TNSR is Netgate’s newest open-source secure networking software platform.  It is designed and built from the ground up, using open source software projects including Vector Packet Processing (VPP), Data Plane Developer Kit (DPDK), Free Range Routing (FRR), strongSwan, Clixon, YANG data model and more.  TNSR can scale packet processing from 1 to 10 to 100 Gbps, even 1 Tbps and beyond on commercial-off-the-shelf (COTS) hardware - enabling routing, firewall, VPN and other secure networking applications to be delivered for a fraction of the cost of legacy brands. Further, TNSR can be deployed as a bare metal image, VM, or bundled with a Netgate appliance. It is also equipped with a RESTCONF API - enabling multiple instances to be orchestration managed as opposed to one at a time by a human via GUI - as well as a CLI.

TNSR Business is designed for users who want a full-featured secure networking solution where up to 10Gbps NIC instances are present. TNSR Business is suitable for everyone from Small Office/Home Office (SOHO) to labs, branch offices, virtual offices, or retail stores. Equipped with a RESTCONF API, TNSR Business also enables low-cost, no-touch orchestration management.

TNSR Enterprise has no NIC limit, so it can support 10 Gbps NICs, 40 Gbps NICs, 100 Gbps NICs, etc. It is targeted at large enterprises and service providers who need super-high throughput and / or high-scale feature needs like carrier-grade NAT (CGNAT).

You can find out more here.

TNSR Business offers a robust firewall, router, and VPN feature set that scales to 10 Gbps of throughput, independent of packet size or level of encryption.  pfSense® software tends to hit performance limitations at around 200-300 Mbps when confronted with smaller packets or any measure of encryption handling

pfSense has a family of packages that can be activated through the pfSense package manager. TNSR Business does not leverage a package manager in the same way. That said, 3rd party functions like SNORT can interface with TNSR Business via its RESTFUL API. It is also possible to integrate packet processing algorithms and enforcement policies directly into VPP’s graph node processing tree. This currently requires expertise, but the technology is changing rapidly as the world evolves to cloud, network function virtualization and containers. We plan to cover this topic in more depth via content and webinars in the near future.

Finally, TNSR is manageable via CLI and the RESTFUL API. pfSense includes a GUI.

In essence, TNSR Business significantly outperforms pfSense from a packet processing point of view and can be orchestration managed with orchestration engines such as Puppet, Chef, Ansible, or Saltstack.

pfSense software will continue to be developed and supported.  TNSR is meant for users with greater throughput, more stringent traffic needs, and / or prefer multi-instance orchestration management over single-instance GUI management.

Every one of the components that make up TNSR are open source. The reason that TNSR is all of these at once is that we have customers who have asked us to productize these projects and support it. Customers have told us that they cannot find 10Gb routing and packet filtering for less than thousands of dollars per year so we believe that $399/year is a great value for performance.

There is no plan for a free (Community Edition) version of TNSR.

There are, however, trial versions of both TNSR Enterprise and TNSR Business. You can get more information here.

Netgate has developed a hardware compatibility list (HCL) that is available now. See the TNSR Supported Platforms documentation here.

At the time of appliance shipment or bare metal image purchase, the annual subscription software license start date begins and runs for 365 days.

CSPs have their own controls in place for pay-as-you-go and annual subscription license management.

Yes. TNSR Business is licensed for instances with 10 Gbps NICs and below, as determined by the presence of the highest NIC speed in the instance. TNSR Enterprise is licensed for instances with any NIC speed, including NICs faster than 10 Gbps,. Subscription instances are licensed on this basis. If your needs change, we will reset your subscription accordingly.

Yes, by upgrading your TNSR Business Subscription at $399 to a TNSR Business Plus  Subscription at $1,198.

pfSense software users appear in every vertical, and every size / type of organization. Many are likely to remain content with pfSense software for some time. But others, have asked for more than it is designed to provide. TNSR has been out for a year and has been adopted by customers who needed to solve high-bandwidth (40-100 Gbps) routing and packet filtering problems. TNSR Business provides a product for users with more modest performance requirements - but still beyond the capabilities of pfSense software. Below. we’ve outlined a few use cases where we believe pfSense users may benefit by moving to TNSR:

As a home user…

1. I have an edge router, firewall and/or VPN appliance equipped with 1 or 10 Gbps NICs. But, the software cannot perform packet processing functions fast enough. This means I am underutilizing my hardware and/or network connection speed.

2. My internet connection now has to deal with more application traffic owing to work at home, household users who are big gamers, an increased use of VoIP, etc. I’ve noticed some performance degradation, specifically slower response time. I’d like to claw that back.

3. I’m really not a big pfSense package user, I just want raw speed for the buck. I built my own appliance. I know the exact access control list (ACL) configuration I want. I just wish I had high-performance firewall software that could keep up with my appliance.

4. I run a homelab. By definition, I can never have too much bandwidth. More importantly, I’m really curious about advanced networking capabilities and want to dive into APIs and Python programming - a necessity for tomorrow’s network engineers. I cannot do that with pfSense software.

As a Small to Medium Business (SMB) user…

1. IoT has led to many more devices using my network uplink, and we are starting to get complaints from our users that things aren’t as fast as the used to be.

2. We bought a new security gateway with 10 Gbps uplinks, but our firewall software cannot run at even 10% of that speed.

3. More and more of our inter-site traffic is sent over IPSec. We know that leads to a sharp throughput decline. Regardless, we still want to use our high-speed links more extensively.

As an Enterprise user…

1. We have to have high-speed IPSec connections between our business locations. The same goes for corporate and remote office links to our data center and cloud instances. 1 and 10 Gbps speeds are de rigueur for us. We’ve spared no expense on for the fastest hardware. We need secure networking software that doesn’t cause it to sputter under load.

2. Intellectual property protection is everything for us. Tight control over each employee and contractor’s application access is a must for us. When a risk is identified, we must be able to administer access control changes in an instant. IT automation is critical.

As a Service Provider…

1. We are running out of IPv4 address space. We need a scalable, performant way to translate large volumes of IPv4/IPv6 addresses.

2. We face severe competition, and must constantly find ways to cut cost and add services quickly and easily. We see open-source software as essential to our long term viability, but do not want to be saddled with having to productize it ourselves.