Download Installation Media¶
Note
Customers who have purchased firewalls pre-loaded with pfSense® Plus software from the Netgate Store can get installation images by contacting Netgate TAC. The Netgate Product Manuals contain specific instructions for each model.
Some Netgate devices can also run Community Edition images, but the pfSense® Plus images offer the best user experience.
For other hardware, continue reading.
Navigate to the download page on pfsense.org in a web browser on a client device.
Warning
Be aware that Safari on macOS will, by default, automatically decompress downloaded files. This will make validating the integrity of the downloaded file impossible as the hashes are made against the compressed versions of the files. Disable this feature before proceeding or use an alternative browser.
Select an Architecture:
- AMD64 (64-bit)
For 64-bit x86-64 Intel or AMD hardware.
- Netgate ADI
For specific firewalls from the Netgate Store, which contain a USB serial console port on
COM2
.
Select an Installer type:
- USB Memstick Installer
A disk image which can be written to a USB memory stick (memstick) and booted on the target hardware for installation.
- DVD Image (ISO) Installer
To install from optical media or for use with IPMI or hypervisors which can boot from ISO images.
Select a Console for USB Memstick Installer images:
- VGA
Installs using a monitor and keyboard connected to the target hardware, or virtual machines with equivalent components.
- Serial
Installs using a serial console on
COM1
of the target hardware. This option requires a non-USB hardware console port.Note
Some hardware contains a usable serial port which is exposed through a special internal USB/Serial connection and dedicated USB console port. This hardware generally works fine, and is not the same as a USB/Serial adapter plugged into a USB port, which will not work for serving a serial console.
Select a Mirror that is close to the client PC geographically.
Click
Download.
Copy or download the SHA-256 sum displayed by the page to verify the download.
Tip
To view a listing of all files on the mirror, do not select any options from the drop-down menus except for Mirror then click Download. Descriptions for the file names are available on the downloads page.
See also
At any point in the installation if something does not go as described, check Troubleshooting Installation Issues.
Verifying the integrity of the download¶
The integrity of the installer image can be verified by comparing a computed hash value of the original downloaded compressed file against a hash computed by Netgate when the files were created. The current hashes use SHA-256.
The SHA-256 sum displayed on the download page is the best source, as it is not
pulled from the same directory as the download images. A file containing the
SHA-256 sum is also available on the mirrors with the same filename as the
chosen installer image, but ending in .sha256
.
Use the accompanying SHA-256 sum from the download site or .sha256
file to
verify that the download successfully completed and is an official release of
pfSense software.
Warning
The SHA-256 sums are computed against the compressed versions of the downloaded files. Compare the hash before decompressing the file.
Safari on macOS will decompress files when downloading by default, making this validation impossible. Disable this feature before downloading or use an alternative browser.
Hash calculation programs vary by operating system, some common examples include:
PowerShell has a built-in cmdlet Get-FileHash
which can compute file
hashes easily without needing to install additional software.
Example:
PS> Get-FileHash -Algorithm SHA256 .\pfSense-CE-2.7.0-RELEASE-amd64.iso.gz
The SHA256 hash in the output can be compared with the contents of the
.sha256
checksum file.
Note
It is also possible to use the Linux sha256sum
command within
Windows Subsystem for Linux, Cygwin, or similar mechanisms.
Alternately, use a GUI-based hash calculation program such as OpenHashTab to compare the value against the provided hash. With OpenHashTab installed, right click on the downloaded file to access the File Hashes tab containing the SHA256 hash, among others.
Tip
If a SHA256 hash is not displayed, right click in the hash view and click Settings, then check the box for SHA256 and click OK.
Use the shasum
command line utility to generate a hash of the
downloaded file.
Example:
shasum -a 256 pfSense-CE-2.7.0-RELEASE-amd64.iso.gz
The generated SHA256 hash can be compared with the contents of the
.sha256
checksum file.
Use the sha256sum
command line utility to generate a hash of the
downloaded file.
sha256sum pfSense-CE-2.7.0-RELEASE-amd64.iso.gz
The generated SHA256 hash can be compared with the contents of the
.sha256
checksum file.
Use the sha256
command line utility to generate a hash of the
downloaded file.
sha256 pfSense-CE-2.7.0-RELEASE-amd64.iso.gz
The generated SHA256 hash can be compared with the contents of the
.sha256
checksum file.