Comparing pfSense Plus & pfSense CE: Cost and Key Differences Explained

Поделиться
HTML-код
  • Опубликовано: 5 ноя 2024

Комментарии • 90

  • @HomeBudgetComputing
    @HomeBudgetComputing Год назад +16

    I've been running CE for a few years now (since 2.4) at home on a refurbished HPE DL360G7, and it has worked phenomenally for me. I have also installed and set up pfSense for a customer (~150 employees). They needed something that would handle 3 internal subnets (2 physical networks), dual WAN failover, several VPN clients, and a VPN tunnel to a satellite office (which also has pfSense, but since I used a NG1100 it has +). The previous SonicWall was costing them too much money for licensing and underperforming. I used an old pair of Dell workstations with add-in NICs. The second one is a cold-swap spare that gets updated as needed and the config saved from the main one just goes into the second with no issues. Changeover takes about a minute in case it's needed.
    They are over the moon happy with the performance of the product and the level of training I was able to give them on how to maintain it and set up VPN users.
    I learned all of this from your videos and a little of Network Chuck. Thanks Tom!

    • @sean7949
      @sean7949 Год назад

      That is awesome.

    • @samuelowusu-boadi2021
      @samuelowusu-boadi2021 10 месяцев назад

      Is there a way I can get in touch with you, I need similar solution, can you point to a tutorial for the dual wan for the main site and the VPN cases

  • @bigchew3149
    @bigchew3149 Год назад +11

    I Have Ben Running PfSense for 6-8 Years Now Thanks to You & All Your Videos ! Home Use & I Have Always Ran PfSense CE & I Really Dont Have any Desire to ever change..The Ce Has Ben Great For What I Do It Runs Perfect on my Old Dell R210II Quad core & a 120gb ssd I Also Have Several Home Servers Running As Well TrueNas & UnRadid ! Just Wanted To Say Thanks !

  • @WereCatf
    @WereCatf Год назад +14

    I am running CE simply because I don't have any use for the Plus-only features. If you don't have any need for those, then it's just simply easier to stick to CE, since you need to install it anyways first if you wanna go with Plus, so I am simply skipping that latter step. For me, it's not any sort of an ideological choice or anything like that, just simple laziness.

    • @skorpion1298
      @skorpion1298 Год назад +1

      For me it is + because of updates and security fixes. It’s a firewall so it should be secure. CE is being updated every few months while + gets updates more often. + is free of charge if you use it privately.

    • @BrianCroweAcolyte
      @BrianCroweAcolyte Год назад +3

      @@skorpion1298 If you're not running third party software on your box, there almost isn't a security concern. It's a network appliance, not a desktop PC.

    • @mt_kegan512
      @mt_kegan512 Год назад

      Spot on man!

  • @Shadow_Banned_Conservative
    @Shadow_Banned_Conservative Год назад +1

    Thanks for the explanation Tom, I really enjoy your videos. In fact, you're the one who introduced me to pFSense a few years ago. I started off on HP thin clients (T-620 & T-630) with a 4 port NIC card, and moved up to a Lenovo M720q 1L PC, with an I3-8300T. Those have a nice feature of a PCI expansion slot so you can upgrade them with a low power video card, or external NIC in this case. It's been running great, using little power, and been reliable for over a year now. It's even smaller than the HP thin clients I used before them.
    I've still got a lot to learn about networking, firewalls, rules, etc but your videos give the new network user a great starting point.

  • @michaeljaques77
    @michaeljaques77 Год назад +5

    I updated from CE to Plus about 6 months ago. I've gotta do the .1 update that just came out recently one of these nights when I can schedule some downtime that doesn't impact users (ie: family) on my network. Biggest reason to switch to Plus is boot environments. Really that's the only feature for me that makes the upgrade enticing.

  • @michaelflynn7055
    @michaelflynn7055 Год назад +1

    Newbie user here, thanks for your videos, they've been quite insightful. I'm sticking with CE, I don't see need for the small set of extra features.

  • @JordanEE
    @JordanEE Год назад +1

    I have a mix of both, pfSense CE on the home front since I like testing new configurations out and don't wanna just "waste" ( I know its free but I still don't like requesting licenses all the time just a personal thing) the + keys, and pfSense+ on the businesses I support. Great Product, was dealing with Fortinet and their issues before stumbling upon your videos, very glad I did!

