Navigating to Buy pfSense +
-
23.09.b.20231023.1701 will this be the last version for Plus (Home) or will they at least give us the final version 23.09? And what version of CE can I upgrade to? As I understand it, the CE config is older.
Personally, I am not bothered by this situation if we are given the opportunity to switch to CE without any problems. -
@marcg said in Navigating to Buy pfSense +:
Hoping that Netgate reconsiders and creates an affordable whitebox license for home users. Paying for value is fair. I'd personally be willing to pay $129/year and continue to be a promoter of pfSense+ in my professional & personal communities.
$399/year would more than double many (most?) home users' yearly spend on networking gear. Switching from a whitebox to a Netgate box to drop support to the (soon to be) $129/year TAC Lite subscription isn't a clear win from a total cost perspective either. Smaller whiteboxes suited for home use -- handful of 2.5 Gbps ports with good performance -- are substantially less expensive and varied from a price/performance perspective than Netgate's comparable offerings.
Perhaps there are technical mechanisms that could ensure a less expensive home entitlement isn't abused: just as an example, limiting the state table to 10k states.
While I wouldn't be against even paying a small yearly fee, I'd like to address your technical limitations as well:
Sophos did this and you had (HAD) two options - either use UTM and your IP limitation was at 50 IPs, or go to their SFOS solution, have unlimited IPs, but the hardware limitations were in place - being allowed to run minimal (read substandard) hardware limits (4-core, 6GB limits) for their new solution turned it into an overstuff pack mule trying to climb a 50-degree incline. So, the 50 IP limit seemed like still the better choice - then they discontinued that product allowing it altogether and made no accommodation for the only solution available now through Sophos.
So, you may have fantastic hardware, but limited so badly, Snort doesn't even run at an acceptable pace, and per Sophos standards, wouldn't even update the backend appropriately to the point where NIC drivers were never allowed to be updated, no updates to the inner workings utilized with their solution, such as Snort being mutli-threaded now at Version 3, while Sophos still runs 32-bit Snort. Things like this are the death of teeter-tottering, back and forth which makes the user even more bitter about being limited. It's NOT a decent solution. A better solution for this issue would be better management of licensing, quite frankly.
-
I'm not really sure why everyone is getting their panties-in-a-wad here.
I think most folks, saw or should have, when the + version was introduced that changes were coming. After all Netgate is a commercial company in business to make money. I don't recall them ever promising that we as home users would be guaranteed a version with all the bells and whistles that their paying commercial customers get. As far the $129 price I see folks commenting on, I don't remember that being cast in stone. I for one will stay with the CE version. Actually they never even promised us that the CE version would remain with the features that are in the + version. I'll stay with the CE version till it no longer suits my needs and then I'll move on.
Too bad they don't make a version based on Linux given all the problems happening with BSD, FreeBSD, etc but this has nothing to do with Netgate/pfSense tho.
-
@Viper_Rus said in Navigating to Buy pfSense +:
what version of CE can I upgrade to? As I understand it, the CE config is older.
see above:
@SteveITS said in Navigating to Buy pfSense +:
For reference to @mfld and others, there is a chart linked on:
https://docs.netgate.com/pfsense/en/latest/backup/restore-different-version.html
-> https://docs.netgate.com/pfsense/en/latest/releases/versions.html23.09 will have a newer config file version.
...so if you didn't want to restore a config file from 23.05.1 and catch up on later changes, you could wait until CE 2.8.
They discuss current home+lab users in the blog post. It's a bit vague but sounds to me like there's not a short term concern other than the very problematic case of needing to do a reinstall or make hardware changes.
@jdeloach said in Navigating to Buy pfSense +:
version based on Linux
TNSR is Linux. At one point they did convert from CentOS to Ubuntu and required a reinstall to upgrade. That works in some cases but is a pain when traveling to data centers and (billing to upgrade) clients' sites.
As I alluded to above, having used m0n0wall and pfSense and having sold Netgate hardware quite a long time, I'm still not sure there's a a benefit for most people to use Plus over CE. (and if it is that critical, buy a Netgate router...?) I think people made a bit deal about the "delay" of CE 2.7 but, big picture, 23.01 was pretty buggy, 23.05 better but still had lots of patches, and 23.05.1 and 2.7 were released pretty much together. As a result we didn't bother upgrading most of our and our clients routers to 23.01 anyway.
-
@Darkk said in Navigating to Buy pfSense +:
To be honest this is true on any security device
Didn't say it wasn't.
Taking someone like me who manages Fortigate
So me too and Cisco - yup fair share.
aren't they QA'ing their code before releasing it?
No. Because they are profit driven like every company. Testing in a development environment, simply put "testing" cuts into the bottom line.
"It it compiles, ship it" it is entirely on the developer.
They report to shareholders not users.Your box of corn flakes (or insert cereal preference here) got smaller, the price went up and they called it "new and improved"
No its not! It is smaller and more expensive. But you will never see the PR say that. That's where we are now, a poorly implemented PR spinas I've said a couple of times, I'm on Netgate hardware so the CE home thing and use there of, isn't really a issue for me.
the lack of all the CE users providing input or as you put it "help test and report bugs" however, is part of what concerns me. Unless as part of their corporate plan they plan to increase the testing internally they will end up being no different than a Forti or a Cisco.
if the tide swells too much and they drive a lot of people away, not only does the cost for everyone go up, the product gets stale.. Or you know "New and Improved"Let's face it we've seen this in other companies
"Open Source" because it's great way to build --> migrate to closed source for the ($) -> fail because they become unable to keep up or the product cost too much.Myself I'm just not sure they are going to get it right longer term and that's a concern. My loss of confidence (or yours and anyone else) means nothing to any company. They need to listen to the home users and respect that.
Yes they have issues but they are generally those are easier for me to mitigate myself on an Open Netgate, than they are on an Forti or Cisco.
That said, and for entirely different reasons, I stopped recommending Netgate to smaller businesses about 8 months ago. Hard to change that lack of trust back. But here I am still running a 23.09.beta, and by choice. So I haven't left yet.
-
They need to take a look at XCP-ng and Xen Orchestra's play book on communication and transparency. They post everything about where they are headed and where they want to go. All the way down to what colors they want to use for their front end software. I remember a time where netgate used to post things like this. One example that comes to mind is the requirement for AES-NI on their upcoming latest version of pfSense and everyone lost their mind over it. But you know what? Netgate took the criticism and didn't make it a requirement because they saw it wasn't sitting well with the community and lose their precious support base for furthering the product.
I'd also like to mention that the most recent "error after upgrade to HAProxy 0.62_1" incident that nbproc is no longer supported in the config file... I was the one who submitted that bug report! An individual who had the plus version on a whitebox and no TAC license. I don't know by how much, but I can see a decline in quality going down if we don't have the ability to use the plus edition and file bug reports.
Don't get me wrong, I want them to make money and I'd gladly pay a reasonable fee to run pfSense at home/Lab. They have to stop this knee jerk reaction and "we will tell you later" nonsense and I think the community would take to more bad news if they had better transparency. companies will always have it backwards though. Companies always think they are the ones who made their company, but the community is who has made them.
-
@AMG-A35
Moving op OPENsense. Netgate wants to create "revenue stream" using home users, not this user. Netgate promised and broke their promise. No loyalty from me to "Indian givers". -
I'm finding myself frequently moving my pfSense+ install at home between VMs, adding/removing interfaces, etc. In the past I was relying on being able to just grab a new activation token; but that seems to be no longer the option. Are existing "subscribers" of the Home/Lab license with valid NDI getting the option to transfer the subscription to a new NDI seamlessly (ideally from the UI, without bothering Netgate support)?
I know at this point I should just look into erm; alternatives from other vendors (or just downgrading to CE; which I don't think would work since I think 23.09 is no longer compatible with 2.7 configs); but it would be nice not to have to do it immediately.
-
@adam-lantos So long as you're keeping the quantity of nics the same, reusing the same macs will satisfy the token.
-
I see that in general people expressed their opinions about the latest "ideas" by Netgate.
My 2c.
The plan to charge home users $399 a year is plain stupid. (sorry for being blunt)
If Netgate does not reverse this decision, it will mean that they fight not pirates who install and resell illigaly pfSense, but they fight us, the community, home users. This may and will cause some users (maybe myself included) to move from pfSense. As a result, Netgate will lose contributors, testers, enthusiasts etc. and that will make
I pay voluntarily €105/year for Proxmox PVE as I really want to support its product.
Why can't pfSense offer a similar (I asked about it BTW)Like one guy said recently - don't!
-
@wgstarks said in Navigating to Buy pfSense +:
Netgate has made an official announcement.
They presented their case very well..they're not against home/lab users...it's the misconduct of others who, it seems, desperate for money abusing the kindness of open source to align their pockets...not cool
-
@chudak said in Navigating to Buy pfSense +:
The plan to charge home users $399 a year
That's not their plan...that's for the TAC pro. They haven't determine the price yet, it seems they're seriously thinking about home/lab users and most likely will priced to encourage continued engagement with the community.
@chudak said in Navigating to Buy pfSense +:
I pay voluntarily €105/year for Proxmox PVE
I plan to do that also soon, it's highly resilient...
-
-
@stephenw10
Figured you a XCP NG guy… -
-
Why then don't you guys follow up a good path instead of risking all?!
-
@stephenw10 said in Navigating to Buy pfSense +:
@chudak said in Navigating to Buy pfSense +:
I pay voluntarily €105/year for Proxmox PVE
As do I.
Same here. ProxMox is a great product worthy of continued support. Pfsense is also another worthy product that we'd love to keep supporting it by contributing to ideas and money if possible (not $399).
-
Why not $399 for a perpetual license, it'd be like buying one of netgate's boxes just not being constrained to the small selection of hardware.
-
The company failed on delivering their past statement, and can no longer be trusted, and that is including the security point of view. If they lied on licences, they can lie on everything.
This fail is not due to the real home users, using Plus in good faith for years like myself, but to their inability to do their homework before their prior statement. I can understand their willingness to address abuse of the system... which should have been real harder with a good Risk Analysis (back to the point they cannot be trusted from the security point of view).
This is immediate end for me as a professional adviser of Netgate appliance. And a busy weekend from the personal point fo view.
-
@HuskerDu nailed it...