NGFWOpen source · Apache-2.0
pfSense CE
By Netgate
A free, open-source firewall and router distribution built on FreeBSD, self-hosted on commodity hardware or a virtual machine. Intrusion prevention and content filtering come from add-on packages (Suricata/Snort, pfBlockerNG) rather than a single built-in engine; Netgate also sells a proprietary pfSense Plus edition and preconfigured appliances.
Verified Source: 1
- Product type
- Distribution
- Deployment
- On-premHybrid
- Organization size
- IndividualSMBMid-market
- Pricing tier
- Free
Capability checklist
NGFWHow pfSense CE measures up against the full Next-Generation Firewall taxonomy.
- Application awareness — not supported
- Identifies and controls traffic by application, not just by port or protocol.
- Built-in intrusion prevention — supported
- Blocks known exploit attempts and attack patterns inline, without a separate box.
- Encrypted traffic inspection — not supported
- Decrypts and inspects TLS traffic to catch threats hidden inside encrypted sessions.
- URL & content filtering — supported
- Blocks access to malicious, risky, or policy-violating web categories.
- Cloud sandboxing — not supported
- Detonates suspicious files in an isolated environment to catch unknown malware.
- Centralized policy management — supported
- Manages rules and logs across many firewalls and sites from one console.
- VPN & remote access — supported
- Terminates site-to-site and remote-user VPN connections on the same appliance.
Alternatives
Other Next-Generation Firewall tools with overlapping capabilities, sized for similar teams.
Appears in stacks
Real-world stacks that include pfSense CE.