Installation & Setup of pfSense for Home and Business
The installation of pfSense® is fairly straightforward. In most scenarios the default selections are used. To configure pfsense we start off by making sure we have a current version of the software to install.
Step 1 – Download Media
To download the latest installation software, visit https://www.pfSense.org/download/. The file type we are going to use for this setup is ‘Install’. The architecture is ‘AMD64 (64-bit)’. Next choose the media platform to install. The two main choices are ‘USB Memstick Installer’ or ‘CD Image (ISO) Installer’. Pick your closest location and hit the Download button.
Step 2 – Creating Boot Media:
NOTE: the steps outlined below can be done on Windows 7-10 and are similar for each Operating System.
Creating the install media from Windows, there are two options.
Option1: Creating an install CD from the ISO image
- In order to make a CD from the ISO image, you must first unzip the file. You can use a zip tool like 7Zip (http://www.7-zip.org/download.html) to do this.
- Once 7Zip is installed, right click on the unzipped download > select 7-Zip > Extract Here
- With a blank disc in the drive, right click the unzipped ISO file > Select ‘Burn Disc Image’
Option2: Create a pfSense® ISO to USB bootable image
- To make a bootable USB drive, I use a tool called Rufus; it’s fast and does not require being installed on your computer system. It can be downloaded from here (https://rufus.akeo.ie). NOTE: Use a USB stick that does not have important information on it; as any data will be wiped with the install process
- With your target USB Drive inserted in the system, open Rufus and select ‘Quick Format’ & ‘Create a bootable disc using DD Image’
- Click the disc icon to select the download file > click Open > Click Start
Step 3 – Performing a Full Install
Now that we have our installation media all ready, it’s time to start the install process. Power on your system and make sure your media is connected
The installation of pfSense® is done through a text-based menu. You’ll be presented with a default start screen shown here. It will countdown to auto boot into the installation screen
The next screen shows an option to use a different font, screenmap, or keymap if needed.
Most will not need to change anything unless using an international keyboard. We won’t be doing any changes here so we’ll select the bottom option ‘Accept these settings’
The next screen shows some installation options, choose ‘Quick/Easy Install’
The next screen asks to agree with the configured options and to proceed with the install > Click ‘OK’
Sit back for a few minutes while pfSense® is installed onto your system
During the final part of the install, there will be an option screen to choose which type of kernel to use.
Standard = A Keyboard & Video Monitor connected to your system
Embedded = No monitor or keyboard is connected to the system (Serial Console)
Choose ‘Standard Kernel’ if you will have a monitor and keyboard connected
Step 4 – Remove Media & Reboot
Now reboot the system. Be sure to remove the install media from the system prior to reboot. Click ‘Reboot’
Step 5 – Set WAN & LAN Interface
After the system reboots, it will load into the last part of our text-based menu options. We will then be able to use the Web interface for all other options.
In the screen below, pfSense® recognizes 2 network cards.
xn0 is Network Interface Card 1
xn1 is Network Interface Card 2
Select ‘n’ for No VLAN setup, (VLAN’s can be configured later in the Web Interface)
In most situations, it is easiest to set the first network card as the WAN and the second for the LAN. If you have additional network cards installed, they can be setup later in the web interface.
For simplicity I’ll set the following:
xn0 = WAN
- Type xn0 and press Enter
xn1 = LAN
- Type xn1 and press Enter
Press Enter for nothing (Optional interfaces can be configured later in the Web Interface)
Proceed with Installation
- Type y and press Enter to save configuration
Console Main option Page
- As you can see, the WAN is defaults to DHCP and has received an IP from my upstream pfSense® firewall.
- The default IP for the LAN is 192.168.1.1
Your LAN setup needs to use an RFC1918 private IP address. You can learn more about that here (https://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces). By default the LAN will configure itself to 192.168.1.1.
- Home Setup: I recommend changing this to something less common
- (i.e. 192.168.150.1/24)
- Business Setup: Change it to your company subnet
- (i.e. 10.25.50.1/24; 172.25.50.1/24)
Change LAN IP
Press ‘2’ and Enter; the press ‘2’ again
Enter IP of LAN (i.e. 172.25.50.1) and Subnet Mask (24=255.255.255.0) and press Enter
Press Enter again for no Upstream WAN gateway
Press Enter again for no IPv6
Select ‘y’ for setting up DHCP on the LAN
Enter start Range (i.e. 172.25.50.100)
Enter End Range (i.e. 172.25.50.150)
Select ‘n’ for setting HTTP as the web configurator (this keeps the web connection as secure HTTPS)
This now shows the new LAN IP
Press Enter to Continue to main Console screen.
The pfSense® LAN web interface can now be accessed using https://172.25.50.1 from your web browser.
This concludes the installation portion of the setup. We can now proceed to configure everything else from the web interface.