We use it as a firewall within our public cloud infrastructure. We use it in particular for IPSec, VPN, and Reverse Proxying HTTP Traffic. We have deployed multiple pfSenses and most of them are configured as HA/Failover.

We wanted to secure traffic between our main office and multiple public cloud data centers and providers. We also wanted to have access to our cloud components via VPN.

We have multiple websites that are proxied via HAProxy and secured via Let’s Encrypt TLS Certificates (generated via the ACME Plugin).

We deploy across multiple virtual data centers that are in different physical locations. Multiple teams have their own deployment. One HA / Failover cluster is the entry point to our websites so there are millions of HTTP requests per month. We also have around 20 to 30 users (Dev and Ops) who use the VPN feature. Behind the pfSense firewalls, there are around 100+ servers and no end users.

We replaced a Sophos UTM 9 Failover Cluster with a pfSense Failover Cluster and we can now make config and certificate changes without downtime. Also, the TLS certificates are rotated automatically.

The performance optimization documentation has improved our organization. The base setup is great but with higher bandwidth, it is really hard to find good documentation on how to tweak the setup to get the most out of your connection.

pfSense sort of gives us a single pane of glass management. We use the same product multiple times so we only need to know one product but it also does not offer a single management platform for all deployments. Whether this is good or bad depends on the point of view. On the one hand, we need to manage multiple setups, but on the other hand, we have a clear separation of concerns and risk zones (if the user account on one system is breached not all systems are affected).

It is hard to pinpoint a specific feature that is the most valuable. I think the big community is a major benefit. Most problems we encounter were already encountered and mostly solved by someone else. Most of the components are open-source tools, so the error messages have hits on Google which makes debugging easier.

pfSense has Plugins and is open source so everybody can add features or improve the product. For example, HAProxy, ACME Plugin, Prometheus-node-exporter, Nmap, etc. I see it as a relatively flexible product. If something is not working via the WebUI, SSH or WebKVM is always there.

Most of the time it is very straightforward to use a feature or plugin, the documentation is great and has examples that are very helpful. If something is a bit tricky, pfSense luckily has a big community. 

Performance Optimization Documentation could use improvement. The base setup is great but with higher bandwidth, it is really hard to find good documentation on how to tweak the setup to get the most out of your connection.

We have been using pfSense for eight years. 

pfSense is a very stable solution. In all the years I had around three instabilities.

Two people handle the maintenance of all pfSense Firewalls.

It can be used in small to big deployments. If the bandwidth hits more than 10GBs or 20GBs you need to optimize it to get good results. I would also not recommend it in very big ISP deployments with TBs of traffic.

I have never used the support for any technical issue. The community forums and Google always were enough.

Positive

In one of our virtual data centers, we had a Sophos UTM 9 as failover but it had some very annoying problems (Let’s Encrypt TLS Cert generation or WAF config reloads resulted in a two-minute downtime).

The old installation was straightforward, but the new installer has some bugs and does not really work.

We implemented it ourselves. 

Previous deployments were done by a System Engineer and the current deployments are done by me (DevOps Engineer) and a System Engineer. It was a one-person job.

We have better uptimes and lower support costs in comparison to the Sophos firewall and we are also saving on licensing fees.

The licensing seems fair. We owned the TAC Lite License for some time. The problem was, that the license is bound to a device ID which does not really work well with VMs where this ID changes sometimes.

We use pfSense Community Edition as our firewall within our public cloud so we only pay for the VM and the traffic.

I would rate it an eight out of ten. It is very good but has some fields in which it can improve.

You need to have an interest in the topic and also (like any security product) it needs regular attention. But it is a reliable firewall and the combination of BSD and ZFS makes it pretty solid.

We use pfSense as a firewall to improve our security. 

pfSense is viable and works as it's supposed to. It prevents data loss. I've used it on several networks. It's there in the background and just works. It minimizes downtime by running dual WANs and automatically switching between two connections.

pfSense is relatively easy to set up and just runs. It's easy to use. The platform is flexible. We've been able to do everything we've tried. It seems very complete. I'm not using all of the capabilities, but it does what we want to do. 

