We have released an updated BETA of the Netgate Installer for pfSense software. The installer is designed to simplify the installation process for both pfSense Plus and pfSense CE. The following is a complete list of changes since the last public BETA:
Correct use of the netmask to calculate and match the necessary IP Settings (gateway, dhcpd range).
LAN and WAN static IP settings are now verified to disallow overlapping networks.
PPPoE is now supported on the WAN interface.
CE repositories can be displayed even if a Plus subscription is available (there is an option under the 'Advanced Settings' option to enable this - defaults to disabled.)
The connectivity test has been changed to not depend on ICMP or NTP sync. The installer still attempts to sync the system clock with NTP, but a failure will not abort the installation.
Reduced the differences between the ISO and IMG formats, which are now essentially the same.
The Configuration Restore dialog has changed and is now on the initial menu. Once a configuration file is selected to be restored, the installation proceeds.
The selected configuration (or new, blank default) is now on the installation log.
If necessary, the LAN interface can be unassigned on Netgate devices.
The u-boot bootloader on the 1100 will be automatically upgraded when necessary. This is mandatory to support ZFS on the 1100 system.
There are several small changes to the UI (texts/menus/buttons) to improve UX
Unbound is now presented as an option to use as a 'local resolver' for the WAN. This option can be enabled if necessary; the default is disabled.
To download the free Netgate Installer, visit our Shopify Store.
Please note that an Internet connection is required to use the Netgate installer.
pfSense Plus Software Tip -
Automatic Config Backup (ACB)
We are all busy, and distractions abound, but with Automatic Config Backup (ACB), maintaining a current backup of your pfSense software configuration is no longer something you need to worry about once configured.
AutoConfigBackup is a core component of pfSense® software and is free for all users of pfSense software, both Plus and CE. These backups are encrypted, and only YOU have the key! So don’t lose it. ACB works with the new Netgate Installer, so you can upload your configuration during the installation of a new pfSense Plus or CE installation.
ACB will automatically back up your configuration each time you make changes. If you misconfigure your pfSense implementation, you can just go back to a known good configuration!
Configuring ACB starts with navigating to Services > Auto Config Backup, Settings tab. Enable ACB, set an encryption password and hint, choose a preferred backup frequency, and click Apply Changes. To confirm that ACB is functioning correctly, navigate to the Restore tab and look for a new backup in the list. Each device's most recent 100 encrypted configurations are retained on Netgate servers.
Keep a record of your device key and encryption password. Should you lose your key, Netgate can’t help you recover your encryption password. We have no “backdoor” into your configuration files. Your device key and encryption password are needed to restore a configuration. A password manager or documentation system (but please, not a Post-It note on your monitor, next to your ATM pin) is ideal for storing these important details securely.
Moving a configuration to a new Netgate security gateway appliance is a few simple steps. Navigate to Services > Auto Config Backup, Settings tab. Set the Encryption Password to match the previous installation, then click the Restore tab. Paste the old device key into the Device Key field, and click the Submit button. A list will be displayed of the backups stored.
Click the View Info icon to explore the backup, or restore the backup directly by clicking the Restore icon. Once the firewall restarts, it will be running with the restored configuration. ACB can also be used during the implementation of your pfSense Plus or CE firewall using the Netgate Installer.
We encourage you to take a moment to configure and enable AutoConfigBackup in pfSense software. We hope you’ll never need it, but if you do, you will be glad you did.
pfSense Plus 24.03 Recap
We announced a lot of great new features in 24.03, but when many new features get announced, not all get the coverage they deserve. One feature that wasn’t well-covered is the enhanced Gateway Recovery feature. It offers significant benefits for users managing multiple gateway configurations. This feature allows users to decide whether to maintain or terminate connection states during recovery. The ability to configure this behavior on a per Gateway Group basis is even more advantageous. This is particularly beneficial for setups with a high-bandwidth primary gateway or a metered backup connection. For instance, if a primary gateway loses its link and fails over to a backup, the Gateway recovery ensures a seamless transition back to the primary gateway once it regains its link. Users can choose to keep or kill states during this transition, minimizing disruptions or ensuring that a higher-cost backup link is not used longer than needed. This flexibility is essential for applications such as VoIP, where maintaining active states can prevent call interruptions. Overall, the enhanced Gateway recovery feature enhances network reliability and provides customizable options to suit various network configurations.
We are excited to announce the upcoming release of TNSR software version 24.06! Some of the new features and enhancements in this release include:
TNSR ARM64 image for AWS & Azure
The new ARM64 image of TNSR software can lower your AWS and Azure infrastructure costs! The 24.06 release of TNSR will have a Graviton and Ampere Altra option. Be on the lookout in the AWS and Azure Marketplace for new TNSR listings that are m7g (Graviton) and Dpsv5 (Ampere Altra) specific.
Remote Access VPN Enhancements
Multiple Remote Access VPNs
RADIUS Assignment of Client Virtual IP Addresses
Multiple Clients Connections for a Single User
Logging Enhancements
The improved logging in TNSR software allows system data to be retrieved using REST APIs and the CLI. Results can be filtered by category, service type, and date/time range. VPP logging now defaults to SYSLOG. TNSR logs may now be forwarded to remote logging hosts such as Splunk®.
Stay tuned for more details when TNSR 24.06 is released.
