A silly Question, is there a better alternative to pfsense for home use?

[Patrick]

@SamDabbers even better: Proxmox VM.

On the pfSense v. opnsense v. Sophos v. untangle v. ipfire. Here is some perspective that is very important:


If you do "Sophos UTM" instead of Sophos, the search levels over the last year are with the other four.

There is still an enormous gap between pfSense and some of the smaller projects.

@Rhinox looks like one of the free clickbait articles we get offered to run on STH. You can see the indented link list that the site you linked removed the links for. Also, the formatting has no headers other than Verdict. Most bigger sites will have subheadings. It is strange to have a review like that missing performance, stability, and etc.

 

[mstone]

There is still an enormous gap between pfSense and some of the smaller projects.

Sure, they have a bigger search share. (I'd argue, for mainly historical reasons.) That doesn't have much impact on whether they're still the best choice for all the reasons already covered. I'm also skeptical that this methodology really proves much other than the fact that pfsense has exactly one product and is easy to google, while most of the market leading firewalls have a bunch of products and are hard to tease out of google search results.

Google Trends

 

[Nnyan]

I've used pfsense for a long time then moved to opnsense. Very feature rich and powerful but over the years things would go sideways and while most of the time I could googlefu a fix sometimes a rebuild was the only way to get back up and running. I ran sophos utm for awhile and would try XG now and then, but until recently it was buggy, incomplete and SLOW. The latest versions had me sold. Responsive and solid. Feature wise still missing some things but nothing I needed. If it wasn't for me moving to Unifi I would still be running it.

 

[Deslok]

Just to throw another opinion in the fire, I've been using OPNsense since I moved last fall and it's been solid, I have it running in hyper-v on a 3770 without too much fuss(I know Ivy Bridge is old but new hardware costs money) and since I dislike realtek anyway I haven't had any issues with it. Running in the vmhost which I have running anyway has been a space saver although I did consider this mikrotik since I have one at a remote site for work as well and like it, but free is very appealing when you have time to set things up. MikroTik

 

[Nnyan]

Having used pfSense, OPNsense and Sophos UTM for many years I think they all work pretty well. I prefer the OPNSense GUI (cleaner, easier to find things overall IMHO) but that is subjective. Sophos is a nicer looking UI but it too can be a bit scattered as to where things are but it worked well enough. I tried XG since beta now and then and until recently I would not recommend it but lately it's really been smooth and solid. I was using that until I moved to Unifi gear. BUT I'm looking to install XG in bridge mode (inline to the USG) in the near future. PFS and OPNS are great but when something goes wrong it really goes wrong. At least OPNS had a nice restore function that worked well (not quite as nice as the XG but well enough).

 

[Patrick]

@Nnyan - my home pfSense box died recently. I had a SG-1000 lying around. Booted it, restored from the backup configuration, and everything was back up in a matter of a few minutes. Fairly good for x86 to ARM transition.

 

[Stril]

Hi!

I prefer mikrotik for home use, but the biggest problem is the same for all systems:
Maintaining large rule-sets is a pain. The best solution, I ever found was fwbuilder, which is making every linux-system a great firewall with object-based rule management and the ability to use rulesets for many systems, BUT:

The system is opensource, but without a maintainer. I would be willing to pay a lot to get a new version...

 

[Nnyan]

@Patrick I didn't want to give the impression that pfSense didn't have a restore function, it does and it does work for the most part but I have had a number of issues over time with restores. OPNsense isn't perfect either but I had fewer restore issues but that could have just been chance.

 

[MBastian]

I've had good luck with this. GitHub - Blablabla/blabla: AI-Powered ... garbage ... more OSS licenses and programming language that you can easily shake a stick at
Note: it doesn't require a GPU or AI to work.

Might it be that you are the maintainer and only contributor? (Redacted link)
The repo was committed last week and is already a v 5.11.9. That rings some heavy duty alarm bells for me.
Also, necroing an eight years old thread ...

EDIT: User got banned, removed links.

 

[daniel_i]

I personally toyed with pfsense using an old SFF OptiPlex + PCI network card, but nuked the whole thing once I lost part of my config after a power outage. I had never heard of that before, but I quickly learned that is common. No go for me. I already had been wanting to get some Unifi APs, so that sold me on a cloud gateway easily. I understand configs can be backed and restored easily, but I travel for work sometimes, and I am not going to teach my spouse how to do that. Frankly, networking equipment of any kind should be more robust than that.

