We use pfSense and Netgate pfSense Plus Firewall/VPN/Router to establish a VPN tunnel between our client and our headquarters to transfer data between client and our equipment. It's very simple to use, efficient, up to date, and the hardware is very available; it's very safe.

We use pfSense and Netgate pfSense Plus Firewall/VPN/Router to establish a VPN tunnel between our client and our headquarters to transfer data between client and our equipment. It's very simple to use, efficient, up to date, and the hardware is very available; it's very safe.

Everything works well inside pfSense. It's affordable. For our use of pfSense, it meets one hundred percent of our needs. It features easy installation, and we use direct installation on the equipment rather than cloud deployment.

Regarding tuning, it's not really an advantage as we need that functionality.

The most significant drawback in recent years has been the cessation of firmware release downloads. In the past, when we wanted to update our equipment, we simply downloaded the latest firmware. Now pfSense has changed its policies. Instead of providing firmware for download, they require customers to proceed with updates through the cloud, which isn't an optimal solution for us. I prefer the old method of updating where we could download the latest firmware and install it directly. Without an internet connection, we cannot update our equipment, which is problematic.

Everything is very stable for us at the moment; we have encountered no problems.

Adding new equipment is very easy for our organization.

I am not in charge of networking in our company, so I may not be the most appropriate person to answer detailed questions. The solution is used for security to establish private communication.

We use OpenSense for our operations.

I usually use it on premises, and I use it for different purposes. I use it for network security for my infrastructure, and I use it for my web servers and data servers that are on-premises.

My main use cases for Netgate pfSense are proxy servers and IDS/IPS, blocking ads, clearing the network for adware and malware, and monitoring the network flow. 

As an open-source solution, Netgate pfSense is highly flexible because a person with kernel-level or code-level experience can control the firewall as per their requirements, and there are multiple packages and tools readily available to integrate with Netgate pfSense. In the IT industry, most of the tools can be integrated with pfSense.

Adding packages to Netgate pfSense is very easy. I just need to search for the required package and then install and configure it.

Netgate pfSense has a very intuitive dashboard. The information is readily available on the dashboard.

Netgate pfSense has routing facilities that help minimize downtime while having multiple internet connections. If one bandwidth goes down, it automatically diverts to the other. 

Netgate pfSense helps prevent data loss by monitoring data transactions and network protocols, allowing us to block certain amounts of data and implement policies to reduce malware and firewall threats. 

From my perspective, the best feature of Netgate pfSense is the load balancer, as I usually take multiple internet connections. I can use both internet providers' bandwidth as a single network bandwidth, which helps in a very smooth network traffic flow. Netgate pfSense has a very interactive and intuitive dashboard that provides all the major and informative information that is readily available.

Netgate pfSense has positively impacted my organization because when we look at other firewalls or alternatives, they are costly. 

For my requirements and use cases, it is sufficient for me, and I have never faced a need for additional features. AI would always be a plus point, and if pfSense could change its framework from FreeBSD and PHP to a different language and Linux OS, that could enhance security.

I have been providing services for network solutions and network security, and I have been using Netgate pfSense for almost four to five years.

Netgate pfSense is definitely stable; I've multiple sites using it, and they are live right now. I've at least 20 sites operational.

It is a scalable product. I would rate its scalability a seven out of ten.

I have never used the services of Netgate, but I can rate the product itself as a 10 out of 10 because it has been very helpful to me.

Neutral

I have previously used Fortinet and Sophos. The major reason I switched from Fortinet and Sophos to Netgate pfSense was to mitigate the financial aspect, as those alternatives were costing us lakhs.

Deploying Netgate pfSense is very easy because I used to deploy it on my personal hardware. Whatever spare hardware I have, I install it directly on that. Installing and configuring it is very easy for me.

I deploy Netgate pfSense for various companies. There are many startups in India that require a cost-effective solution that allows them to use their hardware and provide basic security. 

Deploying infrastructure for a new company takes me approximately one day, unless there are separate requirements to configure, such as creating usernames and passwords for each user, which may take two to three days.

I do everything in-house by myself. I am the only person involved in the deployment.

I have seen a return on investment with cost savings after implementing Netgate pfSense, as other firewalls would cost me lakhs of rupees while pfSense is free.

