Pfsense CE 2.7.0 Release (?)
-
@cellobita is OPNsense (Desico) hardware any cheaper? If it’s the same or more then I’m not understanding why cost is an issue.
Secondly if cost is an issue then why can’t a white box server be purchased and Pfsense + installed?
The conversation around costs seems to be largely nonsensical. IT budgets are slashed….I get that…but is the cost of a Dell 610 let’s say that much more expensive than a Desico(Opnsense)?Lastly the conversation about updates is largely nonsensical as well. As I always ask and never get a good answer “What specific vulnerability that is present in pfsense that the development team has been made aware and are not addressing?”. Please post the CVEs as well.
-
@michmoor Thank you for your input - I understand the points you are making.
All my remaining deployments of pfSense are currently running on standard white boxes - their hardware specs more than enough; I wouldn't be buying dedicated hardware from OPNsense, but simply migrating to their open source, community edition software, which has no upfront cost.
I believe that over time the delta between CE and Plus is bound to get bigger; I'm not trying to convince anyone here - and have a profound respect for pfSense, having used it on dozens of clients since 2010 (my earliest deployment was on version 1.2.3) -, just present my two cents.
-
@michmoor said in Pfsense CE 2.7.0 Release:
Please post the CVEs as well.
There is no such thing. People became too spoiled. Their logic is "if its not getting updated, its abandoned".
I also like conspiracy theories where people think that rising number of outstanding issues is actually Netgate`s trick to force people to switch to + version. I laughed.No one is forcing anyone to use pfSense. If you are not happy with it, just make a transition and switch to something else. Saying that you are going to switch to alternative solution is not going to make 2.7 come out faster. No one cares.
You should be happy that release has been pushed back. It means that someone somewhere is working hard on fixing bugs. For you. For free.
Be more grateful.
-
@cellobita no one knows how big a delta will be between CE and Plus. The death of CE comes up every few months when there is an OS update so I’m not surprised.
Pfsense+ is free. Just like CE. So why aren’t you upgrading to Plus? I really have no idea what the fuss is about.Netgate has a small but dedicated development team. I’m sure there is a laundry list of things that are planned or in the works. It’s all about prioritization.
I’m still waiting on what specific update you think needs applied to pfsense. CVEs…The update argument is ridiculous to be frank.
-
@cellobita said in Pfsense CE 2.7.0 Release:
@slu I'm not complaining or being unfair, merely stating what I believe to be a fact: with the introduction of Plus, the release pace of CE has been severely impacted - BTW, Netgate's hardware is definitely not cheap in Brazil. So, when a credible, free alternative exists, under active development, capable of running on hardware that my client already has, and able to do what he expects of a routing/firewall platform (esp. multiple WAN links and WireGuard support), I'd be remiss if I did not point that out to him.
You are just contradicting yourself. You admitted you use whitebox hardware. Why bring up the cost of Netgate? You’re saying pfsense project is not in active development but you see the 2.7 roadmap. What are you complaining about here??
-
@michmoor I was under the impression that they are going to start charging for it - "The cost will increase to $129/yr for commercial use in the future." - but English is not my native language, so perhaps I misunderstood the meaning of this.
Anyway, I am not - repeat, NOT - making the case for widespread adoption of OPNsense or migration from pfSense, just considering the specific situation for my clients.
I am grateful to have a choice, even if it means staying on CE, all things considered.
-
@michmoor As I said, English is not my native language - I don't consider my previous posts to constitute a complaint, just an opinion. In Portuguese they aren't necessarily the same thing.
-
@michmoor Plus is only free for home/lab use.
For small business use it would break even pretty quickly to buy Netgate hardware instead of a license.
Re: delta, there wasn’t much that garnered my attention until boot environments. Which exist in 2.6 just don’t have a GUI. So it isn’t that large yet.
-
@steveits Thank you. I now have enough varied opinions to better assess my choices, so I'm dropping monitoring of this thread. Best wishes to all here.
