I use it for my firewall at home and when virtualizing labs to do routing between different network segments. I use it in the business that I am currently with at our main office and our other site. I worked at an MSP before that, and it was the firewall that we recommended to clients who wanted to go beyond what you'd buy at Best Buy, like the random Linksys or Netgear. I haven't touched the enterprise level, like the expensive ones where you might have 20 different Netgate segments with failover.

We deploy it either on bare metal or virtualized on our own virtualization platform. We have not deployed it on any cloud. The primary cloud services we use are software as a service, so our firewall doesn't apply to that. If we ran our own set of servers in the cloud somewhere, we'd probably consider pfSense for routing between them, but we don't have that use case.

When I started using it back in the day, someone told me that there's this firewall you can install on an old PC to get all these features that are normally only available on expensive enterprise firewalls. 

I realized the benefits immediately. When I installed it, I had access to features like multi-WAN, which is more common now. You can get small home office routers with multi-WAN these days, but when I started a decade ago, it cost thousands of dollars and required enterprise equipment. It was mind-blowing that I installed it and could hook up two Internet connections for no extra money.

It doesn't directly prevent data loss because pfSense doesn't have a DLP function, but the security aspects, like the pfBlocker, ClamAV plugin, and proxy, are all great. The security components help prevent data loss by securing the network. As far as I know, pfSense doesn't have a data loss prevention function that scans for somebody trying to exfiltrate data. 

The failover or load-balancing WAN helps reduce downtime. It also supports high availability between two firewalls, although I've never set that up. Those would minimize downtime of the firewall individually and the company as a whole.

We don't use it that way, but it has extensive logging. If you were to dump all those logs into something like Graylog, Elasticsearch, etc., you could analyze and decide based on that data. We don't use it like that, but I know that with the extensive logging that it has, it could be used that way.

PfSense has an excellent ability to optimize performance, especially with the plugins. It helps me determine where my bandwidth is going and get reports on latency, jitter, etc. I use all of these features regularly. If the internet is slow, I can go see who's hogging it by downloading giant files, or I can identify where there's a lot of latency on a particular gateway.

I like that there's a community edition that I can install on my own virtual machines or hardware. I can test things without messing with them in production, which is incredibly useful. If you have a Juniper or Cisco, you can typically only afford one. 

You're forced to make changes in production and hope they don't break anything because there's no easy way to have a testing environment. The free version of pfSense offers load balancing or failover WAN, which is also helpful. Most commercial firewalls don't have that in the cheapest iteration of the hardware. 

The community edition makes it easy to learn because you can try it before buying it and putting it in production. There's no equivalent if you want to buy FortiGate, WatchGuard, or any of those and fiddle with them on your hardware before putting it in production.

Many plugins for pfSense are easy to install off the store, and they work. The basic function that you want to do are pretty easy. However, it is more complicated than your average home office router, but that's to be expected. The fact that it is an open-source project that's trying to be all things to all people does mean that sometimes things can get a little bit complex, sometimes unnecessarily. For example, the IPSec VPN setup has five hundred options, probably more than anyone needs, but it works. Their documentation is excellent. In instances where you might not figure it out on your own or the interface might not be super clear on how to do something, the documentation is usually good 99 percent of the time. 

I appreciate pfSense's flexibility. I can buy supported hardware from Netgate with it already on there, buy support for my own hardware, or run the community edition on my own hardware or a virtual machine and get all of the same functionality. 

Snort or Suricata don't block things they should out of the box. It's always been a pain point of pfSense. If you turn on Snort or Suricata for IPS or IDS, no setting is effectively set and forget. Turning any commercial firewall to the lowest setting will provide you with a decent amount of security with almost zero false positives, but pfSense is not that way. You've got a babysit Snort and Suricata to the point where sometimes you turn it off.  

I know one of their rising competitors, OPNsense, has the ETS rules. I forget who provides it, but you turn on a rule set, and they just work. They have a built-in set of rules for Snort and Suricata that you turn on and it provides a reasonable amount of security. That has always been a pain in the neck with pfSense. It's the single biggest thing that they could do to improve it. Honestly, they're losing business OPNsense for that one reason. 

I have used pfSense for at least 10 years.

As long as you don't use bad hardware, it's fine. PfSense has issues with some Realtek network chips. If you use bad hardware and get bad results, it's your own fault. I usually have as much uptime as there is between patches. It's highly solid after reboot other than installing the most recent patch.

I've never used pfSense at the high-end enterprise scale, but it can scale nearly infinitely as far as I can tell. There's a higher-level pfSense that's carrier grade that can handle hundreds of gigabit routing. We've got a Netgate plan and never had any problems. 

We see solid performance no matter what we're running on it. The fact is that it can run on a low-end, low-power fanless ARM CPU for a branch office. PfSense is usable in a lot of situations. It's also extremely scalable, which is also flexible in the sense that you can install it on some random old PC that you have at your house and use it for your home firewall. You can also use it in an enterprise with a multi-gigabit incoming connection and thousands of clients.

I rate Netgate support nine out of 10. I have contacted them a couple of times over the years. Each time I called them, they solved my problem or gave me a workaround within a reasonable time. It seemed like the people I talked to knew what they were doing. Sometimes, you call technical support and end up with first-level tech support who reads off a script. They don't listen to a word that you say and tell you to do all the things you've already done. 

I've been able to get people who ask pertinent questions and ask for logs. They remote into my machine or SSH into the firewall, so I'm happy with it. It was worth the money that we paid when we needed it.

Positive

I have used Smoothwall and OPNsense. Back then, I used to have a weird firewall that I can never remember. If you count OpenWRT, a replacement firmware for Linksys, as a firewall. However, you can't install it on any x86 OS that you want.

It depends on whether the user is familiar with general concepts like putting an ISO on a flash drive and booting off of it using some basic command line. It's very easy if they've installed operating systems before and understand how to boot off a flash drive. Flash the image to a flash drive and boot off it, then follow the prompts. If they don't have that basic experience, I wouldn't tell them to deploy it themselves. I'd tell them to buy a box from Netgate with support. 

That can be tricky if you've never done it or don't understand the concept of moving off of a flash drive and installing an OS. There's not anything Netgate can do about that because there are thousands of different pieces of hardware you can try deploying pfSense to, and pfSense can't give specific detailed instructions for every one of them. That's when you go buy Netgate. 

The first time, it took me days because I had no idea what I was doing. Now, I can set up a pfSense with good basic functionality in an hour. It doesn't take very long. I've probably done it hundreds of times now.

After deployment, you've got to install patches periodically. If you're using Snort or Suricata, you've got to pay attention to those. If you're using pfBlocker, you've got to install patches. If you're not using any of the plugins like Snort, Suricata, pfBlocker, Grid, or any of those sorts of things for advanced functionality, then there isn't any maintenance other than periodically installing your patches like anything else. 

The community edition provides all of the basic functions for free on your own hardware, and pfSense Plus comes with a Netgate appliance. It's a reasonable $200 bucks or so to buy pfSense for your hardware, and then it's $800 or $900 a year for commercial support, which is also reasonable for a firewall.

It's hard to gauge the total cost of ownership because there's a free, open-source version that, if you know a lot about pfSense already, it's almost zero cost. You can run it on any old hardware you've got. If you need support and multi-gigabit IPSec WAN speeds, you'll need to pay for that, but you will with anybody. 

I rate Netgate pfSense eight out of 10. They could polish up a few things, especially regarding IDS/IPS rules. A few interface things are a little more complicated than necessary. 

If you're moving to pfSense from a random Linksys or Netgate router, you need to realize it will be more difficult, and you'll need to learn more about networking concepts than you necessarily had to do with the random router that you've got. It's more complicated like that. 

That's to be expected because you're either a techie kind of person who thinks building your own firewall is fun, and they're willing to spend the time and effort to learn it. Or you want an alternative to FortiGate, Juniper, or whatever, and you want to buy a commercial Netgate product. This is going to be more complicated than the Linksys router I bought for $80 dollars from Best Buy.

The tool is partly for home-based usage and partly for business usage. I am in the IT industry, taking care of the security and technology parts. I also run a private business in my spare time when I am not working. I use Netgate pfSense as my firewall to separate those two entities: my home and business. I also participate in providing server space for projects involving Azure Flex and Azure Core, which is kind of like an AWS situation but in a more centralized manner. I use Netgate pfSense to ensure that everything is separate. I use Suricata to weed out any malicious type of activity and to keep an eye on just to ensure that all the other functions, both personal and business-related, remains unaffected, intact, and devoid of any type of attacks or the other type of malicious kind of activity.

