Comprehensive pfSense Setup Guide

Welcome to Artiste1.com's detailed guide on setting up pfSense.
This guide expands on our pfSense Setup Checklist, providing in-depth explanations and instructions.

1. Pre-Installation

1.1 Verify Hardware Compatibility

pfSense can run on a variety of hardware, but it's crucial to ensure your system meets the minimum requirements:

• 64-bit capable CPU (x86-64)
• 1GB+ RAM
• 8GB+ storage (SSD recommended)
• At least two network interfaces

Note: For production environments or networks with high throughput, consider using more powerful hardware.

1.2 Download Latest pfSense ISO

Visit the official pfSense website to download the latest version of pfSense CE (Community Edition).

1.3 Prepare Bootable Media

Create a bootable USB drive using tools like Rufus (Windows) or dd (Linux/macOS).

# For Linux/macOS (replace sdX with your USB device):
dd if=pfSense-CE-2.X.X-RELEASE-amd64.iso of=/dev/sdX bs=4M status=progress
  

2. Installation

2.1 Boot from Installation Media

Insert your bootable media and boot from it. You may need to adjust your BIOS/UEFI settings to prioritize USB boot.

2.2 Create Partitions (if custom setup)

For most setups, the default partitioning scheme works well. If you need a custom setup:

1. Choose "Shell" from the installer menu
2. Use gpart to create your desired partitioning scheme
3. Exit the shell and continue with the installation

2.3 Install pfSense

Follow the on-screen prompts to install pfSense. Key steps include:

1. Accept the copyright and distribution notice
2. Choose "Install pfSense"
3. Select your keyboard layout
4. Choose automatic (UFS) partitioning for most setups
5. Wait for the installation to complete

2.4 Reboot System

After installation, the system will prompt you to reboot. Remove the installation media before rebooting.

3. Initial Configuration

3.1 Assign Interfaces

On first boot, pfSense will prompt you to assign interfaces:

1. Identify which NIC is connected to your WAN (usually the first one detected)
2. Assign this as your WAN interface
3. Assign the next detected NIC as your LAN interface
4. Optionally assign additional interfaces if you have them

3.2 Set LAN IP Address

By default, the LAN interface is set to 192.168.1.1. You can change this if needed:

1. Choose option 2 from the console menu
2. Select the LAN interface
3. Enter your desired IP address and subnet mask

3.3 Configure DHCP Server for LAN

pfSense automatically configures a DHCP server for the LAN. You can adjust this later in the web interface if needed.

4. Web Configurator Setup

4.1 Log into Web Configurator

From a computer on the LAN:

1. Open a web browser
2. Navigate to https://192.168.1.1 (or your custom LAN IP)
3. Accept the self-signed certificate warning
4. Log in with default credentials (admin / pfsense)

4.2 Run Setup Wizard

The setup wizard will guide you through initial configuration:

1. Set hostname and domain
2. Configure time server settings
3. Configure WAN interface (usually DHCP for cable/DSL)
4. Configure LAN interface (if you want to change from default)
5. Set new admin password

4.3 Set Time Zone

Ensure your time zone is correctly set in System > General Setup.

4.4 Configure WAN Interface

If you need to adjust WAN settings:

1. Go to Interfaces > WAN
2. Set the appropriate configuration type (DHCP, Static IP, PPPoE, etc.)
3. Enter any necessary credentials provided by your ISP

4.5 Configure LAN Interface

If you need to change LAN settings:

1. Go to Interfaces > LAN
2. Adjust IP address and subnet mask as needed
3. Save and Apply changes

5. Advanced Configuration

5.1 Set up Firewall Rules

pfSense comes with a default allow all outbound, deny all inbound policy. To add custom rules:

1. Go to Firewall > Rules
2. Select the appropriate interface
3. Click 'Add' to create a new rule
4. Configure source, destination, protocol, and action

5.2 Configure NAT (if needed)

To set up port forwarding:

1. Go to Firewall > NAT
2. Click on the 'Port Forward' tab
3. Click 'Add' to create a new rule
4. Specify external port, internal IP, and internal port

5.3 Set up VPN (if required)

pfSense supports various VPN technologies. For OpenVPN:

1. Go to VPN > OpenVPN
2. Click 'Wizards' and follow the steps to set up your VPN

5.4 Configure Monitoring and Logging

Enable detailed logging and monitoring:

1. Go to Status > System Logs
2. Configure log settings and enable remote logging if desired
3. Consider installing packages like Telegraf for advanced monitoring

6. Final Steps

6.1 Create System Backup

To backup your configuration:

1. Go to Diagnostics > Backup & Restore
2. Click 'Download configuration as XML'
3. Save the file securely

6.2 Check for Updates

Regularly check for and apply updates:

1. Go to System > Update
2. Click 'Check for updates'
3. Apply any available updates

6.3 Test Configuration

Thoroughly test your setup:

• Verify internet connectivity from LAN devices
• Test firewall rules
• Confirm VPN functionality (if configured)
• Check logs for any errors or warnings

Warning: Always test changes in a controlled environment before applying them to a production network.

Conclusion

Congratulations! You've now set up and configured pfSense. Remember to regularly maintain and update your firewall to ensure optimal security and performance.

For more advanced topics and troubleshooting, visit our other guides:

• Advanced Routing in pfSense
• pfSense High Availability Setup Guide
• Common pfSense Issues and Solutions