We use pfSense and Netgate pfSense Plus Firewall/VPN/Router to establish a VPN tunnel between our client and our headquarters to transfer data between client and our equipment. It's very simple to use, efficient, up to date, and the hardware is very available; it's very safe.

We use pfSense and Netgate pfSense Plus Firewall/VPN/Router to establish a VPN tunnel between our client and our headquarters to transfer data between client and our equipment. It's very simple to use, efficient, up to date, and the hardware is very available; it's very safe.

Everything works well inside pfSense. It's affordable. For our use of pfSense, it meets one hundred percent of our needs. It features easy installation, and we use direct installation on the equipment rather than cloud deployment.

Regarding tuning, it's not really an advantage as we need that functionality.

The most significant drawback in recent years has been the cessation of firmware release downloads. In the past, when we wanted to update our equipment, we simply downloaded the latest firmware. Now pfSense has changed its policies. Instead of providing firmware for download, they require customers to proceed with updates through the cloud, which isn't an optimal solution for us. I prefer the old method of updating where we could download the latest firmware and install it directly. Without an internet connection, we cannot update our equipment, which is problematic.

Everything is very stable for us at the moment; we have encountered no problems.

Adding new equipment is very easy for our organization.

I am not in charge of networking in our company, so I may not be the most appropriate person to answer detailed questions. The solution is used for security to establish private communication.

We use OpenSense for our operations.

I use pfSense as a home router firewall on enterprise equipment purchased from eBay. I utilize it for personal interests and not in a professional IT capacity, mainly for home setups and maintaining VPNs to family members.

It is very easy. An enterprise person who has been doing this all day long will find it as easy as a command line if not easier than the command line. I would prefer not to have to set up another server to monitor my links and everything else. I like that I can go into my one dashboard. It is all running on that one box. I am happy. A large enterprise will have monitoring services, so this might not be as critical for them. For small and probably medium-sized businesses, having the user interface and being able to import configs is very powerful, but it is probably a mixed bag for larger companies that already have services and other things, and GUI does not matter to them.

It provides a single pane of glass. When I come in, I can immediately look at my gateways, link connections, services, etc. It shows my DNS blocker, CPU usage, and memory usage. I can see that my gateways are online, what traffic graphs I have selected, and all my services are up. That is what I like about it. This is what I will miss if I go to VyOS. I know I will have to set something else up specifically to show me all the monitoring and make sure that I have that warm fuzzy that everything is working.

Being able to see in a single pane of glass what is happening makes it very easy for me to react and know what is going on. For example, I changed some tunnels to my family in upstate New York. I am down in Philadelphia. We were having some connection issues, and through its interface, I was able to easily identify the issue. I had a tunnel configured wrong and changed some settings, and we were back up in ten minutes.

Its ease of use is great. If I do not continue forward with pfSense, it would be going to VyOS, which is all command line. pfSense's user interface is very nice for simpler configs and monitoring. It is very stable, and it works very well. Flexibility is great, and the plug-in model is very nice for pfBlocker and other things. It is a very robust solution that works very well.

They could do better with their licensing in the home use space. For me, that has been a struggle. 

I got three pfSense Plus licenses when they were giving them away to the community for free because pfSense decided that they do not enable the QAT. They do not enable the network acceleration function that is on the Intel Atom CPUs and some of the Xeon D's in the Community edition. IPSec acceleration and OpenVPN acceleration do not work on those smaller boxes because it is going to use the CPU, so I got the three licenses, which worked well. It was all good, but they decided to take that away and are charging $129 a year. Somebody savvy like me is going to pay for it. I will pay for it for myself, but I also maintain the routers of my parents, my mother-in-law, and a friend. I have IPSec tunnels to them, and they need the acceleration technology that is disabled, but they are not willing to pay $129. I wrote to the Netgate salesperson asking to consider a model with a $60 per year subscription because they are putting a barrier on themselves. They have abandoned the Community edition. There has not been an update in a year, but then you hear that they are contributing. They are making updates, but they have not released it. There is an opportunity to make more money in the home user space if they change their licensing model.

The other little hiccup that I see with it is they have it tied to MAC addresses. It generates a license based on the MAC address. If you change any MAC address, you have to issue a new license. They were nice about it for me when they did a one-time change for me, but if I put another Ethernet adapter in the box, it says it needs another license. They should work on that. It seems they are going to change this.

I have probably been using it for more than a decade at this point.

My instance has been up for over two years without a reboot, so it is very good.

It is a mixed bag because I have had 1 gig symmetrical Internet. I have 2 gigs now. As you get further up the stack, it is going to get worse. I do not have options past 2 gigs. I have 25 gigs between some servers. I have 10 gigs with a lot of machines. They have their TNSR project that sits at a thousand dollars a year, but I cannot even try that. They have entirely removed the Community edition for that, but it has been great with 2 gigs and 1 gig.

They are super fast, super nice people, and very accommodating. The quality of support is great. They are better than I would have expected them to be. I would rate them a ten out of ten.

Positive

Previously, I have mainly used VyOS, Cisco ASA, OPNSense, and Fortinet. 

Cisco ASAs are very nice. They compare very well, and they have their single pane of glass. They have GUI and no license fees yearly. Netgate will say the same thing. If you buy their hardware, you get the license for free, but they triple the price of a new piece of equipment.

The initial setup is not easy right now because I have to put my email in, and they send me a link. I would prefer to have separate images for the Community and Plus editions.  

When you go to the installer, it asks you if you want Plus. You have to put a valid license in to get it to install Plus. In my situation, all three of my Plus licenses have expired, and they all continue to work. If I need to reinstall that on a new box, I can only install the Community edition. When I boot it up, I cannot import my config because my config is from Plus. For me, it would make more sense if I could download and install a Plus image, and it gives you a 24-hour period to put in a license and have it activated. Something to that effect would make it easier because I cannot imagine I am the only person who has had this issue.

The licensing model needs improvement, especially for home users. There should be more flexibility to change licenses with hardware changes. The pricing model could be more accessible for home users.

The license is locked to a specific device. There are other services where you can buy a pfSense, and you get that license for a year. You can put it on any single device, and it moves with you. I do not want to have to call them to get the license changed. I would prefer that when I put it on a new device, they know it is registered to this new device. It is not on the old one. They should handle licensing differently for home users. They should try to differentiate it from enterprise.

There should be a cheaper tier of pfSense Plus for home users. They need to improve the pricing for a home user. They can look at the numbers. They know how many installs they have.

I would rate it an eight out of ten. It is a great product, but they have sold it in a way that does not align with the way I need to use it or the people that I have it with are going to use it. It practically does not make sense versus what else is out there. VyOS is free. Its Community edition is free, and they update their Community edition first. It is the opposite of what pfSense is doing. They are updating the Plus edition first and the Community edition comes second.

I work in IT at a German insurance company, and I studied computer science. I also work in the network sector, so I know a lot about network solutions. I work with VPN solutions, Fortinet, and other products. For me, pfSense is a private home solution for my family. It's not the solution in my company.

I use pfSense as a firewall appliance, and the function is very good. But I think it's for users with more experience. It's not a solution for beginners.

If you are a professional, it's not difficult to add features to pfSense and configure them. But it is difficult if you are not. 

I utilize the core features. I have pfBlockerNG, SquidGuard, OpenSSL, and WireGuard. So, these are the core features I need.

The core benefits are that I can virtualize it with platforms like Proxmox or VMware, and I can buy third-party appliances. And Netgate offers a lot of hardware possibilities.

pfSense offers a lot of things that help to prevent data loss and intrusion, protect telemetry information, and so on. 

pfSense gives a single pane of glass management. But for me, it's not a problem because I have one appliance, but I think if you manage a lot of appliances, it could be better. It's important to be able to centralize management if I have 10 or 20 appliances.

I use pfSense Plus, it's called the "Zero-to-Ping" license [TAC Lite]. It's a very good solution, but it's a bit too expensive for private use. pfSense Plus is very good, but, for example, if I want to add another pfSense appliance for a cluster, it requires two licenses. For private use, if I want two licenses, it's very expensive.

pfSense Plus provides features to minimize downtime. One of the key features is ZFS. It's the file system. ZFS is very important for backups. I can make snapshots, and that is very good to make backups.

I am satisfied with the visibility that is provided by pfSense Plus. It is very good and optimizes performance because the hardware acceleration is very good for IPsec, SSL VPN, OpenSSL, and so on. This is very good support from pfSense.

The best feature is a function called pfBlockerNG. In pfSense, you can whitelist and blacklists for IP addresses or dangerous DNS sites. The top feature is the VPN. It's a very good SD-WAN solution and a very good VPN engine. It supports a lot of VPN techniques; it supports IPsec, SSL VPN, and WireGuard. It's the core feature of pfSense.

The flexibility is very good; we have a lot of possibilities. You can connect it with different WAN connections, whether you have a cable provider or fiber.

The feature list is good. For me, it's more important that we have fewer patches and better stability compared to OPNsense. I think OPNsense is too big. They support a lot of things, but pfSense is better. I think pfSense is better for stability.

The only thing that could be better is the hardware compatibility for LTE devices. This is a bit tricky for me; I wish the hardware compatibility were better for LTE devices.

I wish the FQ_CODEL limiters were improved. They're very good, but the FQ_PIE limiters don't work well. FQ_PIE limiters are important for cable modem connections. In Germany, we have a lot of cable providers for these interfaces, and the FQ_PIE limiters don't work well in pfSense.

I have been using it for eight to ten years. It has been a very long time. pfSense is very popular in Germany.

I use the latest pfSense Plus version.

The stability is very good.

I use it for my family, for maybe 20 or 30 devices. It's not a big environment.  

I utilize the pfSense forum and the community forum, and it's okay for me.

My preference in comparison with OPNsense is pfSense. I think it is better; it is stable.

The difference is that OPNsense has more features, but also has more bugs.

For me, pfSense is stable. It's better for my use case.