The product has helped improve my organization's environment and personal environment since before the use of Netgate pfSense, and I really didn't even have a hardened firewall. With the implementation of Netgate pfSense, I am able to monitor my various network streams, so I have my servers, VLAN, my home VLAN, EMC, my WAN, and the specific VLAN for IoT devices. I even segregate some of my outgoing intranets as well, and I see how Netgate pfSense has allowed me to have a full and high-end visibility of a lot of the traffic that comes and goes, which for me is important because part of the job that I do is crypto related. When dealing with crypto-related business, you need to be careful as far as what you allow in and out of your network.

I wouldn't say the simplicity of the tool is its best feature. In a way, there is a simplicity to it, but I like the expandability of the packages that could be used. I like the data and the information that I can collect while observing network traffic. The whole layout of the application is pretty decent. The tool is not super expensive. It is quite an affordable tool. There used to be the free Netgate pfSense Plus that was provided earlier at one point, and I understand now, of course, that it is based on the yearly licensing model, and I think that took a lot of people aback. There is not a lot of money to be paid for the tool, and you get more than what you paid for, especially if I think about its use and consider what it does.

If I assess the flexibility of Netgate pfSense, I would say that I can not just run a firewall, but I could use HAProxy and run a bunch of other kinds of server-based applications that normally would occupy a different server, so it amalgamates a few services into one package, which is nice single point of contact. I like not having to go to two or three servers to run the services needed, especially the ease of the firewall, as far as the creation of rules and the security aspect are concerned. The updates that come in are pretty decent, and though not too often, they are often enough to keep things secure. I like the tool's flexibility in the sense that you do not have to buy an appliance. You can put it on your own hardware, and it can be very simplistic hardware with simple configurations. There are a lot of abilities to be used in the product, and benefits can be gained from the tool without having to incur a huge upfront cost in purchasing hardware. If you have a computer lying around, you can easily install it, and you can go with it. With the tool's free version, you can use the tool for free. It is quite a friendly tool in the sense that it provides access not only to regular people but also to high-end corporates and business individuals.

Getting extra features or added packages in Netgate pfSense is very easy since the GUI and the menus basically take care of everything. When you go to do the installation, you see the log messages come up, and it's very clear when it is complete. It is a pretty simplistic process.

As per my assessment regarding Netgate pfSense's role in helping prevent data loss, I would say that as far as data loss is concerned, I think part of it is the firewall preventing access to my network shares aside from the typical kind of blocking ports and not allowing traffic. I think very much the segregation of the VLANs is possible, and my server VLAN will have all kinds of data, information, databases, and file repositories, and all of that is completely segregated from my DMZ. Any kind of the shared services that I offer or kind of crypto-based services that I do, the connections, both incoming and outgoing, can't gain access to my server VLAN at all, and such segregation really protects my data aside from some of the built-in, immutable type of services that the kind of network repositories that I have that do outside of Netgate pfSense. The key thing actually is just keeping things separate and being able to get alerts if something funky is happening.

Netgate pfSense gives a single pane of glass management view since the dashboard is always the first thing that I look at, and I have got to configure it in a way where I see my traffic graphs. I have the gateways and interfaces that I look at, along with the interface statistics, services, and a lot of other functions that I can quickly just glance at, including my Suricata alerts, the filtering, and other alerts. I can look at the UPS and the run time for the battery. I could take a quick glance and kinda see all the information I need without getting too deep, making the tool's dashboard a pretty cool feature. It really saves a lot of time.

I use Netgate pfSense Plus. I generally have experienced zero downtime with the tool. If there is some downtime, it is because of my own doings. As far as the benefits of Netgate pfSense are taken into consideration, I can see it has a lot of the extras that you get, and it worked. At a certain point in time, Netgate pfSense Plus was free to upgrade. I don't remember how much Netgate pfSense Plus and pfSense CE software differ from each other, but I know they differ quite a bit. The one thing I will say is the major difference that I have used is the boot environment. If I am doing an upgrade, I will basically take a snapshot of my current boot environment. Even though it does it automatically when you do an upgrade, I just take another backup. If I do something that is a very specific change that makes me a little nervous, I take a snapshot, and then I always have something that I could boot back into if things go horribly wrong, which is a big plus and one way of eliminating downtime since you can go back to a previous instance that is fully functioning.

Speaking of whether the tool provides visibility that enables our company to make data-driven decisions, I can check my graph, and through monitoring, I will be able to check my WAN and see the quality of the WAN to the point I was utilizing a router or modem provided by my service provider I was able to through the graph when there was a drop in the traffic and the quality of the connectivity, and that led me to basically scrap the modem and actually configure my own setup to get the internet into my home.

