The modern creative communication and internet network connect in smart city
Image: Blue Planet Studio/Adobe Stock

Choosing the right router and firewall combination is a key element when it comes to both blocking outside security threats but also maximizing the efficiency of your network. Two options that look to fill this role are pfSense and the Netgear series of routers and its bundled firewall software.

Jump to:

What is pfSense?

pfSense is a fully open-source network firewall solution that is free to use and is based on the FreeBSD operating system. It works with a host of routers and appliances, and you can even build your own if you need the added customization and options.

pfSense also offers its own routers under the name Netgate for those who want an experience closer to a bundled hardware and software option, such as with Netgear, but with the added options and flexibility pfSense offers.

SEE: Mobile device security policy (TechRepublic Premium)

What are Netgear routers?

Netgear is one of the top names in routers and firewall solutions and has been for decades. Its hardware and software are a totally closed system, which is in stark contrast with pfSense’s open design.

The main advantage with choosing a solution from Netgear will be the plug-and-play aspect of the bundled hardware and software. Many users will be able to simply install the router and not have to configure much of anything unless there is a specific need.

pfSense vs. Netgear: Feature comparison

Due to the variety of hardware configurations with both pfSense and Netgear, this comparison will mostly focus on software settings and the key features between the two. For this, we will focus on a small to medium sized commercial setup that is typical of a small office, home office or up to the size of a branch office.

Dynamic DNS supportYesYes
Automatic VPN routingYesNo
Install and configuration wizardsNoYes
Virtualization supportYesNo
Vlan supportYesYes
Built-in IDS and IDP supportYesNo

Security features

pfSense comes with built-in intrusion detection and prevention (IDS/IPS) feature support for tools like Snort, and no additional services are required for most applications.

Netgear router software does not have these features built in by default. Instead, it will require an additional paid service known as their Armor Service, which provides IDS/IPS options as well as endpoint protections like Bitdefender.

Hardware configuration

Being open source and free to install on many different devices and appliances, pfSense has an almost limitless number of hardware configuration options, including home-built. However, pfSense users can get a similar bundled experience as Netgear hardware and software by choosing one of the pfSense approved ARM-based hardware appliances that are sold under the brand Netgate.

pfSense also has built-in feature support to be run as a virtual machine, which adds even more hardware options. But this is the most complicated of the setups, and troubleshooting performance or security issues can be difficult. So, this is only recommended for advanced users, especially if being put in a commercial environment.

By comparison, Netgear offers everything bundled, so there are no mixing and matching options and the software cannot be used independently. There are also no virtualization features. Although, Netgear does offer a wider variety of routers for small to medium sized businesses which exceeds the number of offerings from Netgate.

Software configuration features

pfSense installs with what most security experts would agree is the most secure settings by default. No ports are left open, and most users will see this as a good, secure starting point and, in some cases, will not require many additional changes from a security standpoint. And while not necessarily more difficult than Netgear, users will need to understand the menus and interface before diving in and making initial configuration changes.

Netgear does offer several wizards, which guide users through the configuration. Applications such as their Genie program help to detect network assets and possible issues, providing an additional guide when deciding which security features need to be enabled. In this case, the experience with Netgear is the more plug-and-play friendly option.

Dynamic DNS features

Whether you choose pfSense or a Netgear option, they both do offer dynamic DNS support, but pfSense does offer more options, supporting over 20 DNS services. With pfSense, the dynamic DNS client is built-in and there are integrations with all the most popular services right from the dashboard interface. Moreover, there is a custom feature to use a URL of an unsupported device.

Comparatively, With Netgear, you will have to first sign up with their dedicated partner service. Then, you can integrate that into the configuration dashboard.

Choosing between pfSense and Netgear routers

Choosing between these two router and firewall options really comes down to which options mean more to you and how much customization you need.

Both options are tested and secure when used and configured correctly, but the decision will come down to whether you need the more advanced functionality and features that pfSense allows for. These additional features extend a pfSense router and firewall setup beyond that of a typical configuration.

However, Netgear hardware, along with their proprietary software, offers all the core security features needed in a network. They do have some additional options, but these are behind a paid service.

Subscribe to the Developer Insider Newsletter

From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays

Subscribe to the Developer Insider Newsletter

From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays