What is pfSense® Plus Software?¶
Netgate announced the creation of pfSense Plus software, and the renaming of the open-source project to pfSense Community Edition (CE), in January 2021. The rationale was simple: The existence of pfSense Plus software would allow Netgate to add advanced features required by business customers. In the time since that announcement, a number of premium capabilities have been added to pfSense Plus software that are not available in pfSense CE software.
Benefits of pfSense Plus Software¶
More Frequent Software Updates¶
One of the most significant differences is the release cadence.
Three Releases per Year¶
pfSense Plus software gets major updates three times per year, and additional point releases when required. This allows Netgate to keep pfSense Plus software closely in sync with the many changes and updates that are made ‘upstream,’ including in FreeBSD.
See also
Cryptography and VPN Acceleration¶
pfSense Plus software incorporates a number of capabilities that improve the performance of VPN connectivity.
See also
These exclusive capabilities include:
OpenVPN Data Channel Offload (DCO) support¶
This provides huge performance gains when processing encrypted OpenVPN data by reducing the amount of context switching that happens for each packet.
See also
Intel IPsec Multi-Buffer (IIMB) support¶
This increases VPN performance on Intel, AMD and ARM platforms where extended instruction support is present by replacing some cryptographic functions provided by the kernel with accelerated functions that utilize those extended instructions.
See also
Intel QuickAssist Technology (QAT) support¶
This is an Intel-specific hardware acceleration technology that significantly increases performance, using asynchronous processing, for many cryptographic operations.
See also
SafeXcel cryptographic accelerator support¶
This is an acceleration technology present on some ARM platforms, such as the Netgate 1100 and 2100 appliances.
See also
CESA support¶
This is an acceleration technology present on some ARM platforms such as the Netgate 3100 appliance.
See also
AWS VPC VPN Connection Wizard add-on package¶
This add-on package automatically creates a VPN tunnel and BGP configuration to communicate with an Amazon AWS VPC.
See also
IPsec Profile Wizard add-on package¶
This add-on package creates IPsec configuration profiles for Apple devices (iOS and macOS), and IPsec import script bundles for Windows devices.
See also
OpenVPN Client Import add-on package¶
This add-on package Imports a unified OpenVPN client configuration file as exported by an OpenVPN server.
See also
Additional Features¶
Additional premium features found in pfSense Plus software include:
ZFS Boot Environment (BE) Management in webConfigurator¶
This feature makes it easier to take snapshots of key file system areas, resulting in safer upgrades and major changes. If the user encounters problems with an upgrade or configuration change, the firewall can be ‘rolled back’ to an earlier known good state.
See also
ZFS dashboard widget (to track status of disks using ZFS)¶
This feature allows easy monitoring of disks using the zfs file system.
See also
CARP mode (multicast or unicast)¶
This is an option to choose how CARP (High Availability) operates, either in multicast or unicast mode. Some environments (including virtualization) don’t work well, or not at all, with multicast mode. pfSense CE software only supports multicast.
See also
Ethernet (Layer 2) Filtering Rules support¶
This feature is experimental rule-based pass/block filtering of packets based on Ethernet (Layer 2) header attributes (e.g. MAC addresses). These rules are processed before other (L3) rules in the inbound direction, and after those rules outbound.
See also
LDAP Client Certificate support¶
This feature supports a certificate sent to the LDAP server to identify this client when using an encrypted transport mode.
See also
GUI Options for WAN 802.1X Authentication Bridging and VLAN 0 PCP Tagging¶
These options allow directly connecting to certain ISP networks which typically require specific devices at the edge, such as a modem with an authentication certificate.
Native Packet Flow Data Export for NetFlow/IPFIX¶
Starting with pfSense Plus software version 24.03 the firewall can directly
export NetFlow v5 and IPFIX traffic flow data to one or more collectors using
the pflow(4) feature in PF. The data is collected directly from firewall
states and does not require a separate daemon, service, or add-on package.
See also
Capabilities For Netgate Hardware¶
There are also several capabilities in pfSense Plus software that are unique to the appliance hardware that Netgate sells and supports.
These include:
ARM64 support (for Netgate’s ARM-based appliances)
The Firmware Update add-on package
MMC Utilities package
Support for specialized hardware such as status LEDs, reset buttons, switches, and hardware watchdog devices
Default optimized configurations for Netgate hardware appliances