In terms of the total cost of ownership of Netgate pfSense, I think that for somebody like me who uses it in a cozy home corporate business environment, it is quite an affordable option. The tool is not expensive, and when it comes to the cost of ownership, if you have something lying around, like an old server that I repaired for Netgate pfSense. The benefit is that I am able to put it on an older server, so there are no hardware costs. The tool is not something that would go into a landfill. I think that the tool has been quite affordable and has paid itself over quite a few times. You could go cheap and use an ASUS router at home, which a lot of people do, but it may not have the stability, and it doesn't have the kind of horsepower on your engine speed or expandability of a polished product like Netgate pfSense.

The maintenance that is needed in the tool is just to make sure that the tool is up to date. It's not necessary to do the maintenance, and it's not just about updating Netgate pfSense but also updating the packages. It is great that you have a good product that can keep your environment safe. If you don't patch or have unknown vulnerabilities that surface, then you will end up wasting your money. I do have a patch process, so I check at least once a week for new installs or packages or if there is a version released and apply them shortly after. The total time to install the tool is probably a couple of hours in a month.

I

There are a lot of features I want to see simplified in the product. I want to see the licensing model part to be improved in the product. Those who need to do certain functions from their house would purchase Netgate pfSense Plus while configuring their machine, but if they have another network added to it, then it would basically change the ID of the device, and they have to go and request to get relicensed. Netgate pfSense will help you with the relicensing part for one time, but if you need to do it a second time, then you will have to pay for a new license, and that, to me, is not very fair. I think if you have paid for a year of service, it shouldn't matter how many times you need to request to rekey the license as long as it is not every other day. Two to three requests in a year shouldn't be an issue, and if I add another network card, why should I pay for a new license when there is not much of a difference.

The only thing that I would like to get some better utilization of is the ability to do free switching. If I need to go between different VLANs, I have VLAN 19.1 and VLAN 19.2, and I strictly use Netgate pfSense, but it doesn't route very efficiently and works quite slowly. I understand that it is not the router, but a lot of times, Netgate pfSense advertises it as a tool that is able to route traffic. I had to go in and purchase a separate router to manage my internal VLANs because Netgate pfSense was just choosing between the VLANs I had.

I have been using Netgate pfSense for a year and a half. I am just a customer of the tool.

Stability-wise, I rate the solution a nine out of ten.

I haven't had an instance where the tool has gone down, and if it has, then that wasn't my fault. The stability is there in the tool. I have had the tool p and running a few times, and the only time I have had to reboot it is when there was a new release.

The scalability is really dependent on your hardware. If I want to scale it up, I can throw in network adapters, more memory, more CPU, and scale it up. It is quite a scalable tool, and it is really just dependent on what you throw at it. Scalability-wise, I rate the solution an eight out of ten.

The solution's technical support is not bad, and they are pretty quick to respond. It is quite average as far as the technical part goes. There has been no bad experience with the support team. I rate the technical support a seven out of ten.

Neutral

I tried using OPNsense but I didn't like the whole approach, the menu system and the way it was configured. Netgate pfSense made more sense to me in a logical manner.

The product's initial setup phase is fairly straightforward. If you install an operating system, then you can install Netgate pfSense, so there is nothing to it.

The solution is deployed on an on-premises model.

The basic installation of the tool takes less than an hour. The configuration part is something that you figure out as you go ahead with the tool, which obviously takes a bit longer. The basic installation is quite quick and can be done in less than an hour.

For me, considering how much I put into the tool, right now, I would say that the ROI is around 25 percent.

When it comes to Netgate pfSense, I use the basic TAC Lite license, which comes for about 100 USD. I don't think Netgate pfSense is expensive at all. You could look at other services that offer similar types of configurations, and you can see it may cost in the thousands range. Even though I want something for free, I think it is quite a reasonable tool. The only qualm I have with the tool is that it is a little stingy on how many times they have to rekey a license.

I would recommend the tool to others since for me, it is simple, the low cost of ownership, expandability, just the way it looks, I like the numbers, and when the data is there, you throttle how much information you want to see or collect. For somebody who likes to tinker or likes to see the numbers or wants to harden their network or has a corporate business and wants to ensure things are operating smoothly, the tool is worth it.

I rate the tool an eight out of ten.

