Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Announcing pfSense plus

    Scheduled Pinned Locked Moved Messages from the pfSense Team
    152 Posts 53 Posters 82.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator @bmeeks
      last edited by johnpoz

      ^ well stated.. And while its a tiny bit off topic with packages and +... Its still very relevant in my opinion..

      Like to mention - everyone loves the FREE ssl certs anyone can get in 2 minutes if their IP resolves to a domain with ACME... This also makes it nobrainer simple for even the lamest of scriptkiddie malware pushers to have your box use https to their device via a tunnel, and trust the shit out of it - nor warnings of any kind.. Hiding whatever they might be doing from any sort of ips/ids..

      The internet is changing place - and everyone wants you info... Send your dns to me - oh your company doesn't want that - well F your company and its policies.. Will just have your browser sneak their dns via a tunnel over standard ports to make it PITA for your company to even know or block..

      To be honest I have no freaking idea what these people that came up with doh were thinking - my opinion is all they were thinking about is $ signs.. Think of all the money we can make with these uses sending us free money, I mean data ;)

      Ad companies - oh your domains are blocked because you serve up ads.. No worry, for a very low cost we will serve up your domains via our dns.. Yeah Yeah - the users "trust" us to do all their dns ;) we can serve them anything you want to serve.. Malware - oh that will cost you just a few pennies more per hit.. No the companies can not stop us - we just bypass all their controls ;) But say they can stop if after they jump through a billion hoops, that sure some of the top players will be able to do... But the millions of smbs and ma and pop shops wont have a clue ;)

      sorry got on a bit of a rant there ;)

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • N
        netblues @bmeeks
        last edited by

        @bmeeks Still, some filtering is better than no filtering.
        If pfsense wants to compete with e.g fortigate or sophos utm, then it needs feeds.
        Professionally maintained and supported.

        Interesting times.

        bmeeksB 1 Reply Last reply Reply Quote 0
        • bmeeksB
          bmeeks @netblues
          last edited by

          @netblues said in Announcing pfSense plus:

          @bmeeks Still, some filtering is better than no filtering.
          If pfsense wants to compete with e.g fortigate or sophos utm, then it needs feeds.
          Professionally maintained and supported.

          Interesting times.

          I don't disagree with you. I would point out, though, that NGFW (Next Generation Firewall) can have a lot of differently nuanced meanings. And some of them might actually be marketing hype (translation, BS ... ☺).

          Let's not derail this thread with this topic. If desired, we can discuss further over in the IDS/IPS sub-forum. My original post here was just to say that having Snort or Suricata is not a make-or-break thing in my opinion because of how end-to-end encryption is hiding lots of stuff from the eyes of the IDS anyway.

          bmeeksB 1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks @bmeeks
            last edited by

            @bmeeks said in Announcing pfSense plus:

            @netblues said in Announcing pfSense plus:

            @bmeeks Still, some filtering is better than no filtering.
            If pfsense wants to compete with e.g fortigate or sophos utm, then it needs feeds.
            Professionally maintained and supported.

            Interesting times.

            I don't disagree with you. I would point out, though, that NGFW (Next Generation Firewall) can have a lot of differently nuanced meanings. And some of them might actually be marketing hype (translation, BS ... ☺).

            Let's not derail this thread with this topic. If desired, we can discuss further over in the IDS/IPS sub-forum. My original post here was just to say that having Snort or Suricata is not a make-or-break thing in my opinion because of how end-to-end encryption is hiding lots of stuff from the eyes of the IDS anyway.

            Can't seem to edit a post in this forum, so I want to follow up on my remark above about NGFW. I really meant to say UTM more so than NGFW, but they are really closely associated. My remark is not aimed at any vendor, but just refers to those concepts in general terms. End-to-end encryption is fouling up a lot of old-school network-level inspection, and is moving it instead to the endpoint clients.

            1 Reply Last reply Reply Quote 0
            • K
              kdub1234
              last edited by

              I appreciate that a no cost home/lab version will be offered, but is there any chance we can get a direct version upgrade instead of how the free TNSR offering is setup?

              After initial excitement of the TNSR free tier, I decided not to install largely because of the upgrade hassle. I am definitely not a fan of having to backup, reregister, re-provision and restore my appliance for every new patch/feature.

              1 Reply Last reply Reply Quote 0
              • A
                al
                last edited by

                To the pfSense team:
                Why would it be a problem for 'pfSense Plus' to be held open source like pfSense CE in regards to adding trust & confidence to the product as well as adding to security and privacy in regards to be able to look under the hood of e.g. the GUI, the backend and the various tools?

                opensource.png

                F 1 Reply Last reply Reply Quote 4
                • S
                  slu @dennis_s
                  last edited by

                  @dennis_s

                  it would be so great to have the gold membership back, only for sponsoring the CE edition / Netgate. Call it "gold sponsoring", we buy it per year (as the gold membership was).

                  pfSense Gold subscription

                  1 Reply Last reply Reply Quote 1
                  • RicoR
                    Rico LAYER 8 Rebel Alliance
                    last edited by

                    Back in the days when I was asked 'what is so great about pfSense?' my answers (sorted in order of importance):

                    1. Open Source, you can trust the code 100%
                    2. rock stable
                    3. really nice feature set
                    4. awesome community

                    Good old times... 😔

                    -Rico

                    V 1 Reply Last reply Reply Quote 12
                    • M
                      matsan
                      last edited by

                      Too bad, for us the USP of pfSense was the open source model, knowing there are (at least potentially) multiple and external eyes on the code.
                      Been supporting the project with both hardware purchases and gold subscriptions during the years. With open source gone the differentiator between our deployed SG-3100:s and the USG from UniFi is lost and we can move to a fully-integrated UniFi experience that is another closed-source-trust-the-company-running-it-relationship.

                      Wishing you best of luck. So long and thank you for all the years!

                      1 Reply Last reply Reply Quote 4
                      • V
                        Vollans @Rico
                        last edited by

                        @rico said in Announcing pfSense plus:

                        2x Netgate XG-7100 | 11x Netgate SG-5100 | 6x Netgate SG-3100 | 2x Netgate SG-1100

                        Surely Netgate have to be nervous when someone who has over 20 devices and has been a big supporter of those is worried?

                        I’m only a new convert to pfSense, as of about July, but the fact it was open source was a big thing as I was fed up of hardware that had rubbish firewalls that promised lots and delivered nothing with unresponsive support that ignored requests to fix things. I did almost buy your hardware just after Christmas, but decided to wait. I’m glad I did. :(

                        Cool_CoronaC 1 Reply Last reply Reply Quote 1
                        • Cool_CoronaC
                          Cool_Corona @Vollans
                          last edited by

                          Just to make things clear....

                          Currently testing freebsd based FW's for the foreign state department here and closed source is a no go.

                          They have issues with the US spying on live traffic thats encrypted. So it can be done...

                          And I will always, on a personal level, run MiTM and not make anybody beeing able ro run anything other than the DNS provided.

                          1 Reply Last reply Reply Quote 0
                          • ExordiumE
                            Exordium @dennis_s
                            last edited by

                            @dennis_s said in Announcing pfSense plus:

                            Read our latest blog which includes a FAQ to learn more about this exciting change.

                            I can't see anything exciting in this post... only stupid decisions.

                            Just my 0,02$

                            - pfSense Gold Subscriber -

                            Sense 1: Shuttle DS57U3 (private)
                            Sense 2: Supermicro Atom Barebone (Company Test)
                            Sense 3 : 2 x Supermicro SYS-5018D-FN8T (Company Office)

                            1 Reply Last reply Reply Quote 1
                            • Bob.DigB
                              Bob.Dig LAYER 8
                              last edited by

                              I am ok with it, if there is a full free version for home use, because I don't think that those people will pay for a firewall in the first place... unless it becomes a full-fledged WiFi-router. Pls don't. 😝

                              JeGrJ 1 Reply Last reply Reply Quote 0
                              • JeGrJ
                                JeGr LAYER 8 Moderator @Bob.Dig
                                last edited by