Everything we need is covered in the free version of the open-source pfSense. I have never used the licensed version or required certified partner help to implement or deploy anything.

If we are not purchasing any support or incurring any Netgate costs, the total cost of ownership for Netgate pfSense is zero, as it is freely available to download and install, requiring only hardware for deployment.

The cost of other firewalls goes to thousands and lakhs of rupees compared to pfSense, which costs zero. If we opt for Fortinet, it costs about one lakh thirty thousand Indian rupees for the firewall, and then it costs up to almost fifteen to twenty thousand annually for the user subscription. With Netgate pfSense, all those things get covered at zero cost.

I did not evaluate any other options aside from Netgate pfSense because it was the only solution I could find that effectively met my needs. It works for our use cases.

In terms of data-driven decisions, there is a package that can help me understand each and every packet and time. I have not gone through that avenue yet, but it allows us to get all the data for data-driven decisions.

There is a paid feature to increase performance, but there are multiple tweaks available in the advanced settings that can help increase bandwidth or usability based on requirements.

I have not used pfSense Plus on Amazon EC2 VMs because there was no requirement. 

I would rate Netgate pfSense a ten out of ten.

We have been building local firewall systems since 2008. 

The main use cases for Netgate pfSense are its exceptional stability and reputation as a premier network operating system worldwide. Millions of people are using it, and we have rolled out a new hotspot system that works from the cloud. The service is running under the pfSense portal.

Netgate pfSense impacts our organization positively because it's open source and has a free edition, which helps us significantly in building our own systems for our customers. It helps in building a new firewall system for the Turkish market. It helps us substantially.

Netgate pfSense's best features are that it's open source and flexible. We have implemented IPsec VPNs, site-to-site VPNs, and client-to-site VPNs. 

We appreciate the flexibility of the Netgate pfSense solution, but we have waited approximately two years for new updates to the Community Edition. We are now moving to OPNsense.

I appreciate Netgate pfSense because we have been using it for approximately 18 years, which is a considerable amount of time. We are waiting for pfSense to integrate AdGuard, Pi-hole, or Zenarmor directly into the pfSense kernel. When I install packages, such as Snort or OpenVPN client export tool, I need to install AdGuard or Zenarmor because it's very challenging to ban TikTok, YouTube, or social media for our customers. In the early days, we managed this using SquidGuard, but since the blacklist has changed, we are struggling. There are many other blacklists I have tried, but I couldn't make them work. It has to be much easier for engineers to implement this. It's easy to integrate AdGuard into OPNsense; it becomes a function under the firewall. You can easily switch blacklists on and off, and create custom blacklists to block all social media with a toggle. We would appreciate such facilities in pfSense as otherwise, we have to manually enter all the websites, DNS resolver, and DNS overrides. Writing numerous rules on the LAN side during installation takes considerable time.

We have been using Netgate pfSense since 2008.

Netgate pfSense is a stable solution for me.

It's a scalable solution. Two months ago, I purchased a brand new server edition, a Lenovo ThinkSystem server with 128 GB RAM. I installed this pfSense server in a data center, and it's working fine. Many people connect via VPN; three or four sites are connecting site-to-site, and we also established another IPsec connection to one of the biggest ISPs in Turkey. It's working great now.

We have never asked for technical support from Netgate. We rely on the resources on the web for information.

Neutral

Two months ago, we switched to OPNsense, and we are now studying OPNsense. We made a strong decision to switch to OPNsense because of the large solutions. There are many facilities, such as AdGuard and Zenarmor, which can be easily installed under OPNsense. We are studying OPNsense, and we will likely switch to OPNsense in 2025 because we are still waiting for a stable version of pfSense. 2.7.2 is very old, and we have switched to the 2.8 beta version, but we are still making our tests now.

Since we have been using pfSense for almost 18 years, we have learned extensively about Netgate pfSense. We have worked extensively and watched many educational videos from the United States, and we have made ourselves ready for pfSense. If one understands the system, it's easy to handle, but without knowledge, it's very challenging for everybody. Many people try to work with pfSense in Turkey with the free edition, the Community Edition, but they couldn't succeed because it's a complex system. It's a vast ocean, and understanding every protocol is necessary. Basically, all firewall systems are the same. Brands such as Cisco, FortiGate, and Sophos sell well in Turkey, and we are competing with these companies. Our target market is the small market, not the big companies or holdings, especially in the hospitality sector, where we deal with hotels and motels.

