Cyber Tool Stack
All tools
NGFWOpen source · Apache-2.0

pfSense CE

By Netgate

A free, open-source firewall and router distribution built on FreeBSD, self-hosted on commodity hardware or a virtual machine. Intrusion prevention and content filtering come from add-on packages (Suricata/Snort, pfBlockerNG) rather than a single built-in engine; Netgate also sells a proprietary pfSense Plus edition and preconfigured appliances.

Verified Source: 1

Product type
Distribution
Deployment
On-premHybrid
Organization size
IndividualSMBMid-market
Pricing tier
Free

Capability checklist

NGFW

How pfSense CE measures up against the full Next-Generation Firewall taxonomy.

Application awareness — not supported
Identifies and controls traffic by application, not just by port or protocol.
Built-in intrusion prevention — supported
Blocks known exploit attempts and attack patterns inline, without a separate box.
Encrypted traffic inspection — not supported
Decrypts and inspects TLS traffic to catch threats hidden inside encrypted sessions.
URL & content filtering — supported
Blocks access to malicious, risky, or policy-violating web categories.
Cloud sandboxing — not supported
Detonates suspicious files in an isolated environment to catch unknown malware.
Centralized policy management — supported
Manages rules and logs across many firewalls and sites from one console.
VPN & remote access — supported
Terminates site-to-site and remote-user VPN connections on the same appliance.

Alternatives

Other Next-Generation Firewall tools with overlapping capabilities, sized for similar teams.

Appears in stacks

Real-world stacks that include pfSense CE.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.