Friday, June 13, 2008

A 2nd look at pfSense, is it really FREE?

Got a number of users asking me if pfSense is any good as a "free" (as in beer) multi wan solution, rather than spending few hundred bucks for a ready-to-go, optimized, multi-wan appliance.

Guys, is it REALLY FREE?

We haven't tried pfSense ourselves so it would be unfair if I try to belittle it in any way.  But depending on how you do the math, it is NOT free as a COMPLETE solution.  Here is the cost structure:
  • At the very least, you need a spare computer, see min hardware requirements.  (est. US$300)
  • Studying, installation, testing, tuning, deploying, testing again.  From a few hours to a day or two of hard work (est. US$400 for a good IT professional)
  • Obtaining commercial support (est. another few hundreds per year, maybe)
Obviously, I would not say this is a free solution.  If you don't agree, I beg to know why.

Update (June 16): I had tried to make it clear that I was not pointing my fingers to the quality of pfSense at the original post above, but obviously I failed in this regard. ;)  People just thought I was attacking the open source model in general.  That's not my intention.  I tried to bring the cost structure to the table and let everyone rethink the cost of any solution in a big picture.


  1. Apparently you're selling some competitive device, which explains your comments. I don't know anything about peplink so I won't comment on it.

    But... is pfSense free? It's as free as any multi-WAN solution can be. And lower cost than any commercial alternative including peplink.

    Software - free in every sense of the word. Open source, BSD licensed, community supported.

    Hardware - any IT person has a plethora of free hardware at his or her disposal that's more than adequate to run 50-100 Mb of Internet throughput. I have more ~1 GHz machines at my disposal than I could ever use, such machines are capable of pushing 100 Mb wire speed. If you want to go with new hardware, an embedded ALIX setup is less than $225 shipped and comparable to the lowest end peplink box which is more than double the cost.

    Support - not required, the vast majority of pfSense users don't buy support. For many, it saves them a lot of soft costs because it saves time.

    Studying/install/testing/tuning/etc. - this is no different regardless of what kind of multi-WAN system you deploy. There is no magic drop in box that immediately does precisely what you want it to do, and that you somehow know exactly how to operate without any learning whatsoever. This isn't a difference, *every* system is going to have a learning curve.

    The major difference between a commercial solution and open source is going to be the hard costs, the cost of the hardware. At the lowest end, Peplink is about double what a comparable pfSense box is going to cost you. At the high end, the difference is so vast it's laughable. Peplink charges $4K for a box with only 7 WANs. You can pick up a brand new low end Dell server to accommodate more than 10 WANs for $500 (there are a number of pfSense users with 8-10+ WANs). Generally this is done with VLANs on a managed switch to minimize the cabling mess and unnecessary interface expenses, so throw in another $100 for a switch and you have a 23 WAN capable setup for $600. Add commercial support and you're still just 25% of the price of the Peplink.

    There are significant hard savings with no difference in soft costs with open source if you deploy multiple small sites, or a single large site.

  2. Since this is an obvious troll from a commercial company (peplink) trying desperately to combat with marketing what they can't combat with price or features, I'm not expecting to see this comment make it up. But, for my own amusement, let's examine the facts.

    Most IT professionals have plenty of older gear around, buying a new machine to run pfSense isn't required, although your $300 price tag for rackmount gear is pretty optimistic. Say you want an embedded solution like an AliX board, that's around $300, that's still cheaper than a competing product from Linksys, Watchguard, Sonicwall or Peplink.

    Commercial support, the only other actual cost item you have listed is optional and certainly not required. The vast majority of pfSense users have installed their machines successfully without it. IT professionals who require the safety net of calling someone when they need an issue solved, however, have found that commercial support is very valuable both in terms of value (the ability to talk directly with one of the developers) and time saved. Compared to the prices charged for support by commercial ventures (such as peplink) I think its safe to say that the value for the dollar (Euro, lire, kopek, kroener or peso) is self-evident.

  3. hmmm, seems as if you did not evaluate right...
    What can a software be more free ?
    it's freebsd based, opensource and everybody can use it for free... theres nothing mandatory, no support, nor else...
    And it you're thinking about it not being free, please show me the site, where you can download a distro incl. the computer and the support and else ;-)

  4. It seems that I have created some flame bait. ;)

    Of course, pfSense *itself* is free (as in beer and freedom), my point is the *whole solution* is not.

    Many people perceive solutions comprising of open source software as "free solution" and they tend to forget all other tangible and intagible costs associated with it.

    An open source solution is a low-cost solution at best but not free. Some components of it may be freely available - e.g. Linux, pfSense.

    Gary: You're exactly right about the different markets for these products.

    As an IT pro myself, I very well understand the temptation to make DIY solution work for myself or my small firm. But for the majority of companies out there, they should look at the total cost of ownership, deployment and maintenance. We work as a business/IT consultant for a living and I feel a strong sense of responsibility to remind my clients to see the whole picture and cost! before commiting on any solution. We recommend the big boys like F5, Radware too but they're just too pricey for a lot of my clients. Then we found the Peplink and they make good products and the prices are more right for small and med size companies.

    Since this article has spurred so much interest, I will take the time to explain my view further in a separate post, stay tuned.

  5. Sounds a lot like the argument Microsoft uses for Linux.

    The point of time is money is not a strong point. Considering that it will take time to configure Pepwave as well as pfSense.

    Is walking really free? ...
    Several hours of walking a week can cost you many hours of your time. Time that can be worth hundreds.

