Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CE Update Frequency

    General pfSense Questions
    6
    22
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michmoor LAYER 8 Rebel Alliance @neiltiffin
      last edited by

      @neiltiffin said in CE Update Frequency:

      The fact that updates are hidden away in patches is a problem. Normal people do not consider patches something that is done on a regular basis unless one is having problems.

      You're right here. The way notifications (lack thereof) of patches goes out is extremely poor. Its a step in the right direction but i agree that overall notifying admins about updates needs to be done better. Perhaps a system notification with a blog post? I dont know but anything is better than whats used now.

      @neiltiffin said in CE Update Frequency:

      My Netgate device is old, make that probably 2014. I need to replace it and it looks like I am going a different direction. Until pfSense Plus I was generally happy with pfSense except for the fact that the UI upgrades easily blew up.

      IMO, and this is pure conjecture of course, but the community forums doesnt seem to be the place where management look to get feedback. The place for that is on redmine where you can open feature requests/bug reports/etc. Maybe the devs and management do monitor the forums and see where the pain points are. I highly suspect they dont. Like i said, redmine.

      @neiltiffin said in CE Update Frequency:

      The fact remains that any edge security devices that have not received any security updates in 1.5 years in todays environment is a problem (which I just realized regarding pfsense 2.6 to 2.7 without any intervening updates).

      Ehhhh I am running Palo Altos at my job and we're stuck on the 9.0 track. 10.2 recently got released. Its not common to upgrade firewalls constantly unless there is a legitimate business need. Its just to disruptive. As mentioned, pfsense plus has more frequent updates so that avenue is there for everyone if they choose to upgrade to that. The way I view it is that CE is more for the home/lab , enthusiast community. You'll get updates when you get them. pfSense plus is for businesses that want/need frequent updates and exclusive features (boot environments for example).

      Finally, everyone should select a firewall based on their requirements. If you need frequent updates but dont want to pay for enterprise licensing then go with OPNsense. Some people like myself like the staggered rollout of updates throughout the year. Perhaps that is Netgate's philosophy - a slow upgrade path and a focus on reliability and security.
      You are still all over the place with what you want. As I and a few people have mentioned, you can't have your cake and eat it too. You want old versions of software but you complain about security? You get on here to complain into the ether and then state you are moving in a different direction--huh?
      You talk about security features in FreeBSD main but i asked you in the very first post - what security vulnerability do you believe was missed and Netgate never addressed? You never answered my question which leads me to believe you either dont know of any or to lazy to research the CVEs and its impact if any on pfsense. Again, you're just all over the place.

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      1 Reply Last reply Reply Quote 2
      • planedropP
        planedrop @neiltiffin
        last edited by

        @neiltiffin See this is precisely the issue, it's important to actually read into the vulnerabilities before just saying CVSS 9.8 it's the end of the world.

        If you knew what the actual issue was, it's basically a non issue. No one should be exposing their firewall webGUI to the public internet anyway, or any untrusted network for that matter, it should be accessed over a VPN. The whole purpose of that general best practice advise is to avoid issues like this being a problem (which BTW basically every other firewall has had similar login related CVEs that were super bad, many worse than just brute force allowance) when they do pop up. While it's important for things like this to be fixed (and it is fixed) regardless, admins still need to practice best security advise.

        Additionally, all this vuln lets you do is brute force without any restrictions, but if you're following another best practice and using good strong login credentials, it shouldn't matter anyway.

        I also don't understand this: "at least one major vulnerability that went un-resolved in pfsense 2.6", so what you are saying is that something got fixed but since it wasn't fixed in the version you wanted it to be fixed in it's not ok? IDK what to tell you at that point.

        IDK this is all seeming like a common internet post where someone wants attention so they just complain about stuff without really knowing what they're talking about.

        1 Reply Last reply Reply Quote 2
        • jimpJ jimp moved this topic from Problems Installing or Upgrading pfSense Software on
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.