Sold by: NetgateÂ
Deployed on AWS
AWS Free Tier
pfSense Plus software is the world's leading price-performance edge firewall, router, and VPN solution. Over seven million installations used by homes, businesses, government agencies, educational institutions and service providers.
Overview
Video
Launch pfSense Plus software on AWS
Video
Product video
OVERVIEW pfSense Plus software is the world's leading price-performance edge firewall, router, and VPN solution. Over seven million installations used by homes, businesses, government agencies, educational institutions and service providers.
PRICING //04-2024 - With the release of 24.03, Netgate will no longer be supporting instance types with 512MB memory or less. If you are running an instance tX.nano, please make sure to upgrade the instance to tX.micro or higher PRIOR to upgrading to 24.03//As of 24.03 - Supports High Availability configurations across both AWS zones and regions, with seamless settings and configuration synchronization ensuring enterprise grade consistent performance. See pfSense Plus on AWS documentation and HA blog at Netgate.com.
No hidden fees for features or functions. No arbitrary licensing fees. No artificial user limitations. Just unparalleled ROI and TCO.
FEATURES Firewall: Stateful packet inspection, GeoIP blocking, Anti-spoofing, Captive portal guest network, Time-based rules, Connection limits, NAT mapping (inbound/outbound)
Router: Policy-based routing, Concurrent IPv4/v6 support, Configurable static routing, IPv6 network prefix translation, IPv6 router advertisements, Multiple IP addresses per interface, PPoE server
Attack Prevention: IDS/IPS, Snort-based packet analyzer, Layer 7 application detection, Multiple rules/sources/categories, Emerging threats database, IP blacklist database, Pre-set rule profiles, Per-interface configuration, False positive alert suppression, Deep packet inspection (DPI), Application blocking
VPN: IPsec, OpenVPN, Wireguard, Site-to-site and remote access VPN, SSL encryption, VPN client for multiple operating systems, L2TP/IPsec for mobile devices, IPv6 support, Split tunneling, Multiple tunnels, VPN tunnel failover, NAT support, Automatic or custom routing, Local user authentication or RADIUS/LDAP
Reverse Proxy and Load Balancing: HTTP and HTTPS proxy, high availability, load balancing, and proxying for TCP, HTTP and HTTPS-based applications.
Network Services: Dynamic DNS, DHCP Server, DNS Forwarding, DNS Filtering
Management: GUI, full suite of configuration, user authentication, system security, resilience/reliability, and system reporting/monitoring features See the full feature list here: https://www.netgate.com/solutions/pfsense-plus/Â
ABOUT NETGATE Netgate is the company behind the pfSense project and the only official source for pfSense Plus and Community Edition (CE) software. As the primary contributors, our developers work hard to provide the best firewall security technology for your cloud infrastructure.
Highlights
- The leading open-source driven firewall, router, and VPN (OpenVPN/IPsec/WireGuard) solution for network edge and cloud secure networking.
- Over seven million installations protecting homes, businesses, governments, educational institutions and service providers.
- Made possible by open source technology. Made into a robust, reliable, dependable product by Netgate.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
FreeBsd 14
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
m6i.large Recommended | $0.34 |
t3.micro AWS Free Tier | $0.12 |
t2.micro AWS Free Tier | $0.12 |
r4.large | $0.56 |
r4.xlarge | $0.56 |
c5n.large | $0.34 |
m5d.large | $0.34 |
m5.xlarge | $0.45 |
m3.xlarge | $0.45 |
t2.large | $0.12 |
Vendor refund policy
Hourly users may cancel or stop using this service at any time. Annual subscriptions may be cancelled for a full refund within 48 hours of purchase or a prorated refund within 14 days.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Additional details
Usage instructions
An instance may be managed via ssh or https. Most of the system configurations may only be adjusted via the https interface. To access the instance via ssh: log in as the admin user using the SSH key associated with the instance. E.g. run the command 'ssh -i my_aws_rsa_key admin@instance_host_name'. Substitute the file your private SSH key is stored in for my_aws_rsa_key and the hostname of the instance for instance_host_name. To access the instance via https, use a web browser: Type admin for the account name. The password can be set to a value of your choice when you start the instance by setting a value of the form 'password=your_desired_password' in the "User Data" field of the "Advanced Instance Options" section of the launch screens. If you don't set a password, a random password will be set. The random password can be viewed by choosing Get System Log from the Actions menu for the instance. To set a password during the creation of an instance: On the "Configure Instance Details" screen expand "Advanced Details". Make sure "As text" is selected for "User data". In the "User data" field enter a password of the form 'password=your_desired_password'.
