pfSense® software is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface.

In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

Why pfSense Software?

Thousands of businesses, educational institutions, government agencies and non-profits - on all seven continents, and for years - have come to rely upon pfSense software for their secure networking needs. For organisations in search of sub-10 Gbps performance, flexible 3rd-party application options, traditional management mechanisms, proven reliability, and access to business assurance support options, pfSense software is the perfect answer.


Firewall and Router


Intrusion Prevention System

  • Stateful Packet Inspection (SPI)

  • GeoIP blocking

  • Anti-Spoofing

  • Time based rules

  • Connection limits

  • Dynamic DNS

  • Reverse proxy

  • Captive portal guest network

  • Supports concurrent IPv4 and IPv6

  • NAT mapping (inbound/outbound)

  • VLAN support (802.1q)

  • Configurable static routing

  • IPv6 network prefix translation

  • IPv6 router advertisements

  • Multiple IP addresses per interface

  • DHCP server

  • DNS forwarding

  • Wake-on-LAN

  • PPPoE Server

  • IPsec and OpenVPN

  • Site-to-site and remote access VPN support

  • SSL encryption

  • VPN client for multiple operating systems

  • L2TP/IPsec for mobile devices

  • Multi-WAN for failover

  • IPv6 support

  • Split tunneling

  • Multiple tunnels

  • VPN tunnel failover

  • NAT support

  • Automatic or custom routing

  • Local user authentication or RADIUS/LDAP

  • Snort-based packet analyzer

  • Layer 7 application detection

  • Multiple rules sources and categories

  • Emerging threats database

  • IP blacklist database

  • Pre-set rule profiles

  • Per-interface configuration

  • Suppressing false positive alerts

  • Deep Packet Inspection (DPI)

  • Optional open-source packages for application blocking

Enterprise Reliability

User Authentication

Proxy and Content Filtering

  • Optional multi-node High Availability Clustering

  • Multi-WAN load balancing

  • Automatic connection failover

  • Bandwidth throttling

  • Traffic shaping wizard

  • Reserve or restrict bandwidth based on traffic priority

  • Fair sharing bandwidth

  • User data transfer quotas

  • Local user and group database

  • User and group-based privileges

  • Optional automatic account expiration

  • External RADIUS authentication

  • Automatic lockout after repeated attempts

  • HTTP and HTTPS proxy

  • Non Transparent or Transparent caching proxy

  • Domain/URL filtering

  • Anti-virus filtering

  • SafeSearch for search engines

  • HTTPS URL and content screening

  • Website access reporting

  • Domain Name blacklisting (DNSBL)

  • Usage reporting for daily, monthly, etc.


System Security

Reporting & Monitoring

  • Web-based configuration

  • Setup wizard for initial configuration

  • Remote web-based administration

  • Customizable dashboard

  • Easy configuration backup/restore

  • Configuration export/import

  • Encrypted automatic backup to Netgate server

  • Variable level administrative rights

  • Multi-language support

  • Simple updates

  • Forward-compatible configuration

  • Serial console for shell access and recovery options

  • Web interface security protection

  • CSRF protection

  • HTTP Referer enforcement

  • DNS Rebinding protection

  • HTTP Strict Transport Security

  • Frame protection

  • Optional key-based SSH access

  • Dashboard with configurable widgets

  • Local logging

  • Remote logging

  • Local monitoring graphs

  • Real-time interface traffic graphs

  • SNMP monitoring

  • Notifications via web interface, SMTP, or Growl

  • Hardware monitoring

  • Networking diagnostic tools