TNSR Prometheus Exporter with Grafana Dashboard Visualization
Network data collection, visualization, and analysis are critical for customers to manage and maintain their networks. Customers need to query and filter data to create actionable intelligence and intuitive dashboards. Prometheus is a powerful and flexible toolkit for monitoring and alerting, designed to handle modern, highly dynamic environments with ease. Its ability to efficiently collect, store, and query time-series data, combined with robust alerting and visualization capabilities, makes it a popular choice for both infrastructure and application monitoring. Its extensibility and integration with other tools like Grafana further enhance its utility in diverse monitoring scenarios. Prometheus is not a direct successor to SNMP but rather an addition that brings powerful capabilities for modern monitoring needs.
Netgate TNSR achieves data processing rates at scale by leveraging Vector Packet Processing (VPP) from FD.io. VPP allows ASIC-level performance on standard CPUs and provides rich telemetry data that enhances visibility and optimizes operations. TNSR telemetry data can be exported to Prometheus, an open-source system monitoring and alerting tool.
Netgate TNSR provides a Prometheus exporter for VPP statistics. Using Prometheus on a TNSR router enhances network monitoring by providing detailed, scalable, and customizable metrics collection and analysis. Customers can use REGEX expressions to filter what data to export. Enabling the Prometheus exporter is as simple as entering the CLI command prometheus <namespace> enable or using the REST API. As mentioned, Prometheus pulls the data from the exporters defined in the Prometheus configuration.
Here is an example of a Grafana visualized TNSR output. We can see interface statistics, CPU usage by thread and activity, and VPP vector input and output nodes.
This data provides a valuable tool for network operations, capacity planning, and troubleshooting.
Read more about this in the blog by Neil Mukhamediev.
TNSR offers a means to trace packet actions through the data plane. This is different from a packet capture in that a packet capture looks at the contents of a packet while a trace inspects how a packet flows through the data plane. A trace shows basic information about a packet and the actions taken on the packet by the data plane along the way.
Trace Capture
A trace capture records the actions the data plane takes on a number of packets. The trace includes packet header data such as IP addresses, MAC addresses, and which actions were taken by the data plane (i.e. which data plane nodes processed the packet). This gives a view of how a packet flows through the data plane, including whether or not the data plane dropped a packet or allowed it to egress.
Netgate is excited to announce our most powerful, expandable, and high performance appliance to date. The Netgate 8300 is tailored for medium to large businesses, xSP, MSP/MSSP, and has high connectivity and stability requirements. This enterprise-ready unit features Netgate's most expandable chassis and hot-swappable PSUs, ensuring mission-critical reliability and ease of maintenance. This security gateway boasts a formidable 2.0 GHz, 8-core, 16-thread Intel® Xeon® D-1733NT processor with Intel AVX-512 for exceptional routing, firewall, and VPN performance. Check out the iperf3 numbers for pfSense Plus and TNSR below.
As you may have heard, PeerSpot ranks pfSense Plus as the #1 firewall! A custom AWS/PeerSpot Buyer Guide is now available in the AWS Marketplace.
Hear from pfSense customers about their cost savings, performance gains, and other useful information. Want to get a paid POC of pfSense or TNSR in your AWS environment? Contact sales@netgate.com.
Videos
Netgate's video library is expanding! Visit our YouTube channel for sneak peeks, software releases, deep dives, and unboxing videos.
If you are an influencer and have created a video on pfSense, TNSR, or one of our appliances, we’d love to showcase it in our next newsletter. Please reach out to mktg@netgate.com.
Watch our latest content on the Netgate official YouTube channel.
Partners Around the World
We have expert partners in all geographies ready to assist you in your country and language. We work with MSPs who can help you manage your firewall and/or your IT infrastructure, freeing you to concentrate on running your business.
The Netgate Technical Assistance Center (TAC) provides technical assistance with pfSense Plus software & TNSR. Every Netgate Security Gateway and cloud instance comes with TAC Lite included. TAC Lite offers Zero-to-Ping assistance, ensuring a smooth setup and configuration. Zero-to-Ping assistance will get your Netgate appliance with pfSense Plus & TNSR software, AWS, or Azure firewall connected to the Internet and one client on the same network online.
In addition to TAC Lite, TAC Professional and TAC Enterprise levels are available for faster response times and a much wider variety of assistance topics. Regardless of support level, TAC is here 24/7/365 to help.
Netgate Holiday Schedule
As the holidays near, please be aware that Netgate will be closed on the following dates except for Technical Support. Considerations should be made for possible delays due to these closures:
July 4- Independence Day
July 5- Independence Day
September 2- Labor Day
November 28- Thanksgiving
November 29- Thanksgiving
December 24- Christmas Eve
December 25- Christmas
Our 24/7/365 Global Support Technical Assistance Center (TAC) is fully staffed and operational for all holidays. The engineering, sales, manufacturing, and shipping teams will be off for the holidays listed above.
We Want Your Feedback
Thank you for subscribing to the Netgate newsletter, and for your continued support of Netgate and our products. We are always looking for ways to improve and value your feedback. If you have suggestions, please reply to this email, contact us, or send an email to mktg@netgate.com. You can also talk to us on social media, or visit our forum.
%201000px-1.png?upscale=true&width=600&upscale=true&name=Netgate%20Logo%20White%20(horizontal)%201000px-1.png)
.png?upscale=true&width=1120&upscale=true&name=image%20(7).png)
