Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Navigating to Buy pfSense +

    Scheduled Pinned Locked Moved General pfSense Questions
    215 Posts 55 Posters 96.1k Views 46 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • lawrencesystemsL Offline
      lawrencesystems @NRgia
      last edited by

      @NRgia said in Navigating to Buy pfSense +:

      Lawrence Systems forum

      My forums are not the place where there is anything official from Netgate is posted but this forum and the Netgate blog posts would be the place to watch. A few people have asked if I was going to do a video on this topic and my answer is yes, once there is some official public response. From a business standpoint because we use Netgate appliances for our clients it's less of a concern right now for that. But as someone who creates lots of tutorials for the community, this is a concerning topic due to me suggesting to so many people that they should use pfsense plus in their home labs based on how they presented the licence use case at that at that time.

      1 Reply Last reply Reply Quote 15
      • M Offline
        michmoor LAYER 8 Rebel Alliance @chigh09
        last edited by michmoor

        @chigh09 ive always stressed in these forums as well on reddit that communication has shown to be a very difficult task for this company to do which is baffling considering they have a marketing department.
        That said, i think a blog post with some clarity should be done asap but i dont understand why its not happening.
        Im running official Netgate hardware at home and i need things cleared up as well.
        Also does this in any way play into why 23.09 is delayed with no official reasoning as to why?

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        M 1 Reply Last reply Reply Quote 2
        • M Offline
          mfld LAYER 8 @michmoor
          last edited by mfld

          @michmoor said in Navigating to Buy pfSense +:

          i think a blog post with some clarity should be done asap

          It is out and it is very disappointing.

          Many hours spent testing stuff, trying to help improve the product by trying to submit useful stuff to redmine.

          Years of wondering why pfSense Gold was scrapped. Some of us gladly made payments - I think it was 49 bucks - but the company decided they don't want the money anymore.

          Many months of begging for the $129.00 TAC lite on white boxes to be launched. If they are being financially disadvantaged by shitty conduct of white box vendors and MSPs why is this $129.00 TAC lite not being launched? It was promised! I know so many people who have the budget ready to get the $129.00 TAC lite key for their mini pc at their house.

          I dropped a few pfSense plus installs at family / friend's homes on white-boxes and I told everyone "this option will cost ~12 bucks a month going forward, it is free this year only. If you want to avoid having to pay $129.00 a year next year we have to install pfSense-CE."

          Most were OK with it and ready to pay based on my recommendation.

          So strange. You worry about cash-flow but you refuse to take money from those who love the company and product and have been begging to pay. You did not even try to launch the $129.00 option. You'd be surprised how many subs you would have gotten with little to no overhead.

          TL;DR: Feeling betrayed.

          I hope 23.05.1 config.xml work well on 2.7.0-CE. šŸ’”

          1 Reply Last reply Reply Quote 8
          • A Offline
            AdriftAtlas
            last edited by

            I've championed pfSense at my workplace and as a result we have deployed close to a dozen Netgate appliances.

            At home I run pfSense Home+Lab in a VM on a mini pc. Both as my primary router and as a testbed for changes to deploy on our corporate firewalls. While I would be willing to personally pay a reasonable fee per year to support the project I will not pay $400.

            I used to run pfSense CE and upgraded to Plus because it was free for home users and CE was being neglected. Now I'm probably going to have to go back to CE.

            The question is what do I do long term as CE will effectively become increasingly neglected. Maybe move to OPNsense or possibly one of the Linux distributions?

            More importantly, I'll caution my workplace about pfSense going forward.

            This is akin to Google pulling the rug out of GSuite Legacy home users and attempting to charge them $6 a month per user. The community backlash was significant enough that they reversed course. I hope this follows a similar path.

            Vyatta used to be a popular firewall. Used to be...

            M 1 Reply Last reply Reply Quote 7
            • M Offline
              mfld LAYER 8 @AdriftAtlas
              last edited by mfld

              @AdriftAtlas said in Navigating to Buy pfSense +:

              I've championed pfSense at my workplace and as a result we have deployed close to a dozen Netgate appliances.

              Right!? The Kool-Aid works. I drank it all up. Generated a sale or two. Set expectations with people that "this will cost 129 a year starting next year" if it was not a Netgate device. Even just home users who need to dial into work for WFH - I told them you can use CE or be ready to pay starting next year. Some chose CE, many said "cool, thats fine".

              I used to run pfSense CE and upgraded to Plus because it was free for home users and CE was being neglected. Now I'm probably going to have to go back to CE.

              I just hope the config.xml versioning is the same between 23.05.1 and 2.7.0-CE

              The question is what do I do long term as CE will effectively become increasingly neglected. Maybe move to OPNsense

              Nah. Unlikely you will like monthly breaking changes or stuff like OpenVPN Advanced config option saying "This option will be removed in the future due to being insecure by nature. In the mean time only full administrators are allowed to change this setting." while at the same time not exposing tls-crypt to the GUI (has been fixed now but was the case for years). The only way the other xxSense is any useful is if you subscribe for the enterprise branch. Which is... similarly priced to the TAC lite I have been begging to buy months.

              or possibly one of the Linux distributions?

              More likely :)

              More importantly, I'll caution my workplace about pfSense going forward.

              This is akin to Google pulling the rug out of GSuite Legacy home users and attempting to charge them $6 a month per user.

              On the upside we won't need to make any effort anymore to reproduce bugs and try make sensible redmine reports. Can just make a TAC ticket and not give a damn. /s

              M 1 Reply Last reply Reply Quote 2
              • M Offline
                machbot @mfld
                last edited by machbot

                @mfld said in Navigating to Buy pfSense +:

                I just hope the config.xml versioning is the same between 23.05.1 and 2.7.0-CE

                It is, I trialed a restore earlier and all went well, no errors.

                S 1 Reply Last reply Reply Quote 5
                • ScottishTomS Offline
                  ScottishTom
                  last edited by

                  Honestly, this just sounds like "we have a really bad way of registering software that is open to abuse, as a result we're taking away what we promised you".

                  Really disappointed, again both for work and in homelab I have several pfSense instances, will be looking at migration options if there's not a sensibly priced alternative announced very quickly.

                  1 Reply Last reply Reply Quote 5
                  • M Offline
                    mvikman
                    last edited by

                    I will see how long my current "Home Plus" installation will work and update, but I'm also going to be testing OPNsense and planning migration for the eventual death of my "Home Plus" license.

                    pfSense Plus 25.07.1-RELEASE (amd64)
                    Dell Optiplex 7040 SFF
                    Core i5-6500, 24GB RAM, 2x 240GB SSD (ZFS Mirror)
                    HPE 561T (X540-AT2), 2-port 10Gb RJ45
                    HPE 562SFP+ (X710-DA2), 2-port 10Gb SFP+

                    1 Reply Last reply Reply Quote 1
                    • fireodoF Offline
                      fireodo
                      last edited by

                      It's a pity that there is nothing in between free/TAC-Lite and TAC-Pro. 😢

                      Again my 2 cents.

                      Kettop Mi4300YL CPU: i5-4300Y @ 1.60GHz RAM: 8GB Ethernet Ports: 4
                      SSD: SanDisk pSSD-S2 16GB (ZFS) WiFi: WLE200NX
                      pfsense 2.8.1 CE
                      Packages: Apcupsd, Cron, Iftop, Iperf, LCDproc, Nmap, pfBlockerNG, RRD_Summary, Shellcmd, Snort, Speedtest, System_Patches.

                      1 Reply Last reply Reply Quote 1
                      • Bob.DigB Offline
                        Bob.Dig LAYER 8
                        last edited by Bob.Dig

                        If the CE gets Updates too then it is kind of a nothing burger at this point, we knew that a change would be coming someday...
                        Now I hope that the day, the "old" home tier doesn't get any updates anymore, it can be reverted to a CE!

                        JeGrJ bingo600B C 3 Replies Last reply Reply Quote 0
                        • JeGrJ Offline
                          JeGr LAYER 8 Moderator @Bob.Dig
                          last edited by JeGr

                          @Bob-Dig said in Navigating to Buy pfSense +:

                          If the CE gets Updates too then it is kind of a nothing burger at this point, we knew that a change would be coming someday...
                          Now I hope that the day, the "old" home tier doesn't get any updates anymore, it can be reverted to a CE!

                          I'd agree for most things, but I also know (and I'm surprised myself) several power users, that loved helping test versions and submitting bugs etc. with Plus that will get stranded when no Plus subscription for home/lab use is possible anymore. That's a really bad move for development issues. Also many - me included - power users use Plus as a few functions are locked behind that version, like QAT support in hardware (which OPNsense hasn't locked into their business version) and if you have a gigabit line (fibre is coming to more and more people) and want to run a VPN on your hardware supporting all those bells and whistles (like QAT) it doesn't work in CE.

                          So if next CE gets QAT and stuff unlocked - OK, then it'll really be a nothingburger as then it's only the faster updates and I could ignore that at home. No problem. But for those with large labs like us that tests various configs etc. in labs on the appropriate versions and in various setups, that is a huge blow :(

                          Would really like to see at least a possibility for netgate partners to still get Lab versions so they can test shit for their customers instead of being left stranded to using hardware (sorry, we can't afford dozens of hardware boxes to stay on different versions to test things through) or cloud images that where we don't control the data. That would effectively disable every testing and debugging method we currently have and also disable ways to produce and test packages against the Plus versions as we can't test them anymore. :(

                          Edit: Also - OpenVPN DCO. Taking both out and effectively pushing them behind a paywall now - and one that is quite high without a home user level license - is really exactly that, what people have been afraid the whole time. And as both things are simply available in FreeBSD as well as in other firewalls makes it that much harder to argument for your case.