I use the solution in my company since we operate as a managed services provider that provides security solutions to our customers. I was looking for a device that had the required features my customer wanted, and that fit their budget, so Netgate pfSense is a product that clearly fits this space. Our company has started to deploy the tool for our customers.

In terms of the benefits of the tool for my organization, I am not an end user of the product. My customers use the tool, and what they have been able to achieve using Netgate pfSense is that they are better able to control their spending on internet services. Without Netgate pfSense, users can just take up the whole bandwidth from the network and make it difficult for other people to work, but with the bandwidth control feature, including the built-in functionalities in the solution, you can control what individual IP addresses on the network can do, thereby bringing in more control. My customers have even told their other MSPs how they need to increase their bandwidth, whereas what they needed to do was just control what they already had in Netgate pfSense. Controlling the bandwidth has brought savings to my customers, and it also helped them to have a better user experience with the internet services that they were purchasing.

The solution's most valuable feature is that it is a highly configurable tool. The tool has a lot of options, so there is literally nothing you cannot do with it, but you have to know your way around the product.

The problems my company's clients wanted to resolve by implementing Netgate pfSense were that they wanted a provision for enterprise network security, static control over load balancing, and failover. This area is typically the use case for our customers.

If I assess Netgate pfSense's flexibility, I would say that it is a highly configurable tool, which means there are many options. It has a lot of flexibility in terms of configuration. You can write different rule sets for different traffic types and scenarios. On the same firewall, you could have lots of variety in how you want to handle traffic.

If I want to add features to Netgate pfSense, I would say that because the structure is modular, there is an app store where you can download whatever feature sets you want but are not included by default in the tool. The tool also supports many third-party plug-ins. It is possible to add features to the tool.

Netgate pfSense provides a single pane of glass for management with a customizable dashboard. You can customize the dashboard. Any handy modules you want are possible on a dashboard with a single-view window where you can see what is going on, and it is customizable.

The single pane of glass management feature has an impact on operations since it simplifies management because, typically, my company is not on the customers' premises, so we need to have remote access to the firewall. The people who are doing the back-end monitoring have a single view, which makes operations easy because, with one single glance, you can tell if there is a challenge or not in the tool.

Netgate pfSense Plus is what came on the device that my customers purchased by default.

In terms of whether Netgate pfSense Plus helps minimize downtime, I would say that the main difference between Netgate pfSense and Netgate pfSense Plus is the availability of enterprise support. When I have issues or bugs, I have someone to go to and say that something is not working and ask what we can do about it, after which I can get a response. When it comes to Netgate pfSense and Netgate pfSense Plus, the software is almost the same. One of the versions comes with enterprise backing, so I have some support and OEM support instead of relying on the community. I have a proper company I could talk to about any challenges my customers and I may have. The support does help reduce the downtime. I haven't actually had any downtime with the tool on my customers' end. I haven't had any downtime using the tool.

In terms of whether Netgate pfSense provides visibility that enables my company's clients or me to make data-driven decisions if we don't speak of specific use cases, I would say that it is typically a next-generation firewall that does bandwidth control and provides IPS and IDS features. For instance, if my customers wanted to have an idea of how much internet traffic they are using, then Netgate pfSense would give you graphs that you can export and do further analysis. I don't think the tool's use cases are tied to data or data analysis.

I can’t get any area where improvements are needed in the tool off the top of my head. I haven't had any challenges I couldn't resolve between myself and the support. Maybe Netgate needs to see if a medium-level Netgate pfSense Plus can be created for smaller organizations.

Most of what I need is already in the tool. If there is any need associated with it, I will be sure to report it to the support team.

I have been using Netgate pfSense for two and a half years. My company serves as an MSP for Netgate pfSense.

The only area to consider is that sometimes when there is an upgrade, there may be some changes. But when you have uploaded a stable version of the firmware, the operating system, I think it is a very stable tool. I have not had any issues around stability. Stability-wise, I rate the solution a seven out of ten.

I deal with clients in areas such as residential, government organizations, and medium-scale businesses. I have one customer in each category, which includes small, medium, and large businesses.

Normally, when it comes to the size of hardware before you make a purchase, due diligence is required to see that the device would be able to handle the current requirements and have some room for growth. With the solution itself, I don't see the need to discuss questions related to its scalability because that would be a function of the hardware and the size of the network where you are deploying the tool. Typically, if you have a huge network, you need to make sure that you have the equipment that can handle that volume of traffic from the on-site. The scalability aspect is not really a good assessment criterion to use to measure the tool. If I put things into a certain context and say that we have a network that has around 100 people, then you don't put up a device that can manage 100 people. Instead, you need to get a device that can manage 150 to 200 people, and then you can create room for growth. If you don't follow these steps, you will have to change the device after some time.

