pfSense is a firewall and load management product available through the open source pfSense Community Edition, as well as a the licensed edition, pfSense Plus (formerly known as pfSense Enterprise). The solution provides combined firewall, VPN, and router functionality, and can be deployed through the cloud (AWS or Azure), or on-premises with a Netgate appliance. It as scalable capacities, with functionality for SMBs. As a firewall, pfSense offers Stateful packet inspection, concurrent…
$179
per appliance
Windows Server
Score 8.6 out of 10
N/A
N/A
N/A
Pricing
pfSense
Windows Server
Editions & Modules
SG-1100
$179
per appliance
SG-2100
$229
per appliance
SG-3100
$399
per appliance
SG-5100
$699
per appliance
XG-7100-DT
$899
per appliance
XG-7100-1U
$999
per appliance
XG-1537
$1,949
per appliance
XG-1541
$2,649
per appliance
No answers on this topic
Offerings
Pricing Offerings
pfSense
Windows Server
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
pfSense
Windows Server
Considered Both Products
pfSense
No answer on this topic
Windows Server
Verified User
Technician
Chose Windows Server
About any linux distro can be setup to handle services that a Windows Server can do, except I have not personally found anything nearly as convenient of a replacement for Active Directory, Group Policy, or an RD Gateway. There are alternatives to those services, they just …
For fast-growing or SME companies, pfSense is quite suitable because pfSense already had many advanced features such as VPN and multiple WAN / LAN. As a result, we just need to pay for expensive router frequently to upgrade our infrastructure.
If you have one user or 1000's of users (especially using Windows), Windows Server is a no-brainer! The only reason I would suggest going with a Linux server is if you have old hardware (Windows Server is more process intensive than Linux). But, Linux is open-source, so anyone can publish updates/security updates, but on the flip side, malicious people also have full access to Linux's codebase allowing for much easier writing of exploitations/viruses/malware/ransomware.
pfSense is an excellent firewall - It logs all of your traffic. It has packages you can install to snort bad traffic.
pfSense has a tool called "p0f" which allows you to see what type of OS is trying to connect to you. You can filter these results and you can also block a specific OS from connecting to you.
pfSense is an excellent load-balancer: (Multi-WAN and Server Load Balancing) The fail-over/aggregation works very well. This is perfect if your business uses multiple ISP's to ensure your customers are always able to access their data. Also helps with bandwidth distribution as well.
VPN's - I am not entirely sure if this package was free with pfSense, but it does offer the ability to use OpenVPN which is what I am familiar with.
They also have IPsec in the settings as well, but I am not familiar with that enough to go into any detail with it.
As I mentioned I do use OpenVPN the only thing I don't care for with it is I can create OpenVPN configs for each user I want to be able to VPN into the network and I assumed each one would be "unique" but this does not seem to be the case. I could be doing it wrong, but if I create a config for a specific employee I would expect only that employee should be able to use that config, but I have been able to login to everyone that I made using my credentials.
I mentioned earlier that pfSense had a GUI.
I personally really think it is cool because it has a bunch of reporting graphs for monitoring your networks. I think when I become the full-time admin at the company I am going to try to talk them into getting me a TV I can mount on the wall and display all the graphs and real-time info pfSense shows so I can monitor what is going on with the network(s) at all times. Plus I think it would look rad.
There is no API for making changes. This can be a hindrance in environments where auto-deploying something needs firewall rules or HAProxy configs updated. Since all settings are stored in an XML file and then configs are generated from that, even manually updating config files cannot be done.
Beware that some network cards can have issues. pfSense is based on FreeBSD, so it's best to look on their compatibility list before deploying.
DHCP Server could be better - we use the router for DHCP Routing
Print Server - not a fan of using the server as a print server since you have to license it. Direct access to printers via IP addresses is a much more efficient way to go
Better backup program - we utilize a third-party program that gives us more flexibility when restoring individual files.
I've carefully reviewed the servers and services currently running on Windows Server 2012, and given the opportunity would renew them as is going forward. There are two systems I currently have in place, one is a very large Linux implementation for a large ecommerce site, and one is a very large backup solution front ended by FTP servers running Linux. Neither are well suited for Windows, but the overall network infrastructure is and will be Windows Server for the foreseeable future.
There are simply too many different parts of Windows Server to make it a cohesive piece of software. While some of the newer features found in Windows Server 2012 and 2016 have nice UIs that are logically laid out, there are enough parts of the system that is still based on old code with clunky UIs and confusing options to make Windows Server a particularly user-friendly experience.
Microsoft's support is hugely wide-ranging from articles online to having to contact them directly for the more serious issues. In recent years when I have contacted them directly, I have found the support o be excellent as I have found myself connected to very knowledgeable people in the field in which I needed the support. The online support available is vast and I tend to find most of the time that there is always someone out there who has had the same issue as me in the past and knows something about how to resolve it! This is the advantage of using industry standard and long-established systems such as Windows Server.
Make sure that you have detailed processes in place for every server instance you plan to install/upgrade, if possible get the base OS loaded and Windows Updates applied ahead of time, and if using a VM take a snapshot prior to installing each role, as well as along the way.
Before pfSense we were using consumer and small business rated network appliances from Linksys, Cisco, Buffalo and Netgear. We were replacing them on average of every 6-12 months because they'd fail or would offer poor wifi availability. Switching to pfSense allowed us to use professional grade switches and wifi access points, offloading all of the services that the consumer grade products took care of, onto pfSense (DHCP, DNS, routing, firewall, VPN, etc).
I didn't use any other system which gives the same functionality and I am not aware of any. The full integration between all components and especially the ability to integrate mail via Exchange or even via a hybrid setup with the Ofice365 cloud, including the ability to directly manage the cloud from the server, using Power Shell, is something I didn't see anywhere else.
Moving to a FWaaS solution installed on a decent computer the initial investment was moderate to cover 50 to 250 users, but still being cheaper that a Fortinet, Cisco ASA, or a Sophos UTM.
Paying only for support can be a double edge knife, cause you need to identify what's the goal of the request, or your drown into a an endless list of requirements.
To stay in the top with the half of a regular investment pFSense gives a wide variety of plugins that will give you a deep knowledge of your security flaws and strong points.
Because of our Microsoft Campus Agreement, Windows products are fairly affordable for us and that has been a huge blessing. We are considering some Azure cloud options and some of that is covered under our Campus Agreement, making it a nice incentive to start migrating certain apps and functionality to the cloud
I don't have access to our budgets so I cannot give a good answer as far as the impact of ROI on our institution, but if your company can afford it, you cannot go wrong with Windows server. Not having to send your sys admins to Linux or Unix school alone is a big savings as well as not having to train your staff on using a Linux desktop instead of a Windows-based one.
The compatibility with end users of all varieties and platforms will definitely impact your ROI in a positive way. We have Apple users, Android, Windows, and even a few Linux end users on our campus and Windows server works quite well with all of them.
