Download Installation Media

Note

Customers who have purchased firewalls pre-loaded with pfSense® Plus software from the Netgate Store can get installation images by contacting Netgate TAC. The Netgate Product Manuals contain specific instructions for each model.

Some Netgate devices can also run Community Edition images, but the pfSense® Plus images offer the best user experience.

For other hardware, continue reading.

  • Navigate to the download page on pfsense.org in a web browser on a client device.

    Warning

    Be aware that Safari on macOS will, by default, automatically decompress downloaded files. This will make validating the integrity of the downloaded file impossible as the hashes are made against the compressed versions of the files. Disable this feature before proceeding or use an alternative browser.

  • Select an Architecture:

    AMD64 (64-bit)

    For 64-bit x86-64 Intel or AMD hardware.

    Netgate ADI

    For specific firewalls from the Netgate Store, which contain a USB serial console port on COM2.

  • Select an Installer type:

    USB Memstick Installer

    A disk image which can be written to a USB memory stick (memstick) and booted on the target hardware for installation.

    DVD Image (ISO) Installer

    To install from optical media or for use with IPMI or hypervisors which can boot from ISO images.

  • Select a Console for USB Memstick Installer images:

    VGA

    Installs using a monitor and keyboard connected to the target hardware, or virtual machines with equivalent components.

    Serial

    Installs using a serial console on COM1 of the target hardware. This option requires a non-USB hardware console port.

    Note

    Some hardware contains a usable serial port which is exposed through a special internal USB/Serial connection and dedicated USB console port. This hardware generally works fine, and is not the same as a USB/Serial adapter plugged into a USB port, which will not work for serving a serial console.

  • Select a Mirror that is close to the client PC geographically.

  • Click fa-download Download.

  • Copy or download the SHA-256 sum displayed by the page to verify the download.

Tip

To view a listing of all files on the mirror, do not select any options from the drop-down menus except for Mirror then click Download. Descriptions for the file names are available on the downloads page.

See also

At any point in the installation if something does not go as described, check Troubleshooting Installation Issues.

Verifying the integrity of the download

The integrity of the installer image can be verified by comparing a computed hash value of the original downloaded compressed file against a hash computed by Netgate when the files were created. The current hashes use SHA-256.

The SHA-256 sum displayed on the download page is the best source, as it is not pulled from the same directory as the download images. A file containing the SHA-256 sum is also available on the mirrors with the same filename as the chosen installer image, but ending in .sha256.

Use the accompanying SHA-256 sum from the download site or .sha256 file to verify that the download successfully completed and is an official release of pfSense software.

Warning

The SHA-256 sums are computed against the compressed versions of the downloaded files. Compare the hash before decompressing the file.

Safari on macOS will decompress files when downloading by default, making this validation impossible. Disable this feature before downloading or use an alternative browser.

Hash calculation programs vary by operating system, some common examples include:

Windows

macOS

Linux

FreeBSD

PowerShell has a built-in cmdlet Get-FileHash which can compute file hashes easily without needing to install additional software.

Example:

PS> Get-FileHash -Algorithm SHA256 .\pfSense-CE-2.7.0-RELEASE-amd64.iso.gz

The SHA256 hash in the output can be compared with the contents of the .sha256 checksum file.

Note

It is also possible to use the Linux sha256sum command within Windows Subsystem for Linux, Cygwin, or similar mechanisms.

Alternately, use a GUI-based hash calculation program such as OpenHashTab to compare the value against the provided hash. With OpenHashTab installed, right click on the downloaded file to access the File Hashes tab containing the SHA256 hash, among others.

Tip

If a SHA256 hash is not displayed, right click in the hash view and click Settings, then check the box for SHA256 and click OK.

Use the shasum command line utility to generate a hash of the downloaded file.

Example:

shasum -a 256 pfSense-CE-2.7.0-RELEASE-amd64.iso.gz

The generated SHA256 hash can be compared with the contents of the .sha256 checksum file.

Use the sha256sum command line utility to generate a hash of the downloaded file.

sha256sum pfSense-CE-2.7.0-RELEASE-amd64.iso.gz

The generated SHA256 hash can be compared with the contents of the .sha256 checksum file.

Use the sha256 command line utility to generate a hash of the downloaded file.

sha256 pfSense-CE-2.7.0-RELEASE-amd64.iso.gz

The generated SHA256 hash can be compared with the contents of the .sha256 checksum file.