%201.png?width=302&name=Netgate%20Logo%20PMS%20(horizontal)%201.png "NetgateColorLogoRegisteredRGB.png")
With over 10 million deployments across homes, small businesses, enterprises, service providers, and governments, pfSense® is the world’s leading open-source-driven firewall, router, and VPN solution for network edge and cloud secure networking.
Netgate has released a BETA of pfSense® Plus software version 24.03. An associated Release Candidate (RC) is targeted for later in the spring.
Call for Testing
Testing this beta software release is essential. Given the diversity of users' environments and configurations, it is the most effective way to ensure that the software is robust and reliable for everyone. By downloading and testing this beta release and providing feedback on any issues, our users can play a vital role in improving the software for everyone.
Release Notes
Release Notes for pfSense Plus 24.03 software are available for review.
Significant changes in this release include an improved update process using ZFS snapshots, the ability to export packet flow data, an enhanced gateway recovery process, and changes to the default state policy for increased security. The release also addresses several bugs and other issues.
- Introducing Default Password Control: In response to mandates from various regulatory bodies in the US and Internationally, pfSense Plus24.03 now implements stringent measures regarding default passwords. Any attempt to use default passwords will be met with a mandatory reset requirement, applicable across both the User Interface (UI) and Command Line Interface (CLI). As part of our commitment to best practices, we strongly advise all pfSense users to proactively adopt this change. By doing so, you bolster the security posture of your system and align with evolving compliance standards, ensuring a safer and more resilient network environment.
- Enhanced Update Process using ZFS snapshots: This latest release introduces significant improvements to the software update mechanism, leveraging the capabilities of the ZFS file system to bolster stability and minimize downtime throughout the update process. These enhancements not only fortify the reliability of pfSense Plus but also furnish administrators with potent tools, particularly beneficial for those utilizing system snapshots to establish diverse pfSense Plus environments for testing purposes. This empowers administrators with the flexibility to revert to a predetermined environment quickly should the need arise, enhancing the overall manageability and resilience of the system.
- Packet Data Flow Export: A notable addition to this release is the capability to export packet flow data to external collectors via the NetFlow v5 or IPFIX protocol. This feature enables administrators to extract valuable insights from network traffic, which is essential for effective network management. By analyzing flow data, administrators can address various challenges such as optimizing application response times, implementing usage-based accounting, profiling traffic patterns, fine-tuning traffic engineering strategies, detecting potential security threats or intrusions, monitoring Quality of Service (QoS) metrics, and much more. This enhancement equips administrators with powerful tools to enhance network visibility and make informed decisions regarding network performance and security.
- Gateway Recovery: Another change is an enhanced gateway recovery process, with options to reset connections made through a backup gateway while the primary gateway is offline. This feature will allow connection fail-back to a primary gateway after downtime, which can be especially useful for metered links.
- State Policy Default Change: For increased security, the default State Policy in pfSense Plus 24.03 software and later releases is changing from Floating states to Interface-bound states.
- Upgrade VPN capabilities: We're excited to announce two major upgrades: Mobile Group Pools and performance enhancements. With the introduction of "Mobile Group Pools," users can access a dedicated tab to configure additional address pools and, if necessary, a DNS server, which is especially beneficial for larger organizations. This feature enables organizations to utilize group authentication to define extra address pools for specific user groups, providing greater flexibility to meet diverse group requirements.
Additionally, we're focused on reducing processing overhead and enhancing performance by updating the IPsec-MB kernel module (iimb.ko) to Intel's latest upstream version 1.5. This update includes optimizations for CPUs supporting AVX512 and AVX2, ensuring smoother operations and improved efficiency. These advancements aim to elevate user experience while maintaining high-performance standards
Installing the Upgrade
Netgate has a detailed Upgrade Guide available in the pfSense documentation to help explain the process. Below are the high-level steps to perform the upgrade.
Users currently running pfSense Plus software
Upgrades from an earlier version of pfSense Plus software are usually made through the user interface. Before any major change, such as an upgrade, it’s always recommended to save a backup of the pfSense Plus configuration. You can find Backup and Recovery instructions in the pfSense documentation.
- Navigate to System > Update
- Set Branch to “Next Stable Version (24.03-BETA)”
- Click Confirm to start the upgrade process
Users currently running pfSense Community Edition (CE) software
We encourage you to migrate from pfSense CE software to pfSense Plus software. Doing so will ensure you have access to all of the benefits of pfSense Plus software. You can find details on how to get pfSense Plus software here.
Troubleshooting the Upgrade
To mitigate the risk of disrupting your production environment, Netgate recommends testing the BETA version in a lab, on a scratch system, or in a Virtual Machine, rather than on production systems. Please review the documentation on Troubleshooting Upgrades for the most up-to-date information on working around upgrade issues.
Where to report issues
We encourage you to test the things that are important or unique to your deployments. Please report any errors or concerns in the Plus 24.03 Development Snapshots category of the Netgate Forum. Depending on the issue, we may ask for more details or for you to open a bug on redmine.pfsense.org.
Summary
We want to express sincere thanks to all users willing to test this BETA release. Your community involvement is essential to making Netgate's pfSense Plus product a stronger solution for everyone.
A more detailed roundup of the update will be included with its full launch.