%201.png?width=302&name=Netgate%20Logo%20PMS%20(horizontal)%201.png "NetgateColorLogoRegisteredRGB.png")
pfSense® Plus software, the world’s leading firewall, router, and VPN solution, provides secure network edge and cloud networking solutions for millions of deployments worldwide.
We are excited to announce the release of pfSense® Plus software version 24.11. This new version includes several major features that our customers have been requesting, and many other enhancements and bug fixes. All pfSense Plus customers are encouraged to upgrade to this new version.
New Features and Improvements
Multi-instance Management Early Look
This release offers a glimpse into the future of multi-instance management for pfSense Plus. A web GUI and a set of APIs for monitoring and managing multiple pfSense Plus instances are now available.
While the set of API endpoints is incomplete, the available endpoints are functional, and we are continuing to improve the feature based on customer feedback.
Learn More About Multi-instance Management
Kea DHCP Enhancements
The Internet Systems Consortium (ISC) distributes two full-featured, open-source, standards-based DHCP servers: Kea DHCP and ISC DHCP. ISC announced the End of Life (EOL) of the ISC DHCP server, and ended maintenance on it at the end of 2022.
Support for High Availability
With ISC DHCP at EOL, it is imperative that Kea DHCP reaches feature parity. We expect to be feature complete with Kea DHCP in the next release of pfSense Plus. Continued improvements in the Kea DHCP service provide greater capabilities and significant improvements over the previous release, including:
- High Availability: Kea now supports High Availability for IPv4 and IPv6
- Simplified High Availability Setup: Kea DHCP uses a single, global High Availability configuration, which is easier to set up and manage than ISC DHCP's per-interface configuration.
- More Reliable Failover: Kea operates in "hot standby" mode, providing more reliable failover, especially when booting a secondary node.
- Improved Security: Kea can synchronize lease data over the SYNC interface for security and ease of use, and can optionally encrypt the sync data for added protection.
Kea DHCP DNS Resolution
The Kea DHCP daemon now integrates with the Unbound DNS Resolver to provide automatic DNS registration. This means:
- DNS Registration of DHCP Clients: DNS records are updated dynamically on-the-fly, they do not require a resolver restart and are not disruptive. This works for IPv4 and IPv6.
- Improved Update Detection: With Kea, pfSense Plus software uses an extension that allows Kea itself to trigger DNS changes for lease events. With ISC DHCP, pfSense software used a dedicated daemon that monitored DHCP leases externally and triggered DNS updates based on that detection. This daemon was running and consuming resources as long as the feature was enabled, and it was not always reliable.
- No Service Interruptions: The older method of updating ISC DHCP resulted in an interruption of DNS service any time a DNS record changed. This was especially problematic on busy networks or environments where the DNS resolver did not restart quickly. The new method of updating DNS records in the resolver utilizes features of Unbound which allow for seamless updates, without the need to restart the Unbound service.
Learn More About Kea DHCP Enhancements
System Aliases in Custom Rules
Users can now use built-in system aliases (like bogons, vpn_networks, etc)) in custom firewall rules. This improves rule management efficiency and standardization.
NTP Authentication
This release implements NTP client authentication support, enabling secure time synchronization across networks.
Release Notes
Release Notes for pfSense Plus 24.11-RELEASE are available for review.
Installing the Upgrade
Netgate has a detailed Upgrade Guide available in the pfSense documentation to help explain the process. Below are the high-level steps to perform the upgrade.
Users currently running pfSense Plus software
Upgrades from an earlier version of pfSense Plus software are usually made through the user interface. Before any major change, such as an upgrade, it’s always recommended to save a backup of the pfSense Plus configuration. You can find Backup and Recovery instructions in the pfSense documentation.
- Navigate to System > Update
- Set Branch to “Current Stable Version (24.11)”
- Click Confirm to start the upgrade process
Users currently running pfSense Community Edition (CE) software
We encourage you to migrate from pfSense CE software to pfSense Plus software. Doing so will ensure you have access to all of the benefits of pfSense Plus software. You can find details on how to get pfSense Plus software here.
Troubleshooting the Upgrade
Please review the documentation on Troubleshooting Upgrades for the most up-to-date information on working around upgrade issues.
This pfSense Plus software release is ready for use in production environments. Should any issues arise, please post to our forum or contact Netgate Technical Assistance Center (TAC) for paid support.
Supporting the Project
When you purchase Netgate hardware, TAC, or AWS/Azure cloud instances, you directly sustain the engineering teams responsible for maintaining high quality pfSense software.
You may support this work through one or more of the following:
- Purchase an official appliance directly from Netgate or from our worldwide reseller partner network. Our appliances are the fast, easy way to get up and running with a fully-optimized firewall.
- Purchase TAC support which provides you with direct access to Netgate Global Support
- Purchase Professional Services, which provides access to our most senior engineers for more complex projects outside the scope of TAC support.
- Use a genuine pfSense Plus instance from Netgate to connect and protect your cloud workloads on AWS and Azure.
Our efforts are made possible by the support of our customers and the community, and for that we express our sincere thanks. This involvement makes the pfSense project a stronger solution for everyone.