We just raised a $30M Series A: Read our story

pfSense OverviewUNIXBusinessApplication

pfSense is #3 ranked solution in best firewalls. IT Central Station users give pfSense an average rating of 8 out of 10. pfSense is most commonly compared to OPNsense: pfSense vs OPNsense.pfSense is popular among Small Business, accounting for 60% of users researching this solution on IT Central Station. The top industry researching this solution is Comms Service Provider, accounting for 43% of all views.
What is pfSense?
Providing comprehensive network security solutions for the enterprise, large business and SOHO, pfSense solutions bring together the most advanced technology available to make protecting your network easier than ever before. Our products are built on the most reliable platforms and are engineered to provide the highest levels of performance, stability and confidence.
pfSense Buyer's Guide

Download the pfSense Buyer's Guide including reviews and more. Updated: October 2021

pfSense Customers
Nerds On Site Inc., RKC Development Inc., Expertech, Fisher's Technology, Ncisive, Consulting, CPURX, Vaughn's Computer House Calls, Imeretech LLC, Digital Crisis, Carolina Digital Phone, Technigogo Technology Services, The Simple Solution, SwiftecITInc, Rocky Mountain Tech Team, Free Range Geeks, Alaska Computer Geeks, Lark Information Technology, Renaissance Systems Inc., Cutting Edge Computers, Caretech LLC, GoVanguard, Network Touch Ltd, P.C. Solutions.Net, Vision Voice and Data Systems LLC, Montgomery Technologies, Techforce, Concero Networks, ASONInc, CPS Electronics and Consulting, Darkwire.net LLC, IT Specialists, MBS-Net Inc., VOICE1 LLC, Advantage Networking Inc., Powerhouse Systems, Doxa Multimedia Inc., Pro Computer Service, Virtual IT Services, A&J Computers Inc., Envision IT LLC, CommunicaONE Inc., Bone Computer Inc., Amax Engineering Corporation, QPG Ltd. Co., IT 101 Inc., Perfect Cloud Solutions, Applied Technology Group Inc., The Digital Sun Group LLC, Firespring

Pricing Advice

What users are saying about pfSense pricing:
  • "pfSense is open-source, but the support is something that the customer pays for."
  • "It's open-source and it's free. Anything for free is good."
  • "There is no license. You don't have to pay anything. It's completely free."

pfSense Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Bojan Oremuz
CEO at In.sist d.o.o.
Real User
Top 5
Feature-rich, well documented, and there is good support available online

Pros and Cons

  • "The classic features such as content inspection, content protection, and the application-level firewall, are the most important."
  • "Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually."

What is our primary use case?

We are solution providers and this is one of the products that we deploy for our customers. This is not a product that we use ourselves.

How has it helped my organization?

pfSense prevents unwanted access. If you configured things properly then you'll be protected to some level. There is still a need for products like a SIEM, but the UTMs like pfSense or Sophos, prevent most of the problems.

What is most valuable?

The classic features such as content inspection, content protection, and the application-level firewall, are the most important.

This is a feature-rich product.

The documentation is good.

What needs improvement?

Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually. It would be more user-friendly if things were set automatically. 

The drop in performance can be drastic when you use more advanced techniques. There is some trade-off between having a certain level of security and maintaining acceptable performance.

One of the things that are usually outside of the UTM, or system on the gateway, is the SIEM. It is an advanced system for managing the possibility of threats. It is not normally part of such devices but it would be nice if the pfSense interface were integrated with it.

For how long have I used the solution?

We have more than a year of experience with pfSense.

What do I think about the stability of the solution?

The stability of pfSense is standard. It is rated as one of the good solutions in this area.

What do I think about the scalability of the solution?

This product is scalable to some point, although we have never used it for large companies. We use it for small to medium-sized organizations. For big companies, we more often implement Palo Alto.

In our company, we have a data center and some of our clients are hooked to it. This is something that we have on-premises for our customers.

We have plans to increase our usage with pfSense because we have had good feedback from our customers. In fact, with the good experience we have had, our sales have been slightly increasing. Our sales are shifting from Sophos to pfSense.

How are customer service and technical support?

The technical support is organized well. We do most of the technical support for our customers in-house but there is a second level of outside support available. It is okay. 

Which solution did I use previously and why did I switch?

We currently resell products from both pfSense and Sophos. In some areas, pfSense is better than Sophos. I have been a bit disappointed with Sophos because I know their history, and I don't think that they have advanced as well as they should have in that time. Also, they have two different products, being XG and UTM. This is another reason that I prefer pfSense, at least a little bit, over Sophos.

In the past, we were the developers of a product called Network Defender, but it has reached end-of-life. We were pioneers in the area and were one of the first who was making UTMs. The name "UTM" didn't exist at that point. We were partners with Cobalt, who was the first appliance creator. Their appliances include web servers and email servers. When Cobalt was bought by Sun, we made our first Network Defender line. That became the first appliance, which had firewall content inspection, content protection, intrusion prevention, intrusion detection, antivirus, and email and web servers at that time, all in one box.

From that point on, we had our line, which was distributed all over the Middle East, Asia, and some parts of Europe. We then worked with Palo Alto, we were a Cisco partner the entire time, and we worked with both Sophos and pfSense.

In our organization, with have Cisco ASA for certain things, and we have a firewall by Palo Alto.

How was the initial setup?

The initial setup is complex. If you have a straightforward setup then you will have straightforward, basic protection and nothing else.

It takes a few months to adjust where you start by setting it up, and then you have to monitor it and see what's happening. It's ongoing work because, after this, you have to keep monitoring and adjusting to the situation. This is part of the service that we perform for our customers.

What about the implementation team?

We are the integrators for our customers and deploy with our in-house team. We have people in the company who are specialized in this area.

What was our ROI?

The return on investment depends on the predicted cost of failures of the system, or intrusion of the system, which is hard to give a straight answer on. In part, this is because different companies put a different value on their data.

For example, with medicine, if somebody were to steal the data related to the latest CORONA vaccine then the cost would be tremendous. On the other hand, if there is a company that is making chairs, stealing the design of the chair probably wouldn't be as high when compared to an application in medicine. So, there is not a straight answer for that.

Return on investment, in any case, I think for every company, this is a must. Put in a straightforward way, they can count just the possibilities of having an attack on their system with a cryptovirus. If they can save their data from attackers then it would save them at least two days of not working plus the cost of recovery, which would be much more than the cost of the system and maintenance.

What's my experience with pricing, setup cost, and licensing?

The price of the licensing depends on the size of the deployment. pfSense is open-source, but the support is something that the customer pays for. We charge them for the first line of support and if they want, they can purchase the second line of support. Typically, they take the first-line option.

The term of licensing also depends on the contract. The firewall doesn't always have a contract but rather, there is a contract in place for the network, which includes UTM.

In addition to the licensing fees, there are costs for hardware, installation, and maintenance. We use HPE servers, and the cost depends on how large the installation is. The price of setup is approximately €500 to €800, which also includes the initial monitoring.

The maintenance cost isn't really included in the network fees.

For smaller companies, we charge them a few hours a month for monitoring. It takes longer if the client is bigger.

What other advice do I have?

It is important to remember that you can't just leave the device to do everything. You still have to know what you're doing.

I recommend the product. It's well-balanced and one with a long history, so it doesn't have child's diseases. There is a lot of online support available online, which they can consult themselves. But, in the case that they need support, they can hire a professional support line and that is highly recommended.

I say this because usually, people look at the UTM as something that should be put in the system, set up, and left alone. But, this is not the case with this type of solution. Therefore, I strongly suggest making an outside agreement with a specialized company that will take care of their security from that point on.

The biggest lesson that I have learned from using this kind of product is that you can't assume that the internet is a big place and nobody will find you. There is always a good possibility that robots will search your system for holes, and they are probably doing so this instant. This means that users should be aware and have decent protection.

In summary, this is a good product but there is always room for improvement.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
TW
Managing Director at Midgard IT
Real User
Top 20
Easy to use, simple to set up, and very powerful

Pros and Cons

  • "I'm the expert when it comes to Linux systems, however, with the pfSense, due to the web interface, the rest of the staff can actually make changes to it as required without me worrying about whether they've opened up ports incorrectly or not. The ease of use for non-expert staff is very good."
  • "We are at the moment looking to use it as a proxy service so that we can limit what websites people go and view and that sort of thing. That's an area I've struggled with a little bit at the moment and it could be a bit easier to set up."

What is our primary use case?