Resources
Vendor resources
Support
Vendor support
Get expert technical support via email, portal, or phone with a four (4) or 24-hour initial response SLA from the Netgate Technical Assistance Center (TAC). Learn more about our support options at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Netgate
By Palo Alto Networks
By Juniper Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Firewall Capabilities
Advanced stateful packet inspection with GeoIP blocking, anti-spoofing, and time-based rule configurations
Network Security
Comprehensive IDS/IPS with Snort-based packet analyzer, deep packet inspection, and multi-layer application detection
VPN Infrastructure
Multi-protocol VPN support including IPsec, OpenVPN, and WireGuard with site-to-site and remote access configurations
Routing Capabilities
Concurrent IPv4/IPv6 support with policy-based routing, static routing, and network prefix translation
Network Services
Dynamic DNS, DHCP server, DNS forwarding and filtering with comprehensive network management interfaces
Network Traffic Inspection
Advanced layer-7 application visibility and control with comprehensive traffic inspection capabilities
Threat Prevention Technology
AI/ML-powered security engine with researcher-grade signatures for detecting known and zero-day threats
Cloud Security Integration
Native integration with AWS infrastructure components including Gateway Load Balancer, Auto Scaling, and Transit VPC
Dynamic Policy Management
Automated policy application using AWS tags, Application IDs, User IDs, geographies, and network zones
Deployment Flexibility
Seamless deployment through EC2 instance creation workflow with cloud-native form factor
Network Security Services
Advanced firewall solution with core firewall, VPN, NAT, and L4-L7 security services
Threat Protection
Intrusion detection and prevention (IPS) with application visibility and control through AppSecure
Cloud Integration
Native integrations with AWS services including Elastic Load Balancer, CloudWatch, Security Hub, and Amazon GuardDuty
Routing Capabilities
Advanced cloud-grade routing with IPsec and full mesh VPN termination services
Protocol-Level Protection
Anti-virus capabilities detecting and blocking malware across POP3, HTTP, SMTP, and FTP protocols
Standard contract
No
No
No
Customer reviews
3.9
15 ratings
15 AWS reviews
|
417 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Askar Parveez
Open source platform provides cost-effective enterprise-class features with efficient support
Reviewed on Aug 18, 2025
Review provided by PeerSpot
What is our primary use case?
The typical use case for Netgate pfSense is VPN connectivity, content blocking, and IDS/IPS. Users typically implement it for these specific purposes.
What is most valuable?
The best features of Netgate pfSense include its open-source nature, and one of the most appealing aspects is the absence of recurring expenses, as there are no licensing fees. Users get enterprise-class firewall networking with this product.
Customers who use other firewall products such as Sophos or FortiGate often conduct research and choose Netgate pfSense because the yearly expenses of other firewall products are higher compared to pfSense, which has no licensing fee. While there is no yearly licensing fee with this product, users still receive all the enterprise-class firewall features.
The stateful packet inspection feature is enterprise-class, and when compared to other firewall products, it matches their capabilities effectively.
What needs improvement?
Areas of Netgate pfSense that can be improved include the customers' requests for antivirus protection, which they refer to as Unified Threat Management, available in other products. Unified Threat Management can match up with other brands as well.
For how long have I used the solution?
I have around one and a half years of experience working with Netgate pfSense.
