Download Installation Media¶

Installation images can be downloaded from the Netgate Store at https://shop.netgate.com/products/netgate-installer using a Netgate Store Account.

Note

The installer is free but uses the Netgate Store to handle the download process.

There are three installation images to support different types of hardware:

AMD64 Memstick (Serial and VGA) for installing via USB media
AMD64 ISO image for installing via IPMI or optical drive
AARCH64 Memstick for installing on 64-bit ARM devices from Netgate, such as the Netgate 1100 and Netgate 2100.

Note

Customers who have purchased firewalls pre-loaded with pfSense Plus software from the Netgate Store already have a Netgate Store Account and access to the Netgate Installer. The Netgate Product Manuals contain specific instructions for each model.

Some Netgate devices can also run Community Edition, but pfSense Plus software offers the best user experience.

For other hardware, continue reading.

Navigate to the Netgate Store in a web browser on a client device.
Login using the Netgate Store Account
Navigate to https://shop.netgate.com/products/netgate-installer
Select an Installation Image:

AMD64 Memstick USB:

For 64-bit x86-64 Intel or AMD hardware to install via USB. This is the correct choice for most Netgate hardware and most third party hardware. This installer works with both serial and VGA consoles. Automatically detects known hardware which uses alternate serial console ports (e.g. Netgate 4200, ADI devices).

AMD64 ISO:

For 64-bit x86-64 Intel or AMD hardware to install via physical or virtual optical drive. This image works well for installing via IPMI and for virtual machines. This installer works with both serial and VGA consoles and like the memstick image, automatically adjusts the console settings to match known devices.

AARCH64 Memstick ARM:

For 64-bit ARM devices from Netgate, such as the Netgate 1100 and Netgate 2100.
Click Add To Cart

The installer is free, but uses the checkout process for delivery.
Click Enter Cart
Complete the checkout process and download the installation image.

Warning

Be aware that Safari on macOS will, by default, automatically decompress downloaded files. This will make validating the integrity of the downloaded file impossible as the hashes are made against the compressed versions of the files. Disable this feature before proceeding or use an alternative browser.

Verifying the integrity of the download¶

The integrity of the installer image can be verified by comparing a computed hash value of the original downloaded compressed file against a hash computed by Netgate when the files were created. The current hashes use SHA-256.

The pfSense Plus Installer Checksums page contains the SHA-256 sum of each current installer image. This is isolated from the image download for extra security. This file is plain text and can be opened in a text editor or viewed in a web browser.

Use the accompanying SHA-256 sum from the checksums page to verify that the download successfully completed and is an official release of pfSense software.

Warning

The SHA-256 sums are computed against the compressed versions of the downloaded files. Compare the hash before decompressing the file.

Safari on macOS will decompress files when downloading by default, making this validation impossible. Disable this feature before downloading or use an alternative browser.

Hash calculation programs vary by operating system, some common examples include:

PowerShell has a built-in cmdlet Get-FileHash which can compute file hashes easily without needing to install additional software.

Example:

PS> Get-FileHash -Algorithm SHA256 .\netgate-installer-amd64.img.gz
Algorithm       Hash                                                            [...]
---------       ----
SHA256          0FEC506A48DE95A698F4DFE531018E1D7F847E440DA64E5482A6EEAC965F6B40

The SHA256 hash in the output can be compared with the value in the contents of the pfSense Plus Installer Checksums page.

Note

It is also possible to use the Linux sha256sum command within Windows Subsystem for Linux, Cygwin, or similar mechanisms.

Alternately, use a GUI-based hash calculation program such as OpenHashTab to compare the value against the provided hash. With OpenHashTab installed, right click on the downloaded file to access the File Hashes tab containing the SHA256 hash, among others.

Tip

If a SHA256 hash is not displayed, right click in the hash view and click Settings, then check the box for SHA256 and click OK.

Use the shasum command line utility to generate a hash of the downloaded file.

Example:

$ shasum -a 256 netgate-installer-amd64.img.gz
0fec506a48de95a698f4dfe531018e1d7f847e440da64e5482a6eeac965f6b40  netgate-installer-amd64.img.gz

The generated SHA256 hash can be compared with the contents of the pfSense Plus Installer Checksums page.

Use the sha256sum command line utility to generate a hash of the downloaded file.

Example:

$ sha256sum netgate-installer-amd64.img.gz
0fec506a48de95a698f4dfe531018e1d7f847e440da64e5482a6eeac965f6b40  netgate-installer-amd64.img.gz

The generated SHA256 hash can be compared with the contents of the pfSense Plus Installer Checksums page.

Use the sha256 command line utility to generate a hash of the downloaded file.

Example:

$ sha256 netgate-installer-amd64.img.gz
SHA256 (netgate-installer-amd64.img.gz) = 0fec506a48de95a698f4dfe531018e1d7f847e440da64e5482a6eeac965f6b40

The generated SHA256 hash can be compared with the contents of the pfSense Plus Installer Checksums page.