The solution's technical support team is okay. They respond quickly. I have only had the need to place two support calls in all of my dealings so far, and they were able to figure out my issues and resolve them very quickly. I rate the technical support a seven to eight out of ten.

Positive

In our company, we typically deploy a mix of security products that we prefer. At our organization, we have Sophos, Fortinet, and Netgate pfSense. Sophos, Fortinet, and Netgate pfSense are pretty standard. Netgate pfSense has all of the features that Sophos and Fortinet have, but what is more, it can be used without having to have separate licensing. Netgate pfSense really beats the other tools hands down in terms of price because there are no individual license costs for the features that you want to use. In Sophos, certain features require separate licensing. Netgate pfSense's advantages over other tools in price make it a top choice over the others. In our company, we have some customers who are particular about products, and for such customers, we provide them with what they request. For those who don't mind trying something different, Netgate pfSense is our default choice.

The product's initial setup phase is straightforward. The complexities in the deployment are produced by customers who do not know exactly what they want. Some customers have requirements, and my company needs to sit with them and streamline certain areas. The integration and the configuration are not the challenges associated with the tool.

The solution is deployed on an on-premises model.

Typically, if all the configuration information is available, the tool can be deployed in a maximum of two to three days. One can have the standard installation done. The deployment procedure can be done assuming one day for the configuration and the second day for rack mounting. The process is quick when the customer has all of the information they want configured in hand. For some of them, the tool is typically deployed over a period of a few weeks because they don't know or have not decided how they want to implement a particular feature. Still, it would not be a delay from Netgate pfSense's end but rather a delay from the customer side.

I would not call it a cheap tool, but it is very cost-efficient. I don't see any product that gives you the same functionality within the same price brackets offered by Netgate pfSense. There is hardly any need to go to the open-source firewalls, especially with the ones that are coming back, and there are no enterprise security products in the price range that Netgate pfSense falls under.

If I assess the total cost of ownership of Netgate pfSense, I rate it as an eight or nine out of ten.

I don't use Netgate pfSense Plus on Amazon EC2 VMs, and I haven't had a customer who wanted to deploy the tool on the cloud. Most of them purchase and install their hardware directly from Netgate.

The maintenance of the tool's equipment is done once or twice a year just to blow out some dust and make sure it looks physically okay, which is nothing outside of what the regular network devices require. It doesn't require any special maintenance.

I would recommend Netgate pfSense because it is one of the products that my company markets to our customers.

As I have existing customers that use the solution, they serve as a reference point for my new customer. I tell others that I have deployed Netgate pfSense in a few official organizations, their use, and the problems that it has solved for them. I have case studies to speak about. If someone wants to go for a proof of concept, it is something that is doable.

I rate the tool an eight out of ten.

I primarily used the solution to replace Cisco, which was horrible. I wanted something super simple. We needed something that would make the change process within my network easier.

I started with a small trial when I wanted to replace my Cisco switches. I liked that this was open source and I was able to test a few things. The capabilities of configuration made it so that I didn't have to test other options and I could translate my configuration the way I wanted to.

It's easy to configure segments in a network and the routing is good. 

It is super robust. The flexibility is great. It's the main reason I switched off of Cisco. Everything is very intuitive.

I have a pretty complex network. With this, I can do some segmenting. I can have specific firewall rules to make my network as secure as possible.

It's so easy to use. I use the VPN features a lot. It's great.

It's simple to add features. There's lots of documentation and Youtube guides to help you. I did not need specialized training thanks to this knowledge base. As long as you have a background in networking, it's pretty straightforward.

You can add other software packages to pfSense.

Between the free and paid versions, I do not see something that would make one better than the other. However, I bought the pfSense appliance to ensure I had a nice piece of hardware to save and protect my network.

pfSense does provide good visibility into my network so that I can make data-driven decisions. If I need to troubleshoot anything, I can go and look at the data, the statistics, and the graphs. I don't do this daily; I do it only if I notice strange behavior. 

It helps us optimize performance - especially in terms of internet use.