We would appreciate seeing facilities similar to OPNsense for Community Edition. In Turkey, people generally don't want to pay for yearly subscriptions to firewall systems. We barely recouped our investment for our Safe Hotspot system in Turkey. Competing with other brands such as Sophos, FortiGate, and Cisco is challenging. These brands also require annual payments, and due to Turkey's economic conditions, everyone is eliminating such costs. We have produced our hardware for pfSense, but it was not Netgate; it was only pfSense in the early days. We made our own rack mount 5 or 8 port firewall systems in Turkey and sold many.

The initial setup of Netgate pfSense is not complex; it's very easy. I can even have one of our resellers burn a pfSense USB stick and install pfSense without knowing anything about it. 

Because the Community edition is free, we only charge for our services to the customers. In Turkey, we cannot demand normal pricing; if we were in Europe or the United States, we might collect more money from customers. The conditions in Turkey are very challenging, and collecting payment is difficult. We often charge half or one-third of the price compared to Europe.

We would like to buy Netgate hardware, but when I checked its price in Europe, it seemed expensive.

I would rate Netgate pfSense a 10 out of 10.

I prefer this product because it is open source. Another thing is that it is Unix-based, so it is not affected by viruses or attacks. Support is also available.

With the right hardware, its VPN capabilities and performance are amazing.

From my usage, controlling the bandwidth for each user is valuable. Also, the availability of working as a backup or aggregating downloads is useful. All these capabilities are key.

Its interface is simple and easy.

Maybe they can add two-factor authentication.

I have been working with this solution for almost four to five years.

It is very stable. I would rate it a ten out of ten for stability.

It is scalable. I would rate it a nine out of ten for scalability.

We have 60 to 65 users.

I have not taken any technical support from Netgate. I was able to get all the information from the web or Netgate forums. I did not use their technical support because it is an open-source and free edition.

Neutral

I used OPNsense.Using the module for controlling the bandwidth for the users in OPNsense required payment. There was also a subscription, and I dislike subscribing to any service.

It was not complex. It was straightforward. They had a wizard with ten steps. I just had to fill in the information.

It took me about 45 minutes to be completely up and running with my configuration.

There were no third parties involved. It was implemented on-site.

I am using the free version. 

I would recommend pfSense to others. It is free. Overall, I would rate it a nine out of ten. 

I use pfSense as a home router firewall on enterprise equipment purchased from eBay. I utilize it for personal interests and not in a professional IT capacity, mainly for home setups and maintaining VPNs to family members.

It is very easy. An enterprise person who has been doing this all day long will find it as easy as a command line if not easier than the command line. I would prefer not to have to set up another server to monitor my links and everything else. I like that I can go into my one dashboard. It is all running on that one box. I am happy. A large enterprise will have monitoring services, so this might not be as critical for them. For small and probably medium-sized businesses, having the user interface and being able to import configs is very powerful, but it is probably a mixed bag for larger companies that already have services and other things, and GUI does not matter to them.

It provides a single pane of glass. When I come in, I can immediately look at my gateways, link connections, services, etc. It shows my DNS blocker, CPU usage, and memory usage. I can see that my gateways are online, what traffic graphs I have selected, and all my services are up. That is what I like about it. This is what I will miss if I go to VyOS. I know I will have to set something else up specifically to show me all the monitoring and make sure that I have that warm fuzzy that everything is working.

Being able to see in a single pane of glass what is happening makes it very easy for me to react and know what is going on. For example, I changed some tunnels to my family in upstate New York. I am down in Philadelphia. We were having some connection issues, and through its interface, I was able to easily identify the issue. I had a tunnel configured wrong and changed some settings, and we were back up in ten minutes.

Its ease of use is great. If I do not continue forward with pfSense, it would be going to VyOS, which is all command line. pfSense's user interface is very nice for simpler configs and monitoring. It is very stable, and it works very well. Flexibility is great, and the plug-in model is very nice for pfBlocker and other things. It is a very robust solution that works very well.

They could do better with their licensing in the home use space. For me, that has been a struggle. 

