Perform the Installation

This section describes the process of installing pfSense® software to a target drive, such as an SSD or HDD. In a nutshell, this involves booting from the installation memstick, ISO, or optical disc and then completing the installer.

This procedure uses the Netgate Installer.

Note

If the installer encounters an error while trying to boot or install from the installation media, see Troubleshooting Installation Issues.

Prerequisites

The following items are requirements to run the installer:

• Download Installation Media

• Prepare Installation Media

• Connect to the Console

• A network connection capable of reaching the Internet

  This installer is an online installer and requires Internet connectivity to download installation data from Netgate servers. Currently the installer supports DHCP, static IP address, and PPPoE configurations. Connect the WAN port of the device into a live network connection supporting one of those connectivity types.

See also

Virtual environments may have additional requirements, see the following documents for examples:

• Virtualizing with Proxmox® VE

• Virtualizing pfSense Software with Hyper-V

• Virtualizing pfSense Software with VMware vSphere / ESXi

See also

Hangouts Archive also covers a variety of relevant topics.

Booting the Install Media

For USB memstick installations, insert the USB memstick and then power on the target system. The BIOS may require the disk to be inserted before the hardware boots.

For DVD installations, power on the hardware then place the CD into an optical drive.

Certain systems may need to be nudged to boot from the installer image in different ways. Typically this involves hitting a hotkey during boot to bring up a boot menu, going into the BIOS to pick a boot device, or invoking a special command from a BIOS prompt.

Consult the Netgate Product Manuals for information on booting install media on various Netgate hardware. For third party hardware, check with the OEM.

Once the device boots from the install media, the installer will launch automatically.

Specifying Boot Order in BIOS

If the target system will not boot from the USB memstick or CD, the most likely reason is that the given device was not found early enough in the list of boot media in the BIOS. Many newer motherboards support a one time boot menu invoked by pressing a key during POST, commonly Esc or F12.

Failing that, change the boot order in the BIOS. First, power on the hardware and enter the BIOS setup. The boot order option is typically found under a Boot or Boot Priority heading, but it could be anywhere. If support for booting from a USB or optical drive is not enabled, or has a lower priority than booting from a hard drive containing another OS, the hardware will not boot from the installer media. Consult the motherboard manual for more detailed information on altering the boot order.

Installing to the Target Drive

Serial Console Terminal Type

For installations using a serial console connection, the first prompt will ask for the terminal type to use for the installer. For PuTTY or GNU screen, xterm is the best type to use. The following terminal types can be used:

ansi:

Generic terminal with color coding

vt100:

Generic terminal without color, most basic/compatible option, select if no others work

xterm:

X terminal window. For modern terminal clients such as GNU screen, PuTTY, SecureCRT, Tabby, and other similar clients the xterm choice is most likely to produce the best looking output.

cons25w:

FreeBSD console style terminal

The installer assumes cons25w for VGA consoles.

Navigating the Installer

Once the installer launches, navigating its screens works as follows:

• To select items, use the arrow keys to move the selection focus until the desired item is highlighted.

• For installer screens containing a list, use the up and down arrow keys to highlight entries in the list.

• Use the left and right arrow keys to highlight an action button at the bottom of the screen such as Select and Cancel.

• Pressing Enter activates the selected action on the selected entry.

Performing the Installation

The installer contents are the same for both console types. The following document walks through the installation process in its entirety.

• Installation Walkthrough

pfSense Software Default Configuration

After installation and interface assignment, pfSense software has the following default configuration:

• WAN is configured as an IPv4 DHCP client.

• WAN is configured as an IPv6 DHCP client and will request a prefix delegation.

• LAN is configured with a static IPv4 address of 192.168.1.1/24.

• LAN is configured to use a delegated IPv6 address/prefix obtained by WAN (Track IPv6) if one is available.

• All incoming connections to WAN are blocked by the firewall.

• All outgoing connections from LAN are allowed by the firewall.

• The firewall performs NAT on IPv4 traffic leaving WAN from the LAN subnet

• The firewall will act as an IPv4 DHCP Server

• The firewall will act as an IPv6 DHCPv6 Server if a prefix delegation was obtained on WAN, and also enables SLAAC

• The DNS Resolver is enabled so the firewall can accept and respond to DNS queries.

• SSH is disabled.

• WebGUI is running on port 443 using HTTPS.

• Default credentials are set as described in Default Username and Password.