PfSense: A powerful tool in your hand
May 01, 2017

PfSense: A powerful tool in your hand

Paolo Daniele | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with pfSense

Pfsense is used in our whole organization. Our main firewall has been made by using Pfsense. Recently we've bought two appliances with pfsense preinstalled. Pfsense is crucial for our enviroment because we're a small company so we cannot buy expensive firewall. After some research and local tests, we've decided to use pfsense.
  • Web User Interface: With new web UI, based on Bootstrap framework, you can control your Pfsense from everywhere.
  • Scalable: It's an all-in-one solution useful for every kind of company. It's also very easy to set up rules and NAT, and it has several modules like transparent proxy, VPN, and traffic shaping.
  • Community: There's a large community behind Pfsense so you can find a lot of documentation, tutorials, and howtos and also support from the official forum.
  • Virtualization: We use virtualization on our systems based on KVM enviroment so they could improve Virtualization integration.
  • Export/Import: You cannot import/export all of pfsense modules configuration. And also sometimes pfsense export/import creates conflicts with s Mac address.
  • We have a strong know-how, and we've used this solution with our customers so we can be more competitive than hardware solutions.
  • We can sell to our customers not only hardware but different solutions by using only one product.
  • Opnsense, Ipcop and Smoothwall
Real competition was between Pfsense and OpnSense that integrates first the bootstrap Twitter framework. But with OpSense there are configurations that create some problems with a specific client (we've experienced that by creating an IPSec tunnel both with OpSense and PfSense).

Also with pfsense you do not need complex hardware to release all the potential of this solution.
Great scenario is to use pfsense as a router to protect your network from unwanted access. It is possible to integrate some modules like pfBlocker to deny/allow inbound from specific country or to prevent some spam from an IP address in public spam list databases.
It's useful in a SOHO infrastructure but for a very large company with a high constant bandwidth traffic, there are more powerful tools.