pfSense Final thoughts

As you can see from my posts I have spent a lot of time learning and configuring pfSense over the last 2 years. I have to say it’s an excellent firewall but it also has it’s challenges.

The product really shines in basic firewall configuration starting from defining your interfaces, firewall rules, DNS and DHCP configuration. I don’t think there is a product on the planet that can come anywhere near the powerful options you have with pfSense and the solid and stable performance.

Also I have to say while there are many options you can figure out how to configure this straight forward and the GUI is very intuitive and also gives you a lot of explanation. There is absolute no issue in this basic functions and I consider pfSense to be the best product to do layer 2/3 firewall configs.

Now the problem comes in when you want to do anything more than basic firewall config. In order to accomplish that pfSense has a so called “Package Manager” that allows you to install add-on packages such as pfBlockerNG, Squid Proxy, Squid Guard and Snort.

Now these packages can be installed very easily via the Package Manger and it works most of the time. The integration with the pfSense GUI is also great and all the options are presented in the GUI so these packages in itself are not to hard to configure if you know what all the options are.

The big issue comes in that the packages are usually provided by 3rd party package maintainers, not the pfSense core team, on a best effort basis and that means that they are not always up to the latest version and sometimes the integration with pfSense is challenged by changes.

It’s in particular frustrating when you install packages, like e.g. SquidGuard, and things fail. Then when you ¬†go to pfSense forums to get some help people telling you that this package has not been maintained for a long time and the code is so broken that nobody wants to touch it.

This makes it really hard to get these packages to work. Even if you do I have found that packages might work initially or for some time and then suddenly something fails. You’re usually at a loss what happens. Reinstalling the packages might fix it but not always so you are back to re-install everything.

So my bottom line is this is the best firewall product in the core functionality in terms of configuration and stability but because the add-on packages are in various stages of usability it’s actually not viable for me as an all-in-one solution for my home network.

I know it’s just a home network but it’s my home network so only the best will do!