Netgate has released pfSense Plus 26.03, a major update to its firewall and routing platform that brings over 40 improvements focused on performance, security, and automation. The update includes significant WebGUI optimizations that improve interface responsiveness, along with enhanced SSH security through post-quantum key exchange algorithms and stronger encryption defaults.
The new release introduces automatic certificate renewal for self-signed TLS certificates and those signed by internal certificate authorities, with the feature enabled by default for GUI certificates. Weak TLS server certificates below 2048 bits are now deprecated, and the system will automatically regenerate stronger certificates during the upgrade process if needed. The update also makes the System Patches package available by default, allowing users to apply official security patches and bug fixes between major releases.
Netgate is also announcing a long-term architectural shift away from its PHP-based backend to a modern Go-based platform. The new architecture, already powering the UI in the Nexus Controller, promises significant performance improvements and includes a full-featured API. The rewrite will enable native Linux support and cross-platform compatibility for future pfSense releases.
Existing pfSense Plus users can upgrade through the web interface by navigating to System > Update and selecting the 26.03 branch. New installations require Netgate Installer version 1.1.1 or later. Detailed upgrade documentation and troubleshooting guides are available on the pfSense documentation site.
