Security
Difficulty: Advanced
10 min read

pfSense: Open Source Firewall and Router

A complete guide to installing and configuring pfSense, a powerful open source firewall and routing solution for businesses.

Back to tutorials
About this guide: This tutorial covers the complete installation, configuration and hardening of pfSense. It is aimed at network administrators and enthusiasts who want to deploy a professional firewall. Estimated time: 2 to 4 hours for a full setup.

Prerequisites

Before you start, make sure you have the following:

  • Dedicated hardware or VM: 64-bit CPU (AMD64), minimum 2 GB of RAM, 8 GB of SSD storage recommended
  • At least 2 network interfaces: one for the WAN (Internet), one for the LAN (local network). Intel cards (igb, em) are the most reliable under FreeBSD
  • USB stick: 4 GB minimum for the installation image
  • Console access: screen + keyboard or serial port for the initial installation
  • A client machine: connected to the LAN to access the web interface after installation
Important: Identify your network interfaces (MAC addresses) before installation. On dedicated hardware, physically label the WAN and LAN ports to avoid any mix-up.

Complete installation

Downloading the ISO

Get the image from Netgate's official site. Choose the AMD64 architecture and the USB Memstick format (VGA or serial depending on your console).

# Download the image (example with wget)
wget https://atxfiles.netgate.com/mirror/downloads/pfSense-CE-2.7.2-RELEASE-amd64.iso.gz

# Verify integrity
sha256sum pfSense-CE-2.7.2-RELEASE-amd64.iso.gz

# Decompress
gunzip pfSense-CE-2.7.2-RELEASE-amd64.iso.gz

Creating the bootable USB stick

# Linux / macOS - identify the USB stick
lsblk   # Linux
diskutil list   # macOS

# Write the image (replace /dev/sdX with your stick)
sudo dd if=pfSense-CE-2.7.2-RELEASE-amd64.iso of=/dev/sdX bs=4M status=progress conv=fsync

# On Windows, use Rufus or Etcher in DD Image mode

Installation wizard

Boot from the USB stick and follow these steps:

  1. Boot menu: accept the default boot or press Enter
  2. Copyright: accept the license
  3. Install: select "Install pfSense"
  4. Keymap: choose your keyboard layout (French ISO for AZERTY)
  5. Partitioning: select Auto (ZFS) for a modern system or Auto (UFS) for older hardware
  6. ZFS Config: Stripe for a single disk, Mirror if two disks are available
  7. Disk selection: select your target disk
  8. Confirmation: confirm and wait for the files to be copied
  9. Reboot: remove the USB stick and reboot

Assigning the WAN / LAN interfaces

On first boot, pfSense asks you to assign the interfaces:

Do VLANs need to be set up first? n

Enter the WAN interface name: igb0
Enter the LAN interface name: igb1

Do you want to proceed? y
Tip: If you don't know the interface names, select "a" for auto-detection. pfSense will ask you to plug/unplug a cable to identify each port.

Premium Content

This advanced tutorial is reserved for premium members.

9,90€ / month
  • All advanced tutorials
  • New content every week
  • Progress tracking
  • Cancel anytime

Written by

Morgann Riu

Cybersecurity and Linux administration expert. I share my knowledge through free tutorials and training to help system administrators and developers secure their infrastructures.

Share this tutorial

Did you enjoy this article?

Comments

Checklist Sécurité Linux

30 points essentiels pour sécuriser un serveur Linux. Recevez aussi les nouveaux tutoriels par email.

Pas de spam. Désabonnement en 1 clic.