What do I think about the scalability of the solution?
Netgate pfSense is definitely a scalable solution.
How are customer service and support?
The technical support from Netgate pfSense deserves a rating of 10 on a scale of one to ten, where one is the worst technical support and ten is the best.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup of Netgate pfSense is easy because it has a wizard. Users can run the wizard and set up the firewall within five minutes.
What other advice do I have?
Netgate pfSense comes with Netgate appliances, in which pfSense is loaded, ensuring compatibility with different hardware platforms. The solution proves to be stable in operation.
On a scale of 1-10, I rate this solution an 8.
Which deployment model are you using for this solution?
On-premises
Information Technology and Services
pfSense - reliable and user friendly.
Reviewed on Aug 05, 2025
Review provided by G2
What do you like best about the product?
The interface is easy to use, well organized, and easy for admins to setup. Their support documentation/forums are well documented and up to date. I think it's secure when integrated with the right platforms and packs cool useful features.
What do you dislike about the product?
The CE edition could have better support, although kept up to date, they can improve on security and some integrations.
What problems is the product solving and how is that benefiting you?
VPN integration and configuration/management, radius and simplifies traffic management.
Ludovic PEPPUY
Stable performance and ease of equipment addition enhance daily operations
Reviewed on Jul 14, 2025
Review provided by PeerSpot
What is our primary use case?
We use pfSense and Netgate pfSense Plus Firewall/VPN/Router to establish a VPN tunnel between our client and our headquarters to transfer data between client and our equipment. It's very simple to use, efficient, up to date, and the hardware is very available; it's very safe.
What is most valuable?
We use pfSense and Netgate pfSense Plus Firewall/VPN/Router to establish a VPN tunnel between our client and our headquarters to transfer data between client and our equipment. It's very simple to use, efficient, up to date, and the hardware is very available; it's very safe.
Everything works well inside pfSense. It's affordable. For our use of pfSense, it meets one hundred percent of our needs. It features easy installation, and we use direct installation on the equipment rather than cloud deployment.
What needs improvement?
Regarding tuning, it's not really an advantage as we need that functionality.
The most significant drawback in recent years has been the cessation of firmware release downloads. In the past, when we wanted to update our equipment, we simply downloaded the latest firmware. Now pfSense has changed its policies. Instead of providing firmware for download, they require customers to proceed with updates through the cloud, which isn't an optimal solution for us. I prefer the old method of updating where we could download the latest firmware and install it directly. Without an internet connection, we cannot update our equipment, which is problematic.
For how long have I used the solution?
What do I think about the stability of the solution?
Everything is very stable for us at the moment; we have encountered no problems.
What do I think about the scalability of the solution?
Adding new equipment is very easy for our organization.
What other advice do I have?
I am not in charge of networking in our company, so I may not be the most appropriate person to answer detailed questions. The solution is used for security to establish private communication.
We use OpenSense for our operations.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Ruben T.
Best Firewall Routing ever
Reviewed on Jul 02, 2025
Review provided by G2
What do you like best about the product?
Time to learn how to tell the things to the product (having experience in firewall from other platforms)
What do you dislike about the product?
Not be a NGF and SDWAN not spanish support from Netgate
What problems is the product solving and how is that benefiting you?
Practicity to develop, almost al solution in one box.
AvilashBiswal
Meets our needs, and it's highly flexible and cost-effective
Reviewed on May 14, 2025
Review provided by PeerSpot
What is our primary use case?
I usually use it on premises, and I use it for different purposes. I use it for network security for my infrastructure, and I use it for my web servers and data servers that are on-premises.
My main use cases for Netgate pfSense are proxy servers and IDS/IPS, blocking ads, clearing the network for adware and malware, and monitoring the network flow.Â
How has it helped my organization?
As an open-source solution, Netgate pfSense is highly flexible because a person with kernel-level or code-level experience can control the firewall as per their requirements, and there are multiple packages and tools readily available to integrate with Netgate pfSense. In the IT industry, most of the tools can be integrated with pfSense.
