Netify and Netify FWA for pfSense Now Available
December 9, 2019
Netify and Netify FWA packages are now available for pfSense 2.4.x. The Netify package and cloud service provide complete network traffic visibility and analysis - know what's happening on your network. In addition, the companion Netify FWA package provides a way to block unwanted protocols and applications.
Two Packages for pfSense
pfSense users tend to lean on the technical side, so let's get down to the details. First, we have an open-source deep packet inspection (DPI) engine - netifyd - that is able to extract useful metadata from a network conversation:
- SSL cipher, SNI, Server CN etc.
- Agent strings
- Torrent hashes
- DHCP fingerprints
- and more
This free DPI engine is used to fuel both of the new packages for pfSense.
The first package - Netify - is a cloud-based subscription service that provides network intelligence and visibility. Netify makes it possible to manage network resources, enforce company policies, provide forensics, audit network devices, detect weaknesses, and stay on top of cyberthreats. In essence, Netify provides insights to help manage your network and devices.
- Device Discovery
- Application Detection
- Protocol Detection
- Risk and Reputation Analysis
- Bandwidth Monitoring
- Hostname Visibility
- Geolocation Information
- Connection Tracking
The second package - Netify FWA (see screenshot) - is a free and open-source solution that is able to block protocols (e.g. BitTorrent) and applications (e.g. Facebook). It runs locally on the pfSense system - no cloud required!
It's strange to think that your ISP, DNS provider, Google, Facebook and online marketers may know more than you about the networked devices and traffic patterns inside your organization.
At every step of the Netify development cycle, we have your security and privacy in mind. Deep packet inspection (DPI) sounds intrusive, but it's actually not. Netify typically 'looks' inside only the first 5-10 packets of data. DPI cannot decrypt your encrypted communications. No SSL interception, no certificate deployment headaches, no breaking end-to-end encryption. It provides a balance that gives you the power to manage your network without compromising encryption and security. We encourage you to learn more about Netify's privacy features.
In addition, the underlying netifyd deep packet inspection agent is open source (GitLab), so you can see exactly what metadata is being processed. Feel free to poke around and see what happens under the hood.
What's Free, What's Not
Just to summarize what's free and what's not:
- The underlying netifyd deep packet inspection agent is free, open source, and licensed under the GPLv3.
- The Netify FWA package is free and open source. Enjoy!
- The Netify cloud-based service is a paid subscription service, starting at $25 per month. Subscription levels can be found on Netify's pricing page. Feel free to take a test drive with our no-obligation 7-day free trial.
Installation and Configuration
You can find installation and configuration instructions here: