%201.png?width=302&name=Netgate%20Logo%20PMS%20(horizontal)%201.png "NetgateColorLogoRegisteredRGB.png")
Securely manage and monitor multiple instances of pfSense Plus across your fleet from a single pane of glass
API Focus
- OpenAPI schema
- Enabling scriptable workflows for both configuring and collecting information
- Remote console access to managed VPN devices
Scalability
- Controller will run on pfSense Plus 24.08 for Early Look, and in AWS and Azure Cloud for initial GA (in a customer tenancy, not SaaS)
- Supports fan-out management, where a managed pfSense system can also manage and monitor downstream systems
- Planned: high-availability controller
- Planned: tenancy-based clusters
- Planned: template provisioning
Role-Based Access Control
- Entitlements enforced for each administrator
- Uses the same authenticators as pfSense: LDAP, RADIUS, local database
Responsiveness
- Minimize GUI lag upon configuration changes
- Immediate detection of network state changes, including:
- Network interface address changes and failures
- Routing table updates
Monitoring
- Respond to actionable events and collect information:
- Firewall events
- System alerts
- Logs collection
- Planned: hardware failures
Product Lifecycle
- Boot configuration selection
- Operating system and package updates
- Planned: file distribution and transfer between the controller and pfSense plus systems within the management VPN
An isolated, Zero-Trust management VPN tunnel between nodes ensures that only authorized and recognized controllers and managed pfSense plus systems can:
- Connect to each other
- Send management traffic between one another
Two-Level Security Requiring Independent Keys
- A VPN public key for the ZTNA management VPN, which provides the secure link between the controller and the pfSense plus systems
-
API authorization using zero trust authentication, ensuring only the specified Controller is permitted to interact with the managed pfSense plus systems
