Netgate pfSense Plus Firewall/VPN/Router
Netgate | 24.11.0Linux/Unix, FreeBSD 14 - 64-bit Amazon Machine Image (AMI)
External reviews
External reviews are not included in the AWS star rating for the product.
Pfsense a worth while firewall
What do you like best about the product?
The best things of this product is how modular it can be and the community support it offers.
pfsense has a range of modules/plugins that can be added in order to shape pfsense to your needs, there is a wide selection and you are sure to find something to do the job. If for any reason you are unable to find a module to do what needs to be done, more than likely a question has been asked on the subject and an answer is easily found, if not you can pose a question on the forums and you will be met with a very patient community.
One of the main benefits is the capability for multiple WANs, allowing you to route traffic how you see fit or even load balance.
You can add squid guard and block/allow websites on a whitelist/blacklist.
Aliasing allows you to add multiple IP's/networks/hosts under a single alias and make firewall rules based on this, so rather than creating 250 firewall rules for 250 nodes, simply alias all 250 and make a single rule for that alias.
There are pages devoted to graphs so you can monitor your network traffic, your physical NICs and the server itself.
There are a ton of features and all the basic/advanced networking needs are met.
pfsense has a range of modules/plugins that can be added in order to shape pfsense to your needs, there is a wide selection and you are sure to find something to do the job. If for any reason you are unable to find a module to do what needs to be done, more than likely a question has been asked on the subject and an answer is easily found, if not you can pose a question on the forums and you will be met with a very patient community.
One of the main benefits is the capability for multiple WANs, allowing you to route traffic how you see fit or even load balance.
You can add squid guard and block/allow websites on a whitelist/blacklist.
Aliasing allows you to add multiple IP's/networks/hosts under a single alias and make firewall rules based on this, so rather than creating 250 firewall rules for 250 nodes, simply alias all 250 and make a single rule for that alias.
There are pages devoted to graphs so you can monitor your network traffic, your physical NICs and the server itself.
There are a ton of features and all the basic/advanced networking needs are met.
What do you dislike about the product?
There is very little I have found I do not like about pfsense, although I have not tested every single possible feature, my experience has certainly been very positive. There are two things however that do spring to mind.
I was unable to achieve port forwarding for a VPN. The VPN was PPTP (admittedly I never tried any other methods) on a Windows server. Despite countless hours searching and reading the results and numerous attempts of changing settings, I was unable to use the VPN (had worked previously with a paid firewall solution), whether this issue still stands or was entirely my fault still remains unsolved.
After approximately three years I have found pfsense to become slightly flaky. I have only experienced this with one box (the longest running). Whether this issue boils down to the physical server and/or components or whether this is due to changes over the course of time/corruption of configuration files, is again undetermined.
In reality I have not experienced any real downsides of the solution I cannot link back to me.
I was unable to achieve port forwarding for a VPN. The VPN was PPTP (admittedly I never tried any other methods) on a Windows server. Despite countless hours searching and reading the results and numerous attempts of changing settings, I was unable to use the VPN (had worked previously with a paid firewall solution), whether this issue still stands or was entirely my fault still remains unsolved.
After approximately three years I have found pfsense to become slightly flaky. I have only experienced this with one box (the longest running). Whether this issue boils down to the physical server and/or components or whether this is due to changes over the course of time/corruption of configuration files, is again undetermined.
In reality I have not experienced any real downsides of the solution I cannot link back to me.
What problems is the product solving and how is that benefiting you?
The product has personally helped to act as a firewall protecting and controlling both internal and external traffic on the network.
It has allowed me multiple WAN connections. With aliasing I can quickly group servers, computers, security equipment etc. Using the aliasing I have been able to dedicate WAN connections for specific purposes ensuring the bandwidth is distributed as necessary with a single firewall rule.
Modules like bandwidthd help me check the hosts consuming the most traffic, squid to help me monitor traffic and squid guard to help me block or allow traffic, make this a great solution.
After moving from one paid licensed solution to another I have found pfsense to not only be free, but completely wipe the floor with anything paid for previously.
My experience with this product is extremely positive and I would definitely recommend it as a great solution.
It has allowed me multiple WAN connections. With aliasing I can quickly group servers, computers, security equipment etc. Using the aliasing I have been able to dedicate WAN connections for specific purposes ensuring the bandwidth is distributed as necessary with a single firewall rule.
Modules like bandwidthd help me check the hosts consuming the most traffic, squid to help me monitor traffic and squid guard to help me block or allow traffic, make this a great solution.
After moving from one paid licensed solution to another I have found pfsense to not only be free, but completely wipe the floor with anything paid for previously.
My experience with this product is extremely positive and I would definitely recommend it as a great solution.
Recommendations to others considering the product:
It's got a great fully fledged gui and it's linux for shell users. Install it, try it, any problems the docs or community will come through.
- Leave a Comment |
- Mark review as helpful
pfSense is the my favorite firewall distribution
What do you like best about the product?
It's absolutely free and it's in my opinion better then many of the enterprise class firewalls I've been in contact with. It's easy to manage, easy to update to newer versions, and best of all it's easy to extend. For example you can extend it with IDS/IPS (Snort), reverse proxies, various tunnel services, network landing sites etc.
What do you dislike about the product?
I shouldn't say everything about pfSense is a walk in park, there have been hick-ups along the way. For example, not to long ago (3-4 years ago) there was a problem with Snort rules not being saved or overwritten with every update of the database. Also it's IPv6-support was a bit late (but on the other hand, so was a lot of other firewall vendors as well). Some services you'll have to tweak manually by editing files, but for most of the time (99.9%) you won't have to do this.
What problems is the product solving and how is that benefiting you?
pfSense it my goto firewall solution when either friends or customers is in the need of a firewall/router solution. Since it can run of old or cheap hardware (beware of the throughput though) it saves both myself and my customers money. And besides, it's great for security.
Recommendations to others considering the product:
A tip of advice, if you are to run pfSense on a flash drive, don't forget to enable a RAM-disk for the logs or you'll end up with a dead flash drive within weeks. Trust me, it happen to me. Go to System -> Advanced -> Miscellaneous and scroll down to RAM Disk Settings and the "Use RAM disks". Then pfSense will use your RAM for /var and /tmp. This prevents the system from constantly writing writing log files to the flash drive, which can me many thousand entries per second, which will wear out the drive very fast.
pfSense
What do you like best about the product?
What I like the best is how versatile it is and it performs as well as other name brand routing platforms. It is easy to customize for my client's needs.
What do you dislike about the product?
I am completely satisfied with pfSense and it has met all my expectations. I have not experienced an issue with pfSense.
What problems is the product solving and how is that benefiting you?
Making custom routers for my diverse clients. The benefit of pfSense is that it is quality software for a fraction of the cost of the competitors.
Recommendations to others considering the product:
Make the switch to pfSense and use reliable hardware. It is worth it. I have had less problems with pfSense than any other product I have used.
Open Source Enterprise Grade Firewall
What do you like best about the product?
This is easily the most configurable open source firewall project I have come across.
If you want to build your own rather than buy rack based commercial products then i highly recommend.
We have full control and transparency over our perimeter with this solution.
The array of plugins available is great and integration of proven IDS and IPS solutions is very good also.
Over all its very good.
If you want to build your own rather than buy rack based commercial products then i highly recommend.
We have full control and transparency over our perimeter with this solution.
The array of plugins available is great and integration of proven IDS and IPS solutions is very good also.
Over all its very good.
What do you dislike about the product?
Its very hard to configure, and sometimes getting the right instruction for your version can be a nightmare.
Very steep learning curve but worth it.
Very steep learning curve but worth it.
What problems is the product solving and how is that benefiting you?
As a smaller business PFSense has enabled us to comply with legislation and ISO certification without breaking the bank.
Recommendations to others considering the product:
Stick with it, but do some test builds and hardening before going live.
Lots of gotchas to work out.
Lots of gotchas to work out.
showing 221 - 224