TNSR Software

vs.

pfSense Software

Intro

The Netgate pfSense® software user base includes every industry vertical, businesses from small to enterprise, local, state and federal government agencies, educational institutions and consumers.

Not surprisingly, It is often asked how pfSense software and TNSR® software differ.

Simply stated, the pfSense project is an open-source firewall software distribution, and TNSR is a high-performance software router.

pfSense software has been in use since 2006, and covers a wide variety of secure networking solution needs. TNSR software is much newer, and to date has been more targeted in its secure networking solution coverage.

While it is entirely possible and plausible that some secure networking use cases can be addressed by either product (albeit with dramatically different performance), TNSR software is not positioned as a “pfSense software replacement”.

 

The Comparison

A high-level comparison table is shown below.

More detailed feature lists for pfSense software and TNSR software are here and here respectively.

Product documentation provides the most definitive feature detail.

 

Feature pfSense Software TNSR Software
Target Market Firewall/Router/VPN solutions for Consumers, Businesses, and Service Providers High-performance router solutions for Enterprises and Service Providers
Lifespan
  • Project started 2004
  • First release 2006
  • Netgate controlling interest 2012
  • Introduced May 2018
 Router
  • BGP
  • OSPF
  • Configurable static routing
  • Static ARP
  • IPv4/IPv6
  • IPv6 network prefix translation
  • IPv6 router advertisements
  • Multiple IP addresses per interface
  • BGP
  • OSPFv3 (OSPF6)
  • Static Routing
  • IPv4/IPv6
  • ECMP
  • Static ARP
  • BFD with dynamic routing
  • VRF
  • VRF-lite
  • RIPv2
Network Services
  • DHCP server
  • DNS Resolver
  • NTP Server
  • Dynamic DNS
  • NAT mapping (inbound/outbound)
  • 1:1 NAT
  • Outbound NAT
  • NPT
  • Reverse proxy
  • DNS forwarding
  • Wake-on-LAN
  • PPPoE Server
  • DHCP client/server
  • DNS Resolver
  • NTP Server
  • Port Forwards
  • 1:1 NAT
  • Outbound NAT
  • NPT
  • NAT44
  • NAT-T
  • CG-NAT (MAP-T/MAP-E, DS-Lite)
VPN and Tunneling
  • IPsec Site-to-site
  • IPsec Remote Access
  • OpenVPN Site-to-site
  • OpenVPN Remote Access
  • VLAN support (802.1q)
  • 802.1ad VLAN (QinQ)
  • Bridging
  • LAG
  • GRE
  • IPsec site-to-site (Multi-core routed)
  • 802.1q, 802.1ad VLAN (QinQ)
  • VXLAN- Bridging
  • Tap
  • Loopback
  • LAG
  • GRE
  • SPAN/ERSPAN
  • memif
Firewall
  • Stateful Packet Inspection (SPI)
  • GeoIP blocking
  • Anti-Spoofing
  • Time based rules
  • Captive portal guest network
  • Connection limits
  • L2 MAC/IP ACLs
  • L3 ACLs
  • L4 ACLs
IDS/IPS
  • Snort-based packet analyzer
  • Layer 7 application detection
  • Multiple rules sources and categories
  • Emerging threats database
  • IP blacklist database
  • Pre-set rule profiles
  • Per-interface configuration
  • Suppressing false positive alerts
  • Deep Packet Inspection (DPI)
  • Optional open-source packages for application blocking
  • Integrate with your preferred vendor via the TNSR RESTful API
  • Integration guidance is available here
Proxy and Content Filtering
  • HTTP and HTTPS proxy
  • Non Transparent or Transparent caching proxy
  • Domain/URL filtering
  • Anti-virus filtering
  • SafeSearch for search engines
  • HTTPS URL and content screening
  • Website access reporting
  • Domain Name blacklisting (DNSBL)
  • Usage reporting
 
Data Plane / Packet Processing
  • Kernel-based processing
  • TNSR is not kernel-based processing
  • TNSR leverages Vector Packet Processing (VPP) and Data Plane Developer Kit (DPDK) to deliver substantially greater packet-processing performance and throughput.
User Management
  • Local user and group database
  • User and group-based privileges
  • Optional automatic account expiration
  • External RADIUS authentication
  • Automatic lockout after repeated attempts
  • Local user database
  • User and group-based management via NETCONF Access Control Model (NACM)
High Availability
  • Common Address Redundancy Protocol (CARP)
  • Dual-node only
  • Virtual Router Redundancy Protocol (VRRP)
  • VRRP Interface tracking
  • Multi-node
Performance
  • L3 Forwarding: 1.18 Gbps per core
    IMIX packets L3 Forwarding
    (pfSense 2.4.4-p3 on an Netgate XG-1541)
  • ACL Firewall: 0.57 Gbps per core
    IMIX packets through a 10K ACL Firewall
    (pfSense 2.4.4-p3 on an Netgate XG-1541)
  • IPsec: 0.43 Gbps per core
    IMIX packets through an AES-128-GCM IPSec VPN tunnel
    (pfSense 2.4.4-p3 on an Netgate XG-1541)
  • L3 Forwarding: 9.84 Gbps per core
    IMIX packets L3 Forwarding
    (TNSR 19.05 on a Netgate XG-1541)
  • ACL Firewall: 9.47 Gbps per core
    IMIX packets through a 10K ACL Firewall
    (TNSR 19.05 on a Netgate XG-1541)
  • IPsec: 7.03 Gbps per core
    IMIX packets through an AES-128-GCM IPSec VPN tunnel
    (TNSR 19.05 on a Netgate XG-1541)
Manageability
  • GUI
  • Console Port
  • CLI
  • RESTCONF API
  • SNMP
Open Source Scope
  • Source code available
  • Underlying open-source projects provide source code
  • TNSR is only available as a binary
Commercialization
  • Free Binaries
  • Chargeable Binaries

 

Stay up to date

There’s always something new with open-source, secure networking and TNSR software. Keep up with us by visiting our blog, social communities and newsletter.

Netgate
Blog

Get a view into how open source is disrupting secure networking and changing the technology landscape.

Netgate Blog

Netgate Newsletter

Discover the latest announcements, product information, and industry news with our monthly newsletter.

 

Netgate Newsletter

Social Communities

Twitter Circle Logo LinkedIn circle logo Reddit Circle Logo Facebook circle logo instagram circle logo