2018-06-10T07:19:00Z
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot
  • 1
  • 285

What needs improvement with pfSense?

Please share with the community what you think needs improvement with pfSense.

What are its weaknesses? What would you like to see changed in a future version?

56
PeerSpot user
56 Answers
JL
Head of IT Department at OLIVESTRONIX NIGERIA LTD
Real User
Top 10
2022-10-12T14:29:46Z
Oct 12, 2022

The solution could be more user-friendly, and the graphical interface needs some work so that someone without an IT background can use the application. I would like the ability to manage the on-premise appliance from the cloud. When I'm not in the office, it would be great to connect to the pfSense server and administer the network remotely.

Search for a product comparison
2022-06-15T16:08:59Z
Jun 15, 2022

2FA for the GUI and command line.


Also, possibly something similar to RKHunter, to detect configuration file changes on the system.

Buford Laruan - PeerSpot reviewer
Network Administrator at Benguet State University
Real User
Top 10
2022-03-30T10:46:20Z
Mar 30, 2022

More documentation would be great, especially on new features because sometimes, when new features come out, you don't get to understand them right off the bat. You have to really spend a lot of time understanding them. So, more documentation would be awesome. In terms of features, for my use, I don't see anything wrong with it. I basically get what I need from it by default. I build my firewall, so I only rely on the software. On the software side, there is not much to improve right now. So, at this point in time, I don't see anything, but I always welcome any kind of upgrades that they do. I always try them out and see if I can use them in the company or not, but so far, there are no complaints on my end.

RS
IT Manager at a consultancy with 1-10 employees
Real User
Top 5
2022-02-28T18:36:51Z
Feb 28, 2022

I expect a better interface with more log analysis because I create my own interface.

EM
Sans emploi at a pharma/biotech company with 51-200 employees
Real User
Top 10
2021-12-22T19:07:00Z
Dec 22, 2021

The integration could be improved.

GC
Chef at a media company with 11-50 employees
Real User
Top 10
2021-12-07T22:32:00Z
Dec 7, 2021

The web is evolving every day. So, the product should be constantly improved with more regular updates. Things are constantly changing. There are obsolete protocols, and then there are new protocols. For my own use, it is not an issue, but for somebody who is more at the forefront of internet browsing, it could be a problem. There could be a way to remote to it through a mobile app. You can always browse through your browser on your mobile phone or tablet, but it would be good to have a dedicated app. I understand that iOS and Android developers are expensive, but there should be a mobile app.

Learn what your peers think about pfSense. Get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
670,523 professionals have used our research since 2012.
FA
System Administrator at a tech services company with 51-200 employees
Real User
Top 10
2021-12-02T09:18:00Z
Dec 2, 2021

It would be great to add more to security. I know that pfSense has a lot of features, but I don't know how to configure and enable them. That is why I am looking into my support options. I am looking for better security and performance.

LB
Owner at The Computer Guy
Real User
Top 20
2021-11-18T01:31:56Z
Nov 18, 2021

pfSense could improve by having a sandboxing feature that I have seen in SonicWall. However, maybe it is available I am not aware of it.

CV
National IT Coordenator at a government with 51-200 employees
Real User
Top 10
2021-11-01T19:41:01Z
Nov 1, 2021

The user interface can be improved to make it easier to add more features. And pfSense could be better integrated with other solutions, like antivirus. For example, pfSense could add templates with firewall policies that a user can customize. I haven't tried to integrate pfSense with Microsoft Active Directory, but in Mozambique, we use many Kaspersky antivirus solutions. If pfSense integrated with these antivirus solutions, everything would be much more stable because most of the companies here have a different kind of security solution. Within a single company, you might find two or three different antivirus suites. So, for example, there could be an open-source solution that you get for free, but you can pay for the support if you want it. So for solutions like that, it would be great.

TO
Managing Director at a comms service provider with 1-10 employees
Real User
Top 5
2021-10-29T16:30:04Z
Oct 29, 2021

There is a need to increase the technology on the area of WAF, the web application firewall. I would like to be more knowledgeable about the firewall, so I may best use it to solve customer problems. The integration should be improved.

MI
Sr. Network Administrator at ACMC
Real User
Top 5Leaderboard
2021-09-24T08:39:23Z
Sep 24, 2021

The usage reports can be better.

JG
Vice President - Engineering & Delivery at a tech services company with 51-200 employees
Real User
Top 10
2021-08-30T15:53:57Z
Aug 30, 2021

As an IT leader, it would be a benefit to have a mobile application to have certain features, such as mobile application notifications when a new device is added, or the ability to turn off or on firewall policies. Having these simple features would be very convenient and reduce the need to have to log into the console. I can use a web browser on my phone to access the pfSense site but I would prefer to have an application where I can toggle things, such as the policies. Some simple features within a mobile application would be valuable to me. I have evaluated other solutions and have determined this feature does not currently exist. However, Untangle has an application but it was not enough to compel me to change at this point. In an upcoming release, the reporting could be more user-friendly. For example, the reporting in graphs and charts for the host can be cumbersome.

MA
Technical Presales Consultant/ Engineer at Ingram Micro
Real User
Top 5Leaderboard
2021-08-03T13:24:11Z
Aug 3, 2021

I'd really love to see the web interface enhanced. It's good but it could be clearer and more straightforward. As a FreeBSD fan, I'd love to see a BSD license code, rather than a GPL license code. I'd also love to see a Sandbox and more security features. pfSense is a mature product, but if you compare it to other products in the market, you realize that pfSense is a little behind.

DJ
Full Stack Developer at Infrassist Technologies Pvt. Ltd.
MSP
Top 20
2021-07-27T12:15:18Z
Jul 27, 2021

The stability could be improved. Whenever there is an update, in spite of developments I may have made, I am required to make certain changes to the coding.

MH
Owner with 11-50 employees
Real User
Top 10
2021-06-29T11:48:57Z
Jun 29, 2021

There are some bias issues and some intrusions in our network that have to be addressed. So, we're thinking of changing this firewall to something like a professional hardware-enabled firewall.

ET
Senior System Administrator at KnowledgeNet
Real User
Top 10
2021-06-25T13:11:21Z
Jun 25, 2021

pfSense has some limitations in detecting site sessions. We want to control internet usage based on sites and their content, and pfSense doesn't perform this function. The site itself could be improved; it's not easy to find the things that you want to implement and apply. It would be good if it had more features like Sophos does.

CA
Owner and business consultant at networks srl
Real User
Top 5
2021-05-18T20:57:12Z
May 18, 2021

I tried pfSense, and it has a big issue with file system consistency, and this is what drove me to OPNsense. The file system stability is quite a big issue for us. We have a lot of outages related to power issues, and OPNsense is much more stable on this side. I would like it to be more stable on the file system part. It also has an issue with the ARP publishing, but it's common to BSD, and some providers experience issues with Layer 2 connectivity.

SB
IT Manager at a marketing services firm with 1,001-5,000 employees
Real User
Top 5
2021-05-15T12:27:42Z
May 15, 2021

I have been using WireGuard VPN because it is a lot faster and more secure than an open VPN. However, in the latest version of pfSense, they have removed this feature, which is one of the main features that I need. They should include this feature.

TW
Managing Director at Midgard IT
Real User
Top 10
2021-04-28T12:45:44Z
Apr 28, 2021

We are at the moment looking to use it as a proxy service so that we can limit what websites people go and view and that sort of thing. That's an area I've struggled with a little bit at the moment and it could be a bit easier to set up. The only other thing I might look at would be some sort of antivirus type of aspect to check traffic coming in and out of the network. If they offered unified threat management, that would be an ideal outcome for us. I have been looking at it as a sort of an appliance, rather than installing it on an actual PC. However, that's for future research first.

PJ
Information Technology System Administrator / Director at Legault Joly Thiffault
Real User
Top 10
2021-04-27T22:09:05Z
Apr 27, 2021

The VPN feature of the solution could improve by adding better functionality and providing easier configure ability.

PG
Software Applications Manager at a engineering company with 201-500 employees
Real User
Top 10
2021-04-05T14:23:30Z
Apr 5, 2021

The integration of the plugins into the GUI could be better. It's sometimes hard to find where a setting can be found or how it might interact with other settings. Some documentation is outdate and plugins sometime have no documentation. Information can always be found on the fora but for novice users this can be a challenge.

DS
CTO, Software Architect, founder at a tech services company with 11-50 employees
Real User
Top 10
2021-03-10T22:15:36Z
Mar 10, 2021

We did have a strange issue with an update at one point, however, that was resolved quickly. If you want to take advantage of all of the solution's options, you need to have a bit of a technical background. It's not for a layperson. You do get a good solution for free. However, the trade-off is you need to be technical to really take advantage of it. The installation could potentially be faster.

MY
Solution Architect, Managed Services & System Integration at Transmeet Technologies
Real User
Top 10
2021-03-10T21:41:25Z
Mar 10, 2021

The interface is not very shiny and attractive. Most of the people that use pfSense are highly skilled, so they don't even bother to go the extra mile when it comes to configuration or any protection mechanisms. With other firewalls, with just one click or with the assistance of a wizard, the service is already configured. With pfSense, you have to have some time to do your own research regarding how to fine-tune it. If that could be improved, then life would be much easier. This would help any entry-level users to adapt to the platform. Netgate, the mother organization that manages the pfSense platform, should offer organized security feeds for its users so that they can avoid configuring multiple types of feeds in multiple locations. That could generate extra revenue for the company, too.

LP
Consultant and Head of Services at ILANZ LLC
Consultant
Top 5
2021-03-05T12:12:17Z
Mar 5, 2021

As I said, the product is fantastic. It could use a little bit of improvement in the reporting — the reporting is virtually non-existent. Something like a reporting module would be a benefit. Otherwise, in terms of the performance, at least for my organization, I don't see much of a problem. By this, I mean that we cant generate reports of trends etc that could be exported out of PFSense in terms of a PDF etc to see how the firewall is functioning... Though I must say that the work around for this could be to use the pfsense zabbix plugin and integrate to a Zabbix platform and then use the Zabbix reporting capabilities to get the required reports... Not much of an effort for the technically sound persons but definitely not in the scope of those from a non technical perspective...

JB
Owner at artesistemas.net
Real User
Top 5
2021-02-19T15:56:00Z
Feb 19, 2021

They can improve the dynamic of the input of IPs from outside. Determining the IPs that are outside would be another way to identifying potential threats. We can treat it or identify and then block it or determine the rules to work with that IPs from the outside and inside the network.

ES
IT analyst with 1,001-5,000 employees
Real User
Top 10
2021-02-04T09:20:33Z
Feb 4, 2021

The access control aspect of the product could be improved. There should be more control over everything that the user is doing. It should be able to log and report on everything users are doing. The product no longer complies with new rules in Brazil. Therefore, we need to move off the solution.

HH
IT Infrastructure Analyst at ADRA Peru
Real User
2021-01-25T10:53:13Z
Jan 25, 2021

The main problem with pfSense is that it lacks adequate ransomware protection. I would also like pfSense to be more robust like Cisco or Fortinet.

BO
CEO at In.sist d.o.o.
Real User
Top 20
2021-01-23T18:29:40Z
Jan 23, 2021

There's always room for improvement. In general terms, for someone who is not familiar with the product I think ease of use could be improved. When you're connecting, the interface is very difficult for an inexperienced user in the sense of setting everything up, as it all has to be set manually. I've also found that the more features you use influences performance and the drop can be drastic when you use advanced features. I want to achieve a certain level of security and at the same time maintain good performance. The solution is feature rich enough, but one of the things usually outside the UTM system or gateway system is SIEM. It's an advanced system for managing the possibilities and it would be nice to have a kind of interface in the UTM, to enable connectivity with most SIEM systems.

BO
CEO at In.sist d.o.o.
Real User
Top 20
2021-01-21T19:18:20Z
Jan 21, 2021

Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually. It would be more user-friendly if things were set automatically. The drop in performance can be drastic when you use more advanced techniques. There is some trade-off between having a certain level of security and maintaining acceptable performance. One of the things that are usually outside of the UTM, or system on the gateway, is the SIEM. It is an advanced system for managing the possibility of threats. It is not normally part of such devices but it would be nice if the pfSense interface were integrated with it.

RG
CEO at a tech services company with 11-50 employees
Real User
2021-01-21T19:18:20Z
Jan 21, 2021

They could improve their commercial stance and be more agile when it comes to the commercial pricing of enterprise deals. For a feature update, they should increase the API integrations into decentralized identity platforms making it stronger.

CT
IT Consultant at a tech services company with 1-10 employees
Consultant
2021-01-05T14:13:00Z
Jan 5, 2021

I would like to see the dashboard modernized. If you look at some of the other providers, their dashboard is more modern looking. Also, simplifying the rules for the GeoIP. Making it simpler to understand would be an improvement.

BH
Systems Administrator at a tech services company with 51-200 employees
Real User
2020-12-19T10:27:54Z
Dec 19, 2020

Their support could be better in terms of the response time.

MB
IT Support Specialist with 51-200 employees
Real User
2020-11-27T16:09:37Z
Nov 27, 2020

I cannot recall any features that are lacking. There's a bit of a learning curve during the initial implementation. You do have to pay extra for better customer service.

JR
General Manager at Galgus
Real User
2020-11-24T15:00:57Z
Nov 24, 2020

There is more demand for UTMs than a simple firewall. pfSense should support real-time features for handling the latest viruses and threats. It should support real-time checks and real-time status of threats. Some other vendors, such as Fortinet, already offer this type of capability. Such capability will be good for bringing pfSense at the same level as other solutions.

HP
Engineering Manager at UTI Tech SA de CV
Real User
2020-11-21T15:10:00Z
Nov 21, 2020

Many people have problems setting up the web cache for the web system. They should put an anti-spam in a web application firewall.

TS
Principal at a tech services company with 1-10 employees
Real User
2020-11-19T07:30:11Z
Nov 19, 2020

I've never tried it in large environments. All my clients are small businesses with a handful of employees, so I am not sure how it works in large environments. I keep up with recent versions, and there's nothing I'm waiting for, and nothing breaks when I get a new version.

EG
Defensive Security & BlueTeam at Global Research CO
Real User
2020-11-14T08:39:32Z
Nov 14, 2020

The solution could use better reporting. They need to offer more of it in general. Right now, the graphics aren't the best. If you need to provide a report to a manager, for example, it doesn't look great. They need to make it easier to understand and give users the ability to customize them.

OA
Systems Manager at CORNARE
Real User
2020-11-06T16:59:32Z
Nov 6, 2020

It would be ideal if the solution could integrate with Snort and OpenVPN. The technical support needs to be improved.

OM
Senior System Engineer at a financial services firm with 1,001-5,000 employees
Real User
2020-11-05T18:00:00Z
Nov 5, 2020

The problem with open-source is that no one can take responsibility. It needs to be more secure. Security needs improvement. It's always better to have an agreement, an SLA regarding security. You should outsource your security to another company.

SM
System Analyst at a tech services company with 11-50 employees
Real User
2020-07-22T08:17:22Z
Jul 22, 2020

As an open-source solution, there are so many loopholes happening within the product. By design, no one is taking ownership of it, and that is worrisome to me. Integration with other products could be improved. It needs log research integrated within it to make it more useful for our purposes.

KN
Owner at IKON Business Group, Inc
Real User
2020-07-13T06:55:46Z
Jul 13, 2020

Right now we have to use a lot of third party plugins with other providers that have their own built-in features so I'd like to see layer 7 advanced firewall features included in the solution. It would definitely improve the product.

VG
CEO and Founder at Indicrypt Systems
Real User
2020-07-13T06:55:00Z
Jul 13, 2020

The user interface could be improved, it's a bit clumsy and clunky.

EK
Manager, Operations at SUS-TECH Limited
Real User
2020-07-12T11:48:46Z
Jul 12, 2020

The solution can be complex. It needs a bigger team with more coding skills than what we have at our disposal. With our skillsets, we're facing a lot of limitations. We're a team of four who handles 12 independent companies under a larger umbrella. Our workload is already quite high. We need solutions that lessen it, not enhance it. The solution requires a lot of administration. The solution would work better for us if the user interface had some kind of unifying feature that didn't just do firewalls. Sophos, for example, offers so much more. You get one license and you're good to go. Everything's handled from the anti-virus to the network and the traffic and monitoring. Sophos is really user friendly and easy to master. It's easy to get rules put in. pfSense offers none of these things beyond just the firewall capabilities.

RN
Solutions Architect at a tech services company with 51-200 employees
Real User
2020-06-17T10:56:05Z
Jun 17, 2020

The domain blocking lists need to be improved. The supported list for domain blocking is community-maintained, and I would like to see something from the manufacturers of pfSense that is a little more global. I would like to see different graphs available in the reporting.

DM
Head of Department of operational and compliance at ACE GABON
Real User
2020-06-15T07:34:01Z
Jun 15, 2020

I haven't experienced many problems when dealing with the solution, so I don't know if there are areas that need improvement. If a user doesn't have a large amount of experience in Linux systems, they will have problems using this solution. Users need to be highly skilled in troubleshooting competency. Users who do not have such skills will find the product difficult to use. Sometimes if your network goes down, you might experience an issue on the captive portal. This may require a restart and it also may require that you load it again. I'm used to the system, so I know what to do, but it can happen from time to time. It can be really easy to deal with Technical support. Technical support is avaible every time I call . But sometime if Technical support do not privide you the solution, so you should double check and solve the issue by your self.

AO
System Implementer at a tech vendor with 201-500 employees
Real User
Top 10Leaderboard
2019-09-10T01:44:00Z
Sep 10, 2019

ClamAV AntiVirus can cause some crashes. That service should be improved.

it_user1136043 - PeerSpot reviewer
IT Manager at alfascan
Real User
2019-07-02T13:09:00Z
Jul 2, 2019

We would like to see ready-made profiles to cover most users' needs.

JL
Managing Director at VPN Technologies
Real User
2019-05-09T06:34:00Z
May 9, 2019

This product needs improvements with respect to reporting and auditing.

AC
Chief Technology Officer at Xpro Networks
Reseller
2019-03-31T09:41:00Z
Mar 31, 2019

I would like to see SD1 integration into the software. That would be fantastic.

RO
CEO at Private
Vendor
2019-02-11T08:11:00Z
Feb 11, 2019

Some suggestions for improvement of pfSense are: * Adjustment in the interfaces: I had to adjust those interfaces manually and of course that is a great feature that you can restore it but it is immediately also one point for improvement. If you don't have to adjust, if it's just stamped and it works, that's great. * With regard to the Community Edition, when I installed it, we use Proxmox as an equivalent of PMWorks and I installed the Community Edition in Proxmox. That was very difficult to get to work at first. A lot of tweaking. That is very, very not easy. * When I'm inside of my network and I go to a URL, the URL points to a server inside my network. It doesn't hang, but I don't get a response. It just stays blank. * I can imagine that inside my network, I am going outside, and it points to the public address, so I can reach it. With eSoft, without any adjustment, it worked, and I was able to do that. I went to search pfSense for an option, and I had some documents open to read about how it is done, but it isn't clear enough. It's not that easy. I would appreciate it if I could get easy help on that.

HT
Founder and MD at Smart Solution
Real User
2019-02-03T08:25:00Z
Feb 3, 2019

It has everything I need, but the main drawback of pfSense is that it's not user-friendly. I hope to have something to make the interfaces more user-friendly. I would also like to see some documentation that can help with use cases or that has advice and tips. I have found some documentation available but it's usually from an earlier version. If they develop this, pfSense will be the best. The only thing that Fortigate is better than pfSense is that they have 24/7 support. pfSense also needs improvements in the intrusion detection area.

NR
IT Manager & Sr. Application Programmer with 11-50 employees
Real User
2018-11-14T21:32:00Z
Nov 14, 2018

While I agree spam filtering is not included or an option with the system, I don't necessarily hold that against the product as there are a number of other services that do it far better than a firewall could. If you use Office 365, Microsoft's implementations are likely to be far superior to what you'll get from a firewall. However, with that said, the one item I wish it included, even if it was a subscription-based service, is the inclusion of an AV and/or threat intelligence. This would elevate the solution well above other alternatives.

RB
Senior Systems Engineer at KeyTrust
User
2018-10-10T04:23:00Z
Oct 10, 2018

* I would like to see multiple DNS servers running on individual interfaces. * It would be useful to manage firewall policies on a source interface and destination interface basis.

AO
Systems Administrator at AB Edsbyverken
Real User
2018-08-30T09:29:00Z
Aug 30, 2018

* The central point of management, like the long-rumored pfCenter. * Better parsing of logs: At the moment, you have to use an external server for this if you want a deeper analysis.

RJ
Senior Systems Administrator at a non-tech company with 51-200 employees
Real User
2018-06-14T07:58:00Z
Jun 14, 2018

Layer 7 filtering has been taken away from pfSense. They would like us to use Snort, which is a good thing, but I would like them to make the Layer 7 thing easier. The one reason that we did not go with pfSense is that it is not centrally managed like Meraki, where you log into the website and can see all your services there. This is the only reason why we are going with Meraki. We would like to be able to see is all the configurations from a central interface on all our pfSenses.

KV
Network and Office Manager at Belgo Metal CW n.v.
Real User
2018-06-10T07:19:00Z
Jun 10, 2018

A malware blocker should be included. I do not know if it is included yet. However, until now, we have not experienced a large malware invasion. There are a few features not included, and when you have to use those features, you have to pay for them. I know that I should change the current pfSense solution. I should change it because we have only one key port on it. Our internet access also has a key port now, I should have two key ports, one to the LAN and one to the WAN. Therefore, I want to change it, because it gives us less speed. I could provide the speed, but there are not two key ports on it. Therefore, I now have to choose a new pfSense solution, or I could look at another vendor similar to what we have.

Related Questions
MC
User at nwr
Dec 27, 2022
Hello peers,  I am researching firewalls and found the following two options: Fortinet FortiGate and pfSense.  What are the differences between these two firewalls? Which firewall do you prefer and why? Thank you for your help.
See 2 answers
CR
Director at REDCO
Dec 27, 2022
Especially with support and updates of the signatures, FortiGate has a more solid base. Being an IPO company, with respect to Pfsense, start as a community project and you can purchase support and even dedicated appliances if you have a budget for FortiGate, or if you are starting Pfsense. Greetings
CR
Director at REDCO
Dec 27, 2022
Both are very good products, but some features that Sophos mentioned as new, FortiGate has been handling. If you are going to grow with several appliances I recommend Sophos, since the administration can be done from the cloud. With Fortinet, you have to pay a licensing fee. In terms of costs and all the options, they are very similar. Another detail to review is the support, at the beginning with Fortigate, I had enough details, but it is really improving significantly with respect to Sophos.  My comment is based on experience and I do not lean toward any of the brands. To reiterate, they are good types of equipment.
NC
Content Manager at PeerSpot (formerly IT Central Station)
Oct 28, 2021
Which is better?
See 1 answer
Janet Staver - PeerSpot reviewer
Tech Blogger
Oct 28, 2021
Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and client, Open VPN and client, and PPTP client. Both also have intrusion detection and prevention in transparent mode. I like that both firewalls offer DNS filtering with any DNS filtering company and also have a network configuration feature with customized configuration that is enabled by a setup wizard. Two stark differences between PfSense and OPNsense are that PfSense does not allow for quick updates and patches, but OPNsense does. On the flipside, PfSense has two factor authentication that works with a remote radius server, which OPNsense can’t do. Another feature of each to consider based on your company needs is the dashboard; PfSense has drop-down menus, while OPNsense has its menus placed on the left side. It comes down to your personal preference, but I find that having menus on the left side of a dashboard makes it easier to use because it is organized and navigation is clear. Some people may think OPNsense is harder to navigate because of the messy dashboard layout. What I like about both options is that they are free to download and use. They also both have frequent updates, with constant updated documentation. OPNsense seems to be more intuitive to use and has a great reporting feature. PfSense, though, seems to have more product tutorials available and also more answers to FAQs that can be easily found online. Conclusion Both products have a similar set of features. In my opinion, though, I think PfSense is superior to OPNsense, not only because it has an array of features but also because it has an automatic backup feature that I find very valuable.
Explore this product
Download Free Report
Download our free pfSense Report and get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
DOWNLOAD NOW
670,523 professionals have used our research since 2012.