I got three pfSense Plus licenses when they were giving them away to the community for free because pfSense decided that they do not enable the QAT. They do not enable the network acceleration function that is on the Intel Atom CPUs and some of the Xeon D's in the Community edition. IPSec acceleration and OpenVPN acceleration do not work on those smaller boxes because it is going to use the CPU, so I got the three licenses, which worked well. It was all good, but they decided to take that away and are charging $129 a year. Somebody savvy like me is going to pay for it. I will pay for it for myself, but I also maintain the routers of my parents, my mother-in-law, and a friend. I have IPSec tunnels to them, and they need the acceleration technology that is disabled, but they are not willing to pay $129. I wrote to the Netgate salesperson asking to consider a model with a $60 per year subscription because they are putting a barrier on themselves. They have abandoned the Community edition. There has not been an update in a year, but then you hear that they are contributing. They are making updates, but they have not released it. There is an opportunity to make more money in the home user space if they change their licensing model.

The other little hiccup that I see with it is they have it tied to MAC addresses. It generates a license based on the MAC address. If you change any MAC address, you have to issue a new license. They were nice about it for me when they did a one-time change for me, but if I put another Ethernet adapter in the box, it says it needs another license. They should work on that. It seems they are going to change this.

I have probably been using it for more than a decade at this point.

My instance has been up for over two years without a reboot, so it is very good.

It is a mixed bag because I have had 1 gig symmetrical Internet. I have 2 gigs now. As you get further up the stack, it is going to get worse. I do not have options past 2 gigs. I have 25 gigs between some servers. I have 10 gigs with a lot of machines. They have their TNSR project that sits at a thousand dollars a year, but I cannot even try that. They have entirely removed the Community edition for that, but it has been great with 2 gigs and 1 gig.

They are super fast, super nice people, and very accommodating. The quality of support is great. They are better than I would have expected them to be. I would rate them a ten out of ten.

Positive

Previously, I have mainly used VyOS, Cisco ASA, OPNSense, and Fortinet. 

Cisco ASAs are very nice. They compare very well, and they have their single pane of glass. They have GUI and no license fees yearly. Netgate will say the same thing. If you buy their hardware, you get the license for free, but they triple the price of a new piece of equipment.

The initial setup is not easy right now because I have to put my email in, and they send me a link. I would prefer to have separate images for the Community and Plus editions.  

When you go to the installer, it asks you if you want Plus. You have to put a valid license in to get it to install Plus. In my situation, all three of my Plus licenses have expired, and they all continue to work. If I need to reinstall that on a new box, I can only install the Community edition. When I boot it up, I cannot import my config because my config is from Plus. For me, it would make more sense if I could download and install a Plus image, and it gives you a 24-hour period to put in a license and have it activated. Something to that effect would make it easier because I cannot imagine I am the only person who has had this issue.

The licensing model needs improvement, especially for home users. There should be more flexibility to change licenses with hardware changes. The pricing model could be more accessible for home users.

The license is locked to a specific device. There are other services where you can buy a pfSense, and you get that license for a year. You can put it on any single device, and it moves with you. I do not want to have to call them to get the license changed. I would prefer that when I put it on a new device, they know it is registered to this new device. It is not on the old one. They should handle licensing differently for home users. They should try to differentiate it from enterprise.

There should be a cheaper tier of pfSense Plus for home users. They need to improve the pricing for a home user. They can look at the numbers. They know how many installs they have.

I would rate it an eight out of ten. It is a great product, but they have sold it in a way that does not align with the way I need to use it or the people that I have it with are going to use it. It practically does not make sense versus what else is out there. VyOS is free. Its Community edition is free, and they update their Community edition first. It is the opposite of what pfSense is doing. They are updating the Plus edition first and the Community edition comes second.

I have Netgate 4100 and pfSense Plus.

My career is in IT, and Netgate is part of my home network, which does hot failover between two ISPs because I work from home a lot and do not want to be disconnected. It handles all my home security, manages remote access to my systems when I am abroad, and hosts some services such as health checks from Route 53, WireGuard, etc.

I was able to see its benefits immediately. One issue it helped me solve was that I was hitting bandwidth caps from one ISP and did not understand why. It turned out that the ISP was counting all return traffic from outsiders probing my home network. They would find my Linux device and see that there was an open SSH port, and they would hammer at it. This generated an enormous amount of traffic. Installing pfSense allowed me to detect it accurately and shut down this traffic.

It is hard to say if pfSense helped prevent data loss in any way, but unauthorized access to my network and the data I have on my network from the outside is not feasible now.

I can do all the things I want to do from the device. I do not have to set up services on other hosts. I do not have to have any other UI in place. I can just go to pfSense and do all the things I need. The slight caveat to that is that I am not operating AWS or GCP from pfSense. I have set up my health check from Route 53. I have set a couple of very simple things in AWS, but I do the rest of the things from pfSense. It is pretty close to a single pane of glass.

I use pfSense Plus and found pfSense Plus to be more robust than the Community Edition. Any network device needs occasional prophylactic reboots. The frequency of issues, such as the tables being all dirty or memory being scrambled, has significantly reduced with pfSense Plus. The hardware has considerably improved. Because I was running Community Edition on an older Netgate, it is difficult to understand where I am getting the improvement from, but pfSense Plus has certainly been a lot more robust. I have fewer instances where one of the interfaces just stopped working. That used to happen with Community Edition fairly regularly. I have not had that trouble at all here. Upgrades have been a lot smoother. They are down to just a reboot, whereas, with Community Edition, I had to regularly wipe the device, reinstall the operating system on pfSense, and load in my configuration from backup, which I was able to do and usually worked. I spend a lot less time in system maintenance using pfSense Plus than with Community Edition.

Its out-of-the-box performance meets my needs. When I wonder whether my network is a little sluggish, I am able to go in and find out things, such as one of my ISPs being dropped out of my load balancing config because of too many latent pings. It has been very useful and easy to do those sorts of things.

It is very flexible. I have not found a use case that I could not satisfy with the device. There are more use cases I am not currently using. For instance, I do not have an HA setup. I use it for my internal home DNS and DHCP services and to split the VLANs so that I have Internet of Things and guest VLANs. I trust the device's VLAN. It helps me deny traffic from large areas of the world that do not need to interact with my firewall.

With such solutions, there is always a learning curve, but with enough foundation, I have never found that curve very hard to climb. Whenever I have tackled a new thing, a little bit of searching on the web and playing with the UI has always gotten me where I wanted to be.

It is best practice to remove all installed packages before you do an upgrade because most upgrade failures have to do with having installed packages. These are additional packages that supply functionality above and beyond what comes in the base operating system. We have to remove them one at a time. I would prefer being able to click a button that says," I am upgrading, so uninstall everything and store in the configuration file what I had installed." It already keeps the configuration of all the packages installed. Even if I do not install them again, the configuration for those packages is still there after the upgrade. It would be very nice to have a one-click feature. There can be a check flag on the upgrade screen to remove packages first and then another check flag to reinstall them after the upgrade. This would be extremely handy, particularly when I have a lot of packages. It takes me about 15 to 20 minutes to uninstall and reinstall them all after the upgrade.

A couple of weeks ago, I would have had another area for improvement, even though it was outside their purview. They are switching DHCP providers from ISV to something, but it did not have a feature I wanted, which was client hostname registration for statically served IP addresses. I rely on this for host management inside my trusted network, but that feature has been released now, so I feel more comfortable moving to the new DHCP version they support.

I have used the solution for at least seven years.

Since operating Netgate 4100 and pfSense Plus, anytime I wondered if the device itself was laggy, it was not the device. It was something upstream causing the issue. I have an HA configuration and a load balancer, so if one of the links goes down, the device gets a little laggy as it drops that interface and brings up the other one as the primary. If the ISP is flapping, this will happen continuously, introducing a lot of network lag, but that is trivial now that I understand what is happening. As soon as I start feeling lag, I check the logs to see if that is the cause. The device itself has not ever been latent or lagging. It has been rock solid.

I found it very scalable. I am out of ports on my device because of having multiple ISPs and VLANs. I do not have an HA setup, so the device scaled very well for my needs personally. When we deployed an HA pair in a professional situation, we had a much larger network, and it scaled to cover that easily.

I have only contacted them to get a download of the operating system image ahead of any upgrade attempt just in case I needed to start from scratch.

Neutral

I have used a number of different solutions. I have used firewall software and hardware of all kinds, both professionally and personally, reaching back to the early 2000s.

