2021 saw the release of pfSense 2.5, the most significant update to the popular firewall in years. In this blog post, we have summarised the most important questions about pfSense and the 2.5 release.
pfSense is a firewall based on the FreeBSD free operating system and, according to the manufacturer, has "all the key features of the most expensive firewall solutions". Companies around the world rely on pfSense software to provide reliable and full-featured firewall protection in the cloud. You can also protect your IT infrastructure with pfSense at Xelon HQ. pfSense Community Edition is the partially open version, while pfSense Plus (formerly called pfSense Factory Edition) has moved to a closed-source model.
What can pfSense do?
pfSense is installed on a physical computer or virtual machine (VM) to form a dedicated firewall or router for a network. Installation is quick and painless. Users can quickly set up their own demo in a virtual environment - such as Xelon HQ. The firewall can be configured and updated via a web-based interface. How you ultimately configure the software, however, depends largely on your requirements. According to the developer platform GitHub, pfSense enjoys such popularity because the firewall is able to offer the same functionality - or more - as common commercial firewalls thanks to a package system.
How was pfSense created?
The history of pfSense began in 2004 as a spin-off of the m0n0wall project. According to the developers, the project was not intended as a competing product. The goal of the m0n0wall project had been to create a complete embedded firewall software package that, in conjunction with an embedded PC, offered all the important functions of commercial firewall boxes at a fraction of the price. Incidentally, with Threema founder Manuel Kasper, a major Swiss developer was involved in the m0n0wall project.
First released in 2006, pfSense has since "successfully replaced every reputable commercial firewall in numerous organisations around the world", according to GitHub. In 2014, the competing open-source firewall and routing software project OPNsense was forked from pfSense. Both pfSense and OPNsense continue to be developed, while the original m0n0wall project was discontinued in 2015. Finally, in 2021 came the latest version 2.5, which is the biggest update to the software since 2017. The latest pfSense version is now also available at Xelon HQ.
What changes with the update toversion 2.5?
The latest version is more clearly divided into the open source pfSense Community Edition and the paid pfSense Plus than previous versions. Both the Community Edition and the Plus version receive a major upgrade of the operating system version, OpenSSL upgrades and improvements in the areas of Virtual Private Network (VPN) and security with the update to version 2.5. While version 2.4.5 still ran on FreeBSD 11.3, version 2.5 is based on FreeBSD 12.2. More than 500 bugs are said to have been fixed with the upgrade. A new feature that could be particularly exciting for IT service providers and SaaS providers concerns the protocols in pfSense: there is now a protocol rotation solution.
The pfSense release notes list all changes.
What do I have to consider when updating to version 2.5?
The pfSense software can be upgraded from an older version to 2.5 without much effort.
Due to the large differences between pfSense 2.5 and older versions, warnings and error messages (especially from PHP and package updates) may appear during the update. These errors are mainly displayed during the upgrade process, but may also appear in a crash report after the update has been completed. In almost all cases, these errors are a harmless side effect of the changes between FreeBSD 11.2 and 12.x and between PHP 7.2 and PHP 7.4. The most common problems associated with updates are hardware-specific regressions from one FreeBSD version to another.
Is a backup necessary before the pfSense update?
Yes, you should always create a backup before any software or system updates! With the right backup solution, time-consuming and costly data loss can be avoided.
In Xelon HQ you also have the option of creating snapshots of VMs. We recommend creating a snapshot before all updates or upgrades. In the event of an error, you can restore the snapshot (and thus the previous status) with a mouse click. It is important to delete the snapshot manually after a successful update.
Which software to use for backing up data depends on three factors:
- Retention period: How long should the backups be retrievable and the lost data be recoverable?
- Administration: Is technical know-how available? How much time can be spent on backups? Have any license costs been budgeted?
- Devices: Depending on whether you have physical servers, virtual machines or a cloud infrastructure, different backup solutions are available.
In this blog post there are backup tips.