Comparison to Commercial Alternatives¶
The question of security and support vs. commercial alternatives comes up from time to time. The history of this project since its inception in 2004 proves we’re as secure as any, and better than many, commercial alternatives. The experiences of our customers proves not only can we match the service of any commercial firewall vendor, we exceed it. This page serves to debunk the common myths when comparing to commercial alternatives.
“Hardware” firewalls are better myth¶
Commercial firewall companies’ marketing departments have done a fine job ingraining the myth of “hardware firewalls” into some people’s minds. The reality is there is no such thing as a “hardware firewall.” All firewalls are hardware that runs software. Most commercial firewalls are based on BSD (same as pfSense®) or Linux. Numerous commercial firewalls run many of the same underlying software programs that pfSense software uses. Many commercial alternatives run on x86 hardware that’s no different from what people use for pfSense software. In fact many people have loaded pfSense software on hardware that used to run their commercial firewall, including Watchguard, Nortel, Barracuda and more.
Open source is insecure myth¶
Some people are of the mindset that because the source is open, it’s insecure because everyone can see how it works. Anyone who has paid any attention to security over the past 20 years knows the absurdity of that statement. No software relies on the obscurity of source code for security. If there was any truth in that, Microsoft Windows would be the most secure OS ever created, when the reality is all of the open source operating systems (all the BSDs and Linux) have security track records that are worlds better than Windows’. History proves the same applies to any software. Internet Explorer is continually hit with major security holes that many times take weeks to patch while they’re being exploited in the wild, while open source browsers Firefox, Chrome and others have had significantly better security track records.
The widespread UPnP vulnerabilities announced in 2013 affecting over 300 commercial products is another good example. The vendors of hundreds of commercial products made extremely basic security mistakes, shipping with absurdly insecure defaults, and shipping outdated software. That’s never been an issue with pfSense software. That’s only one example of where pfSense software has done a better job than many commercial vendors.
Commercial alternatives have better support myth¶
With some open source projects, it’s true that a user is stuck if they need help. Netgate offers commercial support for pfSense software, Netgate TAC, that rivals anything other commercial vendor offers.