We have a client who's got a number of VMs on a single piece of hardware. They needed to have access over a VPN to those VMs from inside their network. We use pfSense to provide the VPN link using the IPsec.

In others, let's say smaller organizations, we will put a Mini ITX system that then connects into their broadband - typically sort of fiber or something like that - and just gives protection. 

The solution also allows us then to manage port forwarding and things like that.

What is most valuable?

The firewall aspect of the solution is very valuable to us. We had so many limitations with the Dre tech, however, it's the firewall and the port forwarding that is the most interesting due to the fact it allows us to restrict IP addresses and move things from different ports and things like that.

I'm the expert when it comes to Linux systems, however, with the pfSense, due to the web interface, the rest of the staff can actually make changes to it as required without me worrying about whether they've opened up ports incorrectly or not. The ease of use for non-expert staff is very good. 

The solution is easy to use in general, for everyone.

The product is very powerful.

It's the type of device that does one thing well. There isn't much I would want to change.

What needs improvement?

We are at the moment looking to use it as a proxy service so that we can limit what websites people go and view and that sort of thing. That's an area I've struggled with a little bit at the moment and it could be a bit easier to set up.

The only other thing I might look at would be some sort of antivirus type of aspect to check traffic coming in and out of the network. If they offered unified threat management, that would be an ideal outcome for us.

I have been looking at it as a sort of an appliance, rather than installing it on an actual PC. However, that's for future research first.

For how long have I used the solution?

pfSense is only a small part of what we do. The majority of our systems are full-blown Linux systems and we use that firewall as a system. It's only recently we've started switching some clients to pfSense where we think we need to have slightly different things. Maybe they haven't got a server and this is just replacing their sort of existing TP-link or router, et cetera.

What do I think about the stability of the solution?

I've had no issues with stability whatsoever. I'm quite happy letting it run for days, months, weeks, et cetera. We have no requirements to actively manage it. In terms of performance, we just need to go in and make changes as required by the customer. Other than that, it's set and forget. There are no bugs and glitches to navigate. It doesn't crash or freeze.

What do I think about the scalability of the solution?

It's not been extensively used at the moment as we've already got a Linux server in place. If we can justify it for the customer, we tend to use that. That said, we are looking to increase usage of that as it would say it takes some of the work away from me and allows me to farm that out to the staff.

How are customer service and technical support?

We've never had to use technical support. Therefore, I can't speak to their level of knowledge or how helpful they are. We've always just been able to find the answers we need without their help, and therefore have never really had to use them.

Which solution did I use previously and why did I switch?

We're still using Linux servers that are running IP tables, et cetera. Prior to that, we were using, something called IPCop. Before that, I can't remember what it was. We've always used sort of Linux old BSD-based solutions for our firewalls. That's just what we've always done.

How was the initial setup?

The initial setup is not overly complex or difficult. It is very straightforward. We connect and we just have got a couple of standard procedures to setup once it's complete. We could probably get one up and running between half an hour to an hour. The deployment is fast and the whole process is pretty seamless at this point.

What about the implementation team?

We did not use any integrator or anything like that. We're offering our client's the installation process as part of our services. I find it very, very straightforward, however, that's due to my previous experience with Linux setups. 

What's my experience with pricing, setup cost, and licensing?

We use the open-source version, which is free to use. 

I say we've always used the community edition as I've never felt a need for support or anything like that and our clients have never insisted on it. I know where to go to look for answers if we run into problems, so paying for that extra support isn't something we need to worry about. 

What other advice do I have?

We are just end-users and customers.

I cannot speak to the exact version we are using. Ours may be slightly out of date. We may not be using the absolute latest version. Version 2.51 is available soon and we'll likely upgrade to that.

It's good for where people have outgrown their existing broadband routers, such as the TP-link, the Dre Tech, and that sort of thing. Often, it doesn't justify putting in a full system. We tend to use a Mini ITX PC, multiple LAN network cards, and then install the opensource version and configure it appropriately.

You need to be slightly more tactical than just plugging in a Dre tech or similar Nokia device. I don't think you need to be incredibly technical to set this up. 

I like it, I'd recommend it to most people to at least give it a try, and to spend a few hours initially to work their way around it.

