This Month's Topics
- TNSR Video Series Episode 2: Core Features
- TNSR Application Spotlight: Large-Scale NAT
- TNSR Configuration Recipes: TNSR Remote Office With Existing IPsec Hub
- pfSense User Story: Cintra Chooses pfSense Software for AWS and Oracle Cloud Access
- New pfSense Video: How to Run a File System Check
- Netgate Appliance Spotlight: SG-3100 with pfSense Software
- We Would Love Your Feedback
- COVID-19 Helping Hand Response Continues to Year-End 2020
- Netgate Tech Tip of the Month
Netgate Releases Episode 2 of TNSR Video Series
The latest TNSR video, Core Features, is live on Netgate’s YouTube channel. In this video we provide a quick synopsis of TNSR’s routing protocol and address mapping capabilities; VPN, interface, tunneling features and firewall coverage. Finally, it touches on expected enterprise and service-provider “musts” - specifically high availability and orchestration management readiness.
Our website, tnsr.com, contains more detailed information on applications, features, performance, deployment guidance and more, but this growing family of vignettes cover the essence of the product - and its value - in fast, easy bite-sized stories.
Check out this blog which outlines the video series and allows you to sign up for notifications circa all new TNSR content releases - videos, case studies, white papers, and more.
TNSR Application Spotlight: Large-Scale NAT
IPv4 - with its 32-bit addressing scheme which supports 4.3 billion devices - has served the world well for decades. But internet growth, personal computers, smartphones and now Internet of Things (IoT) have nearly exhausted that address space. IPv6 - with its 128-bit addressing scheme, supports 340 trillion trillion (2128) addresses - is the answer. If your network is running out of IPv4 address space, TNSR software can help. TNSR removes address space shackles with its large-scale NAT (LSN) solution. No more TCAM limits. All done in software.
LSN, also referred to as Carrier-Grade NAT (CGN), mitigates the problem of IPv4 address exhaustion by enabling end sites to be configured with private IPv6 network addresses and then translated to public IPv4 addresses by NAT devices in the network operator's network. This allows exhausted public address space to be shared by many end sites and devices. It also shifts network address translation from the end customer to the service provider network.
Hardware-based solutions require sizable ternary content-addressable memory (TCAM) to mange address translation at speed. TNSR software enables LSN/CGN for Tier 1/2/3 service providers and large enterprises running large private networks through key software features including:
- Mapping of Address and Port (MAP). MAP is a carrier-grade IPv6 transition mechanism capable of efficiently transporting high volumes of line-rate IPv4 traffic across IPv6 networks. TNSR supports both MAP-T (which uses translation) and MAP-E (which uses encapsulation). TNSR can currently act as a Border Relay (BR) providing service to Customer Edge (CE) clients.
- DS-Lite. Providing IPv6 addresses alone is often insufficient since the vast majority of systems that underpin the public Internet support only IPv4, and many end user systems do not yet fully support IPv6. DS-Lite allows 1) service providers to migrate to an IPv6 access network without changing end-user software, 2) IPv4-based end user devices to continue accessing IPv4 internet content, and 3) IPv6 users to access IPv6 content.
- Deterministic NAT (CGN) mode. TNSR can be configured to operate in three different NAT modes: Simple, Endpoint-dependent, and Deterministic. The Deterministic mode is best for large-scale IP address space deployments.
All of the above is performed in software - eliminating dependency upon expensive TCAM-limited appliances.
TNSR Configuration Recipes: TNSR Remote Office With Existing IPsec Hub
Setting up and configuring new software can often be challenging. To aid our customers in getting up and running quickly with TNSR software we include several configuration recipes in TNSR documentation. The use cases covered by these recipes are real-world challenges encountered by Netgate customers.
In this latest recipe, we provide guidance for planning and configuring a site-to-site VPN connection between a Netgate SG-5100 appliance running TNSR software and an existing IPsec head end at a headquarters location.
Ready to get started with TNSR software? Visit our trial page.
Cintra Chooses pfSense Software for AWS and Oracle Cloud Access
When Cintra's incumbent OpenVPN solutions from Checkpoint® and Fortinet® were becoming too expensive to maintain, the cloud engineering team at Cintra, led by Mattia Rossi, started to look for a better approach for high-volume remote access.
Like many of our enterprise users, Mattia had been using pfSense software professionally for business premises deployments (as well as personally in his home) since 2009. It was an easy decision to leverage pfSense software for cloud needs.
To learn more about why Cintra chose pfSense software, read our blog.
New pfSense Video: Running a File System Check
In some cases, pfSense software may detect a file system issue and print an error on the console at boot time. The most common occurrence is with an unclean shutdown - such as a power loss. In most cases this is harmless and the self-check will complete and correct the error. However, in rare cases the firewall may need to be booted in single user mode where "fsck" can be run manually until no problems are found. We created a short video to walk users through this process with pfSense software.
Netgate Appliance Spotlight: SG-3100 with pfSense Software
The Netgate SG-3100 with pfSense software is the perfect appliance for the connected home or small business network. With its compact form factor, low power draw, and silent operation, the SG-3100 runs completely unnoticed on any desktop.
Netgate is the only official producer of appliances that are designed, tested, commercially-packaged, supported, and pre-loaded with pfSense software. Netgate appliances are available directly from Netgate, or from our partners around the world.
We Would Love Your Feedback
Our customers purchase through different channels, including the Netgate store, our worldwide Partners, and the US Amazon marketplace. Regardless of where you purchased, we'd love to have your review, feedback, and rating directly on Amazon if you are using a Netgate SG-1100, SG-3100, SG-5100, or XG-7100 DT. Amazon's retail marketplace is obviously highly-visible, and customer reviews posted there help us spread the word about Netgate appliances and pfSense software - which ultimately helps us continue progressing the open source project.
Beyond public reviews, we're always open to feedback and suggestions to improve our products and processes. There are many ways to reach out and talk with us! Our sales team, TAC engineers, product management & marketing team and customer care engineers are all passionate, knowledgeable and happy to hear from you.
COVID-19 Helping Hand Response Continues to Year-End 2020
Back on March 26, 2020, Netgate issued this blog describing our efforts to help pfSense software users through the tragedy of COVID-19. At that time, we stated these measures would remain in place through May 31, 2020. We weren’t sure then, nor are we certain now how long this situation will last. From our Vice President of Service Delivery Scott Davis, "I can say definitively that the steps we took have been welcomed and impactful. I know, as I and my team are responsible for addressing each and every support request."
This need still exists as organizations and individuals around the world continue to adapt to stay in place, work from home, and take other social distancing measures. To that end, we have decided to leave our Helping Hand offers in place through the end of 2020.
Please refer back to the above-referenced blog for specifics, but rest assured, Netgate intends to do all it can to help pfSense software users with our zero-to-ping support, VPN configuration and connection support for healthcare providers and non-profits, and reduced-price TAC support subscriptions for everyone else.
It is the right thing to do, and it remains consistent with our commitment to provide leading-edge network security at a fair price - regardless of organizational size or network sophistication.
I’d also like to reiterate that the pfSense community continues its strong heritage of knowledge sharing and support. We heartily applaud that effort.
Be safe out there. Let us know if we can help you.
Netgate Tech Tip of the Month - Upgrading pfSense
The process of upgrading pfSense is normally uneventful when following our documentation. Be aware that some functionality - including VPN services - is interrupted during the process. In rare cases, a system may become unreachable, requiring onsite physical access or "remote hands" to remedy.
For additional information regarding upgrades to pfSense software, see the release notes and upgrade documentation guidance.
Our extensive online documentation is available to help you through this and many other challenges.
Thanks for subscribing to the Netgate newsletter. For more information on Netgate and its products, engage with us on social media, or visit our forum. We're always looking for ways to improve. Want to share feedback? You can contact us here. Find the newsletter informative? Recommend it to a friend or colleague and direct them here!
Join our Social Media Community!
Have a question? Contact us here.
See you next month!
© Copyright 2020 Rubicon Communications, LLC
Netgate is a registered trademark of Rubicon Communications, LLC
TNSR is a registered trademark of Rubicon Communications, LLC
pfSense is a registered trademark of Electric Sheep Fencing, LLC
Other trademarks are the property of their respective owners.