Perform the Installation

This section describes the process of installing pfSense® software to a target drive, such as an SSD or HDD. In a nutshell, this involves booting from the installation memstick or CD/DVD disc and then completing the installer.

Note

If the installer encounters an error while trying to boot or install from the installation media, see Troubleshooting Installation Issues.

The following items are requirements to run the installer:

See also

Virtual environments may have additional requirements, see the following documents for examples:

See also

Hangouts Archive also covers a variety of relevant topics.

Booting the Install Media

For USB memstick installations, insert the USB memstick and then power on the target system. The BIOS may require the disk to be inserted before the hardware boots.

For CD/DVD installations, power on the hardware then place the CD into an optical drive.

pfSense will begin to boot and will launch the installer automatically.

Specifying Boot Order in BIOS

If the target system will not boot from the USB memstick or CD, the most likely reason is that the given device was not found early enough in the list of boot media in the BIOS. Many newer motherboards support a one time boot menu invoked by pressing a key during POST, commonly Esc or F12.

Failing that, change the boot order in the BIOS. First, power on the hardware and enter the BIOS setup. The boot order option is typically found under a Boot or Boot Priority heading, but it could be anywhere. If support for booting from a USB or optical drive is not enabled, or has a lower priority than booting from a hard drive containing another OS, the hardware will not boot from the installer media. Consult the motherboard manual for more detailed information on altering the boot order.

Installing to the Hard Drive

For USB memsticks with a serial console connection, the first prompt will ask for the terminal type to use for the installer. For PuTTY or GNU screen, xterm is the best type to use. The following terminal types can be used:

ansi

Generic terminal with color coding

vt100

Generic terminal without color, most basic/compatible option, select if no others work

xterm

X terminal window. Compatible with most modern clients (e.g. PuTTY, screen)

cons25w

FreeBSD console style terminal

For VGA consoles, cons25w is assumed by the installer.

Note

To accept all of the defaults and use a typical installation, press Enter at each prompt until the installer finishes.

Once the installer launches, navigating its screens is fairly intuitive, and works as follows:

  • To select items, use the arrow keys to move the selection focus until the desired item is highlighted.

  • For installer screens containing a list, use the up and down arrow keys to highlight entries in the list. Use the left and right arrow keys to highlight the actions at the bottom of the screen such as Select and Cancel.

  • Pressing Enter selects an option and activates the action associated with that option.

Starting the Installer

The installer contents are the same for both console types. The following document walks through the installation process in its entirety.

pfSense Default Configuration

After installation and interface assignment, pfSense has the following default configuration:

  • WAN is configured as an IPv4 DHCP client.

  • WAN is configured as an IPv6 DHCP client and will request a prefix delegation.

  • LAN is configured with a static IPv4 address of 192.168.1.1/24.

  • LAN is configured to use a delegated IPv6 address/prefix obtained by WAN (Track IPv6) if one is available.

  • All incoming connections to WAN are blocked by the firewall.

  • All outgoing connections from LAN are allowed by the firewall.

  • The firewall performs NAT on IPv4 traffic leaving WAN from the LAN subnet

  • The firewall will act as an IPv4 DHCP Server

  • The firewall will act as an IPv6 DHCPv6 Server if a prefix delegation was obtained on WAN, and also enables SLAAC

  • The DNS Resolver is enabled so the firewall can accept and respond to DNS queries.

  • SSH is disabled.

  • WebGUI is running on port 443 using HTTPS.

  • Default credentials are set to a username of admin with password pfsense.