I'll definitely give it at least a nine out of ten for its general ease of use for me and my staff. It does pretty much everything that we ask of it and the required resources for the hardware are minimal as well.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about pfSense. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
543,424 professionals have used our research since 2012.
Leon Pinto
Consultant and Head of Services at ILANZ LLC
Consultant
Top 10
A firewall and router combined with unified threat management

Pros and Cons

  • "I am happy with the EPLS, the radius, and I am happy with the captive portal."
  • "It could use a little bit of improvement in the reporting."

What is our primary use case?

We have all sorts of users. We have admins, we have the finance guys, and we have salespeople using it. We created a captive portal for our teams as well as a guest portal. So in general, we are more or less happy.

Right now, I use it not only for intrusion detection but also for ETLs. We are a telephony integrator. We use it for applications and radius, etc. I use it as much more than a firewall. I use it for telephony applications as a certificate authority. 

How has it helped my organization?

Well, we do have the versatility of a fully functional firewall at practically no cost impact... So its a good investment for us in terms of the time spent on it... Most of all, we can see where our Internet etc can be well managed from the real time graphs that we see...

What is most valuable?

It's quite an awesome product with so many good things packed into it. I am happy with the EPLS, the radius, and I am happy with the captive portal. All in all, it's a good product. And considering that I get it for paying nothing, it's really worth the time invested in it.

What needs improvement?

As I said, the product is fantastic. It could use a little bit of improvement in the reporting — the reporting is virtually non-existent. Something like a reporting module would be a benefit. Otherwise, in terms of the performance, at least for my organization, I don't see much of a problem.

By this, I mean that we cant generate reports of trends etc that could be exported out of PFSense in terms of a PDF etc to see how the firewall is functioning...

Though I must say that the work around for this could be to use the pfsense zabbix plugin and integrate to a Zabbix platform and then use the Zabbix reporting capabilities to get the required reports... Not much of an effort for the technically sound persons but definitely not in the scope of those from a non technical perspective... 

For how long have I used the solution?

I have been using this solution for roughly 10 months. I started with version 2.4, but about four days ago, I upgraded to version 2.5. It's been a good product so far.

What do I think about the stability of the solution?

Stability-wise, it's fine. I've only experienced one issue in the last 10 months. But in general, I am happy with it. Scalability-wise, as I said, our organization is just about 10 to 15 people, so we have not had much of a problem. I can't comment on how it would scale up with hundreds of VLANs and tens of thousands of people operating on it. But in general, for a small organization, I think it's very stable.

What do I think about the scalability of the solution?

As we are in SMB, I cant comment on big traffic situations but for a small organization like ours (10 to 20 users) and with various integrations that we need (e.g., OpenVPN, WireGuard, LDAP authentications, Tens of VLANS, Captive portal, DHCP Relay, EAP-TLS, IDS, Adblocks etc.) We are ok with it...

How are customer service and technical support?

I think the documentation is good enough because I've never had the need to contact technical support. I just use Google to get the information that I need.

Which solution did I use previously and why did I switch?

We used to use Fortinet in our office in Dubai. But where I am right now, I thought an open-source was the option for me because I'm very involved in open-source projects. It came down to pfSense and OPNsense — the first one we downloaded was pfSense and I stuck by it.

How was the initial setup?

The initial setup was straightforward. I come from the IT industry, so I had no issues. Within 20 minutes, I had it up and running.

What about the implementation team?

I implemented it myself.

What was our ROI?

Too early to comment... Though all I needed to invest was a small desktop and ofcourse, time and effort to configure it... 

What's my experience with pricing, setup cost, and licensing?

Well, its opensource... So for the tech-minded, its not so difficult but yes, the configuration is understandable for those with good prior firewall knowledge... 

If you can get it working, its great... But yes, thats the first part... Get it working... 

Oncw working, all licenses etc are not a problem as it is opensource... So no restrictions there... so far...

Which other solutions did I evaluate?

I did use Sophos-XG free but I stick to pfsense as it is free and open source...

What other advice do I have?

I would recommend pfSense for the simple reason that it's open-source and it's free. Anything for free is good. I personally got much more out of it than I expected. I never expected this product to be so worth the time. It's a good product. For my needs at least.

Overall, on a scale from one to ten, I would give this solution a rating of eight. I have not used it for thousands of users, but for our usage, for an SMB organization, I would give it a rating of eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: integrator
Flag as inappropriate
Bojan Oremuz
CEO at In.sist d.o.o.
Real User
Top 5
Excellent content protection, content inspection, and application level firewall features

Pros and Cons

  • "Content protection, content inspection, and the application level firewall."
  • "Could be simplified for new users."

