I have at least two pfSense routers at home in my home lab, serving my house. Additionally, we use it in my company. We have our satellite office in LA, and we use it as the main router. The use cases involve a router, firewall, and DHCP server.

I was able to see pfSense's benefits immediately because I used it as a learning tool too. From the very beginning, I was able to inspect traffic and see what was happening on my network. That was pretty useful.

pfSense is flexible. I like it. I can install it on different hardware. I can virtualize it if I want.

It is pretty easy to add features to pfSense and configure them. If something is supported by Netgate and it is in their package manager, it is pretty easy, and if it is not, I would not want to add it. I would not be confident enough to put it on my firewall.

pfSense has not directly helped to prevent data loss, but it helps indirectly by protecting the network and not letting in malicious things.

pfSense Plus provides features that help us minimize downtime. Preventive notifications and ZFS snapshots are helpful features. 

pfSense Plus helps to make data-driven decisions to some extent such as which device is using the most bandwidth. The visibility that pfSense Plus provides helps us optimize performance.

The Tailscale integration is very helpful. The DHCP and DNS server functionalities, as well as the package manager, are also good. 

I am using its paid version. I am paying at home for the Plus version, but I wish they would pay attention to the community version. I know there is less incentive for Netgate to develop the community version, but it would be cool to have that.

pfSense does not give us a single pane of glass management. I know that they are coming out with that as a beta or alpha feature, but it is not there yet.

I have experienced only hardware-related issues with Netgate. They are not related to pfSense as a software. I purchased a Netgate firewall, an SG-4100, which is a $600 device, intending to make it a solid piece of my home lab and support the project. It died in one and a half years. I do not see the value in buying their hardware, as their customer support was not friendly or helpful. Eventually, I bought pfSense Plus, which allows using a roughly $200 device that offers part-swapping to keep the device alive or even buying two of them. The pfSense Plus subscription is roughly the same value.

Support for third-party hardware is less documented, not being their preferred option. For most things, it is pretty solid. Other firewalls such as SonicWall offer more protection features such as deep packet inspection. I know that is possible with Snort or Suricata. That is one thing that could differentiate open-source firewalls from the main players. 

Another suggestion is automatic updates to reduce maintenance for smaller setups.

I have used Netgate pfSense for roughly three to four years.

Since they fixed the DHCP issues, it has been pretty stable.

Scalability has never been an issue. I have not dealt with more than 10 gigabit traffic, so I have not experienced any problems.

They answer promptly. However, I do not feel valued when I pay about $150 a year, and they only include certain things for people without the Netgate hardware. They had some general first-time setup features but nothing that actually caused problems. For instance, when I imported my previous configuration to my new hardware, it was not covered. So, even if advertised similarly, it is not the same if I do not own the Netgate hardware.

Neutral

At work, in our main office, we use SonicWall. I also use UniFi Firewalls, ranging from smaller to larger ones, and actively manage two or three of them.

As compared to SonicWall, the user interface of pfSense is much easier to handle. It is also faster even though our SonicWall is a much beefier device. pfSense is more well-organized compared to SonicWall.

With their own devices, it was pretty easy. With third-party hardware, it was a little more difficult because certain devices are not as compatible. It is easier if people double-check compatibility, but in general, it is pretty easy.

It requires maintenance from me. I have to update packages and make sure that everything is running properly and the hardware is fine.

It is a one-person task. If you have the specifications and knowledge of what network segments and VLANs need to be set up, it can be managed by one person.

It is on the higher side. If you want to purchase pfSense Plus alone, the cost is roughly $150 a year, but the value provided justifies the expense. However, a lower-end tier option, around $100, would be beneficial.

With the inclusion of firewall, VPN, and router functionalities, for a business, pfSense makes much more sense. I was comparing different solutions and our SonicWall costs way more when we include VPN and other small features.

If installing on your own hardware, you should definitely research compatibility with FreeBSD, and use ZFS, which I believe is the default now. This allows rollback capabilities. It is important to read what is included in the pfSense support package before contacting support, as you might not get answers, and it might be easier to go directly to the forums.

I would rate pfSense a nine out of ten.

I typically use it as an edge firewall.

pfSense is easy to configure. The features I have configured are firewall rules and dynamic routing through FRR. These advanced features are straightforward to configure, and the documentation, if needed, makes things even easier. 

