pfSense Plus is a fully-featured firewall, VPN and router solution

 

TNSR is a Ultra high-performance VPN and Edge router, the Military grade solution

  • Ideal for homes, businesses, educational institutions, government agencies and service providers
  • Proven firewall (including IDS/IPS attack prevention, proxy, content filtering) and VPN and router feature set
  • Scales well to the limits of kernel-based packet processing
  • Traditional management via GUI and/or CLI
  • NGFW or cloud deployment
   
  • Ideal for enterprise-class businesses, educational institutions, government agencies and service providers
  • High-performance router and site-to-site VPN solution
  • Extraordinary scale by leveraging Vector Packet Processing (VPP) and Data Plane Development Kit (DPDK)
  • Automated management via RESTCONF API or CLI
  • Edge or cloud deployment

 

Two Products Separated by Feature Set, Scale, and Manageability


pfSense Plus is ideal for users who need comprehensive firewall, routing and VPN capabilities for home, remote / branch office, corporate, or cloud locations. As well, it is easy to manage and has time-tested resilience and reliability.

Performance wise, pfSense can nearly saturate 1-10 Gbps WAN links when forwarding Iperf, or even IMIX, traffic. While the product is deployed across every vertical and continent for more demanding firewall and VPN applications, WAN link throughput will decline due to the limitations of kernel-based packet processing.

As throughput needs increase, especially where application (smaller packet) traffic and more robust encryption ciphers are used (high-performance VPN connections) come into play, TNSR soars in its ability to saturate 1,10, 40, and 50 Gbps native or bonded WAN links, nearly impervious to packet size. While fully-featured from an edge routing (including L2, L3, and L4 ACLs) and site-to-site IPsec VPN perspective, TNSR does not address common firewall use cases like iDS/IPS, content filtering. Finally, TNSR - as a high-performance router-based solution - is not equipped with a GUI, but rather a CLI and API, the latter of which lends itself to more advanced and automated configuration, management, and monitoring approaches.

 

A Rundown of Technical Specifications

A high-level comparison table is shown below. More detailed feature lists for pfSense software and TNSR software are here and here respectively. Product documentation provides the most definitive feature detail.

Feature

pfSense+ Software

TNSR Software

Target Market

Firewall/Router/VPN solutions for Homes, Businesses, Office network and Service Providers
High-performance router solutions for Cloud center; IDC and ISP, VPP; DPDK technology

Lifespan

  • Project started 2004
  • First release 2006
  • Netgate controlling interest 2012
  • Introduced May 2018

Router

  • BGP
  • OSPF
  • Configurable static routing
  • Static ARP
  • IPv4/IPv6
  • IPv6 network prefix translation
  • IPv6 router advertisements
  • Multiple IP addresses per interface
  • BGP
  • OSPFv3 (OSPF6)
  • RIPv2
  • Static Routing
  • Static ARP
  • IPv4/IPv6
  • BFD with dynamic routing
  • Carrier-grade NAT (CGN or CGNAT)
  • ECMP
  • VRF
  • VRF-lite

Network Services

  • DHCP server
  • DNS Resolver
  • NTP Server
  • Dynamic DNS
  • NAT mapping (inbound/outbound)
  • 1:1 NAT
  • Outbound NAT
  • NPT
  • Reverse proxy
  • DNS forwarding
  • Wake-on-LAN
  • PPPoE Server
  • DHCP client/server
  • DNS Resolver
  • NTP Server
  • Port Forwards
  • 1:1 NAT
  • Outbound NAT
  • NPT
  • NAT44
  • NAT-T
  • CG-NAT (MAP-T/MAP-E)

VPN and Tunneling

  • IPsec Site-to-site
  • IPsec Remote Access
  • OpenVPN Site-to-site
  • OpenVPN Remote Access
  • VLAN support (802.1q)
  • 802.1ad VLAN (QinQ)
  • Bridging
  • LAG
  • GRE
  • IPsec site-to-site (Multi-core routed)
  • WireGuard® VPN
  • Public Key Infrastructure
  • IKEv2
  • DHGroups (Groups 1-24, and 31)
  • Encryption ( 3DES, AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-ICV16-GCM-128, AES-ICV16-GCM-192, AES-ICV16-GCM-256, Camellia-128,Camellia-192, Camellia-256 and CHACHA20-POLY1305) 
  • GRE
  • VXLAN- Bridging
  • 802.1q, 802.1ad VLAN (QinQ)
  • Tap
  • Loopback
  • LAG
  • SPAN/ERSPAN
  • memif

Firewall

  • Stateful Packet Inspection (SPI)
  • GeoIP blocking
  • Anti-Spoofing
  • Time based rules
  • Captive portal guest network
  • Connection limits
  • L2 MAC/IP ACLs
  • L3 ACLs
  • L4 ACLs