-
@michaellacroix said in Pfsense CE 2.7.0 Release:
Anyone know when CE 2.7. will be out of beta and the official release? I'm curios when or if netgate will let you upgrade from ce 2.7.0 to 23.01. Thanks
pfSense roadmap and you will be informed in time.
Perhaps I will be wrong with that thinking, but.....
pfSense+ coasts for business
- pfSense+ 129/€ per year (Whitebox)
- SIM card fee for LTE failback ?
- Snort rules 399 $ per year
- Blacklists from iblocklist.com 10 $ per year
- Securiteinfo ClamAV signatures 99$ per year
On top addons
- Blacklists from wellfedintelligence?
- Spamhaus antispam lists fee?
- GeoIP blocking fee?
- Radius Server fee?
- Tailscale fee?
Spending
- for pfBlocker-NG
- for Squid, lightsquid & SquidGuard
All in all, more or less 640 $/€ per year, if you compare this to other UTM devices licenses you may end up higher or lower pending on the entire dimension of the hardware.
- SuperServer E300-9D-8CN8TP ~2200 €
(barebone price and for HA it will double) - Supermicro SuperServer E300-9A-16CN8TP ~1600 € (barebone price and for HA it will double)
Using that hardware range ain`t you license fees around 1500 € - 3000 € each year for a commercial UTM!
(The price will double for HA)Endian, Untangle, ClearOS, RouterOS and VyOS have all their own business model, no one complains about it!
You take it or you leave it. -
This post is deleted! -
@phil_d I am still on 2.5.2 for that reason.
VLAN's doesnt play well with 2.6.0 and no update in sight.
-
What issue are you seeing with VLANs in 2.6?
Is it still there in a 2.7 snapshot?
-
@phil_d do you think network drivers developed by Netgate devs should be given out for free? If so why?
Also do you think a business that provides security products do so without making a profit?
I’m genuinely curious why people like you get upset over a business making money from the work they do and then said business has the audacity to make a product for free.
So weird people complain about a free product and then get upset enough to complain , for free, on vendors website and then mention they are moving to a competitor who is also free and relies on the development work done by the company they are leaving. -
This post is deleted! -
@phil_d You stated you're moving to OPNsense. The OPNsense team uses the work that Netgate put in [2.5G intel drivers] and they will eventually put that code into their own hardware which they sell for profit.
Is that fair?
There is no bait and switch done here. Both CE and Plus are being worked on. The redmine is available to see the progress on CE. As I made mentioned in another post , there were over 400 bugs resolved in CE. I dont understand the viewpoint that they are moving to a proprietary software delivery model. The facts are not lining up so far with your assumptions.Now, if you want to make the argument that supporting two code versions has a negative effect on feature releases and code quality due to limited resources.... that would be a fair critique.
-
This post is deleted! -
This is not the right place for this discussion. It's not a support question.
-
@stephenw10 agreed.
-
Actual situation from the 2023-04-12
pfSense RoadmapVersion 2.7.0
Future pfSense CE software release543 Tickets total
458 Tickets closed
85 Tickets open
89% of all work reachedpfSense Plus - 23.05
Release targeted for May 202312 Tickets total
4 Tickets closed
8 Tickets open
41% of all work reachedpfSense Plus - 23.09
Release targeted for September 2023No Tickets open
pfSense make one big step with two greater changes
such PHP 8.x and FreeBSD 14.0 and also for more
then "one" CPU architecture.OPNSense is walking step by step and only for one CPU architecture. But at one day they also have to change to FreeBSD 14.0 and also to PHP 8.x as I see it.
Before Netgate were selling their own hardware, there where ca. ~2.000.000 installations world wide counted,
after selling teir own hardware this amount was growing
to nearly 3.000.000 installations. (Old numbers not actual)So why they should letting fall the CE version? Because it
is nearly something of 75 % of all installations? I personally don´t think so! And is the gain (w/ sales) not giving them right? I mean that they are on the right way?
