in boot environments quite regularly to test out some things before going live into production, which has been nice because I've made some configuration changes that I regretted. 

The boot environments help you get back into kind of what you had. Both the community and Plus editions have a fantastic configuration export. Your boundary device is relatively static once you can configure it how you need it. You can export those configs relatively easily so that when something goes catastrophically wrong, the hardware fails, or something along those lines, you can reload the configuration onto that device or the replacement device and go about your day. 

One thing I can say about pfSense specifically and the Netgate hardware is that it is not something I worry about from a security or a resiliency perspective. It's stable. It works. I have the ability to forget about it. As an IT professional, I have so many things to worry about daily, and it's incredible to minimize those things. I think pfSense has done a great job in that area.

There's a lot of logging that produces a ton of data I can pull into a data analytics platform and make data-driven decisions about bandwidth increases or changes to firewall rules, intrusion detection rules, or employee access.

It also enables us to optimize performance, one of the biggest things you do when you get a new Internet service provider or a modem replacement or something along those lines. There are tons of tools built into pfSense that let you look at how that's working, and even some tools online that allow you to tailor that experience based on your real-world use case.

I use pfSense as a home router firewall on enterprise equipment purchased from eBay. I utilize it for personal interests and not in a professional IT capacity, mainly for home setups and maintaining VPNs to family members.

It is very easy. An enterprise person who has been doing this all day long will find it as easy as a command line if not easier than the command line. I would prefer not to have to set up another server to monitor my links and everything else. I like that I can go into my one dashboard. It is all running on that one box. I am happy. A large enterprise will have monitoring services, so this might not be as critical for them. For small and probably medium-sized businesses, having the user interface and being able to import configs is very powerful, but it is probably a mixed bag for larger companies that already have services and other things, and GUI does not matter to them.

It provides a single pane of glass. When I come in, I can immediately look at my gateways, link connections, services, etc. It shows my DNS blocker, CPU usage, and memory usage. I can see that my gateways are online, what traffic graphs I have selected, and all my services are up. That is what I like about it. This is what I will miss if I go to VyOS. I know I will have to set something else up specifically to show me all the monitoring and make sure that I have that warm fuzzy that everything is working.

Being able to see in a single pane of glass what is happening makes it very easy for me to react and know what is going on. For example, I changed some tunnels to my family in upstate New York. I am down in Philadelphia. We were having some connection issues, and through its interface, I was able to easily identify the issue. I had a tunnel configured wrong and changed some settings, and we were back up in ten minutes.