Main conrainer

Announcing pfSense University

After months of preparation and high customer demand for official pfSense training, Electric Sheep Fencing, the company behind the pfSense project, is very excited to announce our new training initiative, pfSense University

Our first class, “pfSense Fundamentals and Practical Application” is a two-day event which will cover common usage scenarios, deployment considerations, step by step configuration guidance, and best practices. This course will also enhance your skills and abilities to install, configure and support pfSense in your environment. We have scheduled two sessions of this class – one in August and one in September.

To get more information about this class and to sign up, please see pfSense University!

Introductory price is $1999.00 per class, but use promotional code BBC425FF on the sign-up page for an instant $500 discount!

In addition to official pfSense training, attendees will receive a one-year subscription to pfSense Gold, a pfSense T-shirt, and an entry into a raffle to win a VK-T40E2.

Breakfast and a lunch buffet are provided both days.

Register quickly! Each class is limited to 20 participants!

Please send any questions to

Service Offerings and Community Outreach

In the last couple of months, I have been working on expanding the role of our engineers and support organization at ESF from focusing solely on pfSense to becoming a “full-service provider” that can address and solve problems in conjunction with, but outside the immediate scope of pfSense.  Our team has decades of engineering experience that can be leveraged to provide a much broader scope of services and support than we have provided in the past.

Two months ago, we launched our professional services offerings to the public, with no advertising and only responding to unsolicited inquiries from existing customers. The results have been overwhelming! So I wanted to take this time to officially announce our professional services and see how you might leverage our experience to your advantage.

To read more about our professional services offerings, please read our professional services page.

Finally, our organization is growing in a number of ways. Primarily in the number of customers we support on a daily basis.  Brand recognition and community interaction are certainly looking up! Much of what we do and the business decisions we make is based in part on feedback from the community. I wanted to provide this opportunity to provide your feedback so that we may better serve you. Suggestions can be sent to  While we may not respond to all, I assure every e-mail is read.

pfSense at Hack@UCF

Back in March, we donated a pfSense Gold subscription and a Dell R200 to Hack@UCF, a computer security club at the University of Central Florida.

We’ve received word that UCF’s Collegiate Cyber Defense Competition Team won the Raytheon National Collegiate Cyber Defense Competition a few weeks ago.

Though the team is not allowed to say much about what happens at CCDC due to various competition-related stipulations, one of the team members has blogged about Hack@UCF’s and the CCDC team’s usage of pfSense, which primarily covers pfSense in active use as a perimeter firewall and VPN solution.

The local news did a segment on the team.

Congratulations to Knightsec!

Announcing the May 2014 pfSense Hangout!

When: Friday, May 23, 2014 @ 1300hrs (1:00pm) central US time.

This month’s topic is an introduction to the packet capture functionality in pfSense, and fundamentals of packet analysis, allowing you to interpret its output.

Packet analysis is the best and fastest approach to troubleshooting a wide range of network, routing and firewall-related issues. But many people are overwhelmed by the output and aren’t sure how to use or interpret it.

While some circumstances require extensive knowledge of the protocols in use to successfully analyze a packet capture, many issues can be analyzed easily with a basic understanding of the concepts involved.

Attendees will come away with the knowledge required to use packet captures to troubleshoot common problematic scenarios such as port forwards, 1:1 NAT, Outbound NAT, virtual IPs, CARP, routing between networks and routing across VPNs.

In order to take part in this hangout, you will need to be a pfSense GOLD subscriber. If you don’t have a Gold subscription, get it now!  The link to the hangout will be in your account as soon as it’s available.

2.1.3 RELEASE Now Available

pfSense release 2.1.3 follows very shortly after pfSense release 2.1.2. pfSense 2.1.3 is primarily a security release.

Security Fixes

Although these security issues warrant upgrading in your next maintenance window, they aren’t applicable to our default configuration and won’t impact the average user. According to the FreeBSD SA, the TCP flaw is mitigated by scrub in pf, which is enabled by default in pfSense. The OpenSSL flaw is not used by any daemons in the pfSense base system and only certain packages make use of the affected feature, so the impact there is also minimal.

Packages also have their own independent fixes and need updating. During the firmware update process the packages will be properly reinstalled. If this fails for any reason, uninstall and then reinstall packages to ensure that the latest version of the binaries is in use.

Read the rest of this entry »

April Hangout – Introduction to Multi-WAN

Our April 2014 hang out is this afternoon at 13:00 US Central time. This month, co-founder Chris Buechler will cover “Introduction to Multi-WAN”. The community voted for this topic, so we’re going to deliver! Gold subscribers can find the link after logging into the members area, as usual. The recording and slides will be available for subscribers within a couple hours of the meeting’s completion. If you don’t have a Gold subscription, get it now!

Subscribers can find the link to the meeting after logging into the members area.

2.1.2 Release Now available

pfSense release 2.1.2 follows less than a week after pfSense release 2.1.1.  pfSense 2.1.2 is primarily a security release.

Security Fixes

The Heartbleed OpenSSL bug and another OpenSSL bug which enables a side-channel attack are both covered by the following security announcements:

Packages also have their own independent fixes and need updating. During the firmware update process the packages will be properly reinstalled.   If this fails for any reason, uninstall and then reinstall packages to ensure that the latest version of the binaries is in use.
Read the rest of this entry »

2.1.1-RELEASE now available

I’m happy to announce the release of pfSense 2.1.1.

The largest change is to close the following security issues / CVEs:

  • FreeBSD-SA-14:01.bsnmpd / CVE-2014-1452
  • FreeBSD-SA-14:02.ntpd / CVE-2013-5211
  • FreeBSD-SA-14:03.openssl / CVE-2013-4353, CVE-2013-6449, CVE-2013-6450

Other than these, the em/igb/ixgb/ixgbe drivers have been upgraded to add support for i210 and i354 NICs.   Some Intel 10Gb Ethernet NICs will also see improved performance.

The release is making its way to the mirrors now. The complete list of significant changes can also be found here including more details on the above.