What is our primary use case?

We are a solution provider and deploy this product for our customers. We also use it in our organization. We use both Cisco and pfSense but for our customers we mainly use Sophos and pfSense. I'm the CEO of our company. 

How has it helped my organization?

The solution has assisted us by preventing unwanted access. If the solution is configured properly, then you'll be protected to some degree, although you may also need other products. 

What is most valuable?

Content protection, content inspection, and the application level firewall are all good features. 

What needs improvement?

There's always room for improvement. In general terms, for someone who is not familiar with the product I think ease of use could be improved. When you're connecting, the interface is very difficult for an inexperienced user in the sense of setting everything up, as it all has to be set manually. I've also found that the more features you use influences performance and the drop can be drastic when you use advanced features. I want to achieve a certain level of security and at the same time maintain good performance.

The solution is feature rich enough, but one of the things usually outside the UTM system or gateway system is SIEM. It's an advanced system for managing the possibilities and it would be nice to have a kind of interface in the UTM, to enable connectivity with most SIEM systems.

What do I think about the stability of the solution?

pfSense is rated as one of the good solutions in it's field and stability is good. 

What do I think about the scalability of the solution?

The solution is scalable to a degree but we never use it for big companies. We use it for mid-range companies. Our company has a data center and we have companies that are hooked to our data center. We're doing this on-premise for our customers so if the customer has an on-prem information system, we will implement the firewall and UTM at their location. We have plans to increase use because we have good feedback for the product and we have good experience with it. So we are increasing use of pfSense. Actually we are moving away from Sophos and more towards pfSense.

How are customer service and technical support?

Technical support is well organized. Most of it is in-house, but in the case there's also a we have access to a second level if necessary. 

Which solution did I use previously and why did I switch?

We were one of the first companies here making UTMs (before they were known as UTMs). We were the first partner of Cobalt, the first appliance creator. When Cobalt was bought from Sun, we made our first network defender line. It was the first appliance that had a firewall, content inspection, constant protection, intrusion prevention, intrusion detection, antivirus, and mail and web server in one box. Our line was mainly distributed all over the Middle East, Asia, and some parts of Europe. We expanded and worked with companies such as Palo Alto, Cisco, Sophos and pfSense. In some areas pfSense is better than Sophos which didn't make the advances they should have. They now have XG, so they have two totally different products in the same area which is one of the reasons I prefer pfSense.

How was the initial setup?

If you carry out a straightforward setup, then you will have straightforward, basic protection, nothing else. It's more complex if you want other things included. We usually start with some research, carry out a basic setup and make the initial monitoring. From there we make additions based on the results of the complete monitoring. Then it's ongoing monitoring all the time and setting or adjusting to the situation.

What was our ROI?

For any compnay, ROI can be seen even if they look at the basic possibility of a crypto virus or the like. The savings on that would be at least two days of lost work and the cost would be more than the cost of the whole system plus maintenance. 

What's my experience with pricing, setup cost, and licensing?

Licensing costs depend on company size. pfSense is an open source solution, so there's a charge for support. We offer a first line of support and a second line if required. Payment depends on the contract, because usually it's only covers the firewall. We offer a contract for the network which includes UTM. There's a hardware cost for HP servers and, again, depending on the size of the company, installation cost is about 500-800 Euro. There's an annual maintenance fee included in the networking agreement. 

What other advice do I have?

I recommend this product, it's well-balanced, has a longer history than other solutions so it's not lacking in maturity. There is a lot of online support available via YouTube or blogs but professional support is available if required. I highly recommend taking the support because usually people look at the UTM as something which should be set up in the system and left, but that's not the case with these devices. I strongly suggest making an external agreement with a specialized company to deal with security. Users need to have decent protection, not just protection.

I would rate this solution a nine out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Malik Yusuf
Solution Architect, Managed Services & System Integration at Transmeet Technologies
Real User
Top 20
An open source platform complete with unified threat management

Pros and Cons

  • "The flexibility of adding new kinds of services without spending any money can't be beaten."
  • "The interface is not very shiny and attractive."

What is our primary use case?

