It’s no secret that I think pfSense is wonderful. I’ve written articles about why you should consider using it and recommended hardware that will work great with it. But why is pfSense good? More specifically, why is it better than your router software? Here are seven reasons why.
1. It has fewer unpatched security holes than your router software
Unfortunately, hackers and security experts frequently discover new security holes in router software. Regular security patches are important to plug these holes. But, many router manufacturers abandon updates to routers after a few years in favor of supporting their new models.
pfSense doesn’t have a lot of yearly releases, but it is responsive to security holes and has never been abandoned. It has community developers as well as a company helping to shore up vulnerabilities.
2. It is highly customizable
pfSense gives granular access to many features, especially firewall rules. You can fine-tune your firewall rules to your delight, including tweaking rules by port, protocol, IP address, and more. Most consumer router software doesn’t allow for direct control of firewall rules.
pfSense customization isn’t limited to firewall rules. You can also customize the front page dashboard, VPN settings, QoS settings (traffic shaping), multi-WAN configuration, and much more.
3. It is highly expandable
You can also customize the capabilities of the pfSense. Unlike most router software, pfSense has a package management system (think plugins) that allows users to add features like IDS/IPS systems, proxies, traffic monitors, VPN support, and much more.
Here are some of the customizations and packages I recommend.
4. It has excellent community support
This is one of the primary reasons I switched to pfSense years ago. The support forums are filled with extremely knowledgeable people. Additionally, you can find all kinds of how-tos on YouTube and on blogs. I’m part of that community and have produced a few blog posts to help users with pfSense right here at HomeTechHacker.
5. It has a great price
Do you like free? I like free. Well, the software is free to download, although you can pay for support if you are using pfSense Plus (learn more about the differences between pfSense Plus and pfSense CE here). But you’ll still need to buy hardware for pfSense…
6. You can pick your own hardware
The ability to choose your own hardware allows you to match the specs of your router with the needs of your network. You may have 2 WAN connections or desire multiple VLANs. Then you can purchase hardware with the appropriate amount of network ports. Maybe you already have great access points like I do, in which case you don’t have to buy any wireless gear for your router.
You may need to buy more powerful hardware if you are going to run a VPN server or IDS/IPS like snort or Suricata. You can even decide to virtualize your router.
Often, you can also replace the router provided by your Internet service provider, often even if they say it is required. I did this when I switched over to fiber.
The point is you can buy hardware to your exact specifications, and then you can extend that hardware if your needs change. Here’s help choosing the right hardware for pfSense.
7. It has extensive documentation
pfSense has its own documentation site that is extensive, searchable, and regularly maintained. You can find everything from how-tos to technical documentation.
Final thoughts
I know pfSense isn’t for everyone, but I do think it is superior to most router software that comes with off-the-shelf routers. pfSense isn’t the only game in town. It has some good alternatives that are probably also better than most!
What router software are you using? Have you looked into using pfSense? Let me know in the comments or on Twitter.