We are using pfSense Plus. It helps us minimize downtime. There is high availability built into the software. I can deploy two pfSense firewalls, configure them correctly, and they can back up each other in case one of them fails. It is a fantastic free feature integrated into the product, and I utilize it constantly.

pfSense has been somewhat beneficial in helping to prevent data loss. We were able to see its benefits immediately after the deployment.

I find the overall amount of configuration flexibility to be valuable. 

It is fairly maintenance-free. That is one of the strengths of the product. It has no frills and is extremely easy and painless to use. It does not cause any trouble.

Another strength of pfSense is that the documentation is very digestible and easy to understand.

One of the features I know they are working on and would like to see improved is the single pane of glass. They have a beta feature available right now that is good, but I would like to see that more developed and made available to customers sooner rather than later. It is currently very basic. When dealing with a fleet of pfSense firewalls, considering them individually is not the most efficient use of time. 

It does not provide visibility to make data-driven decisions. I cannot derive any analytics or information from the pfSense GUI or software to make data-driven decisions. The visibility that pfSense Plus provides does not help us optimize performance. I want more information and context around the data passing through my firewall to make data-driven decisions. I have used other vendor firewalls that provide some capability to show the traffic or bandwidth passed within the last hour, directly within the firewall software. I need a way to generate a report that I can deliver to my C-suite, allowing us to discuss and determine the best path forward. Currently, you deploy it, and it performs as expected, but there are no analytics or reporting capabilities to extract information from the firewall, generate a report, and engage stakeholders in discussions about network connectivity issues, concerns, or upgrades.

I have used Netgate pfSense for more than five years.

I would rate the stability of the product a nine out of ten.

When assessing scalability, I would probably give it a seven out of ten.

I have interacted with their customer service, and they have been, without a shadow of a doubt, beyond helpful. They are fantastic and truly among the best I have worked with. I would rate them a ten out of ten.

Positive

I have used Palo Alto Firewalls and Cisco ASAs as my primary solutions. If money was no object, Palo Alto Firewalls get the edge only due to the fact that they provide more visibility and analytics in regard to the data that goes through the firewall.

Setting it up is extremely easy. Installing the hardware, configuring the software, and getting it ready to forward and pass traffic takes as little as 45 minutes. It is extremely robust and easy to manage and use.

In my case, it definitely involves a team. When we visit on-site, one person can deploy it, but at least in my business, it is accomplished as a team.

pfSense is excellent for a low total cost of ownership. pfSense pricing is extremely competitive, and it delivers exactly what is advertised. If you are looking for a firewall with advanced feature sets at a very low cost, you cannot get anything better than pfSense. It does exactly as advertised, and that is one of its biggest strengths.

It is extremely affordable in relation to TCO. You get everything that other commercial products give but at an extremely affordable rate, so you can deploy en masse to numerous customers and clients.

My overall advice would be to read the fantastic documentation. Everything you will ever need to do with the product is explained very easily in the documentation. If you have any troubles, just read it, and you will always find an answer. It is one of the best documentation of a product I have used in a very long time. Nothing is hidden.

Overall, I would rate pfSense a nine out of ten.

I run a company that is a managed service provider. We supply our clients with products and purchase on their behalf. We install pfSense in their offices or main client offices.

What I like most about the product is that it is simple to use. I use it at home and in other locations. It offers great value for money because there are no licensing issues apart from the support package. I don't have to worry about licenses expiring or the firewall not working. The overall security gain is stable and reliable.

Multi-appliance monitoring and management, like a single pane of glass, would be very nice to have. A centralized management console would help us. There might be improvements to the web UI, which could benefit from a new look. It looks a little dated, although everyone knows where the options are.

I have used the solution for four years.

The solution is stable. I'm happy with the stability, I would rate it a nine. I had some minor issues, like hardware power supply failure after two to three years, but it was rock-solid until it failed.

The solution is pretty much scalable. I would say nine, although I'm not sure why.

I used their support about two times. I don't need much support, as I've managed to fix everything by myself. I would rate it ten because they went above and beyond expectations.

Positive

Sophos was used in some cases. Some clients require products which are used in their other offices.

The initial setup takes about one hour. It is fairly simple and sometimes only takes half an hour, depending on what needs to be done.

We implemented it in-house with one person.

Because we are familiar with the product, the ROI is between ten to twenty percent. We have been saving by having a stable, well-known product.

I estimate it to be between four or five, something like that. I cannot say it is cheap, but it is not expensive either, so let's say three or four.

I usually advise having a solid firewall with a low cost of ownership, which is why I rate it nine. There's room for improvement, as I would love to have more control over the packets. Overall, I would rate the product nine out of ten.

