Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New to pfSense: replacement for FortiGate?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      djoyce
      last edited by

      I've read here on the forums and searched online to gain more knowledge of pfSense. It sounds like, with the right hardware, this can be a solid replacement for FortiGate units for some of my clients. I'm at the point where I need to standardize on one NGFW and would like your thoughts specific to my questions, please.

      • With Fortinet I have quick ticket response and phone support, but at a pretty high cost. I see pfSense offers a similar service, albeit with a NBD turnaround. In practice have most of you found that support to be good? Can I buy one block of hours and use it between my clients?

      • I've seen info on Squidguard and Dansgaurdian as content filtering tools. It looks like SG is a url tool and DG is content. In practice are these reliable, long-term solutions? I need both url/domain and content filtering, including images if possible.

      I know I'll have a lot to learn, but appreciate any help you all can give.

      1 Reply Last reply Reply Quote 0
      • P
        Phobia
        last edited by

        Hi,

        I've found the support really helpful over the past 10 months or so.  I've had numerous smaller issues that I either would have had to research on my own or live with that were resolved more quickly as a result of the support.

        I use Dansguardian in our environment, and it works well - I've never used Squidguard, and I don't use Squid/DG to cache content, only to restrict certain content.  That said, you should go into this with the understanding that DG is a package, and as such isn't considered core functionality.  An update always has the possibility to cause issues, so if you rely on 3rd party software/packages, please keep that in mind.

        I doubt you will find a more capable solution at a better price.  Just make sure whatever hardware you plan to use is up to scratch, and you should be A-OK!

        – Phob

        1 Reply Last reply Reply Quote 0
        • D
          djoyce
          last edited by

          @Phobia:

          Hi,

          I've found the support really helpful over the past 10 months or so.  I've had numerous smaller issues that I either would have had to research on my own or live with that were resolved more quickly as a result of the support.

          I use Dansguardian in our environment, and it works well - I've never used Squidguard, and I don't use Squid/DG to cache content, only to restrict certain content.  That said, you should go into this with the understanding that DG is a package, and as such isn't considered core functionality.  An update always has the possibility to cause issues, so if you rely on 3rd party software/packages, please keep that in mind.

          I doubt you will find a more capable solution at a better price.  Just make sure whatever hardware you plan to use is up to scratch, and you should be A-OK!

          – Phob

          Very helpful. From the research I've done it looks like DansGuardian is ~$100 for commercial depolyment and free for home and non-profit. I think that's a one-time fee, right? So, if I've put this all together correctly, the only costs to get a firewall, multi-interface, content filtering, domain filtering box is the cost of the hardware plus DG if I need a paid version, plus any donation to pfSense, right? So, in most cases I'll be out about $250-450 depending on hardware.

          Am I on the right track?

          Now, for support. Can I purchase one block of hours as my business and use it for pfSense deployments at more than one customer or do I have to purchase for each customer?

          Thanks for your help.

          1 Reply Last reply Reply Quote 0
          • J
            jasonlitka
            last edited by

            @djoyce:

            Now, for support. Can I purchase one block of hours as my business and use it for pfSense deployments at more than one customer or do I have to purchase for each customer?

            There was, up until a few months ago I think, a Reseller subscription that was geared towards this type of customer.  Try reaching out to ESF for a list of your options.

            I can break anything.

            1 Reply Last reply Reply Quote 0
            • P
              Phobia
              last edited by

              @djoyce:

              Very helpful. From the research I've done it looks like DansGuardian is ~$100 for commercial depolyment and free for home and non-profit. I think that's a one-time fee, right? So, if I've put this all together correctly, the only costs to get a firewall, multi-interface, content filtering, domain filtering box is the cost of the hardware plus DG if I need a paid version, plus any donation to pfSense, right? So, in most cases I'll be out about $250-450 depending on hardware.

              Am I on the right track?

              Now, for support. Can I purchase one block of hours as my business and use it for pfSense deployments at more than one customer or do I have to purchase for each customer?

              Thanks for your help.

              We're a registered charity, so as you say there was no cost for DG.  The base charge for pfSense support is $600/year.  That includes 5 hours of support, extra 5 hour buckets @ $500 per, and if the support relationship is between you and pfSense, I don't see an issue with using that bucket of time for multiple sites - but as the other poster suggested, you can always connect with them for further clarification.

              I think if you want the end-user/company to be able to contact pfSense directly, then a separate agreement may be required per company.  If you are always the one initiating the support case, I imagine there isn't an issue.  The automated backup is supported for multiple sites/firewalls, but be aware that each site can see the other's backup file(s) from within the GUI, so if the client has access to manage the firewall, you might want/need separate accounts.

              P

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.