Het is in 2004 begonnen als een afsplitsing van m0n0wall vanwege verschillende visies bij de ontwikkelaars en in de loop van de jaren uitgegroeid tot een router- en firewallpakket dat in zowel kleine als zeer grote omgevingen kan worden ingezet. Voor meer informatie verwijzen we naar deze pagina. De belangrijkste verbeteringen die in deze uitgave zijn aangebracht, zijn hieronder voor je op een rijtje gezet:
Major Changes and Features
Significant changes in this release include an improved update process using ZFS snapshots, the ability to export packet flow data, an enhanced gateway recovery process, and changes to the default state policy for increased security. The release also addresses several bugs and other issues.
- Introducing Default Password Control: In response to mandates from various regulatory bodies both in the US and Internationally, pfSense Plus 24.03 now implements stringent measures regarding default passwords. Any attempt to use default passwords will be met with a mandatory reset requirement, applicable across both the User Interface (UI) and Command Line Interface (CLI). As part of our commitment to best practices, we strongly advise all pfSense users to proactively adopt this change. By doing so, you bolster the security posture of your system and align with evolving compliance standards, ensuring a safer and more resilient network environment.
- Enhanced Update Process using ZFS snapshots: This latest release introduces significant improvements to the software update mechanism, leveraging the capabilities of the ZFS file system to bolster stability and minimize downtime throughout the update process. These enhancements not only fortify the reliability of pfSense Plus but also furnish administrators with potent tools, particularly beneficial for those utilizing system snapshots to establish diverse pfSense Plus environments for testing purposes. This empowers administrators with the flexibility to quickly revert to a predetermined environment should the need arise, enhancing the overall manageability and resilience of the system. Learn More
- Packet Data Flow Export: A notable addition to this release is the capability to export packet flow data to external collectors via the NetFlow v5 or IPFIX protocol. This feature enables administrators to extract valuable insights from network traffic, which is essential for effective network management. By analyzing flow data, administrators can address various challenges such as optimizing application response times, implementing usage-based accounting, profiling traffic patterns, fine-tuning traffic engineering strategies, detecting potential security threats or intrusions, monitoring Quality of Service (QoS) metrics, and much more. This enhancement equips administrators with powerful tools to enhance network visibility and make informed decisions regarding network performance and security. Learn More
- Gateway Recovery: Another change is an enhanced gateway recovery process with options to reset connections made through a backup gateway while the primary gateway is offline. This feature will allow connection fail-back to a primary gateway after downtime, which can be especially useful for metered links. Learn More
- State Policy Default Change: For increased security, the default State Policy in pfSense Plus 24.03 software and later releases is changing from Floating states to Interface-bound states. Learn More
- Upgrade VPN capabilities: We’re excited to announce two major upgrades: Mobile Group Pools and performance enhancements. With the introduction of “Mobile Group Pools,” users can access a dedicated tab to configure additional address pools and, if necessary, a DNS server, which may be especially beneficial for larger organizations. This feature allows organizations employing group authentication to define extra address pools for specific user categories, enhancing flexibility to meet diverse requirements
- Additionally, we’re focused on reducing processing overhead and enhancing performance by updating the IPsec-MB kernel module (iimb.ko) to Intel’s latest upstream version 1.5. This update includes optimizations for CPUs supporting AVX512 and AVX2, ensuring smoother operations and improved efficiency. These advancements aim to elevate user experience while maintaining high-performance standards. Learn More
- Updated IPsec-MB kernel module: We focused on reducing processing overhead and enhancing performance by updating the IPsec-MB kernel module (iimb.ko) to Intel’s latest upstream version 1.5. This update includes optimizations for CPUs supporting AVX512 and AVX2, ensuring smooth operations and improved efficiency. These advancements aim to elevate user experience while maintaining high-performance standards.
- High Availability on AWS: We’re excited to announce the release of High Availability (HA) for pfSense Plus software on AWS. This release builds upon the standard HA features customers have leveraged in data centers, branches, and remote offices worldwide, with additional AWS-specific features that enable fast failover and maintaining connectivity to critical cloud workloads and services. This feature was added to meet the mission-critical needs of enterprise and government customers requiring uninterrupted services in their AWS deployments. With HA on AWS, customers can meet uptime requirements and internal SLAs while safeguarding mission-critical operations within AWS.
