pfSense Plus FAQ

pfSense® Plus software is a Netgate product, separate and distinct from pfSense Community Edition (CE), which is open-source project software.

pfSense Plus software replaced pfSense Factory Edition (FE), and is offered at no charge on Netgate appliances.

It is also offered as chargeable software through AWS and Azure Cloud marketplaces.

pfSense Plus is available to install on 3rd party hardware via a TAC LITE subscription using the Netgate Installer.

There are two primary reasons.

First, demand for new secure networking features, performance improvements, management and automation capabilities outstrip the capabilities of existing pfSense software design, which dates to 2004.

Second, the code changes necessary to deliver the above capabilities will be disruptive to users of the open-source code base - especially those dependent upon private forks for their own needs. pfSense has a smorgasbord of features and functions that Netgate will need to update, replace, or delete. These code modifications will not always immediately serve the open-source community. Rather than force the community to quickly follow, Netgate can better serve its customers and the broader community by moving the pfSense Plus stack forward to support product advancement, without disrupting the code base that community members rely upon today.

No. The pfSense project (which provides pfSense CE) and pfSense Plus (Netgate product) software are divergent.

An example of divergence is when Netgate releases a new appliance, we almost always need to modify the software to address things like a new driver (Intel I225), or a bootloader change, etc.

pfSense Plus (and TNSR) software release numbering is consistent with the Linux Networking Foundation FD.io project approach - where releases are numbered with a year.month.patch convention.

pfSense CE software release numbering is consistent with the FreeBSD approach - where releases are numbered with a major.minor.patch convention.

We prefer the latter approach for pair products, as our customers can more easily identify the relative currency of their operating software.

There is no change to the package support for pfSense CE.

Initially, pfSense Plus will maintain package parity. Over time, Netgate will evaluate pfSense Plus package support - based on customer demand and technology progression.

pfSense Plus has diverged from CE. The differences between pfSense Plus and pfSense CE are detailed in our documentation.

Netgate will continue providing stewardship and resources for the pfSense project, just as it has since 2012.

pfSense project code will continue to be available on GitHub, and will remain Apache licensed.

Netgate will continue to support the project with code contributions, particularly with respect to security vulnerability protection, FreeBSD related updates, common code, etc.

While Netgate will focus on its products and customers, we will continue to contribute releases, snapshots, and updates of pfSense CE. The frequency and depth of this support will be evaluated on an ongoing basis. 

Yes. Going forward, pfSense Plus customers will be able to reliably manage their IT infrastructure changes around three releases per year.

Absolutely not. Nothing has changed about our strong belief in, and commitment to, open source software. This is best expressed by specific evidentiary statements:

• We are proud of our long heritage of giving back significant financial sponsorship, engineering and test resources, and upstreamed code to numerous open-source projects. Our project list includes Clixon, DPDK, FD.io/VPP, FreeBSD, Free Range Routing (FRR), Linux, pfSense, and strongSwan.
• Netgate currently employs or contracts many developers with roles in the FreeBSD, pfSense, Clixon, and VPP/FD.io projects. Their contributions and responsibilities include development, administration, maintenance, release engineering, and foundation board membership. These developers, and many more at Netgate are regular contributors to these projects.
• Netgate directly co-sponsors feature work. Very recent examples of contribution include kernel-resident WireGuard, crypto-offload, and Intel i225 ethernet drivers.

pfSense Plus is available to install on 3rd party hardware via a TAC LITE subscription using the Netgate Installer.

pfSense Plus software is a Netgate product - branched from pfSense project - and it is closed source.

That said, pfSense Plus software is built upon a set of open source projects, namely OpenVPN, strongSwan, Free Range Routing, and of course FreeBSD. Given this, customers can certainly see the vast majority of the underlying code of pfSense Plus, if they are so inclined.

As has always been the case, the latest pfSense Community Edition software release will continue to be available through the project.

That is really up to how the project progresses itself.

If the community chooses to progress feature set, testing, documentation, and release packaging, there will continue to be new project software releases.

Netgate will continue to participate both as a community member, and as project steward.

Beginning with the release of pfSense Plus 21.02 in February 2021, all Netgate appliances will factory ship with pfSense Plus software.

Simply upgrade through the pfSense software GUI or console menu on your Netgate appliance.

Documentation will initially remain as it is today, with references to pfSense Plus deltas where applicable.

Yes. pfSense Plus Release 21.02 is a fork of pfSense CE 2.5. However, as has been covered in more detail above, over time they will diverge in terms of architecture, feature set, performance and manageability.

Yes. You can upgrade at any time from TAC Lite to either TAC Pro or TAC Enterprise.

TAC Lite is our new name for what we previously referred to as ‘zero-to-ping’ support - made available with all new appliance and CSP instance purchases. TAC Lite is the support that helps you connect your new Netgate firewall (one client online and pinging outside of your network) to the Internet.

By proxy, you may also upgrade from TAC Pro to TAC Enterprise at any time.

At the time of update, a new subscription period will begin. We will not, however, pro rate any remainder of the prior subscription.