The deployment process is very good. For example, I can set up a new appliance and boot directly from a config file. This is very good.

It's very simple. I download new images, and during the boot process, if you make an image, you have a directory. In the directory, you make the config file, and then you can directly boot with the setup. You can boot a finished version. It's a good thing.

I use it on-premises. The on-prem version is very good. The software is good.

Maintenance depends on the features you use. If you have a proxy server with SSL introspection, sometimes it creates a small firewall size. If you have an easy firewall setup, then it's not so complicated. It depends on your environment and feature settings.

I did the deployment myself without the help of third parties or anything like that. It's very simple. I have enough skills because I studied computer science and work in the network sector. It's not a problem for me.

It took me ten minutes to deploy it. 

The ROI is good. pfSense is a very good solution, not only for home use, but also for middle-sized or larger companies.

In comparison with pfSense CE (Community Edition), pfSense Plus is a little bit too expensive. The pricing is a little bit high for private users. 

With the inclusion of the firewall, VPN, and router functionalities, the total cost of ownership of the pfSense Plus solution is very good because pfSense Plus has a lot of features. For the VPN features, it is good for the total cost of ownership.

I can recommend it if you are a professional or if you know what a firewall is.

It is a very good solution for the home sector, for companies, and for larger companies. I would recommend it to a lot of companies.

Overall, I would rate it an eight out of ten. 

I do some consulting work for a couple of organizations on the side, and I have a few personal home lab builds of pfSense, so I use it in both a professional and personal home lab environment. I'm using the community edition and pfSense Plus.

I began seeing the benefits of pfSense immediately. The use cases for pfSense were creating remote VPN servers and satellite offices where remote employees connect. I've been using it for so long now that I have some baseline configurations. When I bring a new site online, I load that default configuration and ship it out to where it's needed. They plug it in, and the system comes online. It's fantastic from that from that perspective.

PfSense gives you much control and visibility into your boundary that helps you identify nefarious actors and things that could lead to eventual data loss.

It helps minimize downtime from a boundary perspective. They have some features. I have used Plus in boot environments quite regularly to test out some things before going live into production, which has been nice because I've made some configuration changes that I regretted. 

The boot environments help you get back into kind of what you had. Both the community and Plus editions have a fantastic configuration export. Your boundary device is relatively static once you can configure it how you need it. You can export those configs relatively easily so that when something goes catastrophically wrong, the hardware fails, or something along those lines, you can reload the configuration onto that device or the replacement device and go about your day. 

One thing I can say about pfSense specifically and the Netgate hardware is that it is not something I worry about from a security or a resiliency perspective. It's stable. It works. I have the ability to forget about it. As an IT professional, I have so many things to worry about daily, and it's incredible to minimize those things. I think pfSense has done a great job in that area.

There's a lot of logging that produces a ton of data I can pull into a data analytics platform and make data-driven decisions about bandwidth increases or changes to firewall rules, intrusion detection rules, or employee access.

It also enables us to optimize performance, one of the biggest things you do when you get a new Internet service provider or a modem replacement or something along those lines. There are tons of tools built into pfSense that let you look at how that's working, and even some tools online that allow you to tailor that experience based on your real-world use case.

In the time that I've used pfSense, I'm continuously blown away by the quality of the product, its attention to security, and all of the features it has. It's easy to use. The web-based interface is great. The tutorials on the website are fantastic. I wouldn't say it's necessarily one feature. It's the full offering of all of the features that make it for me. I use firewalling, intrusion detection, and two of the VPN features: WireGuard and OpenVPN. 

The flexibility is great. PfSense will run on homebrew hardware and Netgate. The interface is excellent on the web and through the console. There's a lot of flexibility through the console. It lets you get into a low bandwidth environment to do the things that you need to do when you're remotely administering some of these things. 

I enjoy the fact that the web interface is customizable. A seldom-used feature is the ability to change to one of several built-in themes. I use those themes to tell which system I'm administering because they're all remote to me, and the interfaces all look the same. I don't have those little tells about changing the colors of certain things. 

Sometimes, it takes some back and forth to figure out which one I'm on. I never thought the themes would be a feature I would use. I use it all the time. The user interface is fantastic and responsive. The tooltips are in the right areas and help you build out your firewall and boundary device.

The ease of deploying and configuring features depends on the feature. Most of their features are designed to be implemented with some basic knowledge level, but some are super-advanced, and you need that knowledge level. They have excellent guides for just about every feature on their website or that's inside pfSense. They're great. They explain all the different things about adding new features and each package's function. I don't think that there has been a feature that I wanted that someone didn't already have a package built for.

I would like to see a better plugin for data analytics. They have some things that you can do, but it's not purpose-built to get data out super easily. That's kind of an advanced feature, and you do have to do some configurations that are a little more advanced than some people might be comfortable with. 

I would also like some type of fleet management, like a dashboard where I can see multiple pfSense and their statuses. I'd also like that to be self-hosted. I don't necessarily want a cloud version of it. I'd like to host that at a parent site and have the satellite offices push their status there. 

