World’s Leading Open-Source Platform for Traditional Firewall, VPN and Routing Needs

Proven value with over 1 million installations worldwide.

Firewall, VPN, and router functionality for a fraction of the cost of proprietary alternatives.

Deploy today on a Netgate appliance, white box appliance, virtual machine or cloud provider instance.

Why Netgate pfSense?

Thousands of businesses, educational institutions, government agencies and non-profits - on all seven continents, and for years - have come to rely upon pfSense software for their secure networking needs. For organizations in search of sub-10 Gbps performance, flexible 3rd-party application options, traditional management mechanisms, proven reliability, and access to business assurance support options, pfSense software is the perfect answer.

And, where business assurance is required, Netgate provides professional and enterprise-class support arrangements that give you access to guidance and problem solving expertise from a seasoned and skilled support organization.

OPEN SOURCE VALUE

3x-5x lower total cost of ownership than proprietary solutions

Eliminates vendor lock-in

Increases flexibility and efficiency

deployment flexibility

Cloud Ready - AWS or Azure

Virtual Machine - VMware

On Premises - H/W Appliances

Proven Success

1,000,000+ installs

Business, Government, Higher Education

Wide variety of 3rd party add-ons

Business Ready

24/7 support coverage

Tiered subscriptions for any budget

Professional service consultations

Secure Networking Challenges addressed by pfSense

pfSense software is routinely used to to address Firewall, Routing and VPN server needs. The platform is also widely deployed to address secure networking needs including:

  • Load Balancing
  • Traffic Shaping
  • Captive Portal
  • UTM Device
  • DNS / DHCP Server
  • IDS / IPS
  • Transparent Caching Proxy
  • Web Content Filter

Looking for something more specific?

See our list of leading features and administrative capabilities below.

Features

Firewall and Router

  • Stateful Packet Inspection (SPI)
  • GeoIP blocking
  • Anti-Spoofing
  • Time based rules
  • Connection limits
  • Dynamic DNS
  • Reverse proxy
  • Captive portal guest network
  • Supports concurrent IPv4 and IPv6
  • NAT mapping (inbound/outbound)
  • VLAN support (802.1q)
  • Configurable static routing
  • IPv6 network prefix translation
  • IPv6 router advertisements
  • Multiple IP addresses per interface
  • DHCP server
  • DNS forwarding
  • Wake-on-LAN
  • PPPoE Server

VPN

  • IPsec and OpenVPN
  • Site-to-site and remote access VPN support
  • SSL encryption
  • VPN client for multiple operating systems
  • L2TP/IPsec for mobile devices
  • Multi-WAN for failover
  • IPv6 support
  • Split tunneling
  • Multiple tunnels
  • VPN tunnel failover
  • NAT support
  • Automatic or custom routing
  • Local user authentication or RADIUS/LDAP

Intrusion Prevention System

  • Snort-based packet analyzer
  • Layer 7 application detection
  • Multiple rules sources and categories
  • Emerging threats database
  • IP blacklist database
  • Pre-set rule profiles
  • Per-interface configuration
  • Suppressing false positive alerts
  • Deep Packet Inspection (DPI)
  • Optional open-source packages for application blocking

Enterprise Reliability

  • Optional multi-node High Availability Clustering
  • Multi-WAN load balancing
  • Automatic connection failover
  • Bandwidth throttling
  • Traffic shaping wizard
  • Reserve or restrict bandwidth based on traffic priority
  • Fair sharing bandwidth
  • User data transfer quotas

User Authentication

  • Local user and group database
  • User and group-based privileges
  • Optional automatic account expiration
  • External RADIUS authentication
  • Automatic lockout after repeated attempts

Proxy and Content Filtering

  • HTTP and HTTPS proxy
  • Non Transparent or Transparent caching proxy
  • Domain/URL filtering
  • Anti-virus filtering
  • SafeSearch for search engines
  • HTTPS URL and content screening
  • Website access reporting
  • Domain Name blacklisting (DNSBL)
  • Usage reporting for daily, monthly, etc.

Administration

Configuration

  • Web-based configuration
  • Setup wizard for initial configuration
  • Remote web-based administration
  • Customizable dashboard
  • Easy configuration backup/restore
  • Configuration export/import
  • Encrypted automatic backup to Netgate server (with pfSense Gold)
  • Variable level administrative rights
  • Multi-language support
  • Simple updates
  • Forward-compatible configuration
  • Serial console for shell access and recovery options

System Security

  • Web interface security protection
  • CSRF protection
  • HTTP Referer enforcement
  • DNS Rebinding protection
  • HTTP Strict Transport Security
  • Frame protection
  • Optional key-based SSH access

Reporting & Monitoring

  • Dashboard with configurable widgets
  • Local logging
  • Remote logging
  • Local monitoring graphs
  • Real-time interface traffic graphs
  • SNMP monitoring
  • Notifications via web interface, SMTP, or Growl
  • Hardware monitoring
  • Networking diagnostic tools

Get pfSense Now

Choose the right deployment for your needs