This Month's Topics
- TNSR Release 20.10 Available Now
- TNSR Application Spotlight: Large-Scale NAT
- TNSR Software Video: How to Configure an Interface
- Netgate Appliance Spotlight: SG-2100 with pfSense software
- pfSense Customer Story: Lisbon School Department
- pfSense Training
- We Would Love Your Feedback
- COVID-19 Helping Hand Response Continues to Year-End 2020
- Netgate Tech Tip of the Month
TNSR Release 20.10 Available Now
We are happy to announce the availability of TNSR Release 20.10, the company’s eleventh TNSR release since inception in early 2018. Following 20.08 just two short months ago, the release is primarily focused on fixes, but also contains important adds, changes and updates. As well, some users mentioned they’d like to see us remove the year-end timer. We listened. Release 20.10 Home+Lab edition is free to use and has no expiration timer.
Read more in our announcement blog and TNSR 20.10 release notes.
TNSR Application Spotlight: Large-Scale NAT
IPv4 - with its 32-bit addressing scheme which supports 4.3 billion devices - has served the world well for decades. But internet growth, personal computers, smartphones and now Internet of Things (IoT) have nearly exhausted that address space. IPv6 - with its 128-bit addressing scheme, supports 340 trillion trillion (2128) addresses - is the answer. If your network is running out of IPv4 address space, TNSR software can help. TNSR removes address space shackles with its large-scale NAT (LSN) solution. No more TCAM limits. All done in software.
LSN, also referred to as Carrier-Grade NAT (CGN), mitigates the problem of IPv4 address exhaustion by enabling end sites to be configured with private IPv6 network addresses and then translated to public IPv4 addresses by NAT devices in the network operator's network. This allows exhausted public address space to be shared by many end sites and devices. It also shifts network address translation from the end customer to the service provider network.
Hardware-based solutions require sizable ternary content-addressable memory (TCAM) to mange address translation at speed. TNSR software enables LSN/CGN for Tier 1/2/3 service providers and large enterprises running large private networks through key software features including:
- Mapping of Address and Port (MAP)
MAP is a carrier-grade IPv6 transition mechanism capable of efficiently transporting high volumes of line-rate IPv4 traffic across IPv6 networks. TNSR supports both MAP-T (which uses translation) and MAP-E (which uses encapsulation). TNSR can currently act as a Border Relay (BR) providing service to Customer Edge (CE) clients.
Providing IPv6 addresses alone is often insufficient since the vast majority of systems that underpin the public Internet support only IPv4, and many end user systems do not yet fully support IPv6. DS-Lite allows 1) service providers to migrate to an IPv6 access network without changing end-user software, 2) IPv4-based end user devices to continue accessing IPv4 internet content, and 3) IPv6 users to access IPv6 content.
- Network Address Translation-Traversal (NAT-T)
TNSR supports the standards-based approach for IPsec encapsulation in User Datagram Protocol (UDP) to ensure that data protected by IPsec can pass through NAT without discarding packets - key for IPsec VPN connections that traverse connections where NAT is present, especially for service providers.
All of the above is performed in software - eliminating dependency upon expensive TCAM-limited appliances.
For more TNSR use cases, videos, and data sheets, please visit our TNSR resource page.
TNSR Software Video: Configuring an Interface
In this short instructional video, we will walk you through the process of configuring an interface through the TNSR CLI. For more information about TNSR software - from the basics to complex deployments - please see our TNSR documentation.
Netgate Appliance Spotlight: SG-2100 with pfSense Software
Discover why customers love the Netgate SG-2100, Netgate’s newest addition to our ever popular secure networking appliance family. Packaged into a visually sleek and compact form factor - with low power draw and silent, fan-less operation - the product is well-suited for desktop, wall, or shelf deployment.
The SG-2100 features a dual-core ARM64 Cortex A53 1.2 GHz CPU, dedicated 1 GbE WAN port (RJ45/SFP combo), (4) 1 GbE Marvell switch ports (with a 2.5 Gbps uplink), 4 GB of DDR4 RAM, and upgradable storage.