Most of my clients want to use it as a firewall. There are two things that they're looking for. Number one is bandwidth management so that if there are multiple links, they can share bandwidth for their staff. The other important aspect that has come up recently is for IDS and IPS.

Currently, for me, the most valuable feature is the implementation of pfBlockerNG. The community behind pfSense is really strong. 

In terms of the features, the simplicity of the installation is a significant advantage. Out of the box, I am ready to start using pfSense after installation, which is very important. It allows minimal downtime before integration, enabling use even on a weekday without users knowing there's a new firewall in place. 

The key thing I found is saving on the cost of equipment. Whether CapEx or OpEx, we appreciate this.

The user interface needs improvement. Even though it's a system that's easy to get working upon installation, the configurations are not intuitive. The interface needs to be friendlier. That's the only complaint I have about pfSense.

I have been using pfSense since 2008.

One issue is due to bugs and broken links.

I have not had the chance to experience Netgate technical support, because most of the time I have been able to sort out the issues with forums.

Positive

Before Netgate, I used a lot of MikroTik. In comparison, pfSense is more robust in terms of the feature set. The open form of the GPL system makes it better than MikroTik.

The steps to implement involve aligning with the key aspects I am going to implement, knowing what they already have running, and what needs to be mirrored and improved. I usually have it pre-installed, tested, and then deployed.

I have a team. There are around three of us, and we do this together.

I would recommend it a lot because it's a proper firewall, and there are no issues apart from the interface and broken links. It's very easy to recommend pfSense without even going through the POC stage. For me, pfSense is a ten out of ten.

I use pfSense for my home network firewall.

I've installed pfSense on nearly every environment type, including Virtual Manager and most virtual machine hypervisors like Microsoft Hyper-V, ESXi, and even older versions like VM Player. Currently, it's running as a VM in Virtual Machine Manager on my NAS, showcasing its flexibility.

pfSense is a highly flexible product with a rich feature set. While designed with a graphical user interface in mind, it also offers command-line access for greater control. This versatility allows users to tailor the product to their specific needs.

Adding packages to pfSense is straightforward; navigate to the package manager and click "add." However, incorporating hardware, such as a dongle, is slightly more complex.

I saw the benefits of pfSense immediately. Going from a SOHO router to a pfSense one is night and day. pfSense is an enterprise-grade product that is easy to use and has a simple GUI.

The dashboard is very handy. I use mine almost daily. I can put up the widgets I want to see or remove widgets I don't want to see. It has pertinent information about my services running, any VPN connections I have, and clients connected. It's a nice dashboard.

The failover functionality for connectivity helps minimize downtime. It has also been simplified recently with some excellent added features. If I lose or corrupt my image, I can easily reinstall the operating system and restore my configuration. I'm pleased with these features of pfSense.

pfSense is a straightforward, feature-rich firewall. I am a big fan.

One area where Netgate could improve is communication with its user base. While they make an effort, much of their user base isn't composed of enterprise-level engineers who regularly read release notes and stay abreast of feature changes. A few years ago, they held a commendable meeting with forum moderators to discuss upcoming changes, which was appreciated. However, they could enhance their communication further by providing more precise information about changes and release timelines for new features.

I have been using Netgate pfSense for 13 years.

I have not contacted technical support for any technical issues. I did contact them for a replacement box, and their support was fantastic. I received the replacement box within a couple of days. I do contact their TAC when they release a new version. That process is changing with their new Netgate, the store, and everything. Previously, if we had a Netgate appliance and wanted a new image to install natively, we had to contact TAC with a ticket. The turnaround time was always excellent, just a couple of minutes. They would provide a link where we could download the image. I've been surprised by how fast they respond sometimes. Even when they're in the middle of deploying a new version, I've reached out and received a download link within five minutes. So they're usually on the spot.

Positive

Over the years, I've played with quite a few different firewalls, but I always go back to pfSense. It's a leader in its field, with its direct competition being OPNsense. There was a feud when they forked off. pfSense is the leader in that sense.

Installing pfSense should be relatively straightforward, even for a network engineer unfamiliar with the product. The process is user-friendly and guided, similar to installing an operating system like Windows. With a basic understanding of networking concepts, setting up pfSense can be accomplished within minutes. The main challenge arises when users need more fundamental networking knowledge, such as understanding IP addresses or the difference between DHCP and static configurations. For someone with networking experience, however, the installation process is quick and straightforward.