I am certainly slightly less comfortable in terms of privacy and security with it, but it's one of those things were the convivence is too good.

 

[T_Minus]

I personally toyed with pfsense using an old SFF OptiPlex + PCI network card, but nuked the whole thing once I lost part of my config after a power outage. I had never heard of that before, but I quickly learned that is common. No go for me. I already had been wanting to get some Unifi APs, so that sold me on a cloud gateway easily. I understand configs can be backed and restored easily, but I travel for work sometimes, and I am not going to teach my spouse how to do that. Frankly, networking equipment of any kind should be more robust than that.

I am certainly slightly less comfortable in terms of privacy and security with it, but it's one of those things were the convivence is too good.

odd, a decade+ of it at my home with dozens of power outages per-year and never had that occur

 

[daniel_i]

I'm sure it's not a majority of users, of course there are countless people like yourself (and entire institutions) who use it happily. "Common" was a poor word choice - more common than with other firewalls would be a better fit. It could have been even down to my hardware, though I did try with another box eventually. After some searching about it in the heat of moment, I found too many other similar stories to be confidence inspiring. What is your host?

 

[kapone]

more common than with other firewalls would be a better fit.

Still not true. I've had my pfsense/opnsense get shut down "abruptly" due to:

- the UPS (finally) running out of juice (the firewall and the switches are the only things that stay up after UPS goes on battery, and stay there until the UPS dies),
- me pulling the power plug to test recovery
- moving the install SSD between hardware
- etc.

I've never had ANY of these corrupt their config. This must be an isolated case with your hardware.

 

[daniel_i]

Still not true. I've had my pfsense/opnsense get shut down "abruptly" due to:

- the UPS (finally) running out of juice (the firewall and the switches are the only things that stay up after UPS goes on battery, and stay there until the UPS dies),
- me pulling the power plug to test recovery
- moving the install SSD between hardware
- etc.

I've never had ANY of these corrupt their config. This must be an isolated case with your hardware.

'Not true' is very absolute. If you simply Google "pfsense power loss lost config" you sill see a plethora of people across many platforms talking about it, I'd argue more than other firewall/router platforms. That is what I am talking about, not just my anecdote. If we just used that, we would be tied. You had a good experience, I didn't. Cancels out. (I did have a great experience until it lost config, just to say. I do really like the software itself.)

You mention OPNsense. That is probably more reliable because of ZFS. But I am not trying to say pfsense is bad. Its just not perfect, like anything else. OP may be better off with something more 'off the self' if they don't want to muck with recovery and config backups.

 

[sth]

@SamDabbers even better: Proxmox VM.

On the pfSense v. opnsense v. Sophos v. untangle v. ipfire. Here is some perspective that is very important:
View attachment 7736

Seem as we're having a holy 8 year old thread bump moment, I thought I'd run a 2026 comparison to your 2017 chart that caught my eye.

 

[SnJ9MX]

continuing on the bump of the old thread - I have had a decent history of pfSense starting in 2016 or so. rebuilt the FW in maybe 2023 and decided to give Opnsense a go - this was during all the wireguard drama. it generally worked, but I still preferred the look and feel of pfSense. then a few months ago, I was redoing stuff again and decided to go back to pfSense. Opnsense worked ok I guess but I still prefer pfSense. I see no reason to go to do Opnsense with wireguard fully working now. FWIW I did have Claude Opus 4.6 do the migration from Opnsense to pfSense - complete with spinning up the VM in Proxmox, shuffling the vtnet adapters around, migrating configs, etc. Took 30 min, with me away from the computer for most of it.

 

[Patrick]

@sth That is a great update.

Also, holy thread necro!

 

[kapone]

I hate AI slop...

 

[nabsltd]

I hate AI slop...

I'm pretty sure this was stolen verbatim from a discussion of "pfSense vs OPNsense" on some discussion board.

The "cleaner, more modern interface" is the phrase that jumped out. That phrase is also used in ads for SFFs that are intended as firewalls.

As a long-time pfSense user who has never seen OPNsense at all, I'm pretty sure I don't want a "cleaner, more modern interface" to get in my way. I don't need "pretty" in my firewall controller UI.

 

[kapone]

As a long-time pfSense user who has never seen OPNsense at all, I'm pretty sure I don't want a "cleaner, more modern interface" to get in my way. I don't need "pretty" in my firewall controller UI.

I actually like the layout and structure of pfSense better. But...ethics man...didn't have a choice.