IDS/IPS

  • Snort-based packet analyzer
  • Layer 7 application detection
  • Multiple rules sources and categories
  • Emerging threats database
  • IP blacklist database
  • Pre-set rule profiles
  • Per-interface configuration
  • Suppressing false positive alerts
  • Deep Packet Inspection (DPI)
  • Optional open-source packages for application blocking
  • Integrate with your preferred vendor via the TNSR RESTful API
  • Integration guidance is available here

Proxy and Content Filtering

  • HTTP and HTTPS proxy
  • Non Transparent or Transparent caching proxy
  • Domain/URL filtering
  • Anti-virus filtering
  • SafeSearch for search engines
  • HTTPS URL and content screening
  • Website access reporting
  • Domain Name blacklisting (DNSBL)
  • Usage reporting
 

Data Plane / Packet Processing

  • Kernel-based processing
  • TNSR is not kernel-based processing
  • TNSR leverages Vector Packet Processing (VPP) and Data Plane Developer Kit (DPDK) to deliver substantially greater packet-processing performance and throughput.

User Management

  • Local user and group database
  • User and group-based privileges
  • Optional automatic account expiration
  • External RADIUS authentication
  • Automatic lockout after repeated attempts
  • Local user database
  • User and group-based management via NETCONF Access Control Model (NACM)
  • RESTCONF
  • External RADIUS authentication

High Availability

  • Common Address Redundancy Protocol (CARP)
  • Dual-node only
  • Virtual Router Redundancy Protocol (VRRP)
  • VRRP Interface tracking
  • Multi-node

Performance

  • L3 Forwarding: 36.7 Gbps
    iPerf packets L3 Forwarding
    (pfSense Plus 24.03 on a Netgate 8300)
  • Firewall: 26.8 Gbps
    iPerf packets through a 10K ACL Firewall
    (pfSense Plus 24.03 on a Netgate 8300)
  • IPsec: 14.6 Gbps
    iPerf packets through an AES-128-GCM IPSec VPN tunnel
    (pfSense Plus 24.03 on a Netgate 8300)

 

  • L3 Forwarding: 110 Gbps
    iPerf packets L3 Forwarding
    (TNSR 24.06 on a Netgate 8300)
  • ACL Firewall: 108 Gbps
    iPerf packets through a 10K ACL Firewall
    (TNSR 24.06 on a Netgate 8300)
  • IPsec: 47 Gbps
    iPerf packets through an AES-128-GCM IPSec VPN tunnel
    (TNSR 24.06 on a Netgate 8300)

Manageability

  • GUI
  • Console Port
  • CLI
  • RESTCONF API
  • SNMP
  • Prometheus Exporter
  • IPFIX Exporter
  • Link Layer Discovery Protocol (LLDP)

Open Source Scope

  • Source code available (pfSense CE)
  • Underlying open-source projects provide source code
  • TNSR is only available as a binary

Commercialization

  • Free Binaries - pfSense CE
  • Chargeable Binaries - pfSense Plus
  • Chargeable Binaries
 

 

 

What is TNSR High-Performance Edge and Core Routing ?

The need for router speeds will only increase. But fixed-configuration, proprietary, hardware-centric edge networking solutions are a thing of the past. The modern world will be connected with high-performance network function virtualized (NFV) software routers at the edge and in the core. TNSR software provides 2.5G, 10G, 25G, 40G, even 100 Gbps, or more routing via "ASIC-speed" software on commercial-off-the-shelf (COTS) hardware.

by get advantage of Vector Packet Processing (VPP) & Data Plane Development Kit (DPDK)

A Netgate TNSR Edge routers is on backbone & working with your downstream pfsense firewall clusters...

 

Netgate TNSR is a ultra high-performance Edge router, capable 2.5G, 10G, 25G, 100G WAN traffic

  • Ideal for enterprise-class businesses, educational institutions, government agencies, and service providers
  • High-performance router and site-to-site VPN solution
  • Extraordinary scale due to the power of Vector Packet Processing (VPP) and Data Plane Development Kit  (DPDK)
  • Automated management via RESTCONF API or CLI
  • Cloud / IDC / server clusters deployment

Military grade TNSR Appliances : Netgate 6100, Netgate 8200, Netgate 8300, Netgate 1537, Netgate 1541

TNSR is an outstanding high-performance edge router, military grade with industry-leading price-performance and scalability

  • Ideal for demanding edge, campus, data center and cloud connectivity environments where high-speed routing and encrypted traffic handling are required
  • Software scalable to 10G, 25G, 100G Gbps and beyond
  • Vector Packet Processing enables up to two orders of magnitude speed gain over traditional kernel-based packet processing solutions
  • Suitable for edge and core routing, site-to-site VPN, cloud connectivity, large scale NAT applications
  • Managed through CLI and/or RESTCONF API



US Federal Government of Defense upgraded current pfsense to TNSR, built up 100G IPsec VPN


Cases Study ...