Once you find what you're looking for, it's relatively easy to add features and configure them. Google helps out. I've been able to do anything I wanted.

The learning curve is a little long.

We deployed pfSense in the last five years. 

I rate pfSense 10 out of 10 for stability. 

It's a small firewall and we have a small network. 

I rate Netgate support 10 out of 10. I've only contacted them a couple of times, and it's been fine. They've responded quickly and done the job. 

Positive

I've only used off-the-shelf routers without a truly community-built firewall product. 

My background is in IT, so the installation is relatively straightforward once you understand a few concepts, but that's normal. I got pfSense running in a day.  d

The price of pfSense is fair. We have a relatively small network, and most of the competitors are pretty expensive. 

I rate pfSense 10 out of 10. It does everything it should do.

We deploy Netgate pfSense primarily as enterprise-grade routers and VPN endpoints or VPN servers.

It's a firewall that provides frontline defense for any network. We saw the benefits of pfSense immediately upon the first deployment. It has several features that prevent data loss. For example, it allows automated backups of the configurations. It's nice to know that any changes are captured, and we can easily be pulled back to a new device should the current one fail. It also helps to optimize performance. We get good real-time statistics that Netgate can use to optimize performance. 

The automated backup is great. PfSense is an incredibly flexible platform. You can install whatever plugins you need and get lots of community support. There is tons of built-in logging, and the add-on packages you can use to analyze your traffic have been handy. That can generate a ton of data for us to look at how the network is being utilized and what changes need to be made or where we can improve.

From the hardware perspective, it seems like there has been a lot of turnover at Netgate. It comes with the territory because processors and other boards change so fast. But I'd like to see more continuity in the product line and a longer lifespan for a specific series. The operating system side of it has been rock solid, and the appliances have been great. I just want to not support many different appliances. I want one we can standardize for several years.

I have used pfSense for around 10 years.

The stability of pfSense is rock-solid.

The scalability of pfSense is also excellent, assuming you purchase the right hardware on the front end. In our case, we're doing physical deployments, not cloud-based.

I rate Netgate support 10 out of 10.  Their in-house support team is excellent. Each appliance comes with the minimum support needed to get a network connection. The support is knowledgeable and responds quickly, so the questions are addressed professionally and accurately.

Positive

We've used some Cisco products. I prefer the pfSense licensing model. You can get ongoing support and updates continuously. I don't need to pay again to patch a system. Cisco licenses connections. It's such a licensing problem at Cisco that I prefer dealing with pfSense.

We deployed pfSense on physical appliances. I think it's fairly easy for the average IT technician with no prior experience if they understand that it's primarily configured through a web portal instead of a command line configuration. PfSense can be deployed on one instance in 15 to 30 minutes.  

The documentation and community support are great, so many answers can be found without reaching out to their support. It requires no maintenance aside from regular updates and patches. 

The pricing is fantastic, and the market bears it easily. The total cost of ownership is so low because the license and the hardware are remarkably good. You don't have any recurring fees or licenses to maintain. With pfSense, you pay the upfront cost and that's it. The upfront cost is reasonable.

I rate Netgate pfSense 10 out of 10. I love using pfSense firewalls. 

We use pfSense as an edge router for customers. I use pfSense Plus. We're using Netgate boxes preconfigured with pfSense.

PfSense gives our customers high security, and it's easy to implement. Most customers are looking for a VPN, so we set up a static IP that makes the VPN easy. The benefits of pfSense are immediate. It has a few features that prevent data loss, such as backups and creating rules. It does packet inspection to ensure large known malware does not get through to the end users.

It offers features that help us prevent downtime, but that doesn't apply to our customers. It has failover, so if an internet line were to go bad, you could failover to another line. That doesn't apply to our customers because they can't afford a second internet line. 

I appreciate the depth of what you can do with pfSense and the simplicity of the initial setup. One thing we've done is create an image, and when we get a new customer who needs a device, we can put that image on there. The image gets them up to 90 percent of what we need them to have, and we only have to customize the remaining 10 percent. PfSense is incredibly flexible. It's complicated, but it's incredibly flexible.

