FAQ

TNSR^® is Netgate’s a high-performance software router.  It is designed and built from the ground up, using open source software projects including Vector Packet Processing (VPP), Data Plane Developer Kit (DPDK), Free Range Routing (FRR), strongSwan, Clixon, YANG data model and more.

TNSR software can scale packet processing from 1 to 100 Gbps and beyond on commercial-off-the-shelf (COTS) hardware - enabling a number of secure networking applications to be delivered for a fraction of the cost of legacy brands.

TNSR can be deployed on bare metal, VMware, KVM, or bundled with a Netgate appliance.

It can be managed by CLI or RESTCONF API - the latter enabling multiple instances to be configured and managed via orchestration.

At the highest level, pfSense is a comprehensive router, FW and VPN solution - which competes head-to-head with UTM and NGFW type products from legacy commercial vendors including Cisco, Fortinet, Ubiquity, Untangle and others. It is based on FreeBSD kernel packet processing.

TNSR is a high-performance software router based on Linux and Vector Packet Processing (VPP). TNSR is not positioned as a firewall, and does not have the feature richness that comes with pfSense. But, it is significantly faster and more scalable for routing and IPsec traffic handling - making for an excellent edge router solution.

A side-by-side comparison can be found here.

pfSense software will continue to be developed and supported. TNSR software is meant for users with greater throughput, more stringent traffic needs, and / or prefer multi-instance orchestration management over single-instance GUI management.

Yes! The TNSR Home+Lab version is functionally identical to TNSR Business and is available for non-commercial use at no charge.

You can see more details and subscribe to TNSR Home+Lab by going to the subscription page and clicking the register button. All you have to provide is your first name, last name, a valid personal (for home use) or business (for lab use) email, and an organization name (if not for personal use). We also have to ask you to agree to read and abide by our eval agreement and GDPR compliance recognition. Then, you’ll receive a link to the Home+Lab instance via an automated email workflow.

That email workflow will also provide instructions on where to learn about installation, configuration, forum support, etc. We will not badger you from an email or otherwise outbound sales process. We will drop a couple of emails early on (just to see how the experience is going for you, so we can continually improve the overall user experience), and, we’ll drop one last email 30 days before the free subscription expires.

With the release of version TNSR 20.10, you can use Home+Lab as long as you wish, as long as you abide by the EULA. As newer releases are made available via Home+Lab path, you’ll need to re-register for those.

It’s a simple process of filling out a form, receiving an email with a download link, and away you go. There is a documented path here to migrate most configuration settings from the prior release.

The general system requirements for TNSR software are:

• 64-bit x86 processor with SSE4.2 extensions
• Minimum of 4GB RAM
• Minimum of two network interface ports, three network interface ports recommended (two for data plane, one for management)

A detailed hardware compatibility list (HCL) can be found in our TNSR documentation here.

TNSR software is available by subscription only.

The subscription start date begins on the date of purchase, this includes Netgate security gateway appliances with pre-installed TNSR software. The subscription end date is dependent on the number of years included with your subscription, with a minimum of one year.

AWS and Azure have their own controls in place for pay-as-you-go and annual subscription license management.

pfSense software users appear in every vertical, and every size / type of organization. Many are likely to remain content with pfSense software for some time. But others, have asked for more than it is designed to provide. TNSR software is for customers who with high-bandwidth (40-100 Gbps) routing requirements. Below. we’ve outlined a few use cases where we believe pfSense users may benefit by moving to TNSR software:

As a home user…

1. I have an edge router, firewall and/or VPN appliance equipped with 1 or 10 Gbps NICs. But, the software cannot perform packet processing functions fast enough. This means I am underutilizing my hardware and/or network connection speed.
2. My internet connection now has to deal with more application traffic owing to work at home, household users who are big gamers, an increased use of VoIP, etc. I’ve noticed some performance degradation, specifically slower response time. I’d like to claw that back.
3. I’m really not a big pfSense package user, I just want raw speed for the buck. I built my own appliance. I know the exact access control list (ACL) configuration I want. I just wish I had high-performance firewall software that could keep up with my appliance.
4. I run a homelab. By definition, I can never have too much bandwidth. More importantly, I’m really curious about advanced networking capabilities and want to dive into APIs and Python programming - a necessity for tomorrow’s network engineers. I cannot do that with pfSense software.

As a Small to Medium Business (SMB) user…

1. IoT has led to many more devices using my network uplink, and we are starting to get complaints from our users that things aren’t as fast as the used to be.

2. We bought a new security gateway with 10 Gbps uplinks, but our firewall software cannot run at even 10% of that speed.
3. More and more of our inter-site traffic is sent over IPsec. We know that leads to a sharp throughput decline. Regardless, we still want to use our high-speed links more extensively.

1. We have to have high-speed IPsec connections between our business locations. The same goes for corporate and remote office links to our data center and cloud instances. 1 and 10 Gbps speeds are de rigueur for us. We’ve spared no expense on for the fastest hardware. We need secure networking software that doesn’t cause it to sputter under load.

2. Intellectual property protection is everything for us. Tight control over each employee and contractor’s application access is a must for us. When a risk is identified, we must be able to administer access control changes in an instant. IT automation is critical.

As a Service Provider…

1. We are running out of IPv4 address space. We need a scalable, performant way to translate large volumes of IPv4/IPv6 addresses.

2. We face severe competition, and must constantly find ways to cut cost and add services quickly and easily. We see open-source software as essential to our long term viability, but do not want to be saddled with having to productize it ourselves.

TNSR has outstanding packet per second (PPS) and Megabits per second (Gbps) throughput. Exact performance will, however, always depend on software release, underlying hardware, and of course, the type of traffic.

See our performance page below for a list of criteria to consider, our latest test setup and results:

https://www.tnsr.com/performance

TNSR can be managed via Command Line Interface (CLI), RESTCONF API (an HTTP-based protocol that provides a programmatic interface for accessing data defined in a YANG data model), or Simple Network Management Protocol (SNMP).

Available commands and capabilities are chronicled in our documentation.

CLI detail can be found in our documentation here:

https://docs.netgate.com/tnsr/en/latest/basics/index.html

RESTCONF API detail can be found in our documentation here:

https://docs.netgate.com/tnsr/en/latest/api/

SNMP detail can be found in our documentation here:

https://docs.netgate.com/tnsr/en/latest/monitoring/snmp.html 

Yes. A growing number of API code modules are already written and openly shared in our documentation here, including the ability to choose exact syntax by TNSR software release.

TAC Pro support from the Netgate TAC (Technical Assistance Center) is included with all TNSR software subscriptions, including AWS and Azure. TAC Enterprise is an optional upgrade that expands contact options and speeds response time. Details can be found here.

Users of the TNSR Home+Lab edition can go to the Netgate forum to ask a question or get community assistance. Even though it's a community-driven forum, Netgate TAC Support actively monitors the forum and will help as they can.

The Home+Lab version of TNSR can't be updated in-place.

To upgrade to the newest version, simply re-register to get an email with a download link, and away you go. There is also a documented path here to migrate most configuration settings from the prior release.

For a more seamless software upgrade process we recommend you move up to a paid subscription where you will also receive free TAC technical support.