Is PfSense a good option as a company firewall?

  • I wonder if pfSense is a good option as a firewall for businesses.
    We have offices in seven locations around the world with VPN tunnels between all offices. We are about 70 employees and have today WatchGuard firewalls, on the two main offices, we have X1250e and on the other X20e. We use very few features in the firewall and it is above all VPN tunnels between offices, stopping traffic and sending traffic to the LAN or DMZ.

    Is pfSense functionality comparable to example Watch Guard?


  • Netgate Administrator

    Yes.  ;)

    The biggest difference between pfSense and Watchguard (besides the price!) is that the Watchguard is a UTM device and pfSense, in standard form, is not. There are packages available to extend it's capabilities with web proxy, antivirus etc but it's never going to be quite as comprehensive especially compared to later Watchguard firmwares.
    However since you aren't using these features pfSense probably compares very well. You can even run pfSense on your X1250e if you have some technical experience.


  • We replace tons of Watchguards, Cisco PIXes and ASAs, Sonicwall, you name it and have the 100% same end result functionally. Whether that's possible in every single environment depends. There are some things we can do that those can't, and some things some of them do that we can't. You can say the same comparing between different commercial firewalls as well.

  • Can recommend it :)

    We've thrown out our Zyxel UTM boxes for pfSense and have been happy with it ever since. And on a sidenote, the support is better on these forums than calling the paid support from Zyxel ;)

  • :) Yes. Pfsense works really well and we're happy with the results and I know you will be to.

    We're a small CATV company and have PFsense running at three locations. With the right hardware, PFsense is a go!
    Support via the forums is great, but that depends on your issue. There is also a paid support service to ensure you don't stay up late at night, watching and waiting for an answer on the forums.

    PFsense community is solid as a rock, and these very talented guys are not about to sell it all to the "New World Order".


  • We have 2 colo datacenter locations and 1 office with a VPN between the office and each colo. We also have proxied voip at the office and we have pfsense at each location. I can certainly recommend its use. The only thing that watchguard has that is kinda cool is that you can centrally manage all locations from a single interface. Course it could be a security hole but, it is cool. Really not worth the money for that feature alone. pfSense is much better because you can scale it with the hardware you are running it on and the packages you install.
    I don't know if I have said it enough, but thanks to the developers and to anyone helping make this software as great as it is.

  • Only have had our pfSense firewall up for five days, but so far it is a huge improvement over the horrendous sonicwalls we had.  As long as it remain stable it is an excellent solution for us.  This is running at a University with a 300Mbps Internet connection.  We do some site to site VPNs as well and that has been rock solid.

  • Recommend.  You can't go wrong and will be hard pressed to find anything else that is easier to manage or has better support (both paid/commercial and the forums/IRC/etc.).

  • Replaced our first watchguard with pfsense about 3 years ago and we will be replacing the last 2 very shortly. Multi-site IPSEC tunnels and vpns accross 4 locations in 1 west coast state, another 2 on the other coast and 3 in other countries talking to each other.

    We paid support for pfsense and snort to help the cause.
    Our retired watchguard boxes are now door stops, foot rests and monitor holder-uppers.

  • Netgate Administrator

    You can probably run pfSense on those door stops, depending which model they are.


Log in to reply