Hi Ian,
Sorry for the delay in getting back to you. Now, onto my impromptu review...
pfSense is a BSD-based versatile and free networking appliance. But I’m guessing you already knew that.
Here’s what you might not know, pfSense is optimised to run on very low performing hardware, and is good for ARM and 64-bit processors. Of course, you will need at least two physical NICs for this to work properly.
How suitable pfSense is for you depends on your expectations. You can’t expect a 1.4GHz CPU to keep up with 350Mbps throughput comfortably.
You haven’t given me much to go on regarding requirements. For a home network, I personally think it’s overkill. If you’re running a home lab or enjoy experimenting then it’s a great choice.
pfSense is modular. You can install various modules, for example, gateway-level antivirus and web filtering (even filtering HTTPS traffic is possible) but this will again take a toll on performance.
Previously, I used Sophos UTM in conjunction with pfSense to provide network access around the home on several subnets. The Sophos UTM would manage desktop and laptop PCs and pfSense was in charge of the Wi-Fi network (although it still passed web traffic to Sophos UTM for web filtering). The routing system is very versatile in pfSense, you can do just about anything.
I found the solution was too cumbersome to maintain, so I switched to Sophos XG firewall which rendered both appliances redundant.
pfSense doesn’t have a great GUI and this was one of the factors I considered before switching. It does have a very steep learning curve, so bear this in mind. I recommend trying it out in a virtual machine environment before deploying it to any production environment. This allows you to configure and test in a virtual environment, and once you’re happy, simple restore the configuration to a production environment and you’re good to go.
Unfortunately I no longer use it so my experience is somewhat limited. But I hope this was helpful, if you need any more information, let me know.
- Captain Jack Sparrow