pfSense® software provides world-class, comprehensive network security using an open source development and distribution model. Netgate® – the host of the pfSense project and its primary developer – delivers pfSense in appliance form, with high-performance Intel® hardware delivering up to 10Gb throughput with VPN/SSL offload and advanced firewall features found in more expensive, proprietary products.

Because pfSense is available under an open source license, the internals of pfSense software are accessible to all skilled developers, rather than a single vendor’s staff. Collaberation with this community enables Netgate to continuously improve the state-of-the-art technologies included with pfSense, increasing value to businesses and institutions of all types. Since there are no additional maintenance or licensing fees, pfSense appliances offer lower total cost of ownership than competing network security vendors.

Netgate’s engineering team adds to these advantages its unparalleled expertise in networking, computer security, embedded software, and hardware engineering. We test, tune, and benchmark every appliance to satisfy the most rigorous requirements, from SOHO to Enterprise to Cloud.

Comparison Chart

Best Used For Processor RAM Storage Options Ports Price
Netgate SG-1000 pfSense Security Gateway Appliance
SG-1000
SOHO Network
Remote Worker
TI AM3352 ARM
600 MHz
512MB DDR3 4GB eMMC Flash 2x 1GbE $149 More Details
Netgate SG-2220 pfSense Security Gateway Appliance
SG-2220
SOHO Network
Remote Worker
Intel Atom®
1.7 GHz 2-Core
2GB DDR3L 4GB eMMC Flash 2x Intel 1GbE $299 More Details
Netgate SG-2440 pfSense Security Gateway Appliance
SG-2440
Small Business
SMB Network
Gigabit Speeds
Intel Atom®
1.7 GHz 2-Core
4GB DDR3L 8GB eMMC Flash 4x Intel 1GbE $549 More Details
Netgate SG-4860 pfSense Security Gateway Appliance
SG-4860
Medium Business
SMB Network
Gigabit Speeds
Intel Atom®
2.4 GHz 4-Core
8GB DDR3L 32GB eMMC Flash
128GB mSATA SSD
6x Intel 1GbE $749 More Details
Netgate SG-4860 1U pfSense Security Gateway Appliance
SG-4860 1U
Medium Business
SMB Network
Gigabit Speeds
Intel Atom®
2.4 GHz 4-Core
8GB DDR3L 32GB eMMC Flash
128GB mSATA SSD
2x 120GB mSATA SSD
6x Intel 1GbE $849 More Details
Netgate SG-4860 1U HA pfSense Security Gateway Appliance
SG-4860 1U HA
Medium Business
SMB Network
Gigabit Speeds
Intel Atom®
2.4 GHz 4-Core
8GB DDR3L 32GB eMMC Flash
128GB mSATA SSD
2x 120GB mSATA SSD
6x Intel 1GbE $1,698 More Details
Netgate SG-8860 1U pfSense Security Gateway Appliance
SG-8860 1U
Medium Business
SMB Network
Gigabit Speeds
Intel Atom®
2.4 GHz 8-Core
8GB DDR3L 64GB eMMC Flash
128GB mSATA SSD
2x 120GB mSATA SSD
6x Intel 1GbE $1,049 More Details
Netgate SG-8860 1U HA pfSense Security Gateway Appliance
SG-8860 1U HA
Medium Business
SMB Network
Gigabit Speeds
Intel Atom®
2.4 GHz 8-Core
8GB DDR3L 64GB eMMC Flash
128GB mSATA SSD
2x 120GB mSATA SSD
6x Intel 1GbE $2,098 More Details
Netgate XG-2758 1U pfSense Security Gateway Appliance
XG-2758 1U
Medium Business
Large Business
Branch Offices
Intel Atom®
2.4 GHz 8-Core
16GB ECC 120GB SSD 2x 10GbE SFP+
3x Intel 1GbE
1x Intel 1GbE RJ-45/SFP
$1,849 More Details
Netgate XG-2758 1U HA pfSense Security Gateway Appliance
XG-2758 1U HA
Medium Business
Large Business
Branch Offices
Intel Atom®
2.4 GHz 8-Core
16GB ECC 120GB SSD 2x 10GbE SFP+
3x Intel 1GbE
1x Intel 1GbE RJ-45/SFP
$3,698 More Details
Netgate XG-1541 1U pfSense Security Gateway Appliance
XG-1541 1U
Medium Business
Large Business
Branch Offices
Intel Xeon®
2.1 GHz 8-Core
16GB DDR4 120GB SSD 2x Intel 10GbE
2x Intel 1GbE
$2,649 More Details
pfSense Virtual Cloud Firewall Appliance
Cloud
Medium Business
Large Business
Growing Network
Virtualized Virtualized Virtualized Virtualized Amazon AWS
Microsoft Azure

Appliance Guidance

The following outlines the best practices for choosing the appliance best suitable for your environment.

Feature Considerations

Most features do not factor into hardware sizing, although a few will have a significant impact on hardware utilization:

VPN - Heavy use of any of the VPN services included in the pfSense software will increase CPU requirements. Encrypting and decrypting traffic is CPU intensive. The number of connections is much less of a concern than the throughput required. AES-NI acceleration of IPsec significantly reduces CPU requirements on platforms that support it.

Captive Portal - While the primary concern is typically throughput, environments with hundreds of simultaneous captive portal users (of which there are many) will require slightly more CPU power than recommended above.

Large State Tables - State table entries require about 1 KB of RAM each. The default state table size is calculated based on 10% of the available RAM in the firewall. For example, a firewall with 1 GB of RAM will default to 100,000 states which when full would use about 100 MB of RAM. For large environments requiring state tables with several hundred thousand connections, or millions of connections, ensure adequate RAM is available.

Packages - Some of the packages increase RAM requirements significantly. Snort and ntop are two that should not be installed on a system with less than 1GB RAM.