Main conrainer

2.1.4 RELEASE Now Available

2.1.4 follows very shortly after 2.1.3 and is primarily a security release. Refer to the 2.1.1 release notes, 2.1.2 release notes, and 2.1.3 release notes for other recent changes.

Security Fixes

Packages also had their own independent fixes and need updating. During the firmware update process the packages will be reinstalled properly. Otherwise, uninstall and then reinstall packages to ensure that the latest version of the binaries is in use.
Read the rest of this entry »

June 2014 Hang Out – Firewalls and Virtualization

Our June 2014 hang out is Friday, June 27 at 13:00 US Central time. This month’s topic is firewalls and virtualization. This is an exclusive benefit for our Gold subscribers. Subscribers will find the meeting link after logging in to the members section. If you’re not yet a subscriber, sign up now and you’ll get immediate access. If you can’t make the live event, the video and audio recording and slides are available for members to download within a few hours of the session’s completion.

As companies and individuals have virtualized their server infrastructures, they have also looked to virtualize their firewalls. This brings many questions to mind. Is it a good idea? Is it secure? How does it work? What are my options for configuration? Can I get adequate performance?

pfSense Co-founder Chris Buechler will answer all these questions and more during June’s hang out.

Attendees will come away with the knowledge of where virtualized firewalls may be a good fit, where they’re probably a bad idea, the potential security implications, knowledge of the various network configuration options available in hypervisors, options for handling high availability, and more. Both desktop-class and server-class products will be covered, including bhyve, Hyper-V, KVM, Parallels, VirtualBox, VMware (Workstation, Player, Fusion and ESX/ESXi), and Xen.

Usage areas covered will include production systems, test and development environments, and fun but ugly hacks that can work temporarily if you’re in a bind.

Here is a preview of the hangout:

New Hardware!


At NEW-HQ (Netgate / ESF World HQ), we are makers of both hardware and software. We also sell hardware.

Someone has to assemble and test the hardware we sell, and that involves powering up each system in order to test it.

In order to make the process smoother/faster, we’re building a little controllable power-board. You can think of this as a serial-controlled power strip, but its a wee bit more sophisticated than that. The hint about it’s future uses is in the mis-match between the fuses mounted in the laser-cut acrylic and the number of pads for the solid-state switches.

The micro-controller used here is an Atmel ATMEGA328P, the same as your garden-variety arduino. While we’ve been working on porting pfSense to smaller systems such as the Ubiquiti Edge Router Lite, I doubt we will ever make pfSense run on anything as small as the atmega328.



This is really Jeremy’s project, I’m just reporting on it. More when it’s finished. Enjoy the photos.

Announcing pfSense University

After months of preparation and high customer demand for official pfSense training, Electric Sheep Fencing, the company behind the pfSense project, is very excited to announce our new training initiative, pfSense University

Our first class, “pfSense Fundamentals and Practical Application” is a two-day event which will cover common usage scenarios, deployment considerations, step by step configuration guidance, and best practices. This course will also enhance your skills and abilities to install, configure and support pfSense in your environment. We have scheduled two sessions of this class – one in August and one in September.

To get more information about this class and to sign up, please see pfSense University!

Introductory price is $1999.00 per class, but use promotional code BBC425FF on the sign-up page for an instant $500 discount!

In addition to official pfSense training, attendees will receive a one-year subscription to pfSense Gold, a pfSense T-shirt, and an entry into a raffle to win a VK-T40E2.

Breakfast and a lunch buffet are provided both days.

Register quickly! Each class is limited to 20 participants!

Please send any questions to

Service Offerings and Community Outreach

In the last couple of months, I have been working on expanding the role of our engineers and support organization at ESF from focusing solely on pfSense to becoming a “full-service provider” that can address and solve problems in conjunction with, but outside the immediate scope of pfSense.  Our team has decades of engineering experience that can be leveraged to provide a much broader scope of services and support than we have provided in the past.

Two months ago, we launched our professional services offerings to the public, with no advertising and only responding to unsolicited inquiries from existing customers. The results have been overwhelming! So I wanted to take this time to officially announce our professional services and see how you might leverage our experience to your advantage.

To read more about our professional services offerings, please read our professional services page.

Finally, our organization is growing in a number of ways. Primarily in the number of customers we support on a daily basis.  Brand recognition and community interaction are certainly looking up! Much of what we do and the business decisions we make is based in part on feedback from the community. I wanted to provide this opportunity to provide your feedback so that we may better serve you. Suggestions can be sent to  While we may not respond to all, I assure every e-mail is read.

pfSense at Hack@UCF

Back in March, we donated a pfSense Gold subscription and a Dell R200 to Hack@UCF, a computer security club at the University of Central Florida.

We’ve received word that UCF’s Collegiate Cyber Defense Competition Team won the Raytheon National Collegiate Cyber Defense Competition a few weeks ago.

Though the team is not allowed to say much about what happens at CCDC due to various competition-related stipulations, one of the team members has blogged about Hack@UCF’s and the CCDC team’s usage of pfSense, which primarily covers pfSense in active use as a perimeter firewall and VPN solution.

The local news did a segment on the team.

Congratulations to Knightsec!

Announcing the May 2014 pfSense Hangout!

When: Friday, May 23, 2014 @ 1300hrs (1:00pm) central US time.

This month’s topic is an introduction to the packet capture functionality in pfSense, and fundamentals of packet analysis, allowing you to interpret its output.

Packet analysis is the best and fastest approach to troubleshooting a wide range of network, routing and firewall-related issues. But many people are overwhelmed by the output and aren’t sure how to use or interpret it.

While some circumstances require extensive knowledge of the protocols in use to successfully analyze a packet capture, many issues can be analyzed easily with a basic understanding of the concepts involved.

Attendees will come away with the knowledge required to use packet captures to troubleshoot common problematic scenarios such as port forwards, 1:1 NAT, Outbound NAT, virtual IPs, CARP, routing between networks and routing across VPNs.

In order to take part in this hangout, you will need to be a pfSense GOLD subscriber. If you don’t have a Gold subscription, get it now!  The link to the hangout will be in your account as soon as it’s available.

Here is a preview of the hangout:

2.1.3 RELEASE Now Available

pfSense release 2.1.3 follows very shortly after pfSense release 2.1.2. pfSense 2.1.3 is primarily a security release.

Security Fixes

Although these security issues warrant upgrading in your next maintenance window, they aren’t applicable to our default configuration and won’t impact the average user. According to the FreeBSD SA, the TCP flaw is mitigated by scrub in pf, which is enabled by default in pfSense. The OpenSSL flaw is not used by any daemons in the pfSense base system and only certain packages make use of the affected feature, so the impact there is also minimal.

Packages also have their own independent fixes and need updating. During the firmware update process the packages will be properly reinstalled. If this fails for any reason, uninstall and then reinstall packages to ensure that the latest version of the binaries is in use.

Read the rest of this entry »

April Hangout – Introduction to Multi-WAN

Our April 2014 hang out is this afternoon at 13:00 US Central time. This month, co-founder Chris Buechler will cover “Introduction to Multi-WAN”. The community voted for this topic, so we’re going to deliver! Gold subscribers can find the link after logging into the members area, as usual. The recording and slides will be available for subscribers within a couple hours of the meeting’s completion. If you don’t have a Gold subscription, get it now!

Subscribers can find the link to the meeting after logging into the members area.

Here is a preview of the hangout: