Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Announcing pfSense plus

    Scheduled Pinned Locked Moved Messages from the pfSense Team
    152 Posts 53 Posters 82.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Teddy
      last edited by

      Even if yet was announced, that there will be a no-charge path for home and lab use, I really hope that will be the way we are going in the next years.

      I am also ready to pay for a great software for my private-home-network. It is my hobby, I love PFSense, but the costs -IF in the future there will be a charge for privat users- must be adequate. Like 5$ per month would be fair in my opinion.

      But if the version, even for home user would for example be limited to 50 IP adresses (like Sophos) or a charge of XXX$ or XXXX$ would be billed annualy, you would lose many private folks.
      And nowadays, especially with smart-home, guest-wifi for your friends, you hit the 50 IP adresses fast.

      Just that as general thought for your future-briefings.

      At the moment it looks great: Plus version, without charge for privat & lab use! Thumbs up!
      But IF in the next years you are going to charge the home users, pls keep it in a fair way, to allow the nerds, like me, using that great project. Would be really sad, to move to another platform.

      1 Reply Last reply Reply Quote 2
      • bingo600B
        bingo600 @Jeremy11one
        last edited by

        @jeremy11one said in Announcing pfSense plus:
        I think it's important for everyone to know about these 2 things from the FAQ page:

        ***Q: So there are no more new releases from the project?
        A: That is really up to how the project progresses itself, separate and distinct from Netgate... If the community chooses to progress feature set, testing, documentation, and release packaging, there will obviously be progression beyond Release 2.5.

        Q: Is pfSense Plus open source?
        A: No. pfSense Plus is closed source.

        One of the big benefits of pfSense was that it is open source. Even though the upgrade to pfSense Plus is expected to be free for home users, I'm torn about whether to "upgrade" to the newer closed source version or stay with the open source CE version.

        I have a "Bad feeling" about these statement too.

        While i do understand Netgate is a buisiness.
        I can't stop feeling like CE is going to be "abandoned" / "Left as is".

        I'm not a developer, and have tried to "pay back" by helping out on the forum instead.

        But who in the community can lift the task of improving CE ?
        Isn't all the "core developers" with Netgate ?

        /Bingo

        Ps:
        If i were a Whale , i'd think of this sentence:
        "Goodbye and thanx for all the fish"

        If you find my answer useful - Please give the post a 👍 - "thumbs up"

        pfSense+ 23.05.1 (ZFS)

        QOTOM-Q355G4 Quad Lan.
        CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
        LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

        1 Reply Last reply Reply Quote 2
        • RicoR
          Rico LAYER 8 Rebel Alliance
          last edited by

          pfSense is going closed source in the mid/long run? That is really the worst thing that could happen. :-(

          -Rico

          1 Reply Last reply Reply Quote 7
          • M
            mcury
            last edited by

            I'm worried, to say at least..
            I don't know about you, so I'll speak about me.

            The EOL from the devices is from 1 to 3 years..

            When I decided to support Netgate by buying one appliance, I thought that I would be supporting an OSS project so they could stay an OSS.
            Based on that, I understand the reason why the appliances are expensive.

            Is it possible to ask Netgate, to extend the EOL period, for people like me, who support Netgate and the OSS?
            I ask to extend to EOL period, because this is a surprise for us, and fast like this? I mean, next month to leave OSS and become a closed source..
            This is not what I was supporting for when I bought my appliance.

            Please, think about people that bought your appliances, at least double down the EOL period for existing devices, to give us something in the return.

            I really like, support, use and recommend Netgate.. Please, don't get me wrong.

            dead on arrival, nowhere to be found.

            dennis_sD 1 Reply Last reply Reply Quote 2
            • dennis_sD
              dennis_s @mcury
              last edited by

              @mcury Sorry, I don't I think I fully understand your question. Why would you want EOL extended? I'll do my best to answer, just want to understand the question.

              M 1 Reply Last reply Reply Quote 0
              • M
                mcury @dennis_s
                last edited by

                @dennis_s Sorry, English is not my 1st language.
                If you didn't understand, I'll try to simplify in a single question.

                If I decide to install FE version, which is closed source, I'll be totally dependent of Netgate for updates, patches and security fixes.

                Will there be updates, patches and security fixes for EOL devices that install FE version?
                Will I be able to install the latest CE version in my device in case the 1st question's answer is NO?

                Regarding my previous post, I thought that I would be supporting an OSS project so they could stay an OSS while I could just use my own hardware, I don't think that is fair to us.
                So, that's why I'm asking something in return.

                dead on arrival, nowhere to be found.