I mostly use basic firewall services like blocking unwanted traffic and I use the geolocation tools to predict where potential attacks could come from. That's the main purpose, to protect our business network using pfSense.

Within our organization, with a single installation, about 500 users are covered.

What is most valuable?

The flexibility of adding new kinds of services without spending any money can't be beaten. We can compare services like IP blocking, blacklisting and DNS blocking, content filtering, and even deep packet inspection with other larger enterprise firewalls.

What needs improvement?

The interface is not very shiny and attractive. Most of the people that use pfSense are highly skilled, so they don't even bother to go the extra mile when it comes to configuration or any protection mechanisms. With other firewalls, with just one click or with the assistance of a wizard, the service is already configured. With pfSense, you have to have some time to do your own research regarding how to fine-tune it. If that could be improved, then life would be much easier. This would help any entry-level users to adapt to the platform. 

Netgate, the mother organization that manages the pfSense platform, should offer organized security feeds for its users so that they can avoid configuring multiple types of feeds in multiple locations. That could generate extra revenue for the company, too.

For how long have I used the solution?

We have been using pfSense for five years.

What do I think about the stability of the solution?

That's the fun part. It's completely reliable in terms of resources that it needs to run. In terms of stability, once it's configured and properly tuned, it will do its job. Still, with firewalls these days, you can't simply configure and forget — it's not like that. You have to look into it every day or every once in a while and if any new traits or new protection mechanisms need to be built, upgraded, or re-tuned, you have to do that. Otherwise, the platform is rock solid. It doesn't fail.

What do I think about the scalability of the solution?

The expandability and the high availability configuration of the system are good.

How are customer service and technical support?

With pfSense, we've never had to send an email to a Netgate official support organization. We follow the forum discussion — the community. We'd ask an expert in the community. That's how we deal with any issues.

Which solution did I use previously and why did I switch?

One of our clients wants to switch from FortiGate to another comparable solution because FortiGate is not stable when it comes to pricing. Over the past three years, they've increased their pricing to almost double. For this reason, our client wants to explore some other options which will be more predictable in terms of costs.

How was the initial setup?

It's definitely complex compared to other firewalls because you have to configure everything, read a lot of documents, and following a lot of formulas and templates. Everyone has to develop their own recipes to work with. There is no proper way forward.

What's my experience with pricing, setup cost, and licensing?

That is another fun part of this solution. There is no license. You don't have to pay anything. It's completely free. The one thing that you can buy is a security feed like an IP feed or a DNS feed. This kind of thing can be easily bought, but if you have the passion and expertise, you can arrange all of these types of feeds for free. It may be slightly different between how frequently those feeds are updated compared to the paid version. Sometimes, it lags behind for 24 hours or 12 hours, but it works.

What other advice do I have?

We are really happy with the system performance, overall, but it depends. For example, right now we have a client who is trying to switch from FortiGate to another solution that is less costly. We recommended and talked with them about pfSense, but despite it being a cheaper and really rock-solid solution with good performance, they were not comfortable using open source. We also offered them Sophos, SonicWall, and Palo Alto — they finally chose SonicWall. I don't know why. It completely depends on the client. 

I would absolutely recommend this solution to others. This is definitely one of the most powerful firewalls for peace of mind. The fact is, as long as you are aware of the challenges that you have to face when implementing and managing the firewall, day-to-day, then this could be the best option for you.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Davy MOUSSAVOU
Head of Department of operational and compliance at ACE GABON
Real User
Top 20
A very good firewall with excellent VPN and captive portal capabilities

Pros and Cons

  • "The most valuable features are the VPN and the capture photo."
  • "If a user doesn't have a large amount of experience in Linux systems, they will have problems using this solution. Users need to be highly skilled in troubleshooting competency. Users who do not have such skills will find the product difficult to use."

What is our primary use case?

I use pfSense as a firewall. I use it also as a VPN server and for the captive portal. Those are the main purposes.

How has it helped my organization?

It's difficult to say how it has made a difference in my organization.

What is most valuable?

The most valuable features are the VPN and the captive portal. Captive portal and VPN are easy to deploy.

What needs improvement?

I haven't experienced many problems when dealing with the solution, so I don't know if there are areas that need improvement.

If a user doesn't have a large amount of experience in Linux systems, they will have problems using this solution. Users need to be highly skilled in troubleshooting competency. Users who do not have such skills will find the product difficult to use.

