Any experience of using pfsense in large commercial environment?



  • For some years I've been using pfsense in a non-critical situation - a guest wifi network across several sites, typically used by 200+ users daily. It's fairly complex as the networks are tunnelled to a single internet connection (guest traffic is not allowed on our usual LAN/WAN networks or internet gateways). This runs on mixed VM/physical hardware depending on the site. It's worked rather well, with only a few minor bugs, all of which I've managed to work around.

    However, I'm now considering switching to using pfsense for our primary LAN/WAN firewall/routers, which is rather more critical. I'll need physical hardware, likely Netgate, and official support. Again, it's for several sites, though with 1000+ users. I'm considering switching because I currently use Sophos UTMs, and I've not been too impressed with the quality or support. The current systems are due to become unsupprtable next year, and the new systems don't have an easy upgrade path - all of our configurations will have to be done from scratch, and if I'm going to have to do that then I may as well consider alternatives. The one advantage of UTMs is that they can be centrally managed, and firewall rules and definitions can be quickly deployed to all devices.

    So, although I'm reasonably comfortable with pfsense, I guess I'm looking for some assurance before using them in a more important role. Are you using pfsense in a commercial role for a large number of users? Do you use Netgate hardware? Do you have official support? What do you think?



  • @sheepthief:

    The one advantage of UTMs is that they can be centrally managed, and firewall rules and definitions can be quickly deployed to all devices.

    Just wait.
    The team is working on something called NRDM which will be a central management platform/system/appliance/who_knows. But absolutely no ETA as of today. Future product.
    More info here: https://forum.pfsense.org/index.php?topic=136138.msg745269#msg745269

    Well, there was a thread started some time ago about scaled installs.
    It's more about horsepower than about users but a fun read anyways. Remember it was started about 10 years ago
    https://forum.pfsense.org/index.php?topic=7668.0

    I know that some schools and universities use it but I have no idea about user count. And schools are somewhat less critical than businesses might be. Or not. 100 teens in a school without internet might get you frightened pretty soon…  ;)



  • So, although I'm reasonably comfortable with pfsense, I guess I'm looking for some assurance before using them in a more important role. Are you using pfsense in a commercial role for a large number of users? Do you use Netgate hardware? Do you have official support? What do you think?

    You are talking here about many points that will be not able to merged into one question, there are
    many ways to solve out this point, needs and wishes by going any way you want and need it. But to
    being sure that all is also matching right this is purely not enough information you are providing to us.

    For sure they are companies from the lower bottom to the highest top, and they are also prefer using OpenSource
    based applications and firewalls to, in any kind of nature, I know a auto garage that is using that pfSense firewall
    and I personally know also a mid ranged data center that is using that pfSense firewall internally too, so not only
    and even at the WAN interface, but more in many directions and fields. This is not the problem as I see it right.

    In many countries, many companies are bounded to go and act by the following points;

    • Company rules (company and group rules)
    • Insurance rules (ICSA I, II or II certified)
    • Rules from supplier, customers and other partners
    • hidden, silent or secret market rules given form and by NASDAQ or stock exchange analysts
    • Country rules, laws and government rules or policies to all connected companies of a supply chain

    So if all is open to you and your company you should be waiting at this point or cantact them not only
    here in the forum, it is moderated but a user to user forum too! write to the Support

    I personally would wait a while based on the news that perhaps a new hardware line will be up in the next time
    based on the the Intel C3000 (Denverton) or Intel Xeon D-15xxN could be matching well and for sure you could
    also walk down the road with your own hardware and get qualified support from them if there is not all matching to
    your needs, criteria and/or willing.

    The last think would be also often forgotten or not spoken about, the pfSense Training that will be bringing
    you up to manage all the things better by your own! For a longer time period of usage it might be a great
    deal for both sides.


Log in to reply