pfSense software received 45 awards in the G2 Winter 2024 report. These include Enterprise, Mid-Market, and Small Business awards in categories such as Best Estimated ROI, Best Relationship, Best Usability, Most Implementable, and Users Most Likely to Recommend for both the Firewall Software and Business VPN groups.
G2 awards are based on reviews by real users. Placing first in many of these categories further validates that our work is essential and appreciated. We are honored to receive these awards and grateful to our customers for your support. Thank you – we couldn't have done it without
pfSense Software Tip- System Patches
To see available system patches for pfSense Plus or pfSense CE software since the last major release, install the System Patches add-on package. These patches may include security fixes, bug fixes, and other beneficial changes between releases.
Go to System > Package Manager > Available Packages and click on the “+ Install” button.
Once the package is installed, you will find a System > Patches menu item in the pfSense WebGUI. Choosing it lists available system patches, including Recommended System Patches, and they are applied by clicking on the “+ Apply” button for the patch to install. It’s recommended that you read the available information for that patch before installing it.
Check for new system patches by going to System > Package Manager > Installed Patchesand clicking on “Update” for the System Patches package if it is visible.
TNSR Reference Architecture for AWS
TNSR is a powerful tool when in the right hands. TNSR deployed within AWS lends itself to saving our customers money and enabling a set of functionality that’s simply unavailable elsewhere!
Our new Reference Architecture can help you deploy TNSR as a VPN Concentrator, NAT Gateway, and/or Multi/Hybrid-Cloud Router in an HA configuration, utilizing AWS Transit Gateway, available here.
TNSR can save you money in AWS (& Azure) as:
VPN Concentrator (mobile or site-to-site…1000’s of connections!) without the 1.2Gbps limit.
NAT Gateway (yes, you are probably overpaying).
Edge to Cloud Router & Cloud to Cloud Router.
Achieving the elusive 200Gbps promised by the M6in Base Metal instance, as touted by AWS, remains an unattained feat – unless, of course, our not-so-secret sauce is applied to unlock its full potential.
TNSR Performance Optimization Tip -
Working with Large BGP Tables
Navigating the intricacies of extensive BGP tables, which may comprise hundreds of thousands or even millions of routes, presents a substantial challenge within any network infrastructure. Scaling up to meet these demands necessitates a strategic approach involving the fine-tuning of both memory and CPU controls to optimize throughput under the strain of larger network loads.
Memory Optimization
On current versions of TNSR, IPv4 and IPv6 routes both use the main heap for memory instead of their own heap and thus are unlikely to require tuning except for when dealing with hundreds of thousands or even millions of routes, depending on the configuration.
The memory allocated for the statistics segment may need to be tuned depending on the number of routes received, especially in cases where TNSR is configured with multiple worker threads. For detailed guidance on optimizing these memory values, check out the comprehensive insights provided in the Memory Usage and Tuning section.
CPU Utilization
Beyond memory considerations, the processing load associated with managing a substantial number of routes demands significant CPU power. The primary thread takes charge of FIB maintenance and processes incoming route changes. In the absence of worker threads, this same thread manages the processing of incoming packets. To mitigate potential competition for CPU resources between these tasks, the addition of one or more worker threads is advisable.
With multiple worker threads in play, the primary thread can exclusively handle incoming routes while the workers efficiently process packets. Detailed instructions on configuring additional CPU workers can be found in the CPU Workers and Affinity section.
Memory Concerns
On current versions of TNSR, IPv4 and IPv6 routes both use the main heap for memory instead of their own heap and thus are unlikely to require tuning except for when dealing with hundreds of thousands or even millions of routes, depending on the configuration.
The memory allocated for the statistics segment may need to be tuned depending on the number of routes received, especially in cases where TNSR is configured with multiple worker threads.
In addition to memory, processing large numbers of routes will consume significant CPU power.
The main thread handles maintenance of the FIB (processing incoming route changes). If there are no workers, processing incoming packets will also be handled by the main thread. In order to prevent the two tasks from competing for CPU resources, one or more worker threads can be added.
With multiple worker threads available, the main thread will handle incoming routes while the workers process packets.
The Netgate 4200 is the ideal network solution for small and medium businesses that want powerful performance at a reasonable price.
With its robust, high-performance 4-core Intel® Atom® C1110 @ 2.1 GHz (w/AVX2 and VAES), the 4200’s benchmark results set a new standard: routing, firewall, and IPsec VPN operations up to three times faster than the Netgate 4100. With its robust, high-performance 4-core Intel® Atom® C1110 CPU @ 2.1Ghz, the 4200’s benchmark results set a new standard: routing, firewall, and IPsec VPN operations up to three times faster than the Netgate 4100.
The 4200 offers flexible, high-bandwidth connectivity to deliver business value today. Four unswitched 2.5 gigabit ethernet WAN/LAN ports (RJ45) can keep a small to medium-sized business network running fast without the need for fiber infrastructure.
The Netgate 4200 is a Security Gateway (router, firewall, and VPN) with best-in-class processing power, delivering the industry-leading stability and capabilities of pfSense Plus software (with free upgrades for the life of the hardware), all at a great price. It includes complimentary TAC Lite “zero to ping” assistance to get you up and running. TAC Pro and TAC Enterprise subscription support, with enhanced SLAs, are available for an additional fee.
The Netgate 4200 is priced at $549 ($50 below the Netgate 4100) and will be shipping at the end of February 2024.
The Netgate Technical Assistance Center (TAC) provides technical assistance with pfSense Plus software & TNSR. Every Netgate Security Gateway and cloud instance comes with TAC Lite included. TAC Lite offers Zero-to-Ping assistance, ensuring a smooth setup and configuration. Zero-to-Ping assistance will get your Netgate appliance with pfSense Plus & TNSR software, AWS, or Azure firewall connected to the Internet and one client on the same network online.
In addition to TAC Lite, TAC Professional and TAC Enterprise levels are available for faster response times and a much wider variety of assistance topics. Regardless of support level, TAC is here 24/7 to help.
Netgate Holiday Schedule
As the holidays near, please be aware that Netgate will be closed on the following dates except for Technical Support. Considerations should be made for possible delays due to these closures:
February 19- President’s Day
March 29- Good Friday
May 27- Memorial Day
July 4- Independence Day
July 5- Independence Day
September 2- Labor Day
November 28- Thanksgiving
November 29- Thanksgiving
December 24- Christmas Eve
December 25- Christmas
The Netgate Global Support Technical Assistance Center (TAC) is fully staffed and operational for all holidays. The engineering, sales, manufacturing, and shipping teams will be off for the holidays listed above.
We Want Your Feedback
Thank you for subscribing to the Netgate newsletter, and for your continued support of Netgate and our products. We are always looking for ways to improve and value your feedback. If you have suggestions, please reply to this email, contact us, or send an email to mktg@netgate.com. You can also talk to us on social media, or visit our forum.
%201000px-1.png?upscale=true&width=600&upscale=true&name=Netgate%20Logo%20White%20(horizontal)%201000px-1.png)