The pricing is reasonable. It costs money to run a product. It used to be completely free, and I think that's where many people became a bit disappointed when the pricing model was introduced, but I think it's a pretty fair price point. Some users don't understand that they can't offer everything for free. The development work involved costs money.

The inclusion of firewall, VPN, and router functionalities significantly reduces the total cost of ownership. In my previous role, we utilized pfSense in some locations due to its superior cost-effectiveness compared to other enterprise solutions. For smaller companies or those aiming to reduce expenses, it's a highly affordable option, and even their hardware is reasonably priced.

I rate Netgate pfSense ten out of ten.

We use pfSense as our main router.

We implemented pfSense to address the instability and limited customization options we experienced with our previous router.

pfSense is highly flexible, allowing for creating IPsec tunnels and various other configurations.

Adding features to pfSense is easy.

Since implementing pfSense, our overall stability has improved significantly over the last ten years as we transitioned from Prosumer equipment to a more robust tool. This success has allowed me to implement more pfSense routers in other locations. We saw the benefits of pfSense in less than a couple of weeks. Having that added stability is great.

pfSense Plus provides us with the visibility to make data-driven decisions. We can see historical data and bandwidth utilization, allowing us to make informed decisions about our internet connection based on that information.

The most valuable aspects of pfSense are the stability, hardware compatibility, and low cost.

I want pfSense to add some next-generation firewall features.

The scalability has room for improvement.

I have been using Netgate pfSense for ten years. 

I rate the stability of pfSense ten out of ten.

Due to the absence of a single pane of glass management feature, scaling out pfSense becomes quite challenging. I'd rate its scalability a three out of ten, as the process is far from straightforward at present.

The few times we've had to engage support, they have been professional and incredibly knowledgeable. If we encounter someone who doesn't have the answer immediately, they can find it very quickly. In the past, they have even joined meetings with us and a client to work on a problem, providing a lot of insight and assistance throughout the process.

Positive

We previously used Prosumer routers, but their capabilities were insufficient for our needs.

Initially, it was a bit complex when I started using the system over ten years ago. pfSense required a deeper understanding than the Prosumer devices I had used before. I had to grasp the ramifications of every action. However, once I overcame that learning curve, it became knowledge I possessed.

It took us about two weeks to implement and learn how to use pfSense. I've noticed that with pfSense, I'm always learning something new. Just because we've used something for a long time doesn't mean we know all of its functionality. For example, I needed to establish an IPsec tunnel for the first time last year. I called in support, and we successfully established the tunnel to another location. There's always something new to learn, whether pfSense adds new features or we encounter a need for functionality we haven't used before.

pfSense Plus is cost-effective for what we're getting. I've been using Netgate hardware for a long time, and including the pfSense Plus license with the hardware offers significant value. Additionally, using pfSense software for free is of great value.

The total cost of ownership is very low. We've used pfSense historically in a simple configuration, and I've been able to train peers on how to use the Netgate hardware and pfSense Plus effectively.

I rate Netgate pfSense seven out of ten only because of the lack of ability to manage all our switching and WAP from one location.

We have three locations, and two to 25 users use a combination of wired and wireless devices and a typical broadband connection.

pfSense requires maintenance when new versions or patches are released. This does not happen often, but it does happen.

I recommend pfSense to others. Once you overcome the learning curve, it becomes almost second nature to use. The cost is also a major factor. Every year or so, I explore alternatives to Netgate hardware, but almost everything I find is subscription-based, like Cisco Meraki or other brands. I'd struggle to justify renewing a router license every 18 months or risk it stopping working. So, using a platform like pfSense without an annual fee is a huge benefit for our budget.

We are a large church, and we use Netgate as the main firewall appliance. We have multiple WAN connections coming in, and we have about 500 endpoints connected to our network, so we use it to make all the bits travel where they need to be.

We were using some other products that were closed-source, and they did not have some of the features that I liked. I liked OpenVPN. In terms of the VPN infrastructure, I had a lot of great information from people online. I could follow a lot of reviews and very good technical documents. It was about unchaining myself from a different licensing program that was charging me almost an extortionary rate for a firewall appliance but did not give me any better security than I would get through pfSense.

I like the idea of packages because I work on Linux all the time. Adding packages is a nice way of adding features. We do iPerf3 testing. With just a few clicks, I can have an iPerf3 server set up on my pfSense. All the tooling has been easy to integrate.

Everybody loved it when I switched over to the VPN. It was easy to use. OpenVPN has a great piece of software. Everybody loves how easy it is to use the VPN to get onto our network but also how secure it is. 

