Contact with Netgate Servers¶
For several essential and optional services, such as checking for updates, installing updates and packages, and the Auto Config Backup service, pfSense® software makes outgoing connections to servers owned and operated by Netgate.
This document identifies these connections with an explanation of why it makes contact, what is transmitted in both directions, and how administrators can control these operations.
Each of the services described also generates server logs which Netgate discards after 365 days (1 year). Netgate uses these logs to monitor performance, detect problems, and gather usage statistics while also satisfying GDPR requirements.
Support contract information¶
Netgate offers a number of support options for both pfSense and TNSR software users. See https://www.netgate.com/support/ for details.
If administrators activate the Netgate Service and Support widget on the pfSense software GUI Dashboard, pfSense software will query Netgate servers to obtain the current support status, a list of web links, and other information to help administrators make the best use of their support options. This query occurs no more than once every 24 hours.
Note
This widget is active by default on installations of pfSense Plus software, but it can be removed at any time. It is not active by default on pfSense CE software.
Support contracts are tied to individual devices so Netgate must positively identify these devices when providing service. This is not easy to do: Serial numbers are not consistent across different hardware manufacturers and building a firewall running pfSense software from scratch on “white box” hardware is common. To overcome this problem and allow purchasers of Netgate support services to be sure that no one can “spoof” their support contract, Netgate uses a “Netgate Device ID” (NDI) which is displayed on the dashboard and in console/ssh menu banner.
The NDI is a hashed SHA256 value based on available information on the system. Netgate cannot reverse engineer from the NDI how it was generated, what information was gathered, or what values were used. Even if it were practical to reverse-hash SHA256 (it is not) only a string of meaningless characters would result. Netgate knows only that NDI “xyz” has been assigned to support contract “abc”.
Information that is transmitted via the HTTPS connection to Netgate servers:
Netgate ID
Server log information retained by Netgate for up to 1 year, then deleted:
IP address
If administrators prefer not to have pfSense software transmit this information, remove or do not install the Netgate Service and Support Dashboard widget.
See also
Software Updates and Packages¶
To check for updates to pfSense software, navigate to System > Update or, if the System Information widget is active and configured to check for updates, visit the Dashboard. To install new packages or check for updates to installed packages, navigate to System > Package Manager.
These actions cause pfSense software to connect to Netgate servers and update its repository information and package metadata. The first connection is made to establish authorization level and request a list of any available updates.
To determine which updates are available for a given installation, pfSense software transmits the architecture (amd64, ARM64, etc) to the web service along with a list of the installed software components and their versions. The server can then respond with a list of any available updates (For example “stable”, “development”, etc) that are appropriate for the architecture type and authorized for the end-user installation (plus, community edition, etc).
Similar queries are made when installing new packages.
pfSense software will request updated repository information any time an administrator navigates to System > Package Manager, System > Update or when the System Information Dashboard widget is active and the option to Disable the dashboard auto-update check is unchecked under System > Update on the Update Settings tab (Dashboard Check). This option is unchecked by default.
Additionally, pfSense software automatically updates this metadata once per day. The timing is randomized and can be anywhere from 1:00 A.M. local time up to 24 hours later.
Information that is transmitted via the HTTPS connection to Netgate servers:
Netgate ID
Serial Number
pfSense software and installed package versions
Architecture
Configured language (locale)
Platform information (Netgate products, virtualization platform, cloud provider, etc.)
Server log information retained by Netgate for up to 1 year, then deleted:
IP address
Netgate ID
Serial Number
pfSense software and installed package versions
Architecture
Platform information (Netgate products, virtualization platform, cloud provider, etc.)
Auto Config Backup (ACB)¶
Netgate offers an automatic configuration backup service, known as Auto Config Backup or ACB, which is free for anyone to use.
When pfSense software makes a backup via ACB, either automatically or manually,
it encrypts the config.xml
configuration file using AES-256 and a key
provided by the administrator with options suitable for file encryption.
pfSense software then transmits this encrypted file to https://acb.netgate.com where it is stored for future retrieval.
pfSense software also transmits a unique and random “device key” to privately identify which backups belong to a given installation.
This device key must be unique to each firewall backing up its configuration. To do this the key is automatically generated by taking the SHA256 hash of the SSH service keys on the installation. This allows ACB to reliably and properly identify ownership of each backup in an anonymous way.
The encryption key never leaves the firewall in plain text. It exists within the
config.xml
data, but has already been encrypted. Netgate cannot decrypt
any stored configuration file, nor link it to any particular firewall serial
number or identifier.
The ACB service is not active by default. If administrators prefer not to have this information transmitted, disable or do not configure the Automatic Configuration Backup feature.
Information that is transmitted via the HTTPS connection to Netgate servers:
Netgate ID
Device key
AES-256 encrypted configuration
Timestamp
Optional hint (in case the device key is lost)
pfSense software version (in case the ACB data format changes in future versions)
Server log information retained by Netgate for up to 1 year, then deleted:
IP address
Netgate ID
pfSense software version
See also
Bogon Network List Updates¶
Bogon networks are those which should never be seen on the Internet, including reserved and unassigned IP address space.
If any interfaces are configured to Block Bogon Networks, then shortly after initial installation and once per month after that, pfSense software will contact Netgate servers to obtain an updated list of Bogon Networks.
The update script runs at 3:00 A.M. local time, and sleeps a random amount of time up to 12 hours before performing the update.
The frequency of Bogon network updates can be adjusted using the Update Frequency option for bogons under System > Advanced on the Firewall & NAT tab. Updates may be performed on a Daily, Weekly, or Monthly basis.
Information that is transmitted via the HTTPS connection to Netgate servers:
pfSense software version
Netgate ID (optional)
Release (plus/community)
Server log information retained by Netgate for up to 365 days, then deleted:
IP address
pfSense software version
Netgate ID (optional)
Release
The Bogon update can either send or omit the Netgate ID based on the Netgate Device ID option under Installation Feedback on System > Advanced, Miscellaneous tab. The default is to send the ID.
Copyright¶
When an administrator receives a new Netgate device, installs a new version of pfSense software, or performs a factory reset, the GUI displays a copyright notice. Once an administrator dismisses the notice, the GUI does not display it again until it detects an updated notice.
This notice is a reminder of what may and may not be done with pfSense software.
Before the GUI displays the notice, its HTML contents are retrieved from Netgate servers in the currently configured language (locale). There are different versions of the notice for Netgate provided hardware and for the “Community Edition” of pfSense software.
Information that is transmitted via the HTTPS connection to Netgate servers:
Netgate ID
Release (plus/community)
Server log information retained by Netgate for up to 365 days, then deleted:
IP address
Netgate ID
Release
Contact¶
If there are any additional questions, please contact Netgate via telephone at +1 512 646-4100 or via email at sales@netgate.com.