Netgate is offering COVID-19 aid for pfSense software users, learn more.
Download Installation Media¶
Customers who have purchased firewalls from the Netgate Store can get tuned factory installation images by contacting support. The Netgate Product Manuals contain specific instructions for each model.
For official hardware that no longer has support, or for other hardware, continue reading.
Navigate to www.pfsense.org in a web browser on a client PC.
Select a File Type of Install.
Select an Architecture:
- AMD64 (64-bit)
For 64-bit x86-64 Intel or AMD hardware.
- Netgate ADI
For most of the SG-series firewalls from the Netgate Store, specifically, models which contain a USB console port on COM2.
Select a Platform for a 64-bit install:
- USB Memstick Installer
A disk image which can be written to a USB memory stick (memstick) and booted on the target hardware for installation.
- CD Image (ISO) Installer
To install from optical media or for use with IPMI or hypervisors which can boot from ISO images.
Select a Console for USB Memstick Installer images:
Installs using a monitor and keyboard connected to the target hardware.
Installs using a serial console on COM1 of the target hardware. This option requires a physical console port.
Select a Mirror that is close to the client PC geographically.
Copy the SHA-256 sum displayed by the page to verify the download later.
To view a listing of all files on the mirror, do not select any options from the drop-down menus except for a mirror then click Download.
The file names for pfSense software version 2.4.5-RELEASE are:
- USB Memstick Installer (Netgate ADI)
- USB Memstick Installer (VGA)
- USB Memstick Installer (Serial)
- ISO Image installer
At any point in the installation if something does not go as described, check Installation Troubleshooting.
Verifying the integrity of the download¶
The integrity of the installer image can be verified by comparing a computed hash value of the downloaded file against a hash computed by the pfSense project when the files were originally created. The current hashes provided by the project use SHA-256.
The SHA-256 sum displayed on the download page is the best source, as it is not
pulled from the same directory as the download images. A file containing the
SHA-256 sum is also available on the mirrors with the same filename as the
chosen installer image, but ending in
Use the accompanying SHA-256 sum from the download site or
.sha256 file to
verify that the download successfully completed and is an official release of
The SHA-256 sums are computed against the compressed versions of the downloaded files. Compare the hash before decompressing the file.
Hash verification on Windows¶
Windows users can install HashTab or a similar program to view SHA-256 hashes
for any given file. The generated SHA-256 hash can be compared with the SHA-256
sum from the download site or the contents of the
.sha256 file from the
download server. The
.sha256 file is viewable in any plain text editor such
With HashTab installed, to check the hash of a file:
Right click on the downloaded file.
Click the File Hashes tab. HashTab will take a few moments to calculate the hash.
Hover the mouse over the SHA-256 hash to view the full hash.
Paste the SHA-256 sum from the download site or from the
.sha256file into the Hash Comparison box to automatically check if the hash matches.
Click Cancel to dismiss the file properties dialog without making changes.
If a SHA-256 hash is not displayed in HashTab:
Check the box for SHA-256
Hash verification on BSD and Linux¶
sha256 command comes standard on FreeBSD and many other UNIX and
UNIX-like operating systems. A SHA-256 hash can be generated by running
the following command from within the directory containing the
# sha256 pfSense-CE-memstick-ADI-2.4.4-RELEASE-p3-amd64.img.gz
Compare the resulting hash with the SHA-256 sum displayed on the download site
or the contents of the
.sha256 file downloaded from the pfSense website. GNU
or Linux systems provide a
sha256sum command that works similarly.