The fact that I do not hear much about it is one of the best parts. The Internet has not been 100% solid here, but we never get to know it because the WAN failover takes us from one endpoint to another without even noticing it. I had the Internet provider come, and he was going to change some hardware. He was asked if we needed to tell anybody. We did not because they would not even know that we were doing it. That is a pretty good feature that it works so flawlessly. If you are going to take your main connection to the Internet down, you have two backups, and nobody is going to know the difference.

I can look at my network as a whole. It is great to see the traffic on my network. I can see where it is coming from and where it is going, and I am able to follow through. The screens are helpful for telling the story of what is going on at the moment with the data. I look at my firewall quite often. If there are any questions, that is one of the first places I go to for troubleshooting.

pfSense Plus and the service program have definitely helped minimize downtime. The fact that I have help on the way anytime I need it is great. I do not have an estimate about the reduction in the downtime because as soon as I got here, I swapped over. I do not have any previous data points on that.

Running their hardware and software helps a lot with the performance.

The customer support is very good. Setting up the VPN is pretty straightforward and easy. 

We have multiple VLANs, and with assistance, it was easy to get everything set up and running in our organization the way we needed it to. We have the flexibility and the ability to adapt things over time as needed. When I needed to add an extra WAN connection, I could. It was not locked behind a paywall. I did not have the issue of not having enough ports on the machine for that. I had all the ability and all the hardware I needed to do all the things that I needed.

When we were setting up VLANs, there was some information about the way the ports, switching, and other things were done inside. Their UI could have hidden some of the complexity better so that it was easy to understand or more general. They could have given some more clarification on the markings on the outside of the machine. There were some questions as to what port was what and how that links to what was being asked in the software. Those things were not always very clear.

The features that I wanted have been added, but I have not taken the time to look at them. I am a big fan of WireGuard, and they have added that, but I have not taken the time to install it yet. Its features are complete for our needs. If I have to ask for anything, it would probably be more education on bolting on some of the XDR platform stuff that is out there, but it is feature-complete. I know that all this exists. It is just taking the time to get educated on it, which is probably on my side.

I have been using Netgate pfSense for about three years.

I have not seen any downtime, so I have to give them a ten out of ten on that. There has not been a time when it has not done what it needs to do.

There is a long way to go above me, but I would not be looking to change if we grew by a lot. I would rate it an eight out of ten for scalability, but I do not know what it would be like in a data center.

It is being used at a single location. We are a fairly large church that has quite a bit of data flowing in and out, but we have just a single location. It is me who works with it, and I have a junior sysadmin and our managed service provider working with it. Three of us interface with it.

They are amazing. They are great. They followed through very well when I had issues. Usually, the issues I had were kind of self-inflicted wounds, and they walked right through everything with me with great continuity. I cannot say enough good about them. I would rate them a nine out of ten.

Positive

We used Sophos. One of the main reasons for the switch was the license model. The way they charge for their software was pretty expensive. I did not feel that we got a lot for those IT dollars. I knew that I could set up pfSense and pay for the service plan so that I have a live person on the other end to help me when I needed it and it would still be way under what we were paying for Sophos.

It is deployed on-prem. We have a couple of Netgate appliances. We have one that is a spare and we have one running in production. In case one goes down, we will just move over to the other. We have a couple of pieces of equipment in our rack locally.

My managed service provider helped me with the deployment. In one night, it was done. It was pretty painless.

In terms of maintenance, there are always updates to do.

There were three of us involved, and it took about four and a half hours to get everything configured. From taking out the old to getting the new in and getting it configured took about four and a half hours.

Compared to what we were doing with Sophos, it provides a great value financially and in terms of time savings. For the most part, I do not have to mess with it. It does not require me to go in and touch it unless I have something I want to change, and that is a win. The upgrades are easy, and they have been flawless. That is a good return on investment. That dollar is well spent.

We are probably paying about 30% of what we were paying previously.

The price is fair. I buy the Netgate hardware so that I can support pfSense and Netgate and I have somebody designing the next layer of software for me in the future. I like their model. It is a high-value piece of equipment with a great team behind it.

With the inclusion of firewall, VPN, and router functionalities, we get a good value.

I would recommend it because it is a good value in terms of the price, performance, scalability, and usability of the metrics that it gives. It is definitely what I would go with.

I would rate pfSense a nine out of ten. It would be a ten if they offered free training and told me about what the free training is. There are probably a few things out there like that, but more one-on-one free training would be the main thing they can do better.