Reference Video: Comparing pfSense Plus & pfSense CE: Cost and Key Differences Explained

Official Netgate Migration Guide: Migrate from pfSense CE to pfSense Plus

This guide consolidates the full set of steps and best practices for upgrading a system from pfSense Community Edition (CE) to pfSense Plus.

---

• pfSense CE: Completely free, community-supported.
• pfSense Plus: Free for home and lab use. Automatic entitlement when used on Netgate hardware; CE → Plus migration requires registration but remains free.

• CE: Community forums only.
• Plus: Eligible for paid Netgate TAC support.

• Both share the same FreeBSD base (FreeBSD 14 as of 2023).
• Plus receives more frequent releases and hotfixes.
• CE has a longer release cycle.

Feature	CE	Plus
Boot Environments (automatic snapshots)	❌	✔️
QAT Crypto Acceleration	❌	✔️
OpenVPN DCO (Data Channel Offload – Beta)	❌	✔️
OpenVPN Client Import Tool	❌	✔️
AWS VPN Wizard	❌	✔️
IPsec Export for Apple Profiles	❌	✔️
IPsec Export for Windows PowerShell	❌	✔️

Both versions support: High Availability (CARP), VLANs, OpenVPN, WireGuard, IPSec, L2TP, ZFS file system, and all major routing & firewall features.

• Both CE and Plus support ZFS.
• Only Plus includes the Boot Environment GUI tools + auto-snapshot during upgrades.
• CE requires more manual ZFS handling.

• Plus receives faster updates to the base OS when needed.
• CE updates are slower but still maintained and not considered unsafe.

---

• A Netgate account with an activated pfSense+ subscription or device entitlement.
• Your pfSense CE must be 2.6 or later.
• Internet connectivity for the upgrade process.

• Go to Diagnostics → Backup/Restore.
• Download the latest full configuration backup.
• If virtualized: take a VM snapshot.
• If physical: prepare a USB installer for pfSense+ (failsafe recovery option).

• pfSense CE/Plus uses ZFS Boot Environments.
• Each upgrade automatically creates a new boot environment (snapshot).
• You may manually create one via: System → Boot Environments → Create.

---

Netgate best practice:

• Uninstall all third-party packages before upgrade.
• When uninstalling, choose "Keep configuration files".
  • This allows you to reinstall packages after the upgrade with your settings intact.

If you decide to upgrade with packages installed:

• Do this only if you understand the risks.
• Some packages may break the upgrade or behave unpredictably.

---

• Go to the Netgate Store.
• Choose pfSense+ Software Subscription with TAC Lite Support (or the appropriate plan).
• In the dropdown, select: Upgrade from pfSense CE to pfSense Plus
  • (Do NOT leave it on Renewal/New Install.)
• Add to cart and complete checkout.

After purchase, Netgate will email the activation token to the email address on the store account.

Template:Note

1. In the pfSense CE GUI, navigate to System → Register.
2. Paste the activation token.
3. Click Register.
4. Confirm registration success on the page.

1. Go to System → Update.
2. The page should now announce availability of the pfSense Plus migration branch.
3. Set Branch to: pfSense Plus Upgrade
4. Wait for the update check to finish.

• Click Confirm to start the migration.
• This will convert CE → Plus as part of the upgrade process.

1. Go to System → Update.
2. Click the Update Settings tab.
3. Change Branch to: Current Stable Version (Plus 25.07 or newer).

If your CE system is not yet entitled for pfSense+:

• Go to System → Registration.
• Log in using your Netgate account.
• Attach device to your subscription.

---

1. Go to System → Update.
2. Click the Cloud icon to retrieve latest metadata.
3. Wait for system to check installed version vs available version.
4. When the upgrade path appears (example: 24.11 → 25.07), click Confirm Update.

• Keep the browser tab open and running during the entire upgrade process — do not close, refresh, or navigate away.
• If possible, monitor via the physical console.

• System will download packages, verify signatures, create a new boot environment, apply updates, then reboot.
• During reboot: do not power off or reset.
• Expect long startup times — sometimes several minutes. The system is applying updates and rebuilding components. Do not assume it is stuck; give it plenty of time.

The browser will auto-refresh and reconnect when the web GUI is back.

---

• Dashboard should show: pfSense Plus 25.07.xx (or newer).

1. Go to System → Package Manager.
2. Click Available Updates.
3. Ensure all installed packages are updated.

1. Go to System → Patches.
2. Confirm that no new patches are required.

---

1. Go to System → Package Manager → Available Packages.
2. Reinstall packages one by one.
3. Your previous configurations should auto-apply.

---

1. Reboot pfSense.
2. From bootloader menu choose Boot Environments.
3. Select the older (pre-upgrade) environment.

1. Boot from USB installer.
2. Choose Recover Configuration from URL.
3. Upload or paste your backup file.

---

Some Comfac-IT clients prefer to purchase pfSense Plus licenses through us. When we buy from the Netgate Shop, we receive the activation tokens, and we are responsible for their issuance and tracking.

Internal workflow:

• Schedule a calendar reminder exactly 1 month before token expiration.
• Coordinate with the client early to ensure tokens are used on time.

Item	Amount
Token cost from Netgate	PHP 7,740
Comfac-IT selling price	PHP 8,000
Margin	PHP 260

These amounts are small, so efficiency and proper scheduling are critical.

---

• Always backup before upgrading.
• Always keep a recovery USB.
• Only upgrade when you have a recovery window (off-hours).

• Physical hardware for stable routing.
• Virtualization for labs and home setups.

• Check Status → System Logs → General / Package / Boot for anomalies.