About pfSense

What is pfSense?

pfSense is a free and open-source firewall and router software based on FreeBSD. It is commonly used as a firewall in a network, and it can also act as a VPN server or client, a DHCP server or relay, a DNS server or forwarder, and a WAN load balancer. It is highly configurable and can be used in a variety of network topologies and scenarios.

The free Community Edition of pfSense here: https://www.pfsense.org/download/.

What is the difference between pfSense CE and pfSense plus?

pfSense Community Edition is the free and open-source version that can be installed on amd64 and x86-64 architectures or virtual machines to make a dedicated pfSense firewall and/or pfSense router for a network. It is thoroughly documented ( pfSense documentation) and instructions are continuously updated on how to best operate pfSense software.

pfSense Plus is the proprietary version of pfSense that comes pre-installed on Netgate appliances. UK business customers can purchase Netgate appliances at competitive prices using the following link: ITG Shop.

What are the features available with pfSense?


item showcase image

Load Balancing

UTM Device

Traffic Shaping

Captive Portal

DNS / DHCP Server


OpenVPN / IPSec

Web Content Filter

Show All Features

Firewall and Router

  • Stateful Packet Inspection (SPI)
  • GeoIP blocking
  • Anti-Spoofing
  • Time based rules
  • Connection limits
  • Dynamic DNS
  • Reverse proxy
  • Captive portal guest network
  • Supports concurrent IPv4 and IPv6
  • NAT mapping (inbound/outbound)
  • VLAN support (802.1q)
  • Configurable static routing
  • IPv6 network prefix translation
  • IPv6 router advertisements
  • Multiple IP addresses per interface
  • DHCP server
  • DNS forwarding
  • Wake-on-LAN
  • PPPoE Server


  • IPsec, OpenVPN and WireGuard
  • Site-to-site and remote access VPN support
  • SSL encryption
  • VPN client for multiple operating systems
  • L2TP/IPsec for mobile devices
  • Multi-WAN for failover
  • IPv6 support
  • Split tunneling
  • Multiple tunnels
  • VPN tunnel failover
  • NAT support
  • Automatic or custom routing
  • Local user authentication or RADIUS/LDAP

Intrusion Prevention

  • Snort-based packet analyzer
  • Layer 7 application detection
  • Multiple rules sources and categories
  • Emerging threats database
  • IP blacklist database
  • Pre-set rule profiles
  • Per-interface configuration
  • Suppressing false positive alerts
  • Deep Packet Inspection (DPI)
  • Optional open-source packages for application blocking

Enterprise Reliability

  • Optional multi-node High Availability Clustering
  • Multi-WAN load balancing
  • Automatic connection failover
  • Bandwidth throttling
  • Traffic shaping wizard
  • Reserve or restrict bandwidth based on traffic priority
  • Fair sharing bandwidth
  • User data transfer quotas

User Authentication

  • Local user and group database
  • User and group-based privileges
  • Optional automatic account expiration
  • External RADIUS authentication
  • Automatic lockout after repeated attempts

Proxy and Content Filtering

  • HTTP and HTTPS proxy
  • Non Transparent or Transparent caching proxy
  • Domain/URL filtering
  • Anti-virus filtering
  • SafeSearch for search engines
  • HTTPS URL and content screening
  • Website access reporting
  • Domain Name blacklisting (DNSBL)
  • Usage reporting for daily, monthly, etc.


  • Web-based configuration
  • Setup wizard for initial configuration
  • Remote web-based administration
  • Customizable dashboard
  • Easy configuration backup/restore
  • Configuration export/import
  • Encrypted automatic backup to Netgate server
  • Variable level administrative rights
  • Multi-language support
  • Simple updates
  • Forward-compatible configuration
  • Serial console for shell access and recovery options

System Security

  • Web interface security protection
  • CSRF protection
  • HTTP Referer enforcement
  • DNS Rebinding protection
  • HTTP Strict Transport Security
  • Frame protection
  • Optional key-based SSH access

Reporting & Monitoring

  • Dashboard with configurable widgets
  • Local logging
  • Remote logging
  • Local monitoring graphs
  • Real-time interface traffic graphs
  • SNMP monitoring
  • Notifications via web interface, SMTP, or Growl
  • Hardware monitoring
  • Networking diagnostic tools

Who uses pfSense?

Thousands of businesses, educational institutions, government agencies and non-profits – on all seven continents, and for years – have come to rely upon pfSense® software for their secure networking needs.

What is pfSense best for?

pfSense best usage is as perimeter or internal firewall and router for small to medium-sized businesses. As a perimeter firewall, pfSense is typically placed at the boundary of the network to protect the internal network from external threats also thanks to its IDP/IPS capability. As an internal firewall it protects internal resources and segment the network. pfSense’s popular use is also for VPN connectivity, traffic shaping, and other advanced networking features.

Why Buy a Netgate pfSense Appliance?

Netgate appliances are the official pfSense hardware running pfSense plus natively. In other words, Netgate devices are developed, designed and tested to run pfSense plus reliably. With Negate pfSense plus appliances business users can access commercial support directly from the team that host and develop the pfSense project.

pfSense News and Articles

pfSense® and pfSense Certified® are registered trademarks of Electric Sheep Fencing, LLC in the United States and other countries.