  • @leeposey7825
    @leeposey7825 Год назад

    had been running ce but watched your video i upgraded to pluse thank you for your great videos and info.

  • @stand355
    @stand355 Год назад +2

    Through no fault of Tom, this video aged like milk.

  • @angelgonzalez2379
    @angelgonzalez2379 Год назад +1

    Thanks for helping clarify this Tom.

  • @robertmorrison8195
    @robertmorrison8195 Год назад

    I am running pfSense plus on a dedicated PC with two NIC’s. I chose the subscription that includes the TAC Lite.

  • @UK-Expat-in-USA
    @UK-Expat-in-USA Год назад

    I did not know that I could get pfSense Plus for free until I saw you mention it in one of your video's, then I upgraded, keep up the good work I enjoy your videos.

  • @ianaway
    @ianaway Год назад +1

    I use the plus version everywhere in my home / lab project and test ! Since it’s free why not using it ?

  • @ashuggtube
    @ashuggtube Год назад +3

    The only reason to run pfSense CE that I can determine is the counter-intuitive situation where you have non-Netgate hardware and you want to run pfSense on it for free in a commercial setting - a risky proposal

    • @BrianCroweAcolyte
      @BrianCroweAcolyte Год назад +4

      I'd say it's the other way around. The only reason to run pfsense plus is if you actually need the features and support. I'm not going to make an account and beg for a license to anything if I can help it. And pfsense plus is closed source which I personally don't have a problem with but for many people that's a big minus right there.

    • @michaeljaques77
      @michaeljaques77 Год назад +1

      @@BrianCroweAcolyte Um, it's not closed source. A few Plus features are I believe (someone correct me if I am wrong), but the main vast majority are the same codebase as CE which means everything BSD HAS TO BE opensource. As for a license, Asking support for a license was as simple as can be. They send you a key, input, then you get access to the Plus upgrade. Upgrade as you normally would. It's as painless as any pfSense upgrade can be *cringe* I had an update go craptastic with some package hiccups after that were not solvable without a fresh reload, but after that it went smooth.
      Now I just uninstall almost all packages before updates just to be certain. I'd rather be extra cautious and take 5 minutes to do that then have to reload from scratch. But package hiccups can and do happen even from one CE release to the next, so that's not a CE to Plus problem.

    • @BrianCroweAcolyte
      @BrianCroweAcolyte Год назад

      @@michaeljaques77 Opensource is like something being halal or kosher, it either is or it isn't lol.
      But yeah I'm more than content with CE for home use, there's really no reason to use plus outside of a commercial or industrial environment. I think they're just laying the groundwork to monetize the "freeloaders" at some point in the future.

    • @Mr.Leeroy
      @Mr.Leeroy Год назад

      the only reason Plus exists is because "pfSense Co" was acquired by Netgate, which is obsessed with subscription model sales like any IT corp and legal side demanded them covering their asses.

  • @UnixDaemonKiller
    @UnixDaemonKiller Год назад +1

    I like the layer 2 filter in plus. Is that in CE yet?

  • @Adam-g8s8q
    @Adam-g8s8q 8 месяцев назад

    Quick question Tom or anyone else that may know the answer. I've tried to find a definitive answer to this but each article I read contradicts the other. Is it allowed to use pfsense CE for business usage. By business usage, I have a couple of scenarios. 1) Lab environment for staff training purposes. 2) In our own production environment. I must stress that we would NOT install it on an appliance and sell that appliance! Many thanks.

  • @udirt
    @udirt Год назад

    I'd not say that they were 'very on top' of security 'in the past' (using pfSense since like 20 years now). There was more than enough cases where updates came late or it never went to the security announcement list (especially not until they started noticing the issue) when that list was still the 'official' source.

  • @shaawin
    @shaawin Год назад +1

    You missed IPsec-MB and Layer 2 filtering released in 23.05

  • @Baku-oc5fc
    @Baku-oc5fc Год назад

    Tom, this morning I read on reddit that pfsense-plus is no longer free for home/lab use. Do you have any insight into this? Thanks.

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  Год назад

      I am going to have to make a new video once I have some details.

