pfSense 2.8.0 full iso/img
-
@revengineer said in pfSense 2.8.0 full iso/img:
we are specifically requesting the release of an image for the CE edition. This edition is free
A desirable feature of firewall software.
Your challenge is Netgate are a for profit company with employees which would like to be paid.
For any relationship to survive long term it needs to be win - win.So the interesting bit is how is Netgate helped by CE and how is it harmed.
-
CE having a desirable feature not also available on plus would cause harm to Netgate
-
Free debugging and beta testing by CE user has helped plus customers in the past. The changed development cycle has reduced this benefit over the last couple of years. In fact separate testing and release of CE may have become a net negative for Netgate.
So from a purely technical perspective adding a separate feature to CE maybe relatively straight forward (it has been done in the past). From a business perspective achieving what you would like is a very long shot on it's own imo.
-
-
This post is deleted! -
@Popolou Yes I know. In my case we are small innovation team with limited budget. Once projects go to production teams, they purchase their network kit with support contracts as well.
This raises another question for me, i,e; Does the latest paid for version come with offline ISO for installs ?
-
@dark-baritone No, Netgate never made any correlation between moving to the net installer and the desire to workaround the "freeloaders". It was understood (heard from certain circles) that someone internal to the business took this decision without any wider consultation ostensibly for the reasons we've come to hear publicly on the forums.
If there was any genuine intention to follow community wishes, it is not technically beyond them to provide an option to build an ISO via the installer which downloads the latest version and packages it to a single image.
-
Another potential talking point is that this approach could allow Netgate to access user bases in countries where certain software packages are restricted or unavailable. For example, Squid's ability to perform SSL interception using CA certificates is considered illegal in some countries outside the United States. By identifying the user's IP address, it may be possible to tailor or restrict software features based on the user's location, thereby enabling the creation of country-specific versions of the software at the time of download.
In my case, I encountered issues when I needed a specific older version of the software that supported the SafeXcel cryptographic accelerator. Fortunately, I still have a USB copy of that version, but looking ahead, there’s a concern: if older versions are no longer allowed or accessible, users like me won’t be able to revert to a setup that worked reliably should they need to. This could create challenges for those who depend on legacy hardware or specific features that are no longer supported in newer releases.
-
@pwood999 said in pfSense 2.8.0 full iso/img:
This raises another question for me, i,e; Does the latest paid for version come with offline ISO for installs ?
No, they all use the net installer now by design.
-
Previously I used Sophos UTM9. In order to get the ISO you were required to register with Sophos, receiving a license key. For home users it was free as is Pfsense CE. The software would work for 30 days absent of installing the key. If a license was not applied it would become unusable. I believe Pfsense/Netgate should consider a similar option. My reasoning is the user now has a full off line install eliminating the security issues of a online install. Additionally Netgate and is able to track how many devices the software is installed on under a free license. Building on this model would open the door to determine if Pfsense CE is being used in commercial installations where a paid license should have been purchased. The question of security comes up when putting a home device on the internet with no protection while doing a remote install. What level of protection is given to the box as it is installing? The model indicates none. Many users may not have a a second router to put in front of the the device while the install is underway. Personally I would not even consider directly connecting any device to the internet without a firewall to protect it.
-
pfSense CE is based on an open source project and thought that this would come come some moral obligations. I understand that it may not be a legal obligation to offer a stand-alone installer, and I assume that the source code is public tot he degree required. I no longer pay attention to this as the source has never been in a form where it could be compiled by a user.
-
@quantum007 said in pfSense 2.8.0 full iso/img:
The move to a unified installer I can understand a bit, but the lack of offline install support is a bad move by Netgate. With this single decision Netgate has chosen to almost completely eliminate themselves as a option for every non-internet connected, high security, or classified system around the globe. I highly suggest Netgate reconsider releasing offline install packages.
This sums it all up nicely
-
I concur, and believe this is direct result of bad actors selling/shipping devices with Pfsense CE installed in the past. Pfsense/Netgate was forced to protect their interests and business model. However the fact remains current install methodology appears to need some tuning. Your are correct concerning secure instalations, no iso retreating clients.
-
Everyone here is wasting their time complaining. The writing has been on the wall for months now (some would say years.) If you really need an ISO installer, you're either going to have to carry around 2.7.2 and then bootstrap it to current, or investigate your other OPtioNs.
I'm just now starting to play with an alternative at home. I never thought I would be in this position and yet here I am. Once I'm comfortable with it, I'll start ripping & replacing at work.
-
Recently done four of them. Two upgrades from 2.7.2 and two net installed. All went ok & reinstalled packages after.
I agree an iso would be useful but I’ve managed without.
Next one will be an ESXI vm, so will try both methods on that.
