Perform the Installation¶
This section describes the process of installing pfSense® software to a target drive, such as an SSD or HDD. In a nutshell, this involves booting from the installation memstick or CD/DVD disc and then completing the installer.
If the installer encounters an error while trying to boot or install from the installation media, see Troubleshooting Installation Issues.
The following items are requirements to run the installer:
Virtual environments may have additional requirements, see the following documents for examples:
Hangouts Archive also covers a variety of relevant topics.
Booting the Install Media¶
For USB memstick installations, insert the USB memstick and then power on the target system. The BIOS may require the disk to be inserted before the hardware boots.
For CD/DVD installations, power on the hardware then place the CD into an optical drive.
pfSense will begin to boot and will launch the installer automatically.
Specifying Boot Order in BIOS¶
If the target system will not boot from the USB memstick or CD, the most likely
reason is that the given device was not found early enough in the list of boot
media in the BIOS. Many newer motherboards support a one time boot menu invoked
by pressing a key during POST, commonly
Failing that, change the boot order in the BIOS. First, power on the hardware and enter the BIOS setup. The boot order option is typically found under a Boot or Boot Priority heading, but it could be anywhere. If support for booting from a USB or optical drive is not enabled, or has a lower priority than booting from a hard drive containing another OS, the hardware will not boot from the installer media. Consult the motherboard manual for more detailed information on altering the boot order.
Installing to the Hard Drive¶
For USB memsticks with a serial console connection, the first prompt will ask
for the terminal type to use for the installer. For PuTTY or GNU screen,
xterm is the best type to use. The following terminal types can be used:
Generic terminal with color coding
Generic terminal without color, most basic/compatible option, select if no others work
X terminal window. Compatible with most modern clients (e.g. PuTTY, screen)
FreeBSD console style terminal
For VGA consoles,
cons25w is assumed by the installer.
To accept all of the defaults and use a typical installation, press
Enter at each prompt until the installer finishes.
Once the installer launches, navigating its screens is fairly intuitive, and works as follows:
To select items, use the arrow keys to move the selection focus until the desired item is highlighted.
For installer screens containing a list, use the
downarrow keys to highlight entries in the list. Use the
rightarrow keys to highlight the actions at the bottom of the screen such as Select and Cancel.
Enterselects an option and activates the action associated with that option.
Starting the Installer¶
The installer contents are the same for both console types. The following document walks through the installation process in its entirety.
pfSense Default Configuration¶
After installation and interface assignment, pfSense has the following default configuration:
WAN is configured as an IPv4 DHCP client.
WAN is configured as an IPv6 DHCP client and will request a prefix delegation.
LAN is configured with a static IPv4 address of 192.168.1.1/24.
LAN is configured to use a delegated IPv6 address/prefix obtained by WAN (Track IPv6) if one is available.
All incoming connections to WAN are blocked by the firewall.
All outgoing connections from LAN are allowed by the firewall.
The firewall performs NAT on IPv4 traffic leaving WAN from the LAN subnet
The firewall will act as an IPv4 DHCP Server
The firewall will act as an IPv6 DHCPv6 Server if a prefix delegation was obtained on WAN, and also enables SLAAC
The DNS Resolver is enabled so the firewall can accept and respond to DNS queries.
SSH is disabled.
WebGUI is running on port 443 using HTTPS.
Default credentials are set to a username of