                          Don't forget to upvote šŸ‘ those who kindly offered their time and brainpower to help you!

                          If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                          NollipfSenseN 1 Reply Last reply Reply Quote 7
                          • bingo600B Offline
                            bingo600 @Bob.Dig
                            last edited by bingo600

                            @Bob-Dig said in Navigating to Buy pfSense +:

                            If the CE gets Updates too then it is kind of a nothing burger at this point, we knew that a change would be coming someday...
                            Now I hope that the day, the "old" home tier doesn't get any updates anymore, it can be reverted to a CE!

                            I don't really need/use any of the Plus features (Boot ENV is nice , but i can make my own snapshot if needed).
                            My issue is that i have doubts regarding CE being maintained, and also if CE will survive .... Since it has become clear that Plus is where the BIG money is.

                            If you aren't a "Home user" this is a smart move, as 2 years of subscription will pay for a 6100.
                            Netgate have efficiently "killed all Corp White Boxes" in one move, despite a clear promise of a soft "$129" transition period.

                            If i were to get new HW for the company, i'd certainly recommend Netgate HW.
                            But what will be next ......
                            I can't recommend a business that makes 180 degree turns all the time.

                            And IMHO Netgate have made a "Redhat RHEL --> Fedora" on the "Home Plus" users ....

                            My Corp Network team has been "hovering" on my lab, wanting to switch to Firepower (we have a huge discount).
                            Until now i have been able to fight them off. But maybe not for long with the new pricing.

                            I'll be looking at the "Dark side", and test during the next weeks.

                            I keep hearing a phrase that pops up ... It's not 42, but : Goodbye and thanx for all the F...

                            /Bingo

                            If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

                            pfSense+ 23.05.1 (ZFS)

                            QOTOM-Q355G4 Quad Lan.
                            CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
                            LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

                            1 Reply Last reply Reply Quote 3
                            • M Offline
                              michmoor LAYER 8 Rebel Alliance
                              last edited by michmoor

                              Everyone here is making very valid points and kudos to being more logical than on the Reddit space.
                              That said this entire fiasco was so poorly communicated that its a bit unnerving.

                              $399/yr for Boot environments is not a good sell. Cool feature but pay walling it behind that price point is illogical. Not really sure who thought that was a good idea instead of sticking to their own stated price point of 129/yr. I hope that changes but yikes.
                              I implement Netgate devices so I'm unaffected but i do have empathy for the large homelab and personal use end-users out there. I know other implementors who push Netgate because of the experience they had at home (which is a value add to Rubicon) but this has them thinking...If they can change the terms all of a sudden then whose to say they wont do it with paying customers? There is precedent set now. That's a very fair critique which is why having a good communication strategy before pushing any changes is a good idea but as history as shown especially recently, Rubicon/Netgate really struggles with this critical part of their business. I am continuously baffled why they choose(it's a choice at this point) not to engage with the user base.

                              [edit] Thinking about why they choose not to communicate i think its largely because they dont have to. Within the limited area that they operate in [certainly not in the F500 or 1000 companies i serve on occasion] and who their competition is where are people going to go? Sure you got the other *sense out there but for businesses who care about price point, the lowest im willing to go vendor-wise is honestly Netgate. Still not a reaosn not to engage.

                              [edit2] One last edit. This couldve been avoided a year ago if pfsense+ was only available on Netgate hardware. Trying to upgrade custom builds to this Plus version turned out to be a mistake obviously and purposely pushing customers to do it was also not smart. Now we are where it shouldve been from the beginning. pfSense+ is available only on Netgate hardware (nobody is paying 399 to upgrade) while CE can be used on your whitebox hardware. Totally fair.
                              Seriously tho, they need to get better at messenging....

                              Firewall: NetGate,Palo Alto-VM,Juniper SRX
                              Routing: Juniper, Arista, Cisco
                              Switching: Juniper, Arista, Cisco
                              Wireless: Unifi, Aruba IAP
                              JNCIP,CCNP Enterprise

                              NollipfSenseN 1 Reply Last reply Reply Quote 1
                              • NollipfSenseN Offline
                                NollipfSense @JeGr
                                last edited by

                                @JeGr said in Navigating to Buy pfSense +:

                                So if next CE gets QAT and stuff unlocked - OK, then it'll really be a nothingburger as then it's only the faster updates and I could ignore that at home. No problem. But for those with large labs like us that tests various configs etc. in labs on the appropriate versions and in various setups, that is a huge blow :(

                                Excellent point, thanks for sharing!

