February 2024 Newsletter

Netgate Installer Sneak Peek

Netgate® will soon release a public BETA of the Netgate Installer for pfSense® software, designed to perform a complete installation of either pfSense Plus or pfSense CE. The Netgate Installer will allow customers with an active subscription to pfSense Plus to install the software without first installing pfSense CE. The Installer will access the latest release files at the time that it is run, which will reduce the number of customer issues related to installation.

View a sneak peek here. 

Read the blog here.

pfSense Software Tip- Package Manager 

Discover how the Package Manager can upgrade your pfSense experience. Explore standout packages and easily install them using this step-by-step installation guide. Subscribe to Netgate’s YouTube Channel for more upcoming videos on the sheer awesomeness of the Package Manager.

Watch here. 

pfSense Software Version 24.03 Sneak Peek

 This latest update includes new features like an improved update process, the ability to export packet flow data, an enhanced gateway recovery process, and changes to the default state policy for increased security.

Enhanced Update Process using ZFS snapshots

pfSense Plus software version 24.03 will include major enhancements to the software update process, using features of the ZFS file system to increase stability and reduce downtime during an update. These enhancements will also offer powerful new tools to pfSense Plus admins who use system snapshots to create multiple pfSense Plus environments during testing and who value the ability to fall back into a known environment if necessary.

To learn more, check out this short video by Christian McDonald from the pfSense development team. 

Read the blog here.

Packet Data Flow Export

Another new feature of pfSense Plus software version 24.03 is the ability to export packet flow data to one or more external collectors using either the NetFlow v5 or IPFIX protocol. Analyzing flow data can be critical for network management. Flow-based metrics can help with application response issues, usage-based accounting, traffic profiling, traffic engineering, attack/intrusion detection, QoS monitoring, and more.

Check out this video by Jim Pingle from the pfSense development team. 

Read the blog here. 

Gateway Recovery

The new release will also include an enhanced gateway recovery process, with options to reset connections made through a backup gateway while the primary gateway is offline. This feature will allow connection fail-back to a primary gateway after downtime, should the primary and secondary have unbalanced bandwidth (ex., primary has 10Gbps, and backup is 1Gbps).

Read the blog here.

State Policy Default Change 

The default State Policy in pfSense Plus 24.03 software and later releases are changing from Floating states to Interface-bound states for increased security.

In nearly all configurations, pfSense software tracks connections using firewall states so it knows which return traffic to allow back through the firewall for connections that were passed in the other direction. These states carry quite a lot of information, such as the source address, destination address, protocol-specific data such as port numbers, translation information from NAT, metadata such as timestamps and packet counts, and more. For traffic passing through the firewall (e.g., LAN to WAN, LAN to VPN, LAN1 to LAN2), there are typically two state table entries: One as the connection enters the firewall (ingress) and one as the connection exits the firewall (egress).

The state policy fundamentally changes how the firewall checks packets against the interface data in state table entries to determine if a packet should be allowed.

Check out this video by Jim Pingle from the pfSense development team. 

Read the blog here. 

TNSR Version 24.02 Sneak Peek  

This latest update includes new features like EAP-RADIUS for Road Warrior IPsec, LDAP Authentication for local access, BGP Graceful Restart, and upgrades of StrongSwan, Free Range Routing (FRR), ARM64 image for AWS and Azure, and Clixon. 

• Remote Access IPsec (Mobile IPsec) EAP-RADIUS Support: This feature extends our secure connections for mobile devices. It adds another available authentication mechanism for mobile IPsec VPN users (TNSR also supports EAP-TLS with certificates or pre-shared passwords).
  
  
• LDAP Authentication for Local Access: Netgate has added external authentication using the Lightweight Directory Access Protocol (LDAP). The centralized LDAP server provides granular enterprise-level authentication to access TNSR management via SSH. 
  
  
• BGP Graceful Restart (RFC 4724): This is an open standard that defines the mechanisms to allow BGP speakers to continue to forward data packets along known routes during a BGP restart. When configured between peers, the restarting BGP speaker will notify its peers and indicate the routes it can preserve in its forwarding. The “helper” peers will continue to advertise these routes to their peers. This reduces the exchange of full routes and traffic disruption caused by the “down/up” transition.
  
  
• TNSR ARM64 image for AWS & Azure:  Love TNSR but wish you could save some money on AWS & Azure infrastructure costs? The 24.02 release of TNSR now has a Graviton & Ampere Altra option! Be on the lookout in AWS Marketplace & Azure Marketplace for new TNSR listings that are m7g (Graviton) & Dpsv5 (Ampere Altra) specific.

Netgate TNSR is a high-speed (exceeding 100 Gbps) virtual router and VPN aggregator.  Businesses can deploy TNSR as a Netgate hardware appliance, Bare Metal Image, KVM, and ESXi, or a Network Virtual Appliance on Amazon Web Services and Microsoft Azure. 

If you want to discuss your needs or try a lab evaluation version of Netgate TNSR, please contact our sales team at sales@netgate.com  or one of our authorized partners.

TNSR SoftwareTip - Command History

The TNSR CLI stores the last 300 commands across sessions. This command history is kept in ~/.tnsr_history.

The command history is accessed by pressing Ctrl-P (previous command), Ctrl-N (next command), or by using the up and down arrow keys.

The number of commands stored by TNSR can be controlled by the cli history-config lines <count> command. To restore the default value, use no cli history-config lines. This behavior may also be disabled by the cli history-config disable or no cli history-config enable commands. Use cli history-config enable to turn it back on.

Shop Pay Installments are Now Available

Netgate has launched Shop Pay Installments, which is a checkout option that offers customers the ability to pay in installments (splitting the purchase into payments over time). This option is available for US customers only at this time. 

Please note you must be logged into Shop Pay to utilize this feature. Once you’ve signed in, you can choose "Pay in installments" at the checkout. 

Visit the Netgate Store. 

To learn more about Shop Pay Installments, click here.

Technical Assistance Center

The Netgate Technical Assistance Center (TAC) provides technical assistance with pfSense Plus software & TNSR. Every Netgate Security Gateway and cloud instance comes with TAC Lite included. TAC Lite offers Zero-to-Ping assistance, ensuring a smooth setup and configuration. Zero-to-Ping assistance will get your Netgate appliance with pfSense Plus & TNSR software, AWS, or Azure firewall connected to the Internet and one client on the same network online.

In addition to TAC Lite, TAC Professional and TAC Enterprise levels are available for faster response times and a much wider variety of assistance topics. Regardless of support level, TAC is here 24/7 to help.

Netgate Holiday Schedule

As the holidays near, please be aware that Netgate will be closed on the following dates except for Technical Support. Considerations should be made for possible delays due to these closures:

• March 29- Good Friday
• May 27- Memorial Day
• July 4- Independence Day
• July 5- Independence Day
• September 2- Labor Day
• November 28- Thanksgiving
• November 29- Thanksgiving
• December 24- Christmas Eve
• December 25- Christmas

Our 24/7/365 Global Support Technical Assistance Center (TAC) is fully staffed and operational for all holidays. The engineering, sales, manufacturing, and shipping teams will be off for the holidays listed above.

We Want Your Feedback

Thank you for subscribing to the Netgate newsletter, and for your continued support of Netgate and our products. We are always looking for ways to improve and value your feedback. If you have suggestions, please reply to this email, contact us, or send an email to mktg@netgate.com. You can also talk to us on social media, or visit our forum.

Useful Links & Information

Netgate Website
Netgate Store

mktg@netgate.com

+1 512.646.4100

Join our growing social community!