Perform the Installation¶
This section describes the process of installing pfSense® software to a target drive, such as an SSD or HDD. In a nutshell, this involves booting from the installation memstick or CD/DVD disc and then completing the installer.
Note
If the installer encounters an error while trying to boot or install from the installation media, see Troubleshooting Installation Issues.
The following items are requirements to run the installer:
See also
Virtual environments may have additional requirements, see the following documents for examples:
See also
Hangouts Archive also covers a variety of relevant topics.
Booting the Install Media¶
For USB memstick installations, insert the USB memstick and then power on the target system. The BIOS may require the disk to be inserted before the hardware boots.
For DVD installations, power on the hardware then place the CD into an optical drive.
pfSense software will begin to boot and will launch the installer automatically.
Specifying Boot Order in BIOS¶
If the target system will not boot from the USB memstick or CD, the most likely
reason is that the given device was not found early enough in the list of boot
media in the BIOS. Many newer motherboards support a one time boot menu invoked
by pressing a key during POST, commonly Esc or F12.
Failing that, change the boot order in the BIOS. First, power on the hardware and enter the BIOS setup. The boot order option is typically found under a Boot or Boot Priority heading, but it could be anywhere. If support for booting from a USB or optical drive is not enabled, or has a lower priority than booting from a hard drive containing another OS, the hardware will not boot from the installer media. Consult the motherboard manual for more detailed information on altering the boot order.
Installing to the Hard Drive¶
For USB memsticks with a serial console connection, the first prompt will ask
for the terminal type to use for the installer. For PuTTY or GNU screen,
xterm is the best type to use. The following terminal types can be used:
- ansi
Generic terminal with color coding
- vt100
Generic terminal without color, most basic/compatible option, select if no others work
- xterm
X terminal window. Compatible with most modern clients (e.g. PuTTY, screen)
- cons25w
FreeBSD console style terminal
For VGA consoles, cons25w is assumed by the installer.
Once the installer launches, navigating its screens is fairly intuitive, and works as follows:
To select items, use the arrow keys to move the selection focus until the desired item is highlighted.
For installer screens containing a list, use the
upanddownarrow keys to highlight entries in the list. Use theleftandrightarrow keys to highlight the actions at the bottom of the screen such as Select and Cancel.Pressing
Enterselects an option and activates the action associated with that option.
Starting the Installer¶
The installer contents are the same for both console types. The following document walks through the installation process in its entirety.
pfSense Software Default Configuration¶
After installation and interface assignment, pfSense software has the following default configuration:
WAN is configured as an IPv4 DHCP client.
WAN is configured as an IPv6 DHCP client and will request a prefix delegation.
LAN is configured with a static IPv4 address of 192.168.1.1/24.
LAN is configured to use a delegated IPv6 address/prefix obtained by WAN (Track IPv6) if one is available.
All incoming connections to WAN are blocked by the firewall.
All outgoing connections from LAN are allowed by the firewall.
The firewall performs NAT on IPv4 traffic leaving WAN from the LAN subnet
The firewall will act as an IPv4 DHCP Server
The firewall will act as an IPv6 DHCPv6 Server if a prefix delegation was obtained on WAN, and also enables SLAAC
The DNS Resolver is enabled so the firewall can accept and respond to DNS queries.
SSH is disabled.
WebGUI is running on port 443 using HTTPS.
Default credentials are set as described in Default Username and Password.