  • @Neavris
    @Neavris Год назад

    pfSense CE was only for x86 and amd64, pfSense Plus works on many of their devices on ARM. Can you expand on how whether you can install pfSense plus with free support on other, non-netgate, ARM devices? ie: RaspPi comes to mind but other mini-ARM pc if not. Thanks

  • @mathesonstep
    @mathesonstep Год назад +1

    What if it is a small business, I assume it is against the licence terms to run pfSense Plus?

    • @samsampier7147
      @samsampier7147 Год назад

      Pfsense Plus Tac Lite is currently free. But will eventually be $129 a year.

  • @JohnPMiller
    @JohnPMiller Год назад

    pfSense reminds me of Red Hat Linux, Red Hat Enterprise Linux, Fedora, CentOS, Rocky Linux. Things seem good now, but I worry about the future. 20+ years ago, I used Red Hat (not Enterprise) Linux, and today I regretfully use Ubuntu.
    That said, I really like pfSense, and today I run CE at home, as I don't need any of the Plus features.

  • @Carlesgl81
    @Carlesgl81 Год назад

    I have used only plus as i bought a sg1100 for home use. If you want to use pfblocker, i would recommend anyone to get CE and use something with an appliance with more ram than netgate devices for home use with more than 4 GB of RAM. It will cheaper than the $799 that costs the 6100, the first netgate device that has 8 Gb of memory.

  • @ofbarea
    @ofbarea Год назад +1

    Running pfSense CE 2.7 + system patches package

  • @georgelza
    @georgelza Год назад

    Tom, do you have a video that takes a home user from 2.7 through to pfSense Plus 23.x ?

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  Год назад

      You just apply the licence and reboot

    • @georgelza
      @georgelza Год назад

      @@LAWRENCESYSTEMS not to worry, found docs, got it all done :)

  • @jitenderkumar32
    @jitenderkumar32 Год назад

    Hi, Great Info provided ❤, i have question regarding my home network that I'm planning to restructuring
    1: i have 3 bedroom and my first bedroom have ( ISP Fiber Line terminated).
    2: i have done bridge connection between ISP router and my Asus router and im using asus router for everything ( Routing, DHCP etc. )
    3: i have 3 Flex Mini and one Switch Lite 8 PoE
    4: i have 2 Asus routers
    My question is im planning to connect Switch Lite 8 PoE to my First asus router that connect with ISP router in ( Bridge Mode) then connect all three flex minis to Switch Lite 8 PoE to provide Internet and PoE and then in 2 bedroom im planning to connect my second asus router in flex mini
    So this is right approache ? Is there and downsides ?
    Thanks.

    • @mt_kegan512
      @mt_kegan512 Год назад

      I'm not Tom of course, but make sure to put your 2nd router (the one not connected to the ISP modem) in WAP (wireless access point) mode. You only need 1 router/DHCP server. Otherwise the setup would technically work. You have that many devices requiring Ethernet? I have a damn server rack and camera system in my house and only need about 24 ports
      Moving on... I recommend though that you use pfSense as your firewall/router instead of the ASUS. I mean, you're in this thread already. Take the plunge and have fun learning a really great appliance that will set you on a fun path of home networking.

    • @mt_kegan512
      @mt_kegan512 Год назад

      Oh, and check if the flex mini's are PoE. That won't get passed thru via daisy chaining switches

  • @kjakobsen
    @kjakobsen Год назад

    I'm using pfSense in school, and Fortigate at work. In school we already use CE, so no change there.

  • @tzviasegal3003
    @tzviasegal3003 Год назад +3

    Netgate reserves the right to change the license in the future, and I remember reading that they have a back door as well and you are agreeing to that too. Not for me. And I am willing to bet that your backup of + won't apply to CE and when they decide to charge... you will be stuck... CE for me. BTW I did a fresh install of 2.7 on my Qotom i5 box (swapped out the 2.6 disk as quick back-out if needed) and haven't run into any problems other than having to import settings twice for it to actually install everything. Everything working so far; OpenVPN, Snort, PFBlocker, limiters...double checking everything this week while on vacation. No emergency patch needed for some glitchy bit... at least not yet.

    • @jimthompson971
      @jimthompson971 Год назад

      there is no back door. don't believe everything you read on the internet.

    • @tzviasegal3003
      @tzviasegal3003 Год назад

      @@jimthompson971 Section 7.2 of the evaluation agreement- to provide full and free access to the product, including remote access for testing ... how would they do that unless they could get in...

    • @tzviasegal3003
      @tzviasegal3003 Год назад

      Well... I was 2 out of 3 correct above (I hope). Yes you agreed to a backdoor based on their wording in the agreement that I had mentioned in a reply here, and "Netgate reserves the right to change the license in the future". My other comment above about your + backup applying to a CE 2.7 I hope is wrong, and that all those who may have had a few too many koolaid and thought PFS+ would remain free, can at least back out to CE without losing too much time and sweat. While I am looking about at my options (yes I tried OPNSense before) but I've got like 8 years worth of tweaking and setup into my PFS and it does all that I need. When Netgate kills it with inattention I will be forced to look elsewhere. I've got that old AM1 pc around here somewhere and a 4 nic server pull.... time to plug it in and start experimenting with OPN....

  • @rd-vm2fl
    @rd-vm2fl Год назад

    wish I could run either....but the machine I have (n100 mini pc) has dual 2.5gb intel nics...no workey. OpnSense worked fine though.

  • @alfabètagamma-k7p
    @alfabètagamma-k7p Год назад

    Always had the idea, a dirty shutdown on a CE version will corrupt something, on the Netgate devices not yet this experience. Therefore I only place Netgate devices at customers....

  • @Silu848
    @Silu848 Год назад

    can I use pfSense for enterprise environments with 50+ sites all around the world, or is it more for smb companies?

    • @rpsmith
      @rpsmith Год назад +2

      I would think not having a way to centrally manage 50+ firewalls would be a show stopper for me!

    • @LampJustin
      @LampJustin Год назад

      ​@@rpsmith Opnsense does have that, if that's a main concern of yours

  • @tockar
    @tockar Год назад +2

    pfSense CE: Open Source
    pfSense Plus: not Open Source

  • @mohammedimran
    @mohammedimran 5 месяцев назад

    PFsense+ is not longer abvliable for Home or Lab use ????

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  5 месяцев назад +1

      The free version of pFsense+ is gone

  • @alozborne
    @alozborne Год назад

    I'm not that familiar with PFSense as I use OpnSense instead. Perhaps an idea for a future video would be a comparison between the two?

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  Год назад +2

      Already have a video on that ruclips.net/video/y8R5-xNeHY8/видео.html

  • @FredsTech1
    @FredsTech1 Год назад

    Thumbs up!

  • @RelentlessCuriousity
    @RelentlessCuriousity Год назад +6

    Would be nice to have a Wireguard wizard.

    • @Darkk6969
      @Darkk6969 Год назад +1

      Yep. That would be fantastic!

    • @bopal93
      @bopal93 Год назад +2

      It's very easy even without it

    • @Darkk6969
      @Darkk6969 Год назад

      @@bopal93 I had to follow Tom's video to get one going.

  • @tabascocrimson7865
    @tabascocrimson7865 Год назад

    Looks like the only remaining open source solution that will be left is Opnsense... Too bad their FW Rules UI works like caveman. Still.. If anything goes wrong with PF CE, I'd rather switch to Opnsense rather than PF +.
    The slow release cycle is not intimidating me (so far) compared to lots of commercial solutions. Still... Opnsense updates are very very active.

  • @bakalabushrat
    @bakalabushrat Год назад

    + but I have no idea why! If they decide to change the license terms ...I guess it's bye bye +...

  • @ashuggtube
    @ashuggtube Год назад +3

    The ongoing confusion amongst the masses must be quite frustrating for Netgate, as I’m sure they thought having pfSense CE and pfSense Plus would make people really happy

    • @SillieWous
      @SillieWous Год назад +2

      Well that is mostly due to themselves. One would think they would have the same code base, and thus the same release cycle. Yet that has not been the case. I'm curious what will happen now that they're both on BSD 14. If CE will again be >1 year without update I'm going to OPNsense.

    • @thejesperx212
      @thejesperx212 Год назад

      @@SillieWous Monthly, Bi-Monthly or at least quarterly updates are a must for anything directly on the internet.
      OPNsense has monthly updates, it is worth to take a look.

    • @britexpat_l33t
      @britexpat_l33t Год назад +10

      @@thejesperx212This is nonsense. Monthly updates for mission critical infrastructure? Be serious.
      No firewall vendor is releasing on such an aggressive schedule. The big 4 all release on a 2 major releases per year basis.