We do a lot of managed services and are currently trying to get people off of L2TP VPN. Apparently, we can download a mobile config file from a configured NetGate device, and we're primarily Apple. We've experimented with it on a device that's not a production device, and we can't seem to get the phase one IPSec set correctly so that the Apple config will accept it. 

We've tried looking at the documentation but haven't found anything. While it's not the highest priority, it is rather frustrating. We'd like to do this, and the feature is right there, but we can't get it configured. We certainly don't want to try it on a production machine because it will break the current VPN. 

I would like to download the Apple mobile config so that I can tell it to configure my VPN connection to do that. We have some cross-platform things. So there's also a Windows VPN. You can download a script or a PowerShell, put it on a Windows machine, and it can connect to the VPN. It would be nice if I could say I want Mac only, Windows only, or both. I wish it could configure the IPSec phase one and phase two, or at least give me solid instructions on how to configure that.

It doesn't supply out-of-the-box visibility to drive decisions. You get 75 log lines, so if you're trying to troubleshoot something, you have to look at one log and then another. It integrates with SysLog systems, but our customers are not at the level where they want to pay for some third-party SysLog system. Usually, we can get things taken care of fairly quickly.

I would like to have the ability to control all my devices from one place. With Ubiquiti, you can get a controller that allows you to control all of your Wi-Fi devices, switches, and routers. From one area, you can switch to that customer and see what's happening in their environment. That's not part of pfSense. I understand why it's not because pfSense is open source and community supported. That's something that someone in the community needs to pick up and run with. It's not something the pfSense can easily implement. If they could, that'd be great.

I have used pfSense for 12 years.

I give it an eight out of 10. I've never had any lag or downtime.

The higher-end boxes have a lot of scalability. You can run pfSense on a Unix box and add cards or all sorts of things. If you had a powerful Unix box and hot spot-able, there would be a lot of scalability to it. I primarily use their Netgate appliances from the 1100 to 2100 hundred, so the scalability is limited. 

The old 3100 had a lot more scalability than its replacement the 2100. But the next step up now is to the 4100, which gives you an additional preconfigured WAN port that allows you to easily separate networks. It jumps from $400 to $900.

I rate Netgate support eight out of 10. They're great. I called about an issue with a bad box. They answered the phone and I got somebody who was highly familiar with the product. He had me try several troubleshooting things, identified that the box was bad, and got me a replacement. 

Positive

We’ve used SonicWall and switched due to cost. Though SonicWall is easier to manage, the on-going costs are prohibitive.

The deployment difficulty depends on what you need to do. Let's say you get a box and plug it into your network, but you can't get it to work, so you call the folks at pfSense. They will help you configure it so that you can ping a remote device. That's pretty easy. 

I gave one of the pfSense boxes to one of my people who has minimal knowledge about setting up network devices. He could get it to ping in about 25 minutes. Then, I asked him to add a VLAN, and he's still working on that. That's been two and a half months. If someone needs something to put on their network, it's pretty easy, but if you want the full benefit of a firewall, it may take a while. One person is enough to do it. After deployment, you just need to do some periodic firmware updates. 

PfSense's pricing is reasonable. However, support is relatively expensive for smaller customers, and you need to pay per device to get it. So if Customer A is having an issue, I have to get support, and then I have to get support for Customer B, and so on. It would be nice as a managed services provider to get support for my company rather than individual devices.

I would compare the total cost of ownership to SonicWall. We can compare the basic functions of the Netgate 2100, the model we use most, to the SonicWall 3500. They have very similar functionality. The cost of the 3500 was closer to $4,000.

I rate Netgate pfSense eight out of 10. I recommend doing a lot of research or spending the $500 to get the extended support. 

We primarily use the solution as a replacement for commercial firewalls. We use it as an Internet Gateway Firewall product and use the VPN features.

pfSense helped solve the limitations of proprietary software. I find it frustrating when the hardware capabilities of a particular piece of equipment are doled out piecemeal for a fee. For example, when certain features are locked until you pay for them. The proprietary nature and the extra computing power that's used to basically enforce the copyright on some of the competitive products I resent. I like that this has a community option. I'm an open-source advocate. I started using Linux in 1999, and I prefer that developer model.

There are many capabilities within pfSense, that I've never used, and that's true of a lot of products. It's very flexible, and they have plug-ins.  You can add features to pfSense. It is moderately difficult. That said, the web interface is great.

I like that I can use it with OpenVPN. It's not licensed and is not run by some corporation that watches you.

It has an advanced file system so that you can configure it with multiple drives and have redundancy within the router itself. I've never used it as a file server. I've never used it as a data store. It's really more about security and not reliability.

It's keeping the bad guys out and allowing connectivity when you need it.

The configuration could be a little more intuitive. It's a little trickier to set up - things like the OpenVPN - than it should be. However, once you get this configured, it seems solid as a rock, and it just works. 

The solution needs better error messages in the VPN. It's kind of a bear to configure. That could be streamlined or smoothed out. That said, I do not do this 40 hours a week like some people. I wear a lot of different hats. Still, when it comes to configuring, it always seems to be a little more involved. 

I've been using the solution for three or four years. 

The solution has been very solid.The BSD file system is a little more fragile than a Linux file system. I've had situations where a power failure causes a hard drive not to get corrupted but to need to run maintenance on it when it reboots. However, that's not a pfSense issue. Overall, it's been great.

I'm not a power user. For me, the capabilities are fine. It runs pretty fast even on modest hardware. 

Technical support was good. It was way better than the twenty-four hours that the contract said. They usually get back to me in a matter of a few minutes. 

They are very good at answering and solving specific problems. If something doesn't work, you can give them access. They can figure it out and make it work. 

I was less satisfied when I tried to ask a question like, "Is this the best way to have this configured?" It's a slippery slope of going beyond the typical tech support and actually getting consulting on it. I understand that maybe that's not their problem. However, it did seem like there's this hard wall where they will answer specific questions, but they are not going to give you general consulting advice about how to use the product. That is a little frustrating. 

Positive

I've used SonicWall and I've used various commercial firewalls, for example, Cisco. However, I haven't evaluated other things in the same category based on open source. There are a lot of them; I haven't looked at anything else, to be honest.

It's easy to get it going as a firewall. It's moderately difficult to get the VPN features running. I was able to deploy it within a couple of days. 

Maintenance is needed for upgrades or renewal of certificates.

I managed the setup myself with the help of the pfSense support staff. 

I use the community version, although there is a paid version as well. I've also downloaded it, registered myself, and paid for it to get support. I'm not sure of the exact features that differ between free and paid. 

I'd rate the solution eight out of ten.

The only shortcomings are somewhat obscure configuration issues. However, the scope of what they're trying to do is very good. While there could be more polish on some configurations, it's very capable and very flexible. 

If I had to do it over again, I would probably have actually gotten the hardware from NetGate. You're paying for the support, and bundling the hardware and support together might be better. I sense that you'd kick yourself up a notch in terms of the priority that they give you. Not that there's ever been a problem. Getting the hardware directly from pfSense might cut out the middleman and reduce the possibility of issues when something goes south. Other than that, I'm a pretty fairly satisfied customer.

We use it as a firewall. I've got a few deployed at different customer sites. All of them use OpenVPN for VPN software.

We really started out with general-purpose firewalls, and I used a different firewall. I've used SonicWall in the past and one of the other firewalls had a yearly subscription fee if you want to protect from different sorts of security threats. pfSense uses open software, so you don't have to pay a security fee for that.

The dashboard is pretty good. It lets you control different things. It also has widgets, and you're able to control which sockets are open or not, and you're able to have some open software that allows you to do geofencing. You can restrict the ability to access certain countries.

It's been flexible enough for everything that we've needed to do with it. I have a small operation, so we don't have some of the requirements that a larger one would have. 

Since it's open software, there are typically open modules that you can add. The firewall software also has a menu option that allows you to download different new features. For instance, there's a piece of software called Notes that allows you to make some notes, so you can go into your firewall and look up configuration notes that were written there in the past. There's backup software, so there's another piece of software that allows you to back up the configuration to a file or a PC connected to the firewall. If you have a sufficiently bad power outage, you can lose your configuration. However, it has some features that allow you to track suspicious access to a device. You get a record of intrusion. You still need to interpret it yourself. However, you are alerted to potential hacks.

We began to see the value immediately. It made a big made a big difference not to have to pay that annual fee. There was some learning curve involved. I like to learn new things. 

We do not have a single pane of glass management. It would be nice to have. There are some firewalls that let you have cloud-based management like software as a service. pfSense doesn't allow you to have a central place where you can check everything. I have to remote into local networks and then pull up an individual dashboard.

I've been using the solution for three and a half years.

The stability is good. I haven't had any issues with the firewall crashing spontaneously. What I have seen is, if you have a power glitch, it will go up and down. We have battery backup so that those power glitches don't happen. However, if it does, that can damage the memory storage device inside the firewall and then you have to reload it. 

The quality has been very good. If I had paid support, it would be faster. When you get a new firewall, you get 30 days of telephone support for the device while you are initially configuring it. After that, you have email support. You can pay for support every year. However, I work for a lot of non-profits that do not have big budgets. 

Positive

We've had SonicWall or WatchGuard in the past, among others. They had less flexibility and you did have to pay an annual fee.

The initial setup was maybe 50% more difficult than I thought it would be. That said, it wasn't too bad. There are good instructional videos on the internet and the help documentation that Netgate provides is good too. They also have good technical support. The free level of technical support is an email ticket system. If you have a problem, you can raise a ticket, and then it gets solved, maybe not right away, but eventually. It might take a day or two to get solved.

The first time it was deployed, it probably took a day - maybe 12 hours. After that, it takes anywhere from a couple of hours to up to five hours to fully load a firewall with all the different pieces of software I need. 

I handled the deployment myself. 

There is a bit of maintenance needed. I will either go remote to the different firewalls or on-site and update the software. I can download the latest version from Netgate and basically reload it. 

I use the community version of the solution. It is free to use.

I don't consider the cost of how many hours it would take to learn it versus the cost of the annual subscription; however, once I get sufficiently comfortable on many firewalls, that'll average out to zero in terms of cost.

I'm a registered reseller.

I'd rate the solution nine out of ten. It's a good firewall that operates without you having to pay attention to the costs. 

It's really important to back up your configuration. Sometimes, you do have to reload it. It's more important to document the procedure that you take to load and configure the firewall. If you're used to WatchGuard or SonicWall, then there's more of a cut-and-dried procedure to that. With pfSense, you really have a lot of latitude and a lot of flexibility in how you want to configure it. If you just do the minimal configuration, you probably aren't getting the advantage of all the features you would want to have. That's why it pays to document that.

I have two different use cases. I use it as a firewall and security appliance. I also use it in layer three virtual routing scenarios.

The thing that sets pfSense apart from other competitors is the flexibility that it offers. You have a package manager, and there are so many options to choose from -whether it's security, a plugin, or even networking technologies. pfSense supports VPNs. It supports VLANs. It can be virtualized. It can run on physical hardware. You can be agnostic as to which vendors you're using. It is interoperable. It's a very versatile package and system. It's very easy to add features and configure them.

There's a graphical user interface that can be managed and used for almost every feature configuration item and function. There's also documentation on pfSense and NetGate's websites that outlines every configuration item package and configuration setting in extreme detail. There's also a strong community. The community has a support forum online. It is very easy to use.

I've witnessed the benefits pretty quickly. I started using it in production in 2012. Prior to that, I had used it personally from 2009 to 2011. That gave me time to kick the tires and see how it could be used. In 2012, there were very limited deployments of pfSense in the enterprise industry, and support was available, but not like it is now. So, by being able to use it personally, I saw where the benefit was. Then, when we deployed it in a production or enterprise environment, we were able to realize the benefits immediately. And those benefits were: security, supportability, and sustainability. Regarding security, it's backed with BSD, a well-known, tried and tested operating system, and is up to date on patches. It is much more user-friendly to configure than the competition, be it from Juniper or Cisco, HP or the other competitors that are out there. Sustainability is an extreme benefit. The feature parity, along with the cost and flexibility of being able to provide a variety of different hardware networking methods, pretty much sealed the deal.

