Important

Netgate is offering COVID-19 aid for pfSense software users, learn more.

General Configuration Options

System > General Setup contains options which set basic configuration items for pfSense® software. A few of these options are also found in the Setup Wizard.

Hostname

The Hostname is the short name for this firewall, such as firewall1, hq-fw, or site1. The name must start with a letter and it may contain only letters, numbers, or a hyphen.

Domain

The Domain name for this firewall, e.g. example.com . If this network does not have a domain, use <something>.localdomain, where <something> is another identifier: a company name, last name, nickname, etc. For example, company.localdomain

The Hostname and Domain name are combined to make up the Fully Qualified Domain Name (FQDN) of this firewall. For example, if the Hostname is fw1 and the Domain is example.com, then the FQDN is fw1.example.com.

DNS Server Settings

Options in this section control how the firewall resolves hostnames using DNS.

Note

The DNS Resolver is active by default and uses resolver mode (DNS Resolver). When set this way the DNS Resolver does not need forwarding DNS servers as it will communicate directly with root DNS servers and other authoritative DNS servers.

To use the servers in this list, switch the DNS resolver to forwarding mode. The DNS Forwarder (DNS Forwarder) only supports forwarding mode and will always use the servers from this list.

DNS Servers

This page supports multiple DNS servers managed as a list. To add more DNS servers, click fa-plus Add DNS Server. To remove an entry from the list click fa-trash Delete.

The DNS server list may be left blank if the DNS Resolver will remain active using its default settings. If this firewall has a dynamic WAN type such as DHCP, PPTP or PPPoE these may be automatically assigned by the ISP and can also be left blank.

Each DNS server entry has the following properties:

DNS Server Address

The IP address of the DNS Server.

DNS Server Hostname

The FQDN of the DNS server, used to validate DNS server certificates when using DNS over TLS (DNS Resolver).

DNS Server Gateway

The gateway through which the firewall will reach this DNS server.

This is useful in a Multi-WAN scenario where, ideally, the firewall will have at least one DNS server configured per WAN. More information on DNS for Multi- WAN can be found in DNS Servers and Static Routes.

DNS Resolution Behavior

These options fine tune the way the firewall utilizes DNS servers.

DNS Server Override

When checked, a dynamic WAN ISP can supply DNS servers which override those set manually. To force the use of only the DNS servers on this page, uncheck this option. This does not apply to the DNS Resolver when acting in resolver mode.

Disable DNS Forwarder

By default, the firewall will consult the DNS Resolver or DNS Forwarder running on this firewall to resolve hostnames for itself. It does this by listing localhost (127.0.0.1) as its first DNS server internally. Activating this option disables this behavior, forcing the firewall to use the DNS servers configured above instead of itself.

Localization

Options in this section control the firewall’s clock display and language.

Time Zone

The time zone used by the firewall for its clock. Choose a geographically named zone which best matches location of this firewall, or a common zone such as UTC. The firewall clock, log entries, and other areas of the firewall base their time on this zone. Changing the zone requires a reboot to fully activate the new zone in all areas of the firewall.

Time Servers

Network Time Protocol (NTP) server hostnames or IP addresses. Unless a specific NTP server is required, such as one on LAN, the best practice is to leave the Time Servers value at the default 0.pfsense.pool.ntp.org. This value will pick random servers from a pool of known-good NTP hosts.

To utilize multiple time servers or pools, add them in the same box, separating each entry by a space. For example, to use three NTP servers from the pool, enter:

0.pfsense.pool.ntp.org 1.pfsense.pool.ntp.org 2.pfsense.pool.ntp.org

This numbering is specific to how .pool.ntp.org operates and ensures each address is drawn from a unique pool of NTP servers so the same server does not get used twice.

Language

The language used by the GUI. The GUI has been translated into multiple languages in addition to the default English language.

webConfigurator

Options in this section control various aspects of GUI behavior.

Theme

The Theme controls the look and feel of the GUI. Several themes are included in the base system, and they only make cosmetic not functional changes to the WebGUI.

Top Navigation

This option controls the behavior of the menu bar at the top of each page. There are two possible choices:

Scrolls with page

The default behavior. When the page scrolls, the navigation remains at the top of the page, so it is no longer visible as it scrolls off the top of the window. This is the best option for most situations.

Fixed

When selected, the navigation remains fixed at the top of the window, always visible and available for use. This behavior can be convenient, but on smaller screens such as tablets and mobile devices, long menus can be cut off, leaving options at the bottom unreachable.

Hostname in Menu

When set, the GUI includes the firewall Hostname or Fully Qualified Domain Name in the menu bar for reference. This can aid when maintaining multiple firewalls, making it easier to distinguish them without looking at the browser title or tab text.

Dashboard Columns

The dashboard is limited to 2 columns by default. On wider displays, additional columns can make better use of horizontal screen space. The maximum number of columns is 4.

Interfaces Sort

When unset (default), the GUI presents interfaces in their natural order from the configuration. This is critical for functions such as High Availability which require specific interface ordering. When this option is set, the GUI sorts the interface list alphabetically.

Associated Panels Show/Hide

Some GUI pages contain collapsible panels with settings or functions. These panels take up extra screen space, so they are hidden by default. For firewall administrators who use the panels frequently, this can be slow and inefficient. The options in this group make the GUI show these panels by default instead of hiding them.

Available Widgets

Controls the Available Widgets panel on the Dashboard.

Log Filter

Controls the log filtering (fa-filter) panel used for searching log entries under Status > System Logs.

Manage Log

Controls the per-log settings in the Manage Log (fa-wrench) panel available for each log under Status > System Logs.

Monitoring Settings

Controls the options panel used to change the graphs at Status > Monitoring.

Require State Filter

When set, the state table contents at Diagnostics > States are suppressed by the GUI unless a filter string is present. This helps the GUI handle large state tables which otherwise may fail to load.

Left Column Labels

When checked, the option labels in the left column are set to toggle options when clicked. This can be convenient if the firewall administrator is used to the behavior, but it can also be problematic on mobile or in cases when the behavior is unexpected.

Alias Popups

When set, the tooltip presented by the GUI when hovering over an alias in a rule list only shows the alias description. When unset, the contents of the alias are included in the tooltip. For firewalls with large aliases, this may cause performance or browser rendering issues.

Disable Dragging

When set, the GUI disables drag-and-drop on rule lists. Most users find drag-and-drop to be convenient and beneficial, thus the feature is enabled by default. Users who find the behavior undesirable can set this option.

Login Page Color

Controls the color of the login page, which is independent of the theme.

Login Hostname

When set, the GUI includes the hostname on the login form. This can be considered a security risk since it exposes information about the firewall to users who have not yet authenticated. If the firewall GUI is only reachable by authorized management clients, the convenience may outweigh the potential risk.