    Is sleeping really free?
    Sleeping takes a great deal of your time therefore it costs you hundreds every night.

    pfSense is intuitive when compared with most other firewalls with a comparable feature set.

  6. Flame bait indeed. :) This whole blog is apparently nothing more than a front for peplink, and is full of FUD deriding open source solutions.

    There is nothing you can post to debunk what has already been posted in the comments here, open source is a lower cost solution in virtually every environment when taking every hard and soft cost into account. There are even more benefits of open source over commercial solutions that aren't listed here.

    Cost isn't the only factor either. Most of the time it's going to come down to which solution can provide what the particular environment requires first, and cost is a secondary concern. It doesn't matter what something costs if it does not fit the requirements of the environment. Some functionality in pfSense isn't available in similar commercial solutions, and vice versa. In most environments either open source or commercial solutions are equally suitable, and factors like cost become the primary consideration.

    I must give you kudos for approving these comments though.

  7. I hate people putting words in my mouth. I never belittle the quality of pfSense or open source software in general. (The only piece of product that I wrote bad BUT FAIR thing about is the Mushroom box.)

    I stated clearly that I want to remind people about total costs of owning a solution. I don't think this is any hypocritical.

    Put it this way, why people are buying RHEL when there is CentOS?

    Why people are buying SugarCRM (hosted service) when there is SugarCRM Opensource Edition?

    I would NEVER say CentOS is lame to RHEL.

    I would NEVER say SugarCRM OS is lame to SugarCRM (hosted service).

    The answer is exactly that business need a total solution from software to hardware to great customer service. As simple as that. No one ever mentioned in this blog that pfSense is not good. See my original post on the quality aspect of pfSense before you criticize me. I said it would be unfair to belittle it in any way because we haven't tried it ourselves.

  8. I am very surprise Sam's post is having so many discussion. I don't want to add too much to the discussion, but this is what i posted a while ago.

    Another opinion on Open Source Software

  9. I spent the last day and a half trying to get pfSense up and running. Only to find out the GRE/PPTP limitation which only allow only one client connecting to the same PPTP server.

    Going to spend time looking at pelink

  10. I am a pfSense user and I have more than 1 PPTP connection. I actually average about 20-25 at a time. Since our shop is a Microsoft Windows 2003 / XP / Vista network, I have PPTP forwarded to our PPTP / VPN Server which is Windows 2003. The limit is removed from PPTP perspective at gthe firewall since VPN is handled by our Windows 2003 PPTP server. Obviously you can have a PPTP Linux server behind the fw to do same thing if you are so against MS or you can use OpenVPN - several ways to accomodate your requirements.

  11. @mark
    "is sleeping really free"

    When you sort out how to negate the need for sleep without psychotic side effects please let us know. :)

  12. This blog really is obviously a shot at discrediting or deferring people from trying/using pfsense.

    The bad english is a dead give away, it looks very similar to the few emails I've passed back and fourth with peplink, which obviously gets routed to Hong Kong.

    I personally like Peplink, I think the product is solid and it has not let me down as of yet. I do think they need to re-evaluate the prices on some of their product line as some of it is just hideously expensive for what you get.

    Having said that, I do plan on migrating to pfsense or another free solution as I just cannot keep up with the cost/benefit ratio of peplink.

    If I were peplink I'd re-evaluate and try to take a bit more of dynamic approach to improving their multi-wan gateway line.

    I have a few suggestions.

  13. pfSense and Peplink have different customer segments. Put it this way, I use OpenOffice. I would never pay for MS Office. OOo works beautifully for me most of the time. The truth is, MS Office is still selling like hotcakes.

    Now, OOo is *free* to download and use. Why are a lot of companies still not adopting it?

  14. All of Vietnam's Government Computers To Use Linux, By Fiat

    Linux rules!

  15. I have used pfSense since 1.2 and have nothing but praise, but Chris, I think you are way out of line. People who goes to try and use pfSense will know its merits and will not even consider peplink. Chris, stay out of this kind of propaganda and discussions and move on based on your products merits - I am a VERY happy pfSense 1.2.3 now, don't get caught up with sound idiotic too - if not more.

  16. is it really that hard to understand that there are two groups of customers, and that there is indeed no conflict?!

  17. I've just installed pfsense and am finding it a very good product however I'm confused with these comments! Are these people really this stupid? Sam hasn't attacked anyone or anything. He has made a VERY valid point to consider the Total Project Cost and any competent professional must do this! Don't you know there is no such thing as a free lunch? Nothing is free! No, not even sleep. Sleeping has an opportunity cost of not playing or working associated with it. Yes sleep is a necessary part of life, as is eating, which again isn't free. Yup, life isn't free. If you don't get this concept then you're likely never going to be financially successful. Often I could offer FREE software solutions to some of my clients but because of the extra time involved it works out cheaper for that client if I SELL them something that takes less of my time. Microsofts hiddeous licensing models aside, paid solutions are often cheaper because someone else has already done half the work for you. That's why you pay for it! Vendors know this and calculate the savings using their product will give you when they determine its sale price. Time IS money, serious money, if you are having to pay someone per hour. It all depends on the required solution. I absolutely love the open source products that exist but you can never say paid software products are better or open source is better because it depends on the unique situation. To suggest otherwise is irrational, highly uneducated and screams of immaturity.

  18. @Bevan, I highly appreciate your comments. I didn't expect this conversation to get picked up again but I free so grateful that you took the time to write this feedback because finally I know some people out there really share the same thoughts with me.

    No, it's not a difficult point to understand. Some people just can't face it.