The solution prevents data loss. pfSense offers an auto backup system, so your configuration and systems that you're running by default can be synchronized with pfSense and their cloud product, meaning that if you suffer a failure or a configuration issue that makes you need to roll back, you can actually rebuild a device or virtual appliance in a matter of minutes and have it back up and running just as it was. As far as other building features, it runs BSD, So you can use SFTP, which is a secure transfer protocol, as well as any other industry standard backup product. The main function that's built-in is the auto backup and restore functionality, which we use from time to time, and it's very helpful.

I use both the community and Plus versions of pfSense. For enterprise and production systems, I use pfSense Plus. I use that on both physical and virtual hardware. It works great. The pfSense community edition would be more for a testing environment or a personal deployment.

pfSense features that help to minimize downtime. pfSense comes with opportunities to configure for high availability. In the event of a failure, there are ways to bounce from one appliance or virtual appliance to the other. There is full documentation for that. It uses open standards. Also, on the individual appliances, there are wizards and configurations for WAN and multi-WAN failover bonding or anything in between. That includes failover for your Layer 3 routing firewall rules, filters, et cetera. 

pfSense provides visibility that enables users to make data-driven decisions. pfSense supports many different monitoring and logging types. Out of the box, it can monitor. It also supports Syslog. It supports SMPP. You can create baseline reports and watch trends, and those trends could help you be prepared for an increase in bandwidth, routing capacity, or even CPU utilization for beefing up your security rules.

The visibility in pfSense helps you to optimize performance. You can get an accurate picture of what bandwidth is being used and determine where the bottleneck is. Performance isn't just bandwidth. It could be routing. It could be applications. It could even be firewall rules. This provides visibility into issues. 

I've used pfSense on the Amazon EC two virtual machines in a limited capacity. I don't have any customers currently that are in production on AWS. However, if I did, I would certainly use their supported appliance or their virtual appliance on the marketplace. 

Having a single pane of glass management is on their roadmap. If you have multiple instances, you have to manage these deployments across a wide area. I'm required to keep a third-party product.

The main feature that I could see them adding would be a management interface that lets me manage multiple pfSense instances. As an MSP or consultant, it would be very helpful if I could manage them all from one place. 

There are some modernization efforts on the operating system that are needed. Possibly looking at Linux-based operating systems to allow newer features, better hardware support, et cetera, would increase performance. 

They should continue to expand in bracing the software and appliance model and expanding reach to cloud providers other than just Amazon. It would be nice if they had a supported appliance on GCP as well. I have customers on Google Cloud, and this would be helpful.

They need a more streamlined or documented approach to how they would like to see virtualized or alternate hardware deployments supported. If I build my own hardware, sometimes I don't know what the best type of hardware is to go with, and having some streamlined documentation and explaining the best practices would be helpful.

I've been using pfSense since 2012.

The solution is extremely stable. I've never had a stability problem.

The scalability is excellent. However, when you get past a ten-gigabit connection, and we are seeing the opportunity for 20 and 100 connectivity methods, that's a bit of a struggle right now.

Technical support is fast and accurate. I would rate them as having the highest level of customer service from my experience working with customer service. They are excellent.

Positive

I've been in the industry since the late 90s. I've worked with a variety of solutions, including Cisco, Barracuda, Juniper, and more. pfSense is easy to use and much more flexible. It really cuts down your speed to value and time to delivery. There's not much of a comparison at all.

The initial deployment is extremely easy. If you're a professional in the networking industry and you have a working knowledge of OSI model networking, IP address routing, and firewalling, you'll be fine. The interface is the easiest and most user-friendly on the market. 

For a small to medium-sized business, if I already have accurate information on their Internet connectivity and subnetting, I can get it up pretty fast. You can be up and running in a matter of hours. One person can do a deployment.

There may be some maintenance needed. It depends on what type of agreement I have. Some customers are technically astute enough to handle basic maintenance tasks like updates, security patches, and package updates on a regular basis. If not, I offer a service where I can also manage that for them.

