Trying to understand the community images vs the non-community images



  • So I was reading this post:
    https://www.reddit.com/r/PFSENSE/comments/2ro9vm/pfsense_hardware_vs_netgate/

    and discovered that, between the Netgate RCC-VE 4860 (http://store.netgate.com/ADI/RCC-VE-4860.aspx) and the SG-4860 (https://store.pfsense.org/SG-4860/), there is no difference in terms of hardware.

    What was interesting is a comment someone made regarding the image they give you for pfSense

    (https://www.reddit.com/r/PFSENSE/comments/2ro9vm/pfsense_hardware_vs_netgate/cnhs9xx):
    … has some additional tuning to make the result more performant. These differences are not in the "community" image that we release.

    Are there any metrics supporting this? I'm trying to figure out what kind of performance boost there is buying the official version vs the netgate one. It would be nice to know exactly what tuning is done to make pfSense more "performant".

    Also, what happens once the support contract expires if we bought the SG-4860? Do we have to start using the community images?

    I should note that I'm not trying to nickle and dime the PfSense team here. I've never used pfSense but I fully support and appreciate all the hard work they do. My issue has more to do with the fact that I need to buy several of these devices for home use for my family who are not computer savvy and I simply cannot afford to pay the extra $150 per device. I would much rather buy from Netgate and donate some extra cash to the project than have to purchase hardware from a site that isn't affiliated with the project.


  • Rebel Alliance Global Moderator

    "I need to buy several of these devices for home use for my family who are not computer savvy"

    You need to buy a 500$ firewall with 6 Ethernet ports – you do understand those are NOT switch ports for home users that are not computer/network literate?  Really?  You must have money to burn in your pockets ;) And worried about pfsense getting a few bucks??

    Why would your typical home user "need" such a device..  That is fantastic that you want use a better solution for your family than your typical off the shelf soho router...  But think your looking a bit high end there..  Wouldn't the 2220 be better option for your non computer family members?



  • I also would like to put snort and other security products on there which likely would require a faster CPU than the 2220.

    Also this is something that I wouldn't want to update (hardware wise) for 10 or 15 years. I'd rather buy them now and somewhat future proof it for a while, hence why I went for the higher end model.

    Also, sure, I'd be the one setting it up. The end users have no idea what a router/switch is, let alone how it works – So hopefully they won't be touching it.


  • Rebel Alliance Global Moderator

    10 or 15 years??  Nonsense - you do understand how fast this tech changes… looking past 5 years nothing but unrealistic..  5 years out that tech no matter how high end you buy it now is just going to be JUNK!!

    Snort will run just fine on the 2220...  Pretty sure you family could get buy with the typical off the shelf less than $100 a wifi router ;)  You wanting to have some fancy tech - hey all for it... But don't go complaining about a few bucks difference in price when you do ;) hehehe



  • @johnpoz:

    10 or 15 years??  Nonsense - you do understand how fast this tech changes… looking past 5 years nothing but unrealistic..  5 years out that tech no matter how high end you buy it now is just going to be JUNK!!

    Snort will run just fine on the 2220...  Pretty sure you family could get buy with the typical off the shelf less than $100 a wifi router ;)  You wanting to have some fancy tech - hey all for it... But don't go complaining about a few bucks difference in price when you do ;) hehehe

    Okay – Fair enough. I'm still curious as to whether I'd have to pay every year to continue getting the non-community edition of pfSense.


  • Rebel Alliance Developer Netgate

    @HowardSten98239:

    (https://www.reddit.com/r/PFSENSE/comments/2ro9vm/pfsense_hardware_vs_netgate/cnhs9xx):
    … has some additional tuning to make the result more performant. These differences are not in the "community" image that we release.

    Are there any metrics supporting this? I'm trying to figure out what kind of performance boost there is buying the official version vs the netgate one. It would be nice to know exactly what tuning is done to make pfSense more "performant".

    We don't have any stated metrics but there is more to just the hardware-specific tuning. Sure if you dig and find the settings similar settings can be replicated, but having it properly tuned for the hardware without having to tinker is a huge gain for many people.

    There are also some features in the factory release for SG units that are not found in the "community" images. There is an AWS VPC VPN wizard, an IPsec IKEv2 profile exporter for iOS/OS X,  and more things we are adding as we go.

    @HowardSten98239:

    Also, what happens once the support contract expires if we bought the SG-4860? Do we have to start using the community images?

    Currently the factory firmware updates work indefinitely. I'm not sure if/how that might be changing in the future but at least for the time being that isn't a concern. The install media may not be available if you have an expired account, but you can still update from an older installation. That may vary depending on where you're from as well since things like EU regulations for hardware/software support may apply.  Drop a note to sales@pfsense.org if you'd like more info.

    At the moment, you can use the community firmware on any of our hardware it's just not an optimal experience to do so.