Netify for pfSense


Netify is designed to run in tight spaces, so the memory requirements are modest and generally not a concern for pfSense deployments. As for CPU, the underlying Netify deep packet inspection engine requires about the same amount of horsepower as an intrusion detection/prevention system - the busier the network, the more CPU cycles required.
Netify on Firewalls and Routers


pfSense 2.4.x on AMD64 (x86-64)

Up-to-date Netify packages are maintained in our pfSense repository. To install Netify, run:

curl | sh

pfSense 2.4.x on AArch64 (Netgate SG-1100 and SG-2100)

pkg add
cp /usr/local/etc/netifyd.conf.sample /usr/local/etc/netifyd.conf
cp /usr/local/etc/netify.d/netify-sink.conf.sample /usr/local/etc/netify.d/netify-sink.conf
service netifyd onerestart
curl -o /usr/local/share/netifyd/
chmod 755 /usr/local/share/netifyd/
curl -o /etc/cron.d/netifyd
service cron restart

pfSense 2.4.x on ARM (SG-3100)

pkg add
curl -o /usr/local/share/netifyd/
chmod 755 /usr/local/share/netifyd/
curl -o /etc/cron.d/netifyd
service cron restart

pfSense 2.5.x on AMD64 (x86-64)

pfSense 2.5.x is a development release, so please use it with caution. To install Netify, run:

curl | sh

pfSense 2.5.x on ARM (Netgate SG-1100, SG-2100 and SG-3100 appliances)

Sorry, we do not support other pfSense 2.5.x variants.

pfSense 2.6.x on AMD64 (x86-64)

To install Netify, run:

pkg add


Netify will automatically detect the network interfaces and roles defined in pfSense.


With the installation and setup completed, you can now start and enable Netify:

netifyd --enable-sink
service netifyd enabled
service netifyd onestart  # if not running


With the Netify service installed, configured and running, it is time to provision your unique install. You will first need to fetch the provision code from your Netify Agent install using the following command:

# netifyd -p

Once you have the provisioning code, you will need to create a Netify account (if you don't have one already) and run through the simple provisioning wizard. Once complete, metadata and analysis will start to be available in under a minute.

Provision Agent

Uninstall/Remove Netify

pfSense on AMD64 (x86-64)

Uninstall Netify and Netify FWA

To remove Netify from your installation, use the command line. For pfSense 2.4.x and 2.5.x, Netify has a few package dependencies that are installed during installation but are not removed by default as you could inadvertently remove packages that share these requirements. If you absolutely need to remove all packages that were pulled in during the Netify install, a list of packages that Netify requires is listed below:

  • libunwind
  • google-perftools
  • python36

To uninstall Netify on 2.4.x and 2.5.x, run:

pkg remove pfSense-pkg-netify-fwa pfSense-pkg-netify netifyd

To uninstall Netify on 2.6.x, run:

pkg remove netifyd

pfSense on ARM (Netgate SG-1100, SG-2100 and SG-3100 appliances)

To uninstall Netify, run:

pkg remove netifyd
rm /etc/cron.d/netifyd
service cron restart

What is pfSense


pfSense is an open source, FreeBSD-based firewall and routing software solution that can be installed on commodity hardware or found pre-installed on Netgate appliances. The pfSense software provides similar functionality to common commercial firewalls. The solution has successfully replaced numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more.

pfSense features include:

  • Web-based Interface
  • Firewall
  • VPN
  • Captive Portal
  • Traffic Shaping/QoS
  • High Availability
  • Load Balancing
  • and more