The pricing model is good. It's right about where it needs to be. The total cost of ownership is low and the value is high.

I'm a pfSense customer.

I'd rate the solution eight out of ten.

If users are interested in pfSense, they should try the community edition. It's free to download, and you can just get started and try it out. Moving forward, I wouldn't hesitate at taking a look at the different types of hardware that they have, and to talk to sales.

We primarily use the solution for firewalling, site-to-site VPNs, and VPN management.

We largely needed a good firewall solution. We wanted to find a suitable firewall for our company size and what we're doing with it.

It's open-source and everything is available to me without having to pay subscription fees. 

The support with NetGate probably is the most value I've seen from it. They've been really, really helpful. The open-source nature of pfSense, paired with the amount of support we receive, has been great.

The flexibility is great. It does everything I need it to do. The amount of open apps for it is extensive. I was able to help track some networking issues using the pfSense to scan the network.

It's significantly easier than expected to configure the solution and simple to handle add-ons.

pfSense can help prevent data loss. In our environment, things are fairly strict. However, it makes it easy to manage and configure the firewall and handle inter-VLAN routing and firewalls between them.

We do have access to a single pane of glass management. It's easy to review traffic, usage between VLANs, threat monitoring, and user connectivity. I'd have to monitor items separately without this single pane which would make monitoring difficult. 

We do use pfSense Plus. It provides us with the features we need to minimize downtime. The updates and everything that comes with it have been great.

The visibility provided allows us to make data-driven decisions. The modules I have access to for network monitoring and management have been very helpful.

We've been able to optimize performance. With NetGate support, I've been able to utilize traffic shaping and performance optimizers. 

I'd like to see it become more of a next-gen firewall or deep packet inspection, however, I'm very happy with the way it is as of now. 

I've used the solution personally for about two years. My company has been using it for about eight years now.

The stability is very good. 

We have two locations. I have yet to uncover any scalability limitations. 

Support is quick to respond. For the amount we pay a year, the support has paid for itself. I'm very happy with the level of support we get. 

Positive

I do have experience with Meraki and NetGate devices. I've used FortiGate devices in the past. The expense and support were not near the quality of pfSense.

The initial setup was easy to set up and straightforward to configure. It did take a moment to learn where each tool set was. However, after that, it's really good. I handled the deployment myself. I was able to implement it within 16 hours. 

There isn't really any maintenance; it is pretty much set and forget. I do updates every three months or so and that's it. 

90% of the setup was handled in-house; I referred to NetGate support for a few items along the way. 

We do pay about $600 a year for NetGate support. pfSense is free, however, NetGate, that made the appliance, charges for a support package. I'm very happy with the quality of service that I get for the price. 

We would have paid another $7,000/year for subscription fees if we went anywhere else.

I'd recommend the solution to others. I'd rate it ten out of ten.

We're primarily using the solution for testing. We're also using it internally at our own site, mostly as a reverse proxy, but also for the speed. Not all firewalls have 2.5 and and ten gig WAN ports.

The format, the layout and the interface are excellent. We really like that it is quite simple to use and straightforward. The quality, in particular, the ones we have is the Netgate unit, is particularly robust in terms of the look and feel as well as their speed and quality.

We appreciate its flexibility. Its usability is great.

We were able to witness positive results from the product pretty much immediately.

Its SD-WAN capabilities are great. The onboard storage is nice for keeping configs and logs, et cetera.

We do get a single pane of glass for management. It's well laid out and provides clear visibility into management features. Everything is easy to find within the menu bars and options. It is all very logical.

We're using the Plus version with Netgate.

pfSense does provide features to help minimize downtime. There's a failover availability, and there are high availability configurations. We don't use that; however, that's good to have if you need it. Having multiple endpoints or configurations on all of the ports is possible. It helps keep up our site and other sites.

With the logging capabilities, the solution provides visibility and enables you to make data-driven decisions. A lot of our clients are smaller, so they are nowhere near the limits of what pfSense can do by any means. 

The ease of changing parameters helps us optimize performance. It's a lot easier than what can be done with competitors, for sure. 

