pfSense removes layer 7 support and recommends Snort

  You’re not part of me anymore!

You’re not part of me anymore!

In 2016, pfSense announced that it has removed Layer 7 support from its system as of version 2.3.

From pfSense website
"pfSense used to contain a Layer 7 classifier, ipfw-classifyd, but it has been removed. It was non-functional on pfSense 2.2.x and removed entirely from pfSense 2.3 because it was not feasible to fix. L7 classification consumed large amounts of CPU and rarely had the intended effect, and it was a rarely used feature even when it did function."

The recommendation from pfSense is to use Snort but this can be quite difficult and expensive (time wise) to setup and maintain, especially across multiple locations or customers. If you are game to try to configure Snort on pfSense, this installation guide may help. 

Now for the Sinefa plug :)

If Snort won’t do it for you or you are looking for the easiest solution on the planet to get layer 7 application visibility and control, that not only works on internet (where the firewall typically sits) but also the WAN, then check out the solution from and take advantage of our free trial. Sinefa is so simple and fast to get going and won’t cost you the Earth.

It's about time network visibility and control was made this simple.