                                pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                                pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                                1 Reply Last reply Reply Quote 0
                                • NollipfSenseN Offline
                                  NollipfSense @michmoor
                                  last edited by

                                  @michmoor said in Navigating to Buy pfSense +:

                                  That said this entire fiasco was so poorly communicated that its a bit unnerving.

                                  Agree, we're all friends of Netgate and communication is what keep relationships growing...

                                  pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                                  pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                                  1 Reply Last reply Reply Quote 0
                                  • wgstarksW Offline
                                    wgstarks
                                    last edited by

                                    Just in case anyone hasn’t seen it, Netgate has made an official announcement.
                                    link text

                                    Box: SG-4200

                                    NollipfSenseN 1 Reply Last reply Reply Quote 0
                                    • C Offline
                                      Cylosoft @Bob.Dig
                                      last edited by Cylosoft

                                      @Bob-Dig said in Navigating to Buy pfSense +:

                                      If the CE gets Updates too then it is kind of a nothing burger at this point, we knew that a change would be coming someday...
                                      Now I hope that the day, the "old" home tier doesn't get any updates anymore, it can be reverted to a CE!

                                      Exactly. If CE is maintained then who cares. Run CE at home and move on. Really the $129 option is more about supporting development than getting me features. If Netgate doesn't want the support from the home uses that's their decision.

                                      1 Reply Last reply Reply Quote 0
                                      • S Offline
                                        SteveITS Galactic Empire @machbot
                                        last edited by

                                        @machbot said in Navigating to Buy pfSense +:

                                        @mfld said in Navigating to Buy pfSense +:

                                        I just hope the config.xml versioning is the same between 23.05.1 and 2.7.0-CE

                                        It is, I trialed a restore earlier and all went well, no errors.

                                        For reference to @mfld and others, there is a chart linked on:
                                        https://docs.netgate.com/pfsense/en/latest/backup/restore-different-version.html
                                        -> https://docs.netgate.com/pfsense/en/latest/releases/versions.html

                                        23.09 will have a newer config file version.

                                        I have absolutely no insight behind the scenes, but it seems logical to me that there was some reason why the $129 subscription wasn't going to work long term. Otherwise payment seems like an easy way to "fix" the issue of "unauthorized redistribution." For instance I've seen numerous posts about Plus unregistering after hardware changes trigger a change in the person's NDI.

                                        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                                        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
                                        Upvote šŸ‘ helpful posts!

                                        M D J S 4 Replies Last reply Reply Quote 0
                                        • M Offline
                                          michmoor LAYER 8 Rebel Alliance @SteveITS
                                          last edited by michmoor

                                          @SteveITS
                                          I think its two things that needs to be addressed

                                          1. Pricing back to the stated price of 129.
                                          2. The harder part but clearly theres an issue with tracking registration. If cloning the image circumvents the process then it wasn't a good process to begin with. Not sure how other companies are handling this but obviously installing or swapping a NIC shouldnt invalidate a license but it does.

                                          As i mentioned before I think where we are now its probably the best way to have access to Plus. If you want/need plus get the official hardware otherwise you are on CE. I say keep it like this.

                                          Firewall: NetGate,Palo Alto-VM,Juniper SRX
                                          Routing: Juniper, Arista, Cisco
                                          Switching: Juniper, Arista, Cisco
                                          Wireless: Unifi, Aruba IAP
                                          JNCIP,CCNP Enterprise

                                          1 Reply Last reply Reply Quote 0
                                          • D Offline
                                            Darkk @SteveITS
                                            last edited by Darkk

                                            @SteveITS said in Navigating to Buy pfSense +:

                                            For reference to @mfld and others, there is a chart linked on:
                                            https://docs.netgate.com/pfsense/en/latest/backup/restore-different-version.html
                                            -> https://docs.netgate.com/pfsense/en/latest/releases/versions.html

                                            23.09 will have a newer config file version.

                                            I have absolutely no insight behind the scenes, but it seems logical to me that there was some reason why the $129 subscription wasn't going to work long term. Otherwise payment seems like an easy way to "fix" the issue of "unauthorized redistribution." For instance I've seen numerous posts about Plus unregistering after hardware changes trigger a change in the person's NDI.

                                            Yep, without the ability to get the updated token due to hardware changes unless we fork out for the $399/yr subscription isn't going to go well for home/lab users. I personally wouldn't mind paying $129/yr for TAC Lite as I want to support it. FYI I do buy Netgate appliances for our branches at work so I know those won't be affected by the changes.

                                            I am just more concerned for folks like me who uses this for home labs. I've been using pfsense (used to be pfDNS in the early days) for 15+ years so want to keep using it for my home lab.

                                            Also, I saw a post on Facebook which brought me here so no doubt there will be posts there as well.

                                            1 Reply Last reply Reply Quote 2
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.