Adding packages to Netgate pfSense is very easy. I just need to search for the required package and then install and configure it.
Netgate pfSense has a very intuitive dashboard. The information is readily available on the dashboard.
Netgate pfSense has routing facilities that help minimize downtime while having multiple internet connections. If one bandwidth goes down, it automatically diverts to the other.Â
Netgate pfSense helps prevent data loss by monitoring data transactions and network protocols, allowing us to block certain amounts of data and implement policies to reduce malware and firewall threats.Â
What is most valuable?
From my perspective, the best feature of Netgate pfSense is the load balancer, as I usually take multiple internet connections. I can use both internet providers' bandwidth as a single network bandwidth, which helps in a very smooth network traffic flow. Netgate pfSense has a very interactive and intuitive dashboard that provides all the major and informative information that is readily available.
Netgate pfSense has positively impacted my organization because when we look at other firewalls or alternatives, they are costly.Â
What needs improvement?
For my requirements and use cases, it is sufficient for me, and I have never faced a need for additional features. AI would always be a plus point, and if pfSense could change its framework from FreeBSD and PHP to a different language and Linux OS, that could enhance security.
For how long have I used the solution?
I have been providing services for network solutions and network security, and I have been using Netgate pfSense for almost four to five years.
What do I think about the stability of the solution?
Netgate pfSense is definitely stable; I've multiple sites using it, and they are live right now. I've at least 20 sites operational.
What do I think about the scalability of the solution?
It is a scalable product. I would rate its scalability a seven out of ten.
How are customer service and support?
I have never used the services of Netgate, but I can rate the product itself as a 10 out of 10 because it has been very helpful to me.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have previously used Fortinet and Sophos. The major reason I switched from Fortinet and Sophos to Netgate pfSense was to mitigate the financial aspect, as those alternatives were costing us lakhs.
How was the initial setup?
Deploying Netgate pfSense is very easy because I used to deploy it on my personal hardware. Whatever spare hardware I have, I install it directly on that. Installing and configuring it is very easy for me.
I deploy Netgate pfSense for various companies. There are many startups in India that require a cost-effective solution that allows them to use their hardware and provide basic security.Â
Deploying infrastructure for a new company takes me approximately one day, unless there are separate requirements to configure, such as creating usernames and passwords for each user, which may take two to three days.
What about the implementation team?
I do everything in-house by myself. I am the only person involved in the deployment.
What was our ROI?
I have seen a return on investment with cost savings after implementing Netgate pfSense, as other firewalls would cost me lakhs of rupees while pfSense is free.
What's my experience with pricing, setup cost, and licensing?
Everything we need is covered in the free version of the open-source pfSense. I have never used the licensed version or required certified partner help to implement or deploy anything.
If we are not purchasing any support or incurring any Netgate costs, the total cost of ownership for Netgate pfSense is zero, as it is freely available to download and install, requiring only hardware for deployment.
The cost of other firewalls goes to thousands and lakhs of rupees compared to pfSense, which costs zero. If we opt for Fortinet, it costs about one lakh thirty thousand Indian rupees for the firewall, and then it costs up to almost fifteen to twenty thousand annually for the user subscription. With Netgate pfSense, all those things get covered at zero cost.
Which other solutions did I evaluate?
I did not evaluate any other options aside from Netgate pfSense because it was the only solution I could find that effectively met my needs. It works for our use cases.
What other advice do I have?
In terms of data-driven decisions, there is a package that can help me understand each and every packet and time. I have not gone through that avenue yet, but it allows us to get all the data for data-driven decisions.
There is a paid feature to increase performance, but there are multiple tweaks available in the advanced settings that can help increase bandwidth or usability based on requirements.
I have not used pfSense Plus on Amazon EC2 VMs because there was no requirement.Â
I would rate Netgate pfSense a ten out of ten.
Which deployment model are you using for this solution?
On-premises