Main conrainer

I’ve got 99 problems, but a switch ain’t one.

If you’re havin’ loop problems I feel bad for you son, I got 99 problems but a switch ain’t one.

The SoC used for the SG-1000 (also known as “uFW”) includes an on-die 3 port gigabit Ethernet switch.   By leveraging VLANs, it’s possible to build a ‘router on a stick‘ on one board.  In order to make this switch as functional as possible, we decided to leverage the FreeBSD etherswitch(4) framework.  Support for the on-die switch on SG-1000 was directly upstreamed to FreeBSD in revision 309113.

Support for this framework then needed to be added to pfSense.   First support was added to the PHP module that provides the glue layer between FreeBSD and PHP via a series of commits. Here are two of them: 1 2. Once this was done, we could start designing the components of the web GUI. Switch_system.php shows which switches are attached to the system.  It has no controls.

pfSense_localdomain_-_Interfaces__Switch__System

Switch_ports.php show the ports available on the selected switch. Since the SG-1000 only has one switch, the selector that allows you to choose which switch you are looking at is hidden.

pfSense_localdomain_-_Interfaces__Switch__Ports

Multiple switches attached to one firewall causes a selector to appear so you can choose which one to work on.  Obviously there is only one switch on the SG-1000, but I’ve faked things here (“cd /dev: ln -s etherswitch0 etherswitch1”) to show the selector, and in order to show that we’re “thinking forward”.

pfSense_localdomain_-_Interfaces__Switch__VLANs (1)

The VLAN page allows you to view/create/edit a VLAN.

pfSense_localdomain_-_Interfaces__Switch__VLANs

Switch_vlans_edit.php allows you to create or edit a VLAN. Clicking on any port in the “Available ports” column adds it to, or deletes it from the “members” list.  While we accommodate up to 128 ports, this is a SG-1000, so there are only 3 ports to choose from.  There is some pretty fancy jQuery in this page.

pfSense_localdomain_-_Interfaces__Switch__VLANs__Edit

The SG-1000 is not the only product we have coming that has built-in switches. Here is a sneak peek at another.

IMG_8956 3

The systems you see in this photo are a Broadwell-DE with either 6 x 10G on SFP+ on top (bcc-1) or 16x1G on RJ45 (with 2 10Gbps uplinks), plus 4 x 10G on SFP+ on bottom (bcc-0).  Both systems additionally have 2 1Gbps Ethernet ports on SFP, as well as redundant power, 2 x M.2, miniPCIe 4 x SATA3 as 2.5″ drives, and a PCIe 3.0 x16 slot for expansion.  Both of these have QuickAssist cards installed, enabling high-speed encryption and compression, but bypass NICs (for IDS/IPS) will likely prove popular as well.

Both also contain a “uBMC“, which is remarkably similar to the SG-1000, and runs pfSense with support for our coming (but unannounced) remote management product.  In fact, the germination of the SG-1000 occurred because of uBMC.  We noticed that a lot of people (including us) use pfSense to control access to the IPMI/BMC ports on their servers in colocation, so we thought, “Why not put pfSense in the BMC?”

Of course, since pfSense software is open source, this means that you’re no longer beholden to your IPMI vendor for security patches and updates.  More details on those systems, uBMC and the remote management product will be provided in future posts.

 

24 x 7 Support now Available

Netgate®, the leading provider of open source security solutions and the host of the pfSense® open source firewall project is proud to announce the availability of professional 24×7 support for pfSense software.  

Our new extended support hours are available to all customers who have active pfSense software support incidents on their account.  Support incidents are available both for pfSense hardware purchased from Netgate and for customers who have installed pfSense CE on their own hardware.

Customers with active support incidents on their account are eligible to use telephone, chat and email to initiate a support request. With our new level of staffing and capability, we’re also happy to announce a reduction in our initial response service level agreement (SLA) from 24 hours to 8 hours.

Read the rest of this entry »

Happy 10th Anniversary to pfSense® Open Source Software

happy10thpfsense-blog

This month marks 10 years since the pfSense 1.0 Open Source firewall and router software distribution hit the Internet. With that release, one of the most successful open-source projects was born. Over the last 10 years, pfSense software has amassed a following and installed base of nearly 400,000. This is an amazing accomplishment by an open source project and it would not have been possible without the interest, engagement, and support of the entire pfSense community. This community includes the contributions of many developers, the support and funding by the host company Netgate, our customers, and the innumerable contributions by those who assist others on the forum or on IRC, have filed bug reports and followed up to test the relevant fixes, tested beta builds and release candidates, created or edited documentation, or written articles on how they use pfSense software. We are humbled by the interest, enthusiasm and trust that so many have for pfSense.  For all of this and more, we thank you!

Read the rest of this entry »

pfSense 2.3.2-p1 RELEASE Now Available!

We are happy to announce the release of pfSense® software version 2.3.2-p1!

This is a maintenance release in the 2.3.x series, bringing a number of bug fixes. The full list of changes is on the 2.3.2-p1 New Features and Changes page.

This release includes fixes for 34 bugs and 2 feature items completed.

If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.

Read the rest of this entry »

2.4 pre-alpha snapshots now available.

pfSense® software version 2.4 pre-alpha snapshots are now available.

pfSense 2.4 will use FreeBSD 11 as a base, and 11.0-RELEASE has not yet occurred.  There will be additional work to use 11.0-RELEASE as a base.

More work at “reduction of technical debt” is occurring in 2.4.  We have decided to not carry forward the kernel patches for Captive Portal.  Instead, it is being re-written to use stock IPFW.  That work is only about 75% complete.  MPD4 needs to be converted to MPD5.  Simultaneously to these, work is occurring to convert several subsystems (e.g. radius) to use the PEAR equivalents:

Read the rest of this entry »

pfSense 2.3.2-RELEASE Now Available!

We are happy to announce the release of pfSense® software version 2.3.2!

This is a maintenance release in the 2.3.x series, bringing a number of bug fixes. The full list of changes is on the 2.3.2 New Features and Changes page.

This release includes fixes for 60 bugs, 8 features and 2 todo items completed.

If you haven’t yet caught up on the changes in 2.3.x, check out the Features and Highlights video. Past blog posts have covered some of the changes, such as the performance improvements from tryforward, and the webGUI update.

Read the rest of this entry »

pfSense moves to Apache License

With the pending departure of Chris Buechler, we wanted to find a way to express to the community our continued commitment to keep pfSense® software open source.

As such, pfSense is moving to the Apache License 2.0  in order to align the goals of the project with other (unannounced) offerings from Netgate.  The Apache License 2.0 is a permissive license similar to the MIT License. The main conditions of this license require preservation of copyright and license notices.

Read the rest of this entry »

Moving Forward

Over the past few months, the Netgate® engineering team and our community contributors have delivered the software foundation for a new era of pfSense® technology.

In April we released version 2.3 of pfSense software which features a new, modern webGUI utilizing Bootstrap, as well as converting the underlying system to FreeBSD® pkg.  The pkg conversion enables us to update pieces of the system individually going forward, rather than the monolithic updates of the past.  The webGUI rewrite brings a new responsive look and feel to the pfSense project, which minimizes resizing or scrolling across a wide range of devices from desktop to mobile phones.

Since releasing pfSense 2.3 we have demonstrated both a dual Ethernet ARM device and the new dual Ethernet Minnowboard Turbot, running an experimental version of pfSense software version 2.4.  We have also shown technology demonstrations of kernel bypass networking via netmap-fwd, which can yield ten-fold improvements in packet processing.  Taken together, these results demonstrate the start of a new era for Netgate and pfSense.

Read the rest of this entry »