Likelihood to Recommend If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me.
Read full review Netgate (Rubicon Communications, LLC)
Because pfSense is built around open source software, it is very convenient to be able to deploy in the event of hardware failure. We once had a client with a proprietary router that failed. While the router was under warranty, the expected time for the new router to arrive was about 2 weeks. We decided to implement pfSense for the client as a stop gap and ultimately ended up deploying the full enterprise appliance. Being able to get up and running using commodity hardware was a huge win for the client. We've also had a great amount of success deploying pfSense hardware at apartment complexes. The DNS resolver works great and we've had no issues handling multiple VLANs with various DHCP scopes on it. Finally, we've had clients that require having a failover cluster. Utilizing the built in CARP capabilities, we've been able to provide a very robust failover system that requires little maintenance and no downtime in the event of equipment failure.
Read full review Pros IPS detection. DoS detection. Packet logging. Read full review Netgate (Rubicon Communications, LLC)
Easy to use. Good user interface design! Easy to understand and easy to set up. Lower hardware requirement. 3 years ago, we used an old PC to run it. Now, we have changed to a router device with Celeron CPU and 8GB RAM. It runs smoothly with a 1000G commercial broadband. Read full review Cons At times can be unstable with Cisco bugs, require frequent upgrading. FTD images that are being pushed for ASAs are less efficient from an administration standpoint, no CLI. Read full review Netgate (Rubicon Communications, LLC)
I did kind of mention a Con in the Pro section with OpenVPN. When I create a config for an employee other employees are able to login to that config. I could be doing something wrong when I am making it - I am not afraid to admit that as I am pretty new to all of this, but it seems like it builds a key and I would think the key would be unique in some way to each employee, but I could be wrong. I actually do not have a lot of Con's for this software - I did not get to set this up on our work network so I am not sure of any downfalls when installing. I installed this on my personal machine in a Hyper-V environment to get a feel for it before I started working on it at work and it seemed pretty smooth. I didn't run into any issues. Read full review Usability Netgate (Rubicon Communications, LLC)
The interface is simple, has sane defaults, and is consistent throughout.
Read full review Alternatives Considered For our organization, the Cisco defense in depth concept works the best. While Cisco can be made to work with other vendors, we have found the best in depth protection by integrating Cisco products for maximum visibility. We had a
Barracuda Web Filter , but it was difficult to maintain when you had limited scope on what you could block, so we created a whitelist only setup which required a lot of additional manpower. This wouldn't have covered new threats with DNS spoofing and the like. Sourcefire also integrated with our anti-malware platform (Cisco AMP) for even better visibility on what may be happening on the end users workstation. We are planning on adding in Cisco ISE to complete the approach and possibly stealthwatch to cover our bases in the future. The Palo Alto gear was interesting, but it was priced far out of our range.
Read full review Netgate (Rubicon Communications, LLC)
While you can get the performance out of other products, pfSense offers the unique ability to put other services on the same device. Products such as Untagle's NG Firewall and SonicWall's TZ series offer cost effective options for firewall and VPN services, having incoming load balancing and connection proxies on the same device as the firewall offers extremely easy configuration and day to day management of network services
Read full review Return on Investment Being open source, ROI on free is hard to beat for something that works. I believe it greatly enhances the security of my network. Read full review Netgate (Rubicon Communications, LLC)
Using pfSense has allowed us to build a professional network in our small office without needing a lot of proprietary hardware, saving thousands of dollars in IT infrastructure investment. The cost for using pfSense is free, so it's a great option for those who don't have a large IT budget pfSense utilizes all of the industry standard services to provide all of it's functionality, so support for service-level issues is readily available Because of how much work has been put into pfSense to make it rock solid and reliable, we're able to support our network with minimal IT staffing, saving us thousands of dollars/year in personnel alone. Read full review ScreenShots