                S 1 Reply Last reply Reply Quote 0
                • S
                  SteveITS Galactic Empire @mcury
                  last edited by

                  @mcury I apologize if I'm wrong, but I suspect you're confusing "end of life" for the hardware with "no more software updates" for pfSense on that device. https://www.netgate.com/support/product-lifecycle.html as I understand it is just for the hardware. I've personally upgraded several devices on that list that are "past EOL" to 2.4.5, last fall.

                  I have not heard that Netgate will stop pfSense from upgrading on old hardware. Obviously at some point hardware will just be too old to run new FreeBSD versions but that's different than blocking it.

                  Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                  When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                  Upvote 👍 helpful posts!

                  1 Reply Last reply Reply Quote 1
                  • H
                    heper @johnpoz
                    last edited by

                    @johnpoz said in Announcing pfSense plus:

                    That wording really sounds like pfsense CE could just die off..

                    it was bound to happen sooner or later after chris decided it was useful to have a pension-plan ;)

                    kiokomanK 1 Reply Last reply Reply Quote 1
                    • kiokomanK
                      kiokoman LAYER 8 @heper
                      last edited by

                      closed source ... Does this mean I can no longer piss off Jimp and Garga with a new report on Redmine?
                      my only regret, what a shame 😁

                      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                      Please do not use chat/PM to ask for help
                      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                      1 Reply Last reply Reply Quote 1
                      • N
                        netblues
                        last edited by

                        @kiokoman No, you can still do that, even on closed source.
                        What you cant do is see the code fix .
                        You should also expect quicker resolution too.
                        This is something that must also happen on a paid project to be successful.
                        What is totally unclear to me is what will happen to the new generation features and the feeds that make it happen. Especially pfblockerng, snort and suricata. Far more people depend on that. compared to running at speeds @10g+. (and there is tnsr for that)
                        If this is lost, opnsense will be a more palatable option.

                        bmeeksB 1 Reply Last reply Reply Quote 2
                        • A
                          apollo13
                          last edited by

                          Is there a chance that customers will have access to the source code of pfSense plus? Being able to look through the box and (often) being able to locally fix issues before handing in a bug-report is a big plus imo (For customers as well as netgate because the quality of bugreports can be better due to that). How does this all play together with GPLed parts of the software?

                          1 Reply Last reply Reply Quote 0
                          • S
                            Spacecase @dennis_s
                            last edited by

                            @dennis_s
                            I have a Netgate appliance (MBT-4220) which uses CE. Will there be a migration path to pfSense plus?

                            1 Reply Last reply Reply Quote 1
                            • bmeeksB
                              bmeeks @netblues
                              last edited by

                              @netblues said in Announcing pfSense plus:

                              What is totally unclear to me is what will happen to the new generation features and the feeds that make it happen. Especially pfblockerng, snort and suricata. Far more people depend on that.

                              One thing people often fail to realize is that the rise of end-to-end encryption is basically a death knell for IDS packages. You can't inspect encrypted traffic unless you break the chain of trust via MITM (man-in-the-middle) interception/proxying. Already Snort and Suricata both bail on a session as soon as they see the packets are part of an HTTPS, TLS, or SSH encrypted stream. So now ask yourself how many malware payloads are served up via HTTPS either through malicious ads on web sites or file downloads. Who sends emails with attachments in the clear these days? Nobody. Everyone uses some manner of TLS with email. Even DNS traffic is beginning to move over encrypted channels (DoT and its devil child, DoH). So when you think about all of that, you begin to see how encryption is killing the effectiveness of IDS/IPS.

                              While this has no direct bearing on the conversation at hand, I just wanted to point out that due to the changing landscape of the Internet, the need for some packages is going to die no matter what direction pfSense takes.

                              johnpozJ N 2 Replies Last reply Reply Quote 5
                              • johnpozJ
                                johnpoz LAYER 8 Global Moderator @bmeeks
                                last edited by johnpoz

                                ^ well stated.. And while its a tiny bit off topic with packages and +... Its still very relevant in my opinion..

                                Like to mention - everyone loves the FREE ssl certs anyone can get in 2 minutes if their IP resolves to a domain with ACME... This also makes it nobrainer simple for even the lamest of scriptkiddie malware pushers to have your box use https to their device via a tunnel, and trust the shit out of it - nor warnings of any kind.. Hiding whatever they might be doing from any sort of ips/ids..

                                The internet is changing place - and everyone wants you info... Send your dns to me - oh your company doesn't want that - well F your company and its policies.. Will just have your browser sneak their dns via a tunnel over standard ports to make it PITA for your company to even know or block..

                                To be honest I have no freaking idea what these people that came up with doh were thinking - my opinion is all they were thinking about is $ signs.. Think of all the money we can make with these uses sending us free money, I mean data ;)

                                Ad companies - oh your domains are blocked because you serve up ads.. No worry, for a very low cost we will serve up your domains via our dns.. Yeah Yeah - the users "trust" us to do all their dns ;) we can serve them anything you want to serve.. Malware - oh that will cost you just a few pennies more per hit.. No the companies can not stop us - we just bypass all their controls ;) But say they can stop if after they jump through a billion hoops, that sure some of the top players will be able to do... But the millions of smbs and ma and pop shops wont have a clue ;)

                                sorry got on a bit of a rant there ;)

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                1 Reply Last reply Reply Quote 0
                                • N
                                  netblues @bmeeks
                                  last edited by

                                  @bmeeks Still, some filtering is better than no filtering.
                                  If pfsense wants to compete with e.g fortigate or sophos utm, then it needs feeds.
                                  Professionally maintained and supported.

                                  Interesting times.

                                  bmeeksB 1 Reply Last reply Reply Quote 0
                                  • bmeeksB
                                    bmeeks @netblues
                                    last edited by

                                    @netblues said in Announcing pfSense plus:

                                    @bmeeks Still, some filtering is better than no filtering.
                                    If pfsense wants to compete with e.g fortigate or sophos utm, then it needs feeds.
                                    Professionally maintained and supported.

                                    Interesting times.

                                    I don't disagree with you. I would point out, though, that NGFW (Next Generation Firewall) can have a lot of differently nuanced meanings. And some of them might actually be marketing hype (translation, BS ... ☺).

                                    Let's not derail this thread with this topic. If desired, we can discuss further over in the IDS/IPS sub-forum. My original post here was just to say that having Snort or Suricata is not a make-or-break thing in my opinion because of how end-to-end encryption is hiding lots of stuff from the eyes of the IDS anyway.

                                    bmeeksB 1 Reply Last reply Reply Quote 0
                                    • bmeeksB
                                      bmeeks @bmeeks
                                      last edited by

                                      @bmeeks said in Announcing pfSense plus:

                                      @netblues said in Announcing pfSense plus:

                                      @bmeeks Still, some filtering is better than no filtering.
                                      If pfsense wants to compete with e.g fortigate or sophos utm, then it needs feeds.
                                      Professionally maintained and supported.

                                      Interesting times.

                                      I don't disagree with you. I would point out, though, that NGFW (Next Generation Firewall) can have a lot of differently nuanced meanings. And some of them might actually be marketing hype (translation, BS ... ☺).

                                      Let's not derail this thread with this topic. If desired, we can discuss further over in the IDS/IPS sub-forum. My original post here was just to say that having Snort or Suricata is not a make-or-break thing in my opinion because of how end-to-end encryption is hiding lots of stuff from the eyes of the IDS anyway.

                                      Can't seem to edit a post in this forum, so I want to follow up on my remark above about NGFW. I really meant to say UTM more so than NGFW, but they are really closely associated. My remark is not aimed at any vendor, but just refers to those concepts in general terms. End-to-end encryption is fouling up a lot of old-school network-level inspection, and is moving it instead to the endpoint clients.

                                      1 Reply Last reply Reply Quote 0
                                      • K
                                        kdub1234
                                        last edited by

                                        I appreciate that a no cost home/lab version will be offered, but is there any chance we can get a direct version upgrade instead of how the free TNSR offering is setup?

                                        After initial excitement of the TNSR free tier, I decided not to install largely because of the upgrade hassle. I am definitely not a fan of having to backup, reregister, re-provision and restore my appliance for every new patch/feature.

                                        1 Reply Last reply Reply Quote 0
                                        • A
                                          al
                                          last edited by

                                          To the pfSense team:
                                          Why would it be a problem for 'pfSense Plus' to be held open source like pfSense CE in regards to adding trust & confidence to the product as well as adding to security and privacy in regards to be able to look under the hood of e.g. the GUI, the backend and the various tools?

                                          opensource.png

                                          F 1 Reply Last reply Reply Quote 4
                                          • S
                                            slu @dennis_s
                                            last edited by

                                            @dennis_s

                                            it would be so great to have the gold membership back, only for sponsoring the CE edition / Netgate. Call it "gold sponsoring", we buy it per year (as the gold membership was).

                                            pfSense Gold subscription

                                            1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.