    • @thejesperx212
      @thejesperx212 Год назад

      @@britexpat_l33t Yes obviously.
      We shouldn't mix business release schedules with the community ones.
      I don't have

    • @marcogenovesi8570
      @marcogenovesi8570 Год назад

      @@britexpat_l33t Some do, cough*Fortigate*cough, and PfSense plus updates every 3-4 months.

  • @ralph4370
    @ralph4370 Год назад +1

    For homelabs I switched to Opnsense and that is updated way more than Pfsense. Just as I moved over to opnsense, 2.7 dropped smh.

  • @rpsmith
    @rpsmith Год назад +4

    Netgate should have stuck with the CE only version and made Plus a paid support option only! Plus, as it exist now, was nothing more than a bad fork in the road!

  • @rollinthedice7355
    @rollinthedice7355 Год назад +4

    They'll probably start charging for PfSense Plus in the future. They're a business - they'd pocket a lot getting people on it for 'free' then charging even a small amount. It's likely a business move. I stay on CE because it's open-source, if that ever changes I'd be gutted but I'd find another solution.

    • @Darkk6969
      @Darkk6969 Год назад +1

      Maybe but they do make their money on the appliances which is what I did for our remote offices.

    • @NeverEnoughRally
      @NeverEnoughRally Год назад +3

      So I thought about this also, but I got reminded of autocad back when I was in school. They gave the full version to students for free, my thought on why was to get a base of people who felt comfortable with it and when they moved into the real world they would be more likely to use autocad.
      I think most people that want to mess with pfsense at home are smarter than the average bear in the world of IT, or if you're like me, someone who likes a challenge. But that person may be in charge of implementing a router into a business someday and they would just default to pfsense.
      Also if you think about it, there's really little to no extra cost to negate to give the software to home users, they offer no support other than the forums.

    • @NeverEnoughRally
      @NeverEnoughRally Год назад

      @@adeadfishdied That's a good point. I never really thought of it that way.

    • @AudianPaxson
      @AudianPaxson Год назад

      ​@@NeverEnoughRallywell stated. Makes total sense.

  • @thejesperx212
    @thejesperx212 Год назад +1

    it costs the ability to check if there is malicious intent.
    Interesting that you didn't cover it in your comparison chart that PFSense+ is closed source.
    Netgates FAQ states: "pfSense Plus software is a Netgate product - branched from pfSense project - and it is closed source, just as Factory Edition was. "
    There are frankly better free closed source firewalls.
    The choice was poor and that's why people stick with CE, just drop it for OPNsense or some other open / closed source alternatives.

    • @manofwar9307
      @manofwar9307 Год назад +2

      "There are frankly better free closed source firewalls."
      Can you list some examples? I'd be interested in checking them out and comparing them.

  • @RamaOlama
    @RamaOlama Год назад +4

    I switched to opnsense simply 😂

  • @woswasdenni1914
    @woswasdenni1914 Год назад

    boi oh boi this didnt age well or long lol
    3 months later..... no more home labs.... without any warning just gone over night. what a dickhead idiotic move.
    then again freebsd is dieing anyway. next 2 years trunas will be fuilly linux only, leaving not that many projects using bsd in mass deployments.
    man i hope they get the controller project running on vyos

  • @bartgrefte
    @bartgrefte Год назад

    "Which one are you going to choose"
    Neither, been using Debian as a router for years and will most likely stick with it as long as Debian continues to exist :)

  • @MIAMIC70
    @MIAMIC70 Год назад

    How would Pfsense compare to Firewalla? I’m considering a Firewalla Gold Plus for its available of 2.5GbE ports. However, hard to get truly independent reviews of Firewalla equipment which is actually fairly expensive for what it is.

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  Год назад

      Firewalla is a consumer device with a weird way to set it up via phone and lots of sponsored posts so I have no idea if it is any good as I don't really have time to test consumer equipment.

    • @MIAMIC70
      @MIAMIC70 Год назад +1

      @@LAWRENCESYSTEMS That’s the issue “sponsored posts” I have little to no faith in those. But the device and software look pretty nice just love to have someone objective check it out.
      Love the content, just found you and subscribed immediately.