I have to manage each of the devices individually. There is no interface where I can manage multiple devices. I wouldn't call it single pane of glass management. It does give me a single pane of glass for everything related to the boundary, including VPN intrusion detection, DNS, DHCP, VPN, and firewall rules. But it doesn't have that fleet management piece. I would love to see something like that.

The last thing that I would like is not a feature. It's Netgate as an organization. I would like more transparency from them when they make some decisions that sometimes appear to be made in a vacuum. Most recently, the change in licensing and some of those things did not go over well in the community in general. I think some transparency from their organization would be valuable to the community at large.

I've been using pfSense for around 15 years.

I rate pfSense 10 out of 10. I have never had a system fail in more than 15 years. I've never had one fail on-site. They are incredibly stable and resilient

PfSense is highly scalable depending on the hardware you buy. Their hardware is well-documented. If you buy a device designed to scale with your business needs, I don't think there would be any issues with that.

I rate Netgate support 10 out of 10. I have never had a bad interaction with any of their folks. They respond quickly, and their answers are always extremely thorough. 

Positive

I used the old m0n0wall, which I migrated away from. I have also used SonicWall and OPNsense in a lab environment and various Cisco and HP devices throughout my career.

PfSense offers the best bang for your buck from a feature and cost perspective. Many other systems have some cool features that either aren't necessary or are significantly more costly than pfSense.

The initial deployment is easy, and it's even easier once you've spent some time with it. If you buy devices from Netgate, they provide you with "zero to ping." 

Even if you have some kind of odd setup or something weird you can't figure out, you can call their technical support, and they will help you get online. They'll even remote into the device to help you get online or solve a problem, which is incredible. 

Now, I have a standard image that I use from a configuration perspective, so it takes me about half an hour. It is typically a one-person job. The only reason why I put a caveat on that is I am fully remote from all the services that I support, so I do need a person on-site to at least plug the thing in, but the rest of the setup is a one-person job. After deployment, it doesn't require any maintenance aside from standard firmware updates. 

I don't like subscription models, and unfortunately, the latestpfSense license, pfSense Plus, went to a yearly subscription model. I think yearly is probably the best of the worst because at least I can pay it once, and be done with it for the year. I would rather see either a one-time cost or something along those lines that would be at that price point. I think the costs for their hardware are reasonable. I wouldn't call them cheap, but I also wouldn't call them expensive. I think the hardware costs are reasonable.

I personally run a couple of black box or white box servers that are custom built using pfSense Plus that I've licensed, but all of the other deployments that I support are devices purchased from Netgate.

I rate Netgate pfSense eight out of 10. I recommend that new pfSense users join the community. PfSense has an active community on Reddit and a community forum. You can also get a copy of the community edition and deploy it to a virtual machine to learn it before you put it into production. You won't be disappointed.

I use the solution in my home network as the main firewall before all data heads out to the internet. I use it for DNS resolution as well.

I noticed the benefits of pfSense immediately after deployment. I was able to take complete control of my security to my house, and it gave me all the things that I needed in order to secure my home network.

The GUI and the user interface have been very clean, understandable, and feature-rich across the board.

The flexibility of pfSense is great. 

It is very easy to add features. 

There are features that help to prevent data loss. The rules engine of pfSense, a traditional firewall rule structure, has always been the same.

There's definitely a single pane of glass. There's definitely a lot there in front of you. 

pfSense provides visibility that enables users to make data-driven decisions. I'd rate the capabilities seven out of ten. 

Sometimes it's a bit of a challenge to know how to do something when you want to do something, for instance, setting up a point to point VPN.

Configuration is sometimes a challenge just due to a lack of knowledge on my side. I find that if I don't set up the rules correctly, and this goes to lack of knowledge of being an expert in the firewall space, it's a bit of a challenge sometimes in setting that up.

I would ask them to update it to a more modern interface, as it does look a little tired compared to GUIs today. However, the features are there. A redesign would be greatly appreciated, just from a human engineering aspect.

It might be easier if they separated things out a little bit more instead of putting all the aspects of what pfSense can do for you in a single menu. For instance, they have services, and they have all the services that you could have on your system. It's a lot.

Sometimes I find it difficult to find the data visibility that I would need in the interface to then go make a data-driven decision.

pfSense helps optimize performance. From a performance standpoint, setting up firewall rules does a great job of laying out exactly what those rules are. The layout of the firewall rules makes it easy to create a secure environment on my home network, albeit not very big. However, all the features are within the firewall, and I can create individual rules and organize the rules.

I've used the solution for six years. 

I have never experienced downtime from my pfSense device. I'd rate stability ten out of ten.

The scalability is very good. I'd rate it a ten out of ten.

I contacted technical support when there was a major upgrade a few years back, and I needed some assistance.

The quality was perfect. They were fast and very helpful. Even though I wasn't a paying customer for support, they still gave me great guidance and helped me focus on the issues at hand.

Positive

I've always had my service provider, Verizon, with their main router, and that router usually has a firewall built into it. I've never used anybody else besides pfSense outside of that.

The initial setup is straightforward. I've done it for my son at college in a matter of two hours, from unboxing to operation. It's easy to deploy a box. I can deploy it by myself.

It does not require any maintenance.

The ROI and the TCO are significant. You get a lot of features under one product. However, I don't use it as a router. I only use it for firewall and VPN capabilities and DNS.

The pricing and licensing are spot on. It's well below the industry average.

I did not look into other options. I knew of pfSense as being a leader in the industry, and that it is utilized by major corporations in large environments. To that end, I assumed it wouldn't hurt for me to have familiarity with the product and use it at home.

I'm an end-user.

I use the Plus version of pfSense. However, I do not pay for support.

I would rate the solution eight out of ten.

I use pfSense as my primary home router and edge gateway. My professional background is primarily in security engineering, though I focus more on pre-sales technical engineering. Due to my extensive experience in direct and security information management over the past decade, I leverage pfSense's capabilities to generate much of the data in my SIM system. This data is essential for laboratory purposes, testing, rule development, and use case creation. As a result, pfSense is a crucial component in securing both my home network and laboratory environment.

I appreciate pfSense's flexibility because I previously encountered issues with hardware reliability. While I'll eventually order dedicated pfSense hardware, I experienced consistent problems with SSD corruption. Frustrated with this, I considered switching to OpenSense. However, I discovered its potential after running pfSense in a virtual environment. The ability to easily create snapshots and recover from mistakes is invaluable. Ultimately, I've decided to continue using pfSense virtually due to its flexibility and convenience.

The ease of adding features and configuring them in pfSense depends on a user's familiarity with FreeBSD and network analytics. While I have extensive experience building firewalls from raw FreeBSD, pfSense offers a user-friendly interface that accelerates setup for newcomers. Its underlying FreeBSD foundation allows advanced users to access and configure low-level features. I appreciate pfSense's intuitive GUI and the secure default configuration provided during initial installation.

After the initial setup process, I immediately recognized the value of pfSense. The straightforward configuration questions provided a solid foundation, making the benefits apparent. While every implementation requires tailored adjustments, pfSense offers a versatile platform to explore various use cases. My primary focus was extracting in-depth information beyond standard firewall logs, such as detailed Suricata events and DNS server activity. As I delved deeper, I discovered pre-built packages that simplified data export to tools like Prometheus and InfluxDB, often meeting most of my requirements without extensive customization.

The advanced pfSense firewall rules offer significant advantages, such as implementing threat intelligence to block malicious actors from accessing our network. Configuring pfSense for radius or two-factor authentication can enhance security by preventing unauthorized access to our environment. These features are among the reasons I appreciate pfSense.

pfSense offers a centralized view of network data, but its built-in dashboards are sufficient for many users. As a fan of Grafana, I prefer a consolidated approach and could utilize pfSense data through either Prometheus or InfluxDB. However, extracting all data for central aggregation, as I'm accustomed to in threat management, aligns more with my preferred workflow. Nevertheless, the ability to customize dashboards within pfSense to monitor firewalls, DNS, and other critical services is valuable and meets the needs of many users, including those focused on point-of-service operations.

pfSense offers several features designed to minimize downtime, including failover, synchronization between routers, and ZFS snapshotting. While these tools effectively reduce downtime, I believe virtualization snapshotting and backups provide the best solution for my needs. Ideally, I would have multiple pfSense routers with a redundant setup, but budget constraints currently limit me to virtualization. Ultimately, the best approach depends on individual requirements and resources.

pfSense provides visibility that enables me to make data-driven decisions.

pfSense's visibility into system performance enables optimization at various levels. The initial user interface provides valuable information about RAM usage, active services, and general health. In contrast, more advanced users can access in-depth kernel-level data for granular insights into system behavior. By offering tools for novice and experienced users, pfSense empowers practical understanding and management of system resource allocation.

I appreciate pfSense's foundation on FreeBSD, which enables me to leverage additional FreeBSD packages for expanded functionality. WireGuard, a core feature I constantly rely on, facilitates my home and mobile devices' constant connection to my home network, allowing complete traffic monitoring and filtering. I value Pia ad-block's effectiveness in network traffic filtering, ad blocking, and malware prevention. Unbound's flexible DNS server complements the robust firewall, which is user-friendly and flexible for rule creation.

I've encountered persistent issues with the solid-state drives built into pfSense hardware devices. The devices consistently malfunctioned despite repeated attempts to resolve the problem, including complete reinstallation. Power outages significantly contributed to the issue, as frequent system corruption occurred following these events. Even after reformatting, bad sectors persisted on several drives across at least three purchased devices. Unfortunately, this has rendered some units utterly unusable due to recurring disk corruption.

While there seems to be support for virtual environments, I believe some modules specifically support VirtualBox. Unfortunately, I've had to customize my own setup again. To accommodate users on platforms like Proxmox, I need to install the QEMU Guest package to provide native support for such environments, similar to other open-source virtualization solutions like KVM. Out-of-the-box QEMU Guest support would be beneficial. I appreciate the inclusion of Suricata, Snort, WireGuard, and Telegraph, which work well behind the scenes. The Prometheus node exporter is also present. Having used pfSense for a decade, I continually discover new functionalities. Surprisingly, some features I needed were already available, but better discovery mechanisms within the product could help users explore them. I would like to see out-of-the-box QEMU support.

I have been using Netgate pfSense for ten years.

Stability has been a concern for me. Hardware-wise, performance has been inconsistent. Software stability has also been an issue, particularly during significant upgrades. I've encountered various problems that required troubleshooting. However, I've noticed a substantial improvement in stability and ease of use for upgrades and patching over the past year or two. While there have been occasional setbacks, such as with the new packet exporter feature, pfSense has become much more reliable overall.

The scalability is good because I started with a simple network, WAN, and LAN setup and expanded it to multiple LANs, VPNs, and internal networks.

Technical support has been good, especially for hardware issues. Whenever my image was corrupted, I could always count on them to send a new NISO image within a few days without questions. However, I don't need much support for configurations or other technical aspects as I prefer to experiment and learn by trial and error in my lab environment. That's the fun part for me.

Positive

I was going to move to OpenShift, but I never made the jump. Eventually, I think my saving grace was my ability to virtualize pfSense. Once I do that, I can bounce back from misconfigurations or something wrong. I have had no problems with pfSense since I got off the harness.

A skilled networking engineer unfamiliar with pfSense can easily configure a firewall. Setting up a NAT barrier between internal and external networks is straightforward; this functionality is included by default. VLAN configuration and other initial setup questions are addressed during the product's initial setup process, the specifics of which depend on the intended use case.

The average time to set up one pfSense box is 15 to 20 minutes.

One person is enough to deploy pfSense. 

I prefer the software licensing model. In contrast, hardware costs can be substantial; I once paid around $400 for a piece of equipment, perhaps two or three years ago. I believe they've made improvements since then, although I can't recall the exact model number, as I moved from the smaller SG 1100 to the SG 2100 to accommodate more advanced features requiring additional RAM. Unfortunately, I encountered another hardware failure with the latter.

The cost of ownership is low, especially when purchasing the pfSense Plus and virtualizing it.

I would rate Netgate pfSense eight out of ten.

I use the paid version of pfSense because I constantly was replacing faulty hardware. The previous physical appliances struggled to handle the network load, so I switched to a virtualized solution.

pfSense can be essentially set and forgotten in basic configurations, but utilizing advanced features like Suricata IDS and TF blocking necessitates regular maintenance to ensure rule updates and system synchronization. Consistent care and attention are required for optimal performance in these scenarios.

I recommend that new users keep things simple with pfSense. While I enjoy pushing my products to their limits, simplicity contributes to a more stable system overall.

I use it as a firewall and router. I use it in a few locations. I have three pfSense products.

I like that I can geofence and block different countries from accessing my network.

The flexibility is very good.

I noted the benefits of pfSense within a year. I had it on my VM for a year and then put it into production. 

It's good at blocking malware and DNS attacks. I don't use it for data loss prevention.

The solution gives me a single pane of management. Everything is accessible from the dashboard.

It provides features that help me minimize downtime. I have a WAN, and if any of my WANs go down, it's okay; I have them connected to pfSense. 

It helps me make more data-driven decisions. 

With pfSense, I can optimize performance. 

I don't really need too many features. I just use it as a plain firewall. I like to keep it clean. I don't like to run too many things on it.

The configuration can be a little difficult. You need to know the system a little bit. Even now, I do have one in a VM where I test my stuff, and then implement it into production.

They could make it easier to configure packages. They could have a wizard that helps you out a bit more.

I've used the solution for more than five years. 

I haven't had any issues with stability.

I haven't had issues with scalability. It's easy to back it up and load the backup.

Technical support is fast to respond. However, I did have to eventually pay for them to help me out. I had some problems with the firmware. Someone remote into my appliance and fixed it. They patched it up and now it's working fine. 

Positive

I've used OPNsense and SonicWall previously. 

While pfSense has more features, OPNsense is a lot easier to use. 

I have the solution as an appliance. Deployment for a device is a little bit hard, so it can take a few days. 

Maintenance is required every few days.

I did not have any help from outside consultants. I manage the deployment myself. I was able to eventually figure it out myself via forums. 

I like the fact that there is a free version. I'd like the entire offering to be free. That said, it's 100% worth the cost of ownership.

I use both the paid and community version.

I'd rate the solution eight out of ten.

I would advise new users to test it before implementing it in their environment. 

I use Netgate pfSense personally at home and the data center, our headquarters, so it is for enterprise and personal use.

The most valuable feature of the solution is that it is an open-source tool and is available at a very low cost.

In terms of flexibility, the tool is great, especially the fact that it is open source. On Netgate pfSense Community Edition, people can write stuff into it and get plugins for it. Netgate pfSense Plus version does a review process with the help of Netgate, so you don't have to have many plugins for it. The tool is very open to modification if you need to do that.