You can learn more about the SG-2100 and its performance in our announcement blog.
pfSense Software Customer Story: Lisbon School Department
The Lisbon School Department provides for the educational needs of the surrounding community. With the department supporting four campuses, campus interconnect with speed and security are essential to the department’s IT infrastructure. Learn how James Churchill, the School Department’s Technology Systems Director, along with Netgate worked to find the best solution to meet the high-bandwidth encrypted traffic processing need between each campus.
pfSense Software Training
Netgate offers the only authorized training on pfSense, and our classes are perfect for someone looking to learn more about pfSense advanced applications or for someone just getting started. Classes are limited to 25 seats, so make sure you register and secure your spot.
Currently, the course catalog includes:
- pfSense Supplementals I
- pfSense Fundamentals and Advanced Application
View the full schedule and catalog here.
We Would Love Your Feedback
Our customers purchase through different channels, including the Netgate store, our worldwide Partners, and the US Amazon marketplace. Regardless of where you purchased, we'd love to have your review, feedback, and rating directly on Amazon if you are using a Netgate SG-1100, SG-2100, SG-3100, SG-5100, or XG-7100 DT. Amazon's retail marketplace is obviously highly-visible, and customer reviews posted there help us spread the word about Netgate appliances and pfSense software - which ultimately helps us continue progressing the open-source project.
Beyond public reviews, we're always open to feedback and suggestions to improve our products and processes. There are many ways to reach out and talk with us! Our sales team, TAC engineers, product management & marketing team, and customer care engineers are all passionate, knowledgeable and happy to hear from you.
COVID-19 Helping Hand Response Continues to Year-End 2020
Back on March 26, 2020, Netgate issued this blog describing our efforts to help pfSense software users through the tragedy of COVID-19. At that time, we stated these measures would remain in place through May 31, 2020. We weren’t sure then, nor are we certain now how long this situation will last. From our Vice President of Service Delivery, Scott Davis, "I can say definitively that the steps we took have been welcomed and impactful. I know, as I and my team are responsible for addressing each and every support request."
This need still exists as organizations and individuals around the world continue to adapt to stay in place, work from home, and take other social distancing measures. To that end, we have decided to leave our Helping Hand offers in place through the end of 2020.
Please refer back to the above-referenced blog for specifics, but rest assured, Netgate intends to do all it can to help pfSense software users with our zero-to-ping support, VPN configuration and connection support for healthcare providers and non-profits, and reduced-price TAC support subscriptions for everyone else.
It is the right thing to do, and it remains consistent with our commitment to provide leading-edge network security at a fair price - regardless of organizational size or network sophistication.
I’d also like to reiterate that the pfSense community continues its strong heritage of knowledge sharing and support. We heartily applaud that effort.
Be safe out there. Let us know if we can help you.
Netgate Tech Tip of the Month - Connecting to the WebGUI
A site-to-site IPsec tunnel interconnects two networks as if they were directly connected by a router. Systems at Site A can reach servers or other systems at Site B, and vice versa. This traffic may also be regulated via firewall rules, as with any other network interface. If more than one client will be connecting to another site from the same controlled location, a site-to-site tunnel will likely be more efficient, not to mention more convenient and easier to support.
With a site-to-site tunnel, the systems on either network need not have any knowledge that a VPN exists. No client software is needed, and all of the tunnel work is handled by the tunnel endpoints. This is also a good solution for devices that have network support but do not handle VPN connections such as printers, cameras, HVAC systems, and other embedded hardware.
Our extensive online documentation is available to help you through this and many other challenges.
Thanks for subscribing to the Netgate newsletter. For more information on Netgate and its products, engage with us on social media, or visit our forum. We're always looking for ways to improve. Want to share feedback? You can contact us here. Find the newsletter informative? Recommend it to a friend or colleague and direct them here!
Join our Social Media Community!
Have a question? Contact us here.
See you next month!
© Copyright 2020 Rubicon Communications, LLC
Netgate is a registered trademark of Rubicon Communications, LLC
TNSR is a registered trademark of Rubicon Communications, LLC
pfSense is a registered trademark of Electric Sheep Fencing, LLC
Other trademarks are the property of their respective owners.