pfSense Plus Logo White

The world’s leading open-source driven firewall, router, and VPN solution for network edge and cloud secure networking.

Over seven million installs protecting consumers, businesses, governments and educational institutions.

Get to Know pfSense Plus

pfSense® Plus software is the world’s most trusted firewall. Now on its 46th release, the software has garnered the respect and adoration of users worldwide - installed well over three million times. Made possible by open source technology. Made a robust, reliable, dependable product by Netgate.

Core Technology

pfSense Plus software consists of a number of open source projects, Internet standards and protocols, independently maintained software modules and Netgate value-add software.

Netgate’s productization and ongoing release progression converts the above into a turnkey software product, complete with Netgate-assured testing, comprehensive documentation, release packaging, distribution and customer support.

From a pure technology perspective, we know customers like to ‘peek under the hood’ to understand what they are buying.

A simple software stack diagram - complemented by a list of some of the more prominent software elements - most of which are user-insertable packages - describes the vast majority of pfSense Plus software from a software-plane taxonomy point of view.

pfSense-Plus-Software-Stack-Deployment iStock-508311852 1 coworks-at-desk

pfSense Plus Technology

Control Plane


A free implementation of the RADIUS protocol, used for Authentication, Authorization, and Accounting (AAA).


A GUI for the FRR routing daemon which supports BGP, OSPF, and OSPF6.

FTP Client Proxy

A basic FTP client proxy using ftp-proxy from FreeBSD.


A reliable, high performance TCP/HTTP(S) load balancer that implements the TCP, HTTP and HTTPS balancing features from haproxy and supports ACLs for smart backend switching. Requires SSD/HDD.


Creates IPsec configuration profiles for Apple devices (iOS and OS X) and IPsec import script bundles for Windows devices.

OpenVPN Client Export

Generates pre-configured OpenVPN configuration files for clients, Windows Client installers with configurations bundled, and Mac OS X Viscosity configuration bundles, among others.


Utility for controlling connections through the firewall based on more general criteria than firewall rules, e.g. by country, by domain name, etc. Manages IPv4/v6 List Sources into ‘Deny, Permit or Match’ formats. GeoIP database by MaxMind Inc. (GeoLite2 Free version).


An open source network intrusion detection and prevention system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection. SSD/HDD is strongly recommended.


A multiplatform IPsec implementation that uses X.509 public key certificates and optional secure storage of private keys and certificates for strong authentication.


A high performance network IDS/IPS and security monitoring engine by OISF. SSD/HDD strongly recommended.

Data Plane


A computer operating system with advanced networking, security, and storage features

Management Plane


The NET-SNMP implementation of SNMP. More extensible than the built-in SNMP daemon (bsnmpd), and supports SNMPv3 authentication and TLS encryption.


A utility for network exploration and security auditing useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.


A network traffic probe that monitors network usage and provides a web user interface for the exploration of realtime and historical traffic information. Requires SSD/HDD.

Network UPS Tools (NUT)

Provides support for monitoring of Uninterruptible Power Supplies. It supports UPS units attached locally via USB or serial, and remote units via the SNMP protocol, the APCUPSD protocol or the NUT protocol.

RRD Summary

Gives a total amount of traffic passed In/Out during this and the previous month. Set to be replaced by the Traffic totals package.


An agent written in Go for collecting, processing, aggregating, and writing metrics.


Zabbix Monitoring agent. The agent gathers operational information locally and reports data to Zabbix server for further processing. The agent can also generate alerts in case of failures. Available in multiple versions.

Netgate Value Add

Our roots are open source. We firmly believe in it. We have based our entire company upon it. But it’s deeper than that for us. We are also heavy, and long-term, open source software contributors. We always will be. And, of course, beyond our open source contributions, we deliver business assurance value for our customers, who depend on Netgate every day to keep their networks securely connected to the digital world.

close up image of hand typing on keyboard

Contribution to Open Source Software

There are many ways to help build a better world for all by thoughtfully participating in the open source software ecosystem. We are proud of our long heritage of giving back open source via the following ongoing contributions:

  • Significant financial sponsorship

  • Engineering and test resources

  • Upstreamed code to numerous open-source projects including Clixon, DPDK,, FreeBSD, Free Range Routing (FRR), Linux, pfSense, and strongSwan

  • Full-time employment or contractual relationships with numerous developers holding roles in FreeBSD, pfSense, Clixon, and VPP/ projects - whose contributions and responsibilities include development, administration, maintenance, release engineering, etc.

By the numbers


Open source pfSense software releases


pfSense software code submits


Company employees with code commits to pfSense software

2 million+

pfSense software downloads

Customer Value Add

As powerful and capable as open source software is, it alone is not the answer for organizations whose depend upon secure networking connectivity for their livelihood. This is where Netgate’s productization of open source technology delivers extraordinary value with unbeatable economics.

  • Value-added software features not available in open source contributions

  • Fully-tested software releases - for turnkey appliances, public cloud instances, and commercial virtual machine use

  • Securely distributed for customer efficiency and confidence

  • 24x7 direct support options from seasoned network engineers who know the software like the back of their hand

  • Comprehensive documentation to support needs ranging from first-time deployments to advanced use-cases

These value-add capabilities enable Netgate to provide the best possible secure networking experience for each and every customer - 24x7.

Portrait of a Curios, Positive and Smiling IT Engineer Standing in the Middle of a Large Data Center Server Room.