The solution could improve by adding in some sort of user account credentials in the sense of accommodating more levels of users. From what I've found, everybody has basically the same access. 

A formal partnership with some sort of VPN vendor, like OpenVPN, would be nice.

I've been using the solution for a couple of years. 

The stability is very good. there is no lagging or crashing. It's reliable. 

The scalability is good. However, we and our clients aren't too large. 

I've never needed to contact technical support. 

In the past, we have used Fortinet devices. pfSense is definitely easier to configure and use. It doesn't have quite the same feature set. However, that's fine - you don't always need the full feature set. We find that the add-ons that are available are fine. You just have to find them from a third party. 

The initial deployment was easy.

There isn't any maintenance needed beyond updates. The base install probably took ten minutes and to configure it properly takes two to three hours with some internal servers and multiple ISPs. You just need one person to handle the process. 

I'm using pfSense via Netgate devices, which are reasonably priced. The solution seems to be reasonable. It's well-priced for what you get. It's a bit lower than the competition if you are trying to gauge the cost of ownership. And it adapts well to different speeds.

I'm a customer and end-user. 

I'd rate pfSense eight out of ten.

If a person is familiar with firewalls, they'll be fine adopting it. The interface is pretty easy.

We're using our offices including the main endpoint VPN connections from the main office to our seller offices.

The ability to load third-party apps, et cetera,  into the firewall is pretty useful for a commercial-grade router and file, which is very customizable.

Out of the box, it's about 90% plug-and-play. The last piece, you do need to know how you're setting the firewall up for your environment. It varies on what you're trying to do with it. It can be really easy or difficult, depending on your knowledge base for the application.

We were able to witness the benefits of the product pretty much immediately.

Once you've navigated around it, it's pretty self-explanatory as to where to go. Compared to other products out there, it's pretty easy.

We do have a sort of single pane of glass for management purposes. You do have to dig around. If we had, for example, ten pfSense routers deployed, it would be nice to have one console where you could see all ten devices, update them, and keep them all central. A management portal would be very nice.

I've been using the solution for seven years. 

The solution is very stable. Issues are rare unless a box gets hit with a power surge or something. 

I found the solution very scalable. I can load multiple VMs on it and add a second port onto it. Depending on your deployment, it is very scalable. 

I've only contacted support for corrupted systems. If the unit loses power and comes back on every once in a while, the file system gets corrupted, or it won't boot the device, and you have to reimage the whole thing, in those instances, I've had to reach out to them. They are pretty quick. I can get help within an hour even with just the free version. I imagine the paid version has good support. 

Positive

We used to use Ubiquiti, which was not a great solution. We also used something previously to that. Their interface was very clunky. You'd have to go through multiple different routes to get to the same thing that pfSense has on a single drop-down. pfSense has a more user-friendly setup. Plus, it has CLI integration, which is great. You can make configurations in the command prompt too, which is a lot easier.

To me, the setup is fairly easy. That said, I already knew what I was doing to set it up. If I were coming fresh out into the network and environment, I'd never switch one of the firewalls; there may be a challenge to go through and figure out what the router can do to make the deployment work. When you get the box, you plug it in. There are a lot of features that are ported in that don't come pre-installed. However, they have a complete database listed in their browser. You just go down and pick what services you need. If you don't know what is there, it may take you a while to figure out what the unit is capable of. 

There is no maintenance beyond occasional updates. They don't push those out too often. However, when they do come out, you have to go through them one by one to make sure the update is successful. It would be easier if you could do everything all at once and be done with it.

How long it takes to deploy varies as each office is different. If I'm building three or four VLANs, that's going to take time. In my role, I built one base configuration that contains the VLANs IP servers that I want to use. I've extracted that as a file that I can modify and push to different boxes. So if I get 100 2100 or 4100, it doesn't matter. All I have to do is change the interface names and push it back to the box. So to me, it's pretty fast, and it already has my settings ready to go.

I handled the initial setup myself. 

I use the community version. For configurations and troubleshooting, you do need to pay. I'm not sure what the pricing is for Plus.

I'd rate the solution ten out of ten. 

I'm a customer and end-user.