Download Installation Media¶
Customers who have purchased firewalls pre-loaded with pfSense® Plus software from the Netgate Store can get installation images by contacting Netgate TAC. The Netgate Product Manuals contain specific instructions for each model.
Some Netgate devices can also run Community Edition images, but the pfSense® Plus images offer the best user experience.
For other hardware, continue reading.
Navigate to the download page on pfsense.org in a web browser on a client PC.
Select an Architecture:
- AMD64 (64-bit)
For 64-bit x86-64 Intel or AMD hardware.
- Netgate ADI
For specific firewalls from the Netgate Store, which contain a USB serial console port on
Select an Installer type:
- USB Memstick Installer
A disk image which can be written to a USB memory stick (memstick) and booted on the target hardware for installation.
- DVD Image (ISO) Installer
To install from optical media or for use with IPMI or hypervisors which can boot from ISO images.
Select a Console for USB Memstick Installer images:
Installs using a monitor and keyboard connected to the target hardware, or virtual machines with equivalent components.
Installs using a serial console on
COM1of the target hardware. This option requires a non-USB hardware console port.
Some hardware contains a usable serial port which is exposed through a special internal USB/Serial connection and dedicated USB console port. This hardware generally works fine, and is not the same as a USB/Serial adapter plugged into a USB port, which will not work for serving a serial console.
Select a Mirror that is close to the client PC geographically.
Copy or download the SHA-256 sum displayed by the page to verify the download.
To view a listing of all files on the mirror, do not select any options from the drop-down menus except for Mirror then click Download. Descriptions for the file names are available on the downloads page.
At any point in the installation if something does not go as described, check Troubleshooting Installation Issues.
Verifying the integrity of the download¶
The integrity of the installer image can be verified by comparing a computed hash value of the original downloaded file against a hash computed by Netgate when the files were originally created. The current hashes use SHA-256.
The SHA-256 sum displayed on the download page is the best source, as it is not
pulled from the same directory as the download images. A file containing the
SHA-256 sum is also available on the mirrors with the same filename as the
chosen installer image, but ending in
Use the accompanying SHA-256 sum from the download site or
.sha256 file to
verify that the download successfully completed and is an official release of
The SHA-256 sums are computed against the compressed versions of the downloaded files. Compare the hash before decompressing the file.
Hash calculation programs vary by operating system, some common examples include: