-01.png?width=926&height=181&name=Netgate%20Logo%20PMS%20(horizontal)-01.png "Netgate Main Logo")
%201.png?width=302&name=Netgate%20Logo%20PMS%20(horizontal)%201.png "NetgateColorLogoRegisteredRGB.png")
pfSense® Plus software, the world’s leading firewall, router, and VPN solution, provides secure network edge and cloud networking solutions for millions of deployments worldwide.
Netgate is excited to announce the release of pfSense® Plus software version 25.07. This new version includes several major features that our customers have requested, and many other enhancements and bug fixes. All pfSense Plus customers are encouraged to upgrade to this new version.
New Features and Improvements
Netgate Nexus
Netgate Nexus is the Multi-Instance Management solution for pfSense Plus, and comes production-ready in 25.07. All API endpoints have been implemented, and the GUI is now fully functional. In addition to the powerful GUI, an API toolkit has also been provided on GitHub. Netgate Nexus is now capable of controlling the pfSense Plus instance that is designated as the Controller. Licenses and entitlements for additional managed instances will be available for purchase separately. Additional information will be provided at the product launch for Netgate Nexus soon.
Auto Config Backup
Auto Config Backup is a free service that encrypts your configuration each time you make a change, and uploads those configurations to Netgate’s cloud storage servers. Because these configuration files are encrypted, this provides the user a secure and convenient method of restoring known good configurations. Much of Auto Config Backup has been re-written to make it more efficient, and now includes the ability for users to enhance security by altering their Device Keys. In addition to this, the GUI has also been redesigned for greater efficiency.
New PPPoE Driver
A new PPPoE backend (if_pppoe) has been introduced into this version of pfSense Plus. This new backend may be enabled in the System > Advanced > Networking menu, and enables a large performance increase over the traditional MPD-based implementation. In addition to the performance increases, users should see a dramatic decrease in CPU usage. This new PPPoE backend will become the default in future versions of pfSense Plus. Users who have multi-gigabit PPPoE WAN links are encouraged to enable this new feature and enjoy much faster WAN speeds.
Custom Login Screen Messages
Users may now configure custom text messages that will appear as a banner on the pfSense Plus GUI login screen. This feature has been added in order to comply with corporate and government security guidelines (STIGs).
Kea DHCPv6 Prefix Delegation
This version of pfSense Plus includes a feature complete version of Kea, the successor to ISC’s deprecated DHCP. Prefix delegation allows automatically dividing and allocating a block of IPv6 addresses to networks that will live behind other routers and firewalls which reside downstream from this firewall (e.g. in the LAN, DMZ, etc). Prefix Delegation settings in Kea use a different format than the ISC DHCPv6 daemon, so Kea cannot use existing settings for Prefix Delegation; settings for Prefix Delegation in Kea must be re-created manually when switching from ISC DHCPv6 to Kea DHCPv6. Because the traditional ISC DHCP service has been deprecated by the developer, users are encouraged to switch to Kea.
NAT64
This release contains full support for NAT64. NAT64 is a form of NAT that enables clients with only IPv6 addresses to reach remote hosts using IPv4 addresses. NAT64 accomplishes this by mapping IPv4 addresses into a special IPv6 prefix dedicated to this purpose. NAT64 on pfSense software is implemented across multiple areas, including NAT64 firewall rules, PREF64 in router advertisements, and DNS64 in the DNS Resolver Advanced options. There is a complete walkthrough for implementing NAT64 in the pfSense software documentation.
System Aliases
This release contains new Built-in System Aliases that allow user-created firewall rules to utilize aliases that were previously only usable by internal firewall rules. This feature also contains several new aliases with common collections of reserved and special-purpose networks, so that users do not need to define their own alias on each device for things like private networks or multicast networks.
Release Notes
Release Notes for pfSense Plus 25.07-RELEASE are available for review.
Installing the Upgrade
Netgate has a detailed Upgrade Guide available in the pfSense documentation to help explain the process. Below are the high-level steps to perform the upgrade.
Users currently running pfSense Plus software
Upgrades from an earlier version of pfSense Plus software are usually made through the user interface. Before any major change, such as an upgrade, it’s always recommended to save a backup of the pfSense Plus configuration. You can find Backup and Recovery instructions in the pfSense documentation.
- Navigate to System > Update
- Set Branch to “Current Stable Version (25.07)”
- Click Confirm to start the upgrade process
Users currently running pfSense Community Edition (CE) software
We encourage you to migrate from pfSense CE software to pfSense Plus software. Doing so will ensure you have access to all of the benefits of pfSense Plus software. You can find details on how to get pfSense Plus software here.
Troubleshooting the Upgrade
Please review the documentation on Troubleshooting Upgrades for the most up-to-date information on working around upgrade issues.
This pfSense Plus software release is ready for use in production environments. Should any issues arise, please post to our forum or contact Netgate Technical Assistance Center (TAC) for paid 24/7/365 support.
Supporting the Project
When you purchase Netgate hardware, TAC, or AWS/Azure cloud instances, you directly sustain the engineering teams responsible for maintaining high quality pfSense software.
You may support this work through one or more of the following:
- Purchase an official appliance directly from Netgate or from our worldwide reseller partner network. Our appliances are the fast, easy way to get up and running with a fully-optimized firewall.
- Purchase TAC support which provides you with direct access to Netgate Global Support
- Purchase Professional Services, which provides access to our most senior engineers for more complex projects outside the scope of TAC support.
- Use a genuine pfSense Plus instance from Netgate to connect and protect your cloud workloads on AWS and Azure.
Our efforts are made possible by the support of our customers and the community, and for that we express our sincere thanks. This involvement makes the pfSense project a stronger solution for everyone.