                                @bob-dig said in Announcing pfSense plus:

                                I am ok with it, if there is a full free version for home use, because I don't think that those people will pay for a firewall in the first place... unless it becomes a full-fledged WiFi-router. Pls don't. 😝

                                Free version doesn't equal OSS version and for many projects that reach out about ditching other vendors in favor of pfSense, that IS one of the - if not THE - main incentive. So while free version for home use is fine, that does nothing for planning bigger projects at the moment. And because of the "we don't know yet" throughout the FAQ/blog post in terms of 3rd party HW, licensing, costs and future of the CE version, that is an almost impossible sell at the moment for any new project that goes on right now or in the following weeks. Because no company wants a solution that will change course, get stale in the future or other fears that already have been laid out.

                                Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                                If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                                noplanN 1 Reply Last reply Reply Quote 8
                                • noplanN
                                  noplan @JeGr
                                  last edited by

                                  @jegr

                                  as far as I am concerned

                                  It is as informed as possible about this

                                  **
                                  It is an impossible sell**

                                  1 Reply Last reply Reply Quote 0
                                  • B
                                    behemyth
                                    last edited by

                                    I completely understand the free-to-use community being frustrated by the move to close-source a product and charge for full-featured software, but I can tell you from my years working with companies to build solutions, there are a lot of companies out there that aren't allowed to use open source anything.

                                    I don't agree with that thinking, but it is what it is in the business world.

                                    This may make a lot of people who aren't paying anyway stop using this platform, but this is going to open another set of doors for pfSense, ones that simply don't exist under an open source code model - and those doors are going to be willing to pay - potentially a lot of money for support and to use the software.

                                    I'm not trying to start a huge argument here, that's just fact.

                                    noplanN 1 Reply Last reply Reply Quote 2
                                    • noplanN
                                      noplan @behemyth
                                      last edited by

                                      @behemyth

                                      cant agree more !

                                      heaven and hell are two windows in the same house, or something like that

                                      brNP

                                      F 1 Reply Last reply Reply Quote 0
                                      • F
                                        fbor @noplan
                                        last edited by

                                        @dennis_s

                                        I have chosen pfSense a few years ago to have firewalls on which I can do whatever I need. To support Netgate and the project, I have bought about 20 appliances, mostly sg-3100. On several occasions, pfSense has proven to be a perfect choice for my needs. I have been able with some lines of code to implement custom functions and to patch all the required appliances. Also, I have invested a lot of my free time to create and contribute to ansible modules to manage our pfSense fleet and was eagerly waiting for the GUI/control code separation.

                                        Now, since sg-3100 runs on ARM, I won't be able to run pfSense CE on them. So, to keep an open-source platform, the only choice I have is to stay forever on the last pfSense FE release. The other choice would be to go close source with pfSense plus and hope for the best (no script obfuscation ever, no closed source patches on binaries I may need to patch and build). It looks like two dead-ends to me. And I feel fooled: it wouldn't have happened to me if I hadn't decided to support Netgate and become a customer.

                                        Anyway, I saw the argument "pfSense plus is something more, not less" multiple times on Reddit. Given my situation, I disagree: dropping pfSense FE and the open-source model for customers is definitly something less.

                                        noplanN D 2 Replies Last reply Reply Quote 6
                                        • noplanN
                                          noplan @fbor
                                          last edited by

                                          @dennis_s

                                          i only can tell you the same as i told @behemyth

                                          heaven and hell are the same house with different windows

                                          and no i'm not an evangelist but i see dark times commin for pfSce

                                          1 Reply Last reply Reply Quote 2
                                          • ?
                                            A Former User
                                            last edited by

                                            New blog post concerning these changes:

                                            https://www.netgate.com/blog/pfsense-plus-pfsense-ce-dev-insights-direction.html

                                            One change I noticed is the availability of pfSense + for non-Netgate hardware is now late 2021. I'm not sure if that is an actual change in Netgate's internal planning or just the author being careful to not over promise.

                                            ? A 2 Replies Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.