Likelihood to Recommend
pfSense is perfect for small-medium businesses (IMO). I also believe it would be a great tool for a home user/IT enthusiast who wants a great high-end firewall solution or someone who just wants to learn, but does not want to buy a bunch of hardware or licenses.I installed pfSense on my Hyper-V with 5GB of space and 2GB of RAM. I personally think pfSense is flexible enough for a large business and can probably do most things Cisco hardware and software can do, but I guess depending on how big you are you are probably looking for something more "known" like Cisco so if something goes wrong you can throw someone under the bus lol! pfSense is open source and your support comes from a community of people who use the software where with Cisco if something goes wrong you are contacting another large business.
- pfSense is an excellent firewall - It logs all of your traffic. It has packages you can install to snort bad traffic.
- pfSense has a tool called "p0f" which allows you to see what type of OS is trying to connect to you. You can filter these results and you can also block a specific OS from connecting to you.
- pfSense is an excellent load-balancer: (Multi-WAN and Server Load Balancing) The fail-over/aggregation works very well. This is perfect if your business uses multiple ISP's to ensure your customers are always able to access their data. Also helps with bandwidth distribution as well.
- VPN's - I am not entirely sure if this package was free with pfSense, but it does offer the ability to use OpenVPN which is what I am familiar with.
- They also have IPsec in the settings as well, but I am not familiar with that enough to go into any detail with it.
- As I mentioned I do use OpenVPN the only thing I don't care for with it is I can create OpenVPN configs for each user I want to be able to VPN into the network and I assumed each one would be "unique" but this does not seem to be the case. I could be doing it wrong, but if I create a config for a specific employee I would expect only that employee should be able to use that config, but I have been able to login to everyone that I made using my credentials.
- I mentioned earlier that pfSense had a GUI.
- I personally really think it is cool because it has a bunch of reporting graphs for monitoring your networks. I think when I become the full-time admin at the company I am going to try to talk them into getting me a TV I can mount on the wall and display all the graphs and real-time info pfSense shows so I can monitor what is going on with the network(s) at all times. Plus I think it would look rad.
- I did kind of mention a Con in the Pro section with OpenVPN.
- When I create a config for an employee other employees are able to login to that config.
- I could be doing something wrong when I am making it - I am not afraid to admit that as I am pretty new to all of this, but it seems like it builds a key and I would think the key would be unique in some way to each employee, but I could be wrong.
- I actually do not have a lot of Con's for this software - I did not get to set this up on our work network so I am not sure of any downfalls when installing.
- I installed this on my personal machine in a Hyper-V environment to get a feel for it before I started working on it at work and it seemed pretty smooth. I didn't run into any issues.
First of all, I don't need to be a Cisco professional to manage VPN, load balance, multiple WAN/LAN, Firewall and etc. pfSense has an easy-to-use web interface and I can do everything and add packaged add-on services. Moreover, for Small & Medium Enterprise, IT budget is already a concern. A spare computer + free software license is quite a bit more attractive than Cisco products.
Return on Investment
- pfSense can be installed on commodity hardware with no licensing fees. With a simple less than 10 minute restore time, on most hardware, it's an extremely inexpensive way to achieve the same results that some of the more expensive vendors provide.
- The easy to use interface has allowed configuration management to be preformed by lower level technicians with quick and easy training.
Premium Consulting/Integration Services—
Entry-level set up fee?