Sometimes if your network goes down, you might experience an issue on the captive portal. This may require a restart and it also may require that you load it again. I'm used to the system, so I know what to do, but it can happen from time to time.

It can be really easy  to deal with Technical support. Technical support is avaible every time I call . But sometime if Technical support do not privide you the solution, so you should double check and solve the issue by your self.

For how long have I used the solution?

I've been using the solution for about five or six years. 

What do I think about the stability of the solution?

The stability isn't bad, but there can occasionally be bugs within the system. The likelihood is lessened if you follow a few key protocols.

It's important to have a proper license, otherwise, you run the risk of bugs.

It's important to upgrade the solution regularly. This also helps users avoid running into bugs. If you experience a bug, it's a good idea to check the release and make a grid.

Those that have experience in troubleshooting will benefit from their knowledge when using this solution. Sometimes packages will not work and you'll have to be strategic with workarounds.

How are customer service and technical support?

The support can be really difficult to deal with. I wouldn't say that we have been satisfied with them in any way.

How was the initial setup?

It's not very complex to set up. However, it can become complex as you're using it, and when you are learning the systems. In that sense, it might not be straightforward for everyone.

When it comes to using pfSense, you need to have extreme skills in Linux and in troubleshooting. If you don't have any form of troubleshooting competency, it could be very difficult to use, and very hard to set it up.

What about the implementation team?

I'm very proficient in the solution. I managed the implementation on my own. We didn't need to hire a consultant or bring on an integrator or reseller.

What's my experience with pricing, setup cost, and licensing?

The pricing of the solution is fair. I've also paid for a license that includes Entreprise support. Our license lasts for two years.

What other advice do I have?

We're just customers. We don't have a special relationship with the solution. We just use it on a regular basis.

I'm not sure if I'm using the latest version of the solution or not.

I'd rate the solution ten out of ten since I've never had any major issues with it.

The biggest thing a new user or company needs to be aware of, however, is that whoever the team is that's using it, they need to be very experienced Linux users. The system will be extremely difficult otherwise.

New users will need patience. However, it is easy to use due to its very good web interface. It's also easy to deploy and the process can be handled quickly. There's no need to have a really big fancy long-winded deployment process. That said, especially if you are using it within a complex Linux environment, you absolutely must have high skills in both Linux and security.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PG
Software Applications Manager at a engineering company with 201-500 employees
Real User
Top 20
Free to use with great plugins and good stability

Pros and Cons

  • "The solution is very easy to use and has a very nice GUI."
  • "The product could offer more integrated plugins."

What is our primary use case?

I primarily use the solution for monitoring and learning about how to operate a firewall. I also use it for monitoring my home network as well as adblocking.

What is most valuable?

The solution is 100% free to use.

The product offers a lot of helpful plugins.

The solution is easy to use and has a elaborate GUI.

The initial setup is quite simple and straightforward.

What needs improvement?

The integration of the plugins into the GUI could be better. It's sometimes hard to find where a setting can be found or how it might interact with other settings. Some documentation is outdate and plugins sometime have no documentation. Information can always be found on the fora but for novice users this can be a challenge.

For how long have I used the solution?

I've been using the solution for five years or so. It's been a while.

What do I think about the stability of the solution?

The solution is stable. Since last upgrade there hasn't been a crash, freeze or need for reboort. It's quite reliable.

What do I think about the scalability of the solution?

I've tried to scale the solution previously. I've got two hardware platforms running. I wasn't quite able to run everything I wanted on a small ARM based device. Therefore,  I build my own Super-micro platform based on Intel Denverton.

It's actually easy to scale. It's just moving over most of the configuration: exporting, importing, or even going right into the original XML export file.

There are six users, 3 dozen of devices and a homelab server with VM running behind the solution at this time.

How are customer service and technical support?

With what I am running now, I haven't had to reach out to technical support. However, an upgrade failed two years ago and I needed to contact technical support to get me the new image for the device. They were very efficient. I was satisfied with the level of support I received.

Which solution did I use previously and why did I switch?

I've been switching back and forth between pfSense, OPNsense, and Untangle in the last five years or so.

OPNsense and Untangled are more integrated, however, more and more of the plugins are becoming paid offerings. OPNsense misses a plugin that pfSense has, Untangled it's adblocking is easy but not free.