The initial deployment was done many years ago. I remember it being pretty straightforward back then. One of the things I enjoyed about the device is that the configuration file is like the starter batter where someone gives you a lump of yeast and dough pinched from someone else's. 

I have been able to roll my configuration file forward every time I switched devices or operating systems. This has made it a lot easier to maintain the device. Even when I had to completely wipe the machine and start over, it was pretty trivial in almost all cases. It has certainly been a lot easier since I started using pfSense Plus to get my configuration back up and running again.

When I ran an IT shop a few years ago, we had an off-the-shelf solution where years ago, somebody had built a firewall solution using a couple of rack-mount PCs and some open-source security package. It was a black box. Nobody around understood it anymore, and I needed to replace it. I went to look for hardware that my shop wanted to use, like Cisco, but the price was well out of our budget, so we went with a pair of HA Netgate devices and pfSense. That solved our problem. I thought it was a good price point for a good solution.

Their pricing is quite reasonable. It is very good. Every firewall is a router, but typically, in an enterprise situation, these are separate. My home is essentially a small office. My partner and I work from home a lot, and I am the system administrator, network administrator, and security administrator. The values are high because I am not maintaining two machines. I am not spending my own power on two different devices. For small office or home use, such as mine, pfSense is valuable because it combines multiple functions into one low-power device.

I would rate pfSense a nine out of ten. 

My use case involved having a firewall from a different vendor, which was taken over and used as a bot in a network. This incident made me reconsider my firewall provider. 

I integrated pfSense, and I have not encountered any issues since. Initially, I used it as freeware as a virtual box, and it performed well. 

About two and a half years ago, I transitioned to physical boxes. We have more than one. My use case was to connect two offices and create an extended LAN using pfSense for point-to-point connections between the data centers.

I have never had an issue with pfSense, except when attempting to configure it. When left as is, it functions well.

Support is very good.

It is rather flexible.  

Having enterprise support was immensely helpful since I have run into problems using a plugin. Without it, I might have needed to purchase a new box.

I do use pfSense Plus. We had downtime before pfSense. We've never gone down using the solution. We haven't had any performance issues.

I like the plugin systems, even though I feel like I'm playing roulette. I'm not sure if it does what I want it to do or if it will break the original capability of pfSense. Plus, having all of these dependencies may be a liability. While I appreciate their availability and wish to develop my own plugins, time constraints hinder that. 

Since the language used in the documentation is difficult for a non-English speaker, I find it hard to understand. It assumes they understand the words that are used and sometimes I feel I need to get out a dictionary to get handle on what they are talking about. They need to simplify the language a little bit. 

Using a plugin for reverse proxy allows multiple URLs to listen on port 80, rather than a single IP address for multiple servers, however, this requires changing the default port of pfSense. When I changed the default port, I experienced difficulty accessing the device. I thought my password was incorrect, when in fact, the port change was the issue. I had to connect to the physical device using a special cable. While I found this surprising, I am too paranoid to use SSH due to its perceived vulnerability.

We're a security company. We provide solutions to prevent hacking. pfSense is really good at preventing outside access; however, as an attacker, there are endless opportunities to attack. There's no way for me to know who or what pfSense is blocking or preventing. pfSense doesn't tell you any information.

I've been using the solution for two to three years. 

I receive popup notifications indicating that we have run out of memory due to some unknown reason, despite using only 20% of the device's memory. I am unsure of the cause. There is nobody that can give me a good answer to this issue. Occasionally, I receive emails from sales about updates, however, sometimes, the device does not detect these updates.

We have not reached the point where it becomes stressed. Our device isn't that big in terms of size since we don't have a lot of big users. No one has complained of buffering or response times. Our internet is likely slower than our pfSense. 

I was really happy having enterprise support when issues arose. Without this support, I probably would have bought a new box.

We have premium support. It helps me as I didn't feel comfortable with all of the responsibility. It's helped us with tech IDs and getting into the system when there have been issues. 

Positive

Management provides a budget for purchases. Initially, I bought a product based on appealing flyers and sales promises. However, after purchase, I realized it was not as secure as anticipated. I liked that pfSense started off as partially open-source. We trusted the technology.

We don't do cloud services. We have an on-premies setup and wanted to use pfSense in our on-premises cloud. It works really well and we are very comfortable with it. We do a lot of research with nasty malware and have not seen anything able to hack it yet. We've done so many deployments that we're very comfortable with the setup and capabilities.

You just power it on and follow the Wizard. If somebody has never done any firewalls, they should do what the tech says.

I'm the only person that is allowed to touch it and I'm the only one with access. We have four sites and no issues. We've abused one of the plugins, the pfBlocker, that has a subscription URL that can get malicious actors and help us block their IP. We can update the firewall rules almost in real-time. That's the basic maintenance we do. It's mostly automated.

There are occasional updates, and we get notices. Sometimes, the devices do not see the update, and I get paranoid that it's a phishing attempt. I'm not sure of this is a bug or not. 

If instructed by my boss, I can complete tasks within four hours, adhering to pfSense's SLA. I don't mind being challenged. 

Monetary concerns are not my focus; I cannot justify saving on the firewall for personal expenses. 

I would recommend the solution to other users, including potential government clients. I've invited others to try and hack it, to showcase how robust it is, and no one can. It's impressing people. They're saying, "I need to get one of those."

I would rate the overall product seven out of ten. I'm stressed out by the documentation. I do have an interest in doing a pfSense certification course. The documentation is holding me back from giving me a ten. 

I can restrict IP addresses by country, for example, which is very useful. If I don't have business traffic from specific regions of the globe, I can restrict them. I loaded SNORT and started playing with some of the rules and packages.

Overall, I've experienced fewer problems since I started using it at home, so I'm very happy with it. It's very flexible. I think it's extremely flexible.

I can configure as much or as little security as I want. A lot of it comes out of the box and I can fine-tune it toward my needs according to my knowledge, obviously. I think it's pretty flexible, yeah.

Less down time, less denial of service attacks.

I received a great deal of guidance and help from the technical user group, the forums are awesome and the community is outstanding.

Netgate technical support is also very good although it incurs a cost.

The software is easy to use and rather flexible, it is just a matter of getting to know it. 

You can buy the appliance pre-configured, there are many models available, to suit your needs and your budget.

However, you don't need to buy the hardware, which is what I'm really excited about, in other words, you can buy the service on the AWS cloud.

Since I purchased the service, I have not had as many denial of service attacks, it minimizes downtime by reducing the number of computer crashes, so yes, it increases uptime.

The solution is very flexible, you can configure as much or as little security into it as you want, a lot is available right out of the box, you can fine-tune it.

I saw results of using the solution immediately. You can start restricting IP addresses by country right away. That's very useful. It's easy to restrict regions.

Overall, I have experienced fewer problems since using the solution. 

pfSense does provide a configurable dashboard, however, you have to connect to it through a browser. I can see a lot of stats in a single pane that is quite flexible. It does what I need it to do so far, you can add or remove sections.

It doesn't directly minimize downtime, however it does indirectly, by minimizing the number of DDoS attacks. This increases uptime. Since using pfSense, I don't have as many attacks. 

I use pfSense on an Amazon EC2 virtual machine. It works well in the cloud. This implementation optimizes resource utilization because it doesn´t rely on static hardware which quickly reached EOL support, I can grow/re-size easily.

I can take it with me wherever I go - as long as I have a network connection, laptop or cell phone without being tied to hardware.

I'm not knowledgeable enough to suggest new features. The use has been very straightforward. Whatever questions I've had, I've found videos to help me on YouTube, or I've been able to ask the forums.

I've also reached out to technical support and I've received help although there could be more videos or tutorials from Netgate, in addition to third parties who have already implemented it, which is great. 

I have suffered a lot of problems over time but I don't think the problems are related to the hardware or the software. I am convinced that the problems have been related to hacking during configuration.

During the setup process, while experimenting, the device would stop working or the password would suddenly not allow access, requiring re-installation and re-configuration, it was very slow going until I moved to the cloud.

The dashboard is a little bit slow and the reporting isn't always current or immediate but acceptable. I'm not sure I can make data-driven decisions due to insufficient volume. I would need enhanced reporting, statistics, playback. 

I haven't looked at the reports a lot since because you have to access the log files, time is an issue, I use it in a home office environment.

I have been using pfSense on and off since August 2015 when I bought my first device with the pre-loaded operating system. I've been working ON it ever since, on and off.

