About pfSense

What is pfSense?

pfSense is an extraordinary piece of software used by network enthusiasts, learners, medium-sized businesses, and large enterprises alike. Built on the strong foundation of FreeBSD, it is commonly employed as a network firewall and can also function as a VPN server or client, a DHCP server or relay, a DNS server or forwarder, and a WAN load balancer. It is highly configurable and feature-rich, making it suitable for a variety of network topologies and scenarios.

What is the difference between pfSense CE and pfSense Plus?

pfSense Community Edition is the free and open-source version that can be installed on amd64 and x86-64 architectures or virtual machines to make a dedicated pfSense firewall and/or pfSense router for a network. It is thoroughly documented ( pfSense documentation) and instructions are continuously updated on how to best operate pfSense software.

The free Community Edition of pfSense can be downloaded here: https://www.pfsense.org/download/.

pfSense Plus is the proprietary version of pfSense that comes pre-installed on Netgate branded appliances. It includes TAC Lite support and software updates at no additional charge for the life of the unit. Netgate appliances are available for purchase from our online store at the following link: ITG Shop.

What are the features available with pfSense?


item showcase image

Load Balancing

UTM Device

Traffic Shaping

Captive Portal

DNS / DHCP Server


OpenVPN / IPSec

Web Content Filter

Show All Features

Firewall and Router

  • Stateful Packet Inspection (SPI)
  • GeoIP blocking
  • Anti-Spoofing
  • Time based rules
  • Connection limits
  • Dynamic DNS
  • Reverse proxy
  • Captive portal guest network
  • Supports concurrent IPv4 and IPv6
  • NAT mapping (inbound/outbound)
  • VLAN support (802.1q)
  • Configurable static routing
  • IPv6 network prefix translation
  • IPv6 router advertisements
  • Multiple IP addresses per interface
  • DHCP server
  • DNS forwarding
  • Wake-on-LAN
  • PPPoE Server


  • IPsec, OpenVPN and WireGuard
  • Site-to-site and remote access VPN support
  • SSL encryption
  • VPN client for multiple operating systems
  • L2TP/IPsec for mobile devices
  • Multi-WAN for failover
  • IPv6 support
  • Split tunneling
  • Multiple tunnels
  • VPN tunnel failover
  • NAT support
  • Automatic or custom routing
  • Local user authentication or RADIUS/LDAP

Intrusion Prevention

  • Snort-based packet analyzer
  • Layer 7 application detection
  • Multiple rules sources and categories
  • Emerging threats database
  • IP blacklist database
  • Pre-set rule profiles
  • Per-interface configuration
  • Suppressing false positive alerts
  • Deep Packet Inspection (DPI)
  • Optional open-source packages for application blocking

Enterprise Reliability

  • Optional multi-node High Availability Clustering
  • Multi-WAN load balancing
  • Automatic connection failover
  • Bandwidth throttling
  • Traffic shaping wizard
  • Reserve or restrict bandwidth based on traffic priority
  • Fair sharing bandwidth
  • User data transfer quotas

User Authentication

  • Local user and group database
  • User and group-based privileges
  • Optional automatic account expiration
  • External RADIUS authentication
  • Automatic lockout after repeated attempts

Proxy and Content Filtering

  • HTTP and HTTPS proxy
  • Non Transparent or Transparent caching proxy
  • Domain/URL filtering
  • Anti-virus filtering
  • SafeSearch for search engines
  • HTTPS URL and content screening
  • Website access reporting
  • Domain Name blacklisting (DNSBL)
  • Usage reporting for daily, monthly, etc.


  • Web-based configuration
  • Setup wizard for initial configuration
  • Remote web-based administration
  • Customizable dashboard
  • Easy configuration backup/restore
  • Configuration export/import
  • Encrypted automatic backup to Netgate server
  • Variable level administrative rights
  • Multi-language support
  • Simple updates
  • Forward-compatible configuration
  • Serial console for shell access and recovery options

System Security

  • Web interface security protection
  • CSRF protection
  • HTTP Referer enforcement
  • DNS Rebinding protection
  • HTTP Strict Transport Security
  • Frame protection
  • Optional key-based SSH access

Reporting & Monitoring

  • Dashboard with configurable widgets
  • Local logging
  • Remote logging
  • Local monitoring graphs
  • Real-time interface traffic graphs
  • SNMP monitoring
  • Notifications via web interface, SMTP, or Growl
  • Hardware monitoring
  • Networking diagnostic tools

Who uses pfSense?

Thousands of businesses, educational institutions, government agencies and non-profits – on all seven continents, and for years – have come to rely upon pfSense® software for their secure networking needs.

What is pfSense best for?

pfSense best usage is as perimeter or internal firewall and router for small to medium-sized businesses. As a perimeter firewall, pfSense is typically placed at the boundary of the network to protect the internal network from external threats also thanks to its IDP/IPS capability. As an internal firewall it protects internal resources and segment the network. pfSense’s popular use is also for VPN connectivity, traffic shaping, and other advanced networking features.

Who is Netgate?

Netgate stands as the primary developer and custodian of the pfSense project, playing a significant role in the realm of open-source networking. The company’s contributions are notably evident in the advancement of FreeBSD, a critical base upon which pfSense is built, which also underpins a wide array of network and firewall solutions across the industry. Through a business model that balances the nurturing of open-source software with the provision of enterprise-grade solutions and services, Netgate has established a robust support system for the development of free and accessible networking technologies. Their approach enables a spectrum of users, from individuals and small businesses to large-scale enterprises, to benefit from a suite of networking security and reliability tools. In collaboration with partners such as IT and General, Netgate has positioned itself as a trusted provider in network security solutions, offering an array of services that cater to a diverse set of networking needs.

Why Buy a Netgate pfSense Appliance?

Netgate appliances are the official pfSense hardware, engineered to run pfSense Plus natively. This means that Netgate devices are specifically developed, designed, and rigorously tested for optimal performance with pfSense Plus. By opting for Netgate pfSense Plus appliances, business users not only gain access to reliable hardware but also ensure compliance with industry standards. Additionally, they can avail themselves of commercial support directly from the team that both maintains and develops the pfSense project, ensuring streamlined assistance and expertise.

pfSense News and Articles

Explore the latest pfSense Plus RELEASE 23.09 features and enhancements. Exclusive for Netgate appliance users – upgrade at no extra cost! If you're an ITG customer with a maintenance package or support contract, stay tuned – we'll reach out to plan your seamless upgrade. Discover all the details here....

pfSense® and pfSense Certified® are registered trademarks of Electric Sheep Fencing, LLC in the United States and other countries.