How was the initial setup?

The initial setup is not to complex.

It's good to have the basic information before attempting to set everything up. They've got a wiki with all basic information and there are the fora for questions.

I've got a CCNA certificate and that some comes in handy. For me, it works without any documentation, however, for a complete novice user you probably need some documentation to get you through the process.

Getting everything up and running only took about 30 minutes. You then have a complete firewall solution up-and-running.

There is some maintenance required. You do need to check for updates from time to time, for example. If you install more plugins more maintenance might be required to get everything tuned.

What about the implementation team?

I handled the implementation myself. I have some knowledge about IP routing.

What's my experience with pricing, setup cost, and licensing?

The solution is free to use. There are (currently) no licensing costs.

What other advice do I have?

I'm just a home lab user.

I'd advise those considering the solution for your business to get a service contract.

It works great for someone with enough knowledge and time to get his head around everything. Otherwise, you need to look for a solution that offers support and can work with you on issues. It's nice to try to balance between open-source and support that costs money.

In general, I'd rate the solution at an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
MA
Technical Presales Consultant/ Engineer at a wholesaler/distributor with 10,001+ employees
Real User
Top 5Leaderboard
Provides good security as well as scanning and filtering traffic; web interface could be enhanced

Pros and Cons

  • "A free firewall that is a good network security appliance."
  • "Web interface could be enhanced and more user friendly."

What is our primary use case?

This solution is for my personal use, I've had a hobby of using it for a long time. I use it to protect my home network. Nothing is bulletproof but I'm happy to have a firewall at home scanning the ins and outs of my network so that I have a degree of security.

What is most valuable?

pfSense is a free firewall that you can download and install on your own hardware and establish a VPN for it. If you have remote users who need to connect securely, pfSense can do that. The solution has multiple use cases. It's good for scanning and filtering traffic. It's a good network security appliance which you can install on your own hardware or on their hardware. Some companies will invest in a really big firewall for their main branch, and will install pfSense in remote sites because they don't see the value of buying an expensive firewall for each branch.

What needs improvement?

I'd really love to see the web interface enhanced. It's good but it could be clearer and more straightforward. As a FreeBSD fan, I'd love to see a BSD license code, rather than a GPL license code. I'd also love to see a Sandbox and more security features. pfSense is a mature product, but if you compare it to other products in the market, you realize that pfSense is a little behind. 

For how long have I used the solution?

I've been using this solution for five years. 

What do I think about the stability of the solution?

This solution is stable. 

What do I think about the scalability of the solution?

The solution is scalable, it has the HA options that other firewalls also have. It's a software-defined solution, so you can pretty much put it inside a virtual machine and scale it up. Or you can load balance, or have an HA set up between two pfSense proxies, it's all possible.

How are customer service and technical support?

I don't have contact with technical support. If you have an issue, you can go to the online community and wait for someone to respond. There's no SLAs for that. The only way I would have access to their support is if I actually purchased a Netgate appliance.

Which solution did I use previously and why did I switch?

I've previously used vendor-based firewalls, like Sophos. They have Sophos XG and Sophos XG, UTMs. Those are the firewalls that I have the most expertise with and I also have some experience with Fortinet. pfSense is normally installed on x86 hardware which uses CISC architecture, a complex instruction set that runs on laptops and computers. They generally make calculations much slower than what we call risk architecture. As a result, firewalls with a risk-based architecture or reduced instruction set architecture are preferred because they provide better throughput. That's the case with FortiGate. They are very well known in the market to have the highest IPS throughput and that's one of the major factors for choosing a firewall.

How was the initial setup?

The initial setup is very easy, it takes about 15 minutes. 

What other advice do I have?

I would recommend this solution, it's one of those technologies anyone should at least try out. If you want to protect your home network, and don't want to invest in a firewall, pfSense will do the job. It's good for home use and for small businesses or remote sites of large companies. It's a good strategy because it's generally more critical to invest in defending your main data centers. It's important to choose the hardware wisely, make sure it's compatible. Netgate, the company sponsoring pfSense, manufactures hardware that is really optimized towards it. For small or medium businesses it's not a big deal. But for enterprises, this is important. 

I rate this solution a seven out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Product Categories
Firewalls
Buyer's Guide
Download our free pfSense Report and get advice and tips from experienced pros sharing their opinions.