I suffered a lot of problems but they are not related to the hardware or the software. They were related to hacking that I was subjected to. The device would stop working. The password stop working suddenly. I had to reinstall the whole thing. So it would be very slow going. 100% up time since I went to the cloud. There you have it in a nutshell. 

I'm not tied to the size of the hardware that I'm using. An SGA 2440 is a really nice device for a home office. However, if I should grow into a business, then all I need to do is resize the virtual machine capacity. I don't need to buy a new device and reconfigure it. I can just grow the device that I already have. That might imply a migration but not reconfiguring from scratch.

The support is excellent quality, yet it's expensive. 

They're very quick to rule out things if they're not cutting edge. In other words, if it's not a new device, if the device is near its end of life, they tend to kind of say, "well, you know, no. We don't deal with that anymore." 

My device was still supported, although older. In any case, it was clear that they were not going to give it as much effort as something in its main life cycle. My impression was that it I was summarily brushed off on account of age.

User groups helped me a great deal. Support offers a certain amount for free when you get the subscription in the cloud which I purhased. However, if you have a really big issue, then you have to pay for support. 

Positive

I looked at another Netgate option which also runs in the cloud on AWS. I haven't used/evaluated it. I don't remember the name of it although it looked very interesting. I settled on Netgate because my friends recommended it.

Malicious behavior is something that I've noticed over the years and it is growing.

I sought help and joined a nonprofit organization locally whose charter is to educate people about the dangers of being on the Internet and how to modify their behavior to minimize the risks and protect themselves. 

This solution is very configurable, reliable and approachable open-source software. When I re-nstalled the latest version on my home device, I downloaded it for free, I got an invoice from Netgate for zero dollars. 

Netgate makes money from subscriptions on the cloud or selling the hardware with the installed operating system. However, the operating system is still free. It's still open source. 

The community is wide, and there's a lot of help available. It's relatively cheap if you buy your own hardware and very configurable. 

I can't say that I went into a very exhaustive investigation of other options. When you're ignorant or inexperienced like me, it requires a huge time investment to make the evaluation, I discarded over the counter solutions.

So you try to approach people who have already evaluated a whole bunch of products, and ask them to tell you which one they think is best, most flexible and configurable, NETGATE pfsense was the overall winner.

The initial setup in the cloud is easy and I received good instructions and a fair amount of coaching when I purchased the service. 

The on-premise appliance, which was also pre-configured did not come with instructions, so it was less straight forward. I didn't have a guide. It didn't come with a manual. It was more difficult for me and I struggled a great deal. 

The second time around, I already had seen the operating system its interface, configured it, reset passwords, the whole thing so I was more comfortable with that, received more help and had more documentation available online.

The cloud version was easier since even if I did not have a lot of experience, I had more help. Maybe it's just the perception. While it wasn't difficult for an inexperienced IT person, it might be a little more complicated for a regular user.

Netgate has TOP of the line expertize and customer service.

Not measurable in the USD but considerable in terms of productivity.

It's a little expensive in my region. I really want to buy a device, a hardware device, and have it on-premises. I want my own security gateway appliance at home, my own router to log into, configure and play with. 

However, I don't have that, my SG-2440 just died from a power surge, it's a huge up front investment and it is also more vulnerable in more ways than one.

An average device costs around $500, is vulnerable, can be stolen, damaged by electrical surges, tampered with. 

If I buy the subscription in the cloud, I eliminate the danger of theft and losing my investment, and I can take it wherever I go. I feel more secure with the cloud version, even though I know it's more expensive. 

The cloud lease cost $50 a month at the time I was interviewed, about $120 now, a lot of money for me. However, it has been worth it. I can access all of the resources remotely, manage, configure, upgrade, use at home and on the road.

No, I asked around for recommendations.

I'm just a customer considering a partnership.

I now have a pfSense subscription on AWS, I've installed it on my laptop and mobile devices. I can use it at home and away from home. My cell can share Wi-Fi and extend the benefits to others around me.

I'm considering alternate architectures to split my home office network using an on-premise device here at home. 

That will allow the mobile component on the  AWS Cloud for my cell and my laptop if I travel, since the OpenVPN is installed on them, as well as the ethernet connection from the home appliance for wired access to repeater, TV, laptop. 

It doesn't matter if it's Ethernet or Wi-Fi everything will be covered. 

Overall the product rating is nine out of ten.