27 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>Score 9 out of 100
Based on 27 reviews and ratings
59 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>Score 8.9 out of 100
Based on 59 reviews and ratings
Feature Set Ratings
Firewall

Snort
Feature Set Not Supported
N/A

8.5
pfSense
85%
pfSense ranks higher in 11/11 features
pfSense ranks higher in 11/11 features
Identification Technologies

N/A
0 Ratings

8.7
87%
8 Ratings
Visualization Tools

N/A
0 Ratings

7.8
78%
7 Ratings
Content Inspection

N/A
0 Ratings

7.3
73%
9 Ratings
Policy-based Controls

N/A
0 Ratings

8.4
84%
9 Ratings
Active Directory and LDAP

N/A
0 Ratings

7.9
79%
8 Ratings
Firewall Management Console

N/A
0 Ratings

9.7
97%
8 Ratings
Reporting and Logging

N/A
0 Ratings

8.6
86%
9 Ratings
VPN

N/A
0 Ratings

8.8
88%
9 Ratings
High Availability

N/A
0 Ratings

8.9
89%
9 Ratings
Stateful Inspection

N/A
0 Ratings

8.9
89%
9 Ratings
Proxy Server

N/A
0 Ratings

8.2
82%
9 Ratings
Attribute Ratings
- pfSense is rated higher in 1 area: Likelihood to Recommend
Likelihood to Recommend

8.4
Snort
84%
5 Ratings

9.1
pfSense
91%
22 Ratings
Likelihood to Recommend
Snort
If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me.

Verified User
Consultant in Marketing
Government Administration Company, 501-1000 employeespfSense
For fast-growing or SME companies, pfSense is quite suitable because pfSense already had many advanced features such as VPN and multiple WAN / LAN. As a result, we just need to pay for expensive router frequently to upgrade our infrastructure.
IT & T Manager
Madison (Hong Kong) LimitedRetail, 51-200 employees
Pros
Snort
- IPS detection.
- DoS detection.
- Packet logging.

Verified User
Manager in Information Technology
Information Technology & Services Company, 10,001+ employeespfSense
- pfSense is an excellent firewall - It logs all of your traffic. It has packages you can install to snort bad traffic.
- pfSense has a tool called "p0f" which allows you to see what type of OS is trying to connect to you. You can filter these results and you can also block a specific OS from connecting to you.
- pfSense is an excellent load-balancer: (Multi-WAN and Server Load Balancing) The fail-over/aggregation works very well. This is perfect if your business uses multiple ISP's to ensure your customers are always able to access their data. Also helps with bandwidth distribution as well.
- VPN's - I am not entirely sure if this package was free with pfSense, but it does offer the ability to use OpenVPN which is what I am familiar with.
- They also have IPsec in the settings as well, but I am not familiar with that enough to go into any detail with it.
- As I mentioned I do use OpenVPN the only thing I don't care for with it is I can create OpenVPN configs for each user I want to be able to VPN into the network and I assumed each one would be "unique" but this does not seem to be the case. I could be doing it wrong, but if I create a config for a specific employee I would expect only that employee should be able to use that config, but I have been able to login to everyone that I made using my credentials.
- I mentioned earlier that pfSense had a GUI.
- I personally really think it is cool because it has a bunch of reporting graphs for monitoring your networks. I think when I become the full-time admin at the company I am going to try to talk them into getting me a TV I can mount on the wall and display all the graphs and real-time info pfSense shows so I can monitor what is going on with the network(s) at all times. Plus I think it would look rad.
Technical Support Specialist
TimeTrak Systems, Inc.Computer Software, 11-50 employees
Cons
Snort
- At times can be unstable with Cisco bugs, require frequent upgrading.
- FTD images that are being pushed for ASAs are less efficient from an administration standpoint, no CLI.
Senior Network Security Engineer
InsightInformation Technology and Services, 5001-10,000 employees
pfSense
- There is no API for making changes. This can be a hindrance in environments where auto-deploying something needs firewall rules or HAProxy configs updated. Since all settings are stored in an XML file and then configs are generated from that, even manually updating config files cannot be done.
- Beware that some network cards can have issues. pfSense is based on FreeBSD, so it's best to look on their compatibility list before deploying.
Information Technology Manager
TimeTrak Systems, Inc.Computer Software, 11-50 employees
Pricing Details
Snort
General
Free Trial
—Free/Freemium Version
—Premium Consulting/Integration Services
—Entry-level set up fee?
No
Starting Price
—Snort Editions & Modules
—
Additional Pricing Details
—pfSense
General
Free Trial
—Free/Freemium Version
—Premium Consulting/Integration Services
—Entry-level set up fee?
No
Starting Price
$179 per appliance
pfSense Editions & Modules
Edition
SG-1100 | $1791 |
---|---|
SG-2100 | $2291 |
SG-3100 | $3991 |
SG-5100 | $6991 |
XG-7100-DT | $8991 |
XG-7100-1U | $9991 |
XG-1537 | $1,9491 |
XG-1541 | $2,6491 |
- per appliance
Additional Pricing Details
—Alternatives Considered
Snort
For our organization, the Cisco defense in depth concept works the best. While Cisco can be made to work with other vendors, we have found the best in depth protection by integrating Cisco products for maximum visibility. We had a Barracuda Web Filter, but it was difficult to maintain when you had limited scope on what you could block, so we created a whitelist only setup which required a lot of additional manpower. This wouldn't have covered new threats with DNS spoofing and the like.Sourcefire also integrated with our anti-malware platform (Cisco AMP) for even better visibility on what may be happening on the end users workstation. We are planning on adding in Cisco ISE to complete the approach and possibly stealthwatch to cover our bases in the future. The Palo Alto gear was interesting, but it was priced far out of our range.
Network Administrator
West Wichita Family Physicians, P.A.Hospital & Health Care, 201-500 employees
pfSense
Before pfSense we were using consumer and small business rated network appliances from Linksys, Cisco, Buffalo and Netgear. We were replacing them on average of every 6-12 months because they'd fail or would offer poor wifi availability.Switching to pfSense allowed us to use professional grade switches and wifi access points, offloading all of the services that the consumer grade products took care of, onto pfSense (DHCP, DNS, routing, firewall, VPN, etc).
Chief Technology Officer
LoudDoor, LLCMarketing and Advertising, 11-50 employees
Return on Investment
Snort
- Being open source, ROI on free is hard to beat for something that works.
- I believe it greatly enhances the security of my network.
Owner
Grandpa's GarageAutomotive, 1-10 employees
pfSense
- Moving to a FWaaS solution installed on a decent computer the initial investment was moderate to cover 50 to 250 users, but still being cheaper that a Fortinet, Cisco ASA, or a Sophos UTM.
- Paying only for support can be a double edge knife, cause you need to identify what's the goal of the request, or your drown into a an endless list of requirements.
- To stay in the top with the half of a regular investment pFSense gives a wide variety of plugins that will give you a deep knowledge of your security flaws and strong points.
IT Manager
Stoneleaf Construction LLCConstruction, 51-200 employees