The benefits related to the product can be experienced immediately after the product is deployed, especially in terms of the speed improvement and features that we don't have with the current solution or the current technologies that we don't have with our current solution.

To deal with data loss while using Netgate pfSense, you can always export the logs or dump them into a log server, specifically a Syslog server. I don't really view the boxes in the data warehouse other than the logs. There are features in the tool that we can send out to the syslog server, which is what we do in our company.

In my enterprise, we are getting ready to push out two hundred devices, and I don't see a single pane of glass management. I don't necessarily consider Netgate pfSense to be an enterprise product because it doesn't offer a single pane of glass management. With Netgate pfSense, you have to touch all devices to make a change. My company has been messing around with Netgate pfSense for some scripting on it, but it is still not what I am used to using in the enterprise. One window for controlling all devices doesn't exist in the tool.

Netgate pfSense provides features that help minimize downtime since it offers high availability on the boxes. You can use multiple WAN interfaces, so multiple ISPs can be plugged into your device to help manage if the service from one ISP goes down.

Netgate pfSense provides visibility that enables our company to make data-driven decisions since it offers graphs, traffic graphs, and firewall graphs. I can see if there is a client on the network that is just flooding everything. Yeah. The tool has graphs, charts, and log files.

The visibility of Netgate pfSense helps optimize performance. If I see there is a network that is a guest network that is just maxing out at 100 percent, I can attempt to give them some more bandwidth. I can modify the quality of service to give them better or more bandwidth.

With the inclusion of firewall, VPN, and router functionalities, if I assess the total cost of ownership of Netgate pfSense, I would say that I get what I pay for when it comes to Netgate. I get more than I am paying for, meaning the return on investment is great. I feel reluctant to talk about the good return on investment experienced by my company from the use of the tool because I don't want Netgate to charge more money, and as a non-profit company, it can hurt us. The total cost of ownership is fine since our company does not have to spend a lot of money on it. I know that if there was a Linux conference three or four weeks ago, and they were giving me some grief points on how it dies after buying boxes from Netgate in a year, it dies, but I have not experienced that. My total cost of ownership is great. Other people would buy the box, which would die in a year, so they would just lose money.

Netgate pfSense needs to have a single dashboard for managing all devices.

As an enterprise customer, I expect Netgate's sales personnel to inform me of the new devices that are coming out. For example, there was a time when I was getting ready to buy a device, and then I thought that I needed to hold on, and so the order failed. I thought I needed to wait a few days before ordering a new device. I was getting ready to order another device, which was Netgate 1541, but after two days, Netgate 8300 was released, and it was far better than what I was getting ready to buy. I was really disappointed that the salesperson from Netgate didn't ask me to hold off on my decision to buy Netgate 1541. You don't have to tell me that something brand new is coming out if you don't want to spill the beans or anything like that, but it would have been nice if Netgate had asked me to hold off on my decision to buy Netgate 1541. I was getting ready to buy a product that would have been, immediately two days later, an old technology. I just expect more from a salesperson. When going through Netgate's website, while trying to buy Netgate 1541, I saw there was a list of features at the bottom of the product page, so I had to select the features I wanted, but I couldn't have all the features at the same time, and the website would prevent me from adding extra features, which actually was the cause for the order to fail. I had added features that you can't have at the same time, but nowhere on the website did it say anything like that, and that led to a delay in my time frame. I was trying to get something to solve a problem at a certain time, and then it wasn't until a day later, a day and a half later, that Netgate called and said that I couldn't have all of the tool's features, which was something that messed up my installation time. Issues with the product are associated with feature requests. It is not necessarily the box itself but more of the company that needs to consider improving its approach. For the box itself, everything in a single frame should be released.

I have been using Netgate pfSense for five to seven years. I am a customer of the product.

I haven't had any device crashes yet. The stability is great. I have not had a device crash. When there was a device crash, it was for the one at my home when we had five power outages, and it burned my hard drives, but that was not because of Netgate's box.

It is easy to scale up. I will be visiting a site soon that has Netgate 1100, and I am going to put in a Netgate 4200 over there. I don't think I am going to have any issues. I will be able to copy things off the config of Netgate 1100 and dump it on Netgate 4200 with a few modifications. The tool's scalability is great. If I need to add a drive or replace one of the hard drives in the tool, then that is something that can be done easily.

Based on the customer support for our account to figure out why an order didn't get through or why we can't get this part, we have contacted Netgate's team, but not for actual support. The tool's community is fantastic, and it is one of the driving pieces that I sell to my decision-makers, considering that the community supports the solution. With community support, I am not just calling out to five or ten people. Instead, it is possible to reach out to the world to respond to an issue that might have been of a lot of concern.

I have never contacted the tool's technical support team for any technical support, but it was just a question with my order.

I have experience with Juniper, NetScreen, OPNsense, Cisco, and Meraki. If I consider the box itself, Netgate pfSense is better than the other tools I have used. 

From an enterprise perspective, I can't say Netgate pfSense is better than all the tools I have used because it doesn't have that enterprise management capability. As soon as they get that enterprise management capability, Netgate pfSense is the best out there in the market.

The ease or difficulty in the tool's initial deployment phase that one may experience depends on the box. If I speak about Netgate 1100, I believe that using a switched network interface or ports can be a little more challenging than trying to work on VLANs. The other boxes that aren't switched, like Netgate 4100 and the models above it, work perfectly fine and function as I would typically expect, so the installation is not hard at all, but you do have to know networking. I always hire people, and they are used to having stuff done for them when it comes to tools like Meraki. You just plug it in, and it works. The people I hire have no idea how to do any type of networking or act as IT or MSP professionals, and they can only work in the framework for which they have been trained. You do need to understand fundamental networking technology to make the tool work. For me, the installation is easy. If you don't understand fundamental networking technology, it can be hard to install the tool.

One person can manage the product's deployment phase.

There is a requirement to maintain the product since we have to touch each and every box to do software updates. The tool does require maintenance on our part.

I use the Netgate pfSense Community Edition and the paid version called Netgate pfSense Plus.

Netgate pfSense Community Edition is great and free. For Netgate pfSense Plus, we have to buy Netgate's boxes, and the pricing is great. As a non-profit organization, I would like to have a discount from Netgate, but if you are ready to buy a hundred boxes, it would be nice to have a discount. I understand that Netgate pfSense does not charge a lot more for the box than what we are paying for them. The pricing is fine.

In terms of how difficult it is to add features to Netgate pfSense and configure them, if I talk about writing from scratch, it is something that I don't do. If someone has a plugin, pulling that in is ridiculously simple. If I say that I want a Tailscale plugin, then I can put it in, and it is already in the system, and as long as I know how to do networking, you can figure out how to use a plugin since it is not hard at all in regards to Netgate pfSense Community Edition and Netgate pfSense Plus.

I have not used Netgate pfSense on Amazon EC2 virtual machines.

One needs to realize the difference in the switched version, and to do so it is important to understand Netgate 1100 and Netgate 2100 and the individually addressable ones since it is the area that threw me when I first got Netgate 1100, I was like, what in the world am I working on currently. Managing the VLANs on the tool threw me a ton, and it took me about an hour to figure out what was going on with the solution.

As the tool really needs centralized management, I rate it an eight to nine out of ten.

We use Netgate pfSense to deploy to our customers.

Netgate pfSense has a lot of different applications you can use for VPN and multi-way traffic. It's very simple as far as firewall rules and NAT rules go. It's an overall solid application and product. We don't really have too many RMAs, and there are no monthly fees associated with it.

Netgate pfSense is extremely flexible due to the nature of the multi packages that you can use for different VPNs. You can do the same thing in multiple different ways, and it's very handy when you're trying to troubleshoot problems.

You can add packages to pfSense with Snort and pfBlocker to keep hackers out. We've been using pfSense by creating rules that only allow our IP addresses into those devices. That way, they are never open to the outside world, and we've been doing that for almost 20 years.

Netgate pfSense has a high-availability application called CARP that allows you to put two devices in failover mode.

The visibility that pfSense Plus provides helps us optimize performance because that's all in the updates they push out.

We use pfSense Plus on Amazon EC2 VMs, and it's been pretty good and fairly quick in testing.

The solution should provide a single pane of glass and a management console for all devices.

I have been using Netgate pfSense for 20 years.

The solution is fairly stable unless there's an environmental issue.

I rate the solution's stability an eight out of ten.

I rate the solution a nine out of ten for scalability.

We have previously used SonicWall. SonicWall has all the packages prebuilt. With Netgate pfSense, you have to download and install the packages and then configure everything. These include antivirus and anti-spam, which you have to turn on, but they cost money.

It's really just a configuration setup. SonicWall and Netgate pfSense are two very different firewalls. It's very difficult to compare them other than monthly and yearly licensing versus buying at once.

The solution's initial setup is super easy. I've taught several people with little knowledge of how to do it, and it's been very simple to explain and set up.

From start to finish, the solution's deployment can be done by one person in probably an hour.

I think Netgate needs to charge a nominal fee for the actual software so that it gets paid for because a lot of people skirt the licensing and use the community edition. Netgate should charge something nominal like $50 a year for the community edition to deter people from using it for everything.

Depending on the specifics, adding and configuring features to pfSense could take three or four hours for a RADIUS server with a VPN or less than two minutes to set up a NAT rule.

We were embedded with pfSense in 2023. It took us some time after we deployed the solution to see the benefits.

I have 236 devices in production. Some of the cheaper models are more susceptible to power outages, which cause them to fail. However, some of the more robust models are expensive, but they last for many, many years, and there's very little interaction that we have to do with them.

The only maintenance the solution needs is just updates to the device as required.

New users should do some basic research before configuring Netgate pfSense. There's lots of information about the tool on the web, and it's very easy to get the answers to your questions because somebody's already probably run into that issue. There are tutorials on basic configuration on YouTube.

Overall, I rate the solution an eight out of ten.