While the software is great, they could work on improving the hardware. The interface is a little bit sluggish. When I installed it on a random computer, the performance was pretty crisp. However, on the device itself, it's slower. I'd like to see them decrease storage and increase speed. With storage, you can always add more. However, you cannot make CPUs faster. 

I've used the solution since September 2022.

I've never experienced any crashes. It's quite stable. 

It's a pretty beefy appliance. That said, thus far, I have no need to scale. At the time, I went with the biggest offering they had in terms of appliance size. 

I've only contacted technical support in order to get a device replacement. I've never experienced any issues. 

I previously used Cisco. It was difficult.

The initial setup is moderately easy. I struggled a bit. It's a bit tricky at first.  However, within a couple of months, I had a really good setup. Now, it's working flawlessly. The deployment took a few months. The first month was a lot of troubleshooting. By the second month, I was fine-tuning. By the third month, it was completely up and running. 

There isn't too much maintenance. The device is almost maintenance-free. Every once in a while, there are updates. The backup is automatic after configuration. I don't have to worry about that.

I handled the setup by myself. 

The pricing is good. I'm not locked into any kind of subscription. Since I bought the appliance, I have it until it breaks. 

I'd rate the solution eight out of ten. 

I wouldn't recommend pfSense to somebody who has no limited network. While pfSense, for me, was pretty easy to set up, it does have so many features that you could easily get confused. I would recommend it to anybody with experience as a network engineer, not just a beginner. 

The solution is primarily used for anything to do with security. SMEs are using it to protect their businesses.

The companies we work with are fairly generic. What we see most is companies using the solution since it's affordable.

The price point is the most valuable aspect of the solution. Customers really value that.

Customers value the following features:  

• It's highly configurable
• It's flexible. 
• The features are easy to use.

The interface is somewhat challenging if you compare it to other commercial products. If you compare it to something like Sophos, where someone with decent firewall knowledge can get it up and running in a very short time, you need to be a fairly skilled security worker for this product.

Configuring the interface can be a bit hard.

We've found working with SAP networks challenging. The model that they have in terms of partner networks works very well in the US. However, it's very challenging in our part of the world. What works very well here (Kenya) is a distributor-reseller model, where you have the vendor appoint a distributor. Then the reseller can quickly serve the client. The partner support could be better here.

We've been selling the product for two or three years. 

The solution is quite stable. I'd rate stability nine out of ten. I rarely have a failure.

We largely work with SMBs. 

Support is excellent. 

Positive

We have used other products as well in the past. For example, I do have knowledge of Sophos. We are a reseller.  We've had it longer than pfSense. Sophos is a bit easier to set up. pfSense pricing is very good, however. It does need a more friendly UI.

The initial setup is a bit complex. There are other products that are easier to set up. The installation is not a problem, however, the complexity comes in with the configuration. The installation itself, which is basic, won't take long. The configuration process is longer since it can be from challenging to quite complex. 

There is some maintenance required. There are updates every quarter. Previous to the last update, you couldn't do an update without breaking. It's easier now, however, there is still maintenance. 

The solution is cost-effective, however, that does come at a cost to the client. They do have to buy the product in the US and ship it to Kenya. The total cost of ownership, including acquisition and support, can be quite competitive. 

We are resellers. 

I'd recommend the solution to other users.

I'd rate the product seven out of ten. There are a few challenges. However, it is stable and offers good support. 

I have the Netgate 6100 firewall with pfSense at my house, and I also have several business clients on it. I use it for site-to-site VPN from one doctor's office to another so their PBX phone systems can replicate across the network. 

PfSense helps prevent data loss. It's a firewall, so unless you open ports, they are completely closed off, and nobody will crack into your network. You can set up various rules that will let you know if you have an intrusion or block an IP address, country, etc., for malicious threats. 

I haven't experienced any downtime with the 6100, but I've had problems with the Netgate 2100 appliances. One of the data-driven procedures is performance. If you make a change, your traffic comes up almost immediately. If I had to compare pfSense to SonicWall, I probably wouldn't use SonicWall based on the boot time. When you have to restart the system or something like that, pfSense is quick, whereas these other firewalls will take 10 minutes to come back online. 

The visibility pfSense provides helps optimize performance. Some of the stuff is visible in their charts and graphs. You can see their traffic moving in real time. That's beneficial to me, especially if I'm looking for something. For example, if you're looking for an IP address that's seeing a lot of data, you can narrow it down to what device it is.

The most valuable aspect of pfSense is the community. If you have a question, you can post it on the forum. The backups are also good. I restored it from a hard drive recently and was back up in 10 minutes. 

I like pfSense's flexibility. It lets you install it on multiple applications, such as a VM, appliance, or white box. For a short time, the community edition had a free upgrade to the Plus edition, so you could technically download the version and convert it into a Plus version. They offered support there for a while, but I don't know if they still do. 

If you log into it, it is a single pane of glass, but the features are scattered everywhere. If you make a firewall rule and you run a port, it will automatically make the firewall rule for you, so you don't have to do that. That's convenient versus some firewalls where you have to make the net rule, then you have to make the firewall rule to allow the net to operate. 

It's easy to add features, but some require configuration. Depending on the feature you're adding, that can be tricky. I wish their GUI were easier to use because it's always been scattered instead of having everything in one column. You have to click one thing to get something to work kind of like UniFi. You have to be a little techie to get it working as you want. The only other problem I've encountered is that sometimes it has buffer bloat, and you have to go in and change some firewall limiter rules to get the bloat to go away. Once you get it down and have done it a couple of times, it seems fairly straightforward. 

If the GUI interface were better, that would be a huge benefit. There's a fork of pfSense called OpenSense with a far superior interface. Everything's in the left-hand column. When you click on one item, you see everything listed under a single tab. You don't have to jump back and forth through the program. 

Everybody is sometimes scared of open firewalls, but they get updates regularly. I check them all the time. I wish it had an app or some alert feature that you could set up. That would make it a little bit easier if something went wrong because you usually don't find out until the last second.

I've used pfSense for 10 to 15 years.

PfSense is highly stable. I don't typically have any crashes. Usually, it's hardware problems, such as a hard drive or memory chip. Beyond that, I have had no issues with any appliances that pfSense installed.

The scalability is good because if you have two identical devices, you can do high availability, so it's highly scalable. 

I rate Netgate support 10 out of 10. Netgate technical support is just phenomenal. If you pay for support, they're on it right away. I've had to call them a couple of times and ask for a system image for some of their lower-end devices. I've noticed that an upgrade will sometimes break them. You can take the serial and model numbers, send them an email, and they'll send you the image. You just download the image, flash it over onto the device, and restore from the backup.

Positive

I've used UniFi's Dream Machines, FortiGate, SonicWall, and OpenSense. I've got one instance of OpenSense out there. They're all about the same in performance, but everything has its own learning curve. The learning curve of pfSense is higher than OpenSense because of the GUI, which is a little confusing and intimidating for someone brand new.

A brand-new user might be confused, especially if they don't have too much networking capability. If you have a white box and download the software, you need to configure everything, including the network interface card, but if you buy an appliance, you should be able to plug into a port and get an IP address. That's not the case with the community. It isn't. For those who want to dabble and play around with it, there's a bit of a learning curve there at the beginning on how to get it. They have some good documentation, but it's a little confusing.

I can have it running in 10 minutes. It depends on what you're doing and whether you have VLANs, which can be confusing to configure. But you can set up a simple home user with no VLANs in 10 minutes. For maintenance, it'll tell you if there's an update, but I typically wait a while before I do the update to ensure that it's solid. They do good testing on it, but I've had some problems where it breaks something else when they do an update.

The price of pfSense is on par with everything else. It depends on how big an appliance you buy and whether you're purchasing it directly from Netgate. Some rack-mounted systems are expensive—a couple thousand bucks. The one that I use at my house was $700.

The total cost of ownership isn't too high or too low. I think it's right where it needs to be. Obviously, with new appliances and faster technology, your prices will go up, but that's expected with any product you buy. It was all free when I first started using it, and you could put it in any box you wanted to buy. 

I rate pfSense eight out of 10. The reason I give it an eight is that the GUI needs to be cleaned up a little. I think Netgate would sell more if the GUI were a little more like Opensense. Before buying, I would test the community edition on a virtual machine and select an appropriate appliance based on your deployment. 

We use Netgate pfSense for load balancing. 

The tools' most valuable feature is load balancing. 

Netgate pfSense needs to improve the configuration for a VPN. 

I have been working with the product for three months. 

I rate the product's stability a nine out of ten. 

I rate Netgate pfSense's scalability a seven out of ten. 

I have used online documentation and hence haven't contacted the support yet. 

I rate the tool's deployment a nine out of ten. Its deployment takes only a few hours to complete. 

We did the deployment in-house. 

I use the product's free version. 

I rate the solution a nine out of ten.