How To Install PFsense Step By Step with Initial Configurations.
To proceed with installing pfsense on a computer, go to https://www.pfsense.org/download/ to download the latest version of pfsense. As at the time of this writing, version 2.4.4-p3 was the latest version of PFsense.
On the download page, select your computer version. In my case, I selected amd64 and a nearby download mirror and then click on the download button. I choose the cd image (iso) installer for this demo.
Using PowerISO, which is a free disk image (iso) to bootable USB converter, you could make your USB bootable and boot your computer from USB.
VERIFYING YOUR DOWNLOAD
As can be seen in the image above, pfsense provides a sha256 checksum file whose value can be compared against the generated sha256 from the pfsense iso download to ensure that your download completed successfully and that you are using the PFsense official release and not some modified version.
VERIFY PFSENSE DOWNLOAD ON WINDOWS
To verify your pfsense download, first, download the sha256 checksum for compressed .gz file and open its content with any text editor such as notepad++.
Now, right-click on the pfsense-xx-2.4.5.iso.gz file you downloaded and click on SHA-256. It will generate a hash. Compare the result with the sha256 checksum file earlier. If they are the same, then you can proceed with the installation.
To get the CRC SHA menu when you right-click on the download file, you should just download 7-zip.
You could also try out other hash generator tools like http://implbits.com/products/hashtab/. Download their free for personal use hashtab or you could pay a small fee for their hashtab if you use it at work.
Still yet, you could try out hash calc from their official website.
VERIFY PFSENSE DOWNLOAD ON LINUX.
Navigate to the directory holding your pfsense download and run
e.g pfsense#sha256 pfSense-CE-2.4.4-RELEASE-p3-amd64.iso.gz
Compare the code you see here with the code we got earlier.
How To Install PFsense Step By Step.
Now, Place your pfsense USB/CD depending on which you prefer on the computer. If you are using a virtual machine like virtual box, VMWare or Hyper-V, simply use the iso file to boot up the machine.
The first step to installing pfsense will be to accept their copyright and distribution law. Hit enter to accept.
Next, hit the enter button again to begin installing pfsense.
You will be asked to choose from about 99 different keyboard layouts. Simply hit enter to select the default.
You will also be required to specify how you want to partition your hard drive. Choose between the Unix file system and oracle zfs. For this guide, we will use the UFS(Unix File System). So, we just hit on the enter button on your keyboard once more.
Take Note: If you need data deduplication, data checksum features, more security and file system encryption, then you may have to go for the ZFS option. In this guide, we go with the most used option, which is UFS.
Hit enter to Reboot your PFsense machine. At this point, you should remove the PFsense CD, or USB, or .iso file from the computer system so that PFsense can now boot normally without installing again.
INITIAL CONFIGURATIONS OF PFSENSE.
On reboot, you will be presented with the screen as shown under.
If you are not satisfied with the IP addresses PFsense has given to your WAN and LAN interface, kindly type 1 at the console to assign interfaces. Generally, em0 should be for the WAN while em1 is assigned to the LAN.
Do you want to configure VLAN? If you know you do not want to configure VLAN at this point, type n(no) and hit enter.
Not too sure what name belongs to what interface? No worries. Unplug all cables and type an a in the console to auto-detect the WAN interface. Connect the cable from the Internet service provider to the port you intend to use for WAN and if it’s detected, hit enter in PFsense console. Do the same for the LAN interface.
In the welcome to PFsense page, type 2 to configure interfaces. Then type the number for the interface to be configured.
In my case, I will enter 1 to assign a static interface to the wan leg.
Type n to not use DHCP. Enter the wan IP address, the subnet mask and the gateway that corresponds to your corporate IP address scheme.
Press n to not configure ipv6, except if you want to use ipv6. Follow the onscreen instruction and use https instead of http for your web configurator.
Repeat the process, but this time, we want to configure the LAN interface.
Enter 2 to select interfaces. Then press 2 to configure the LAN interface. Enter the LAN IP address and subnet mask. Hit enter for none in the gateway address field.
Type y to enable DHCP on the interface.
Enter in the start and stop IP address range and use https for the web configurator.
At this point, you have successfully installed and configured a very basic setting for PFsense. What is remaining, is to test if our configuration is working.
TESTING IF OUR CONFIGURATION WORKS.
Connect computers to the LAN segment of your network via your switch. Open up their network settings and verify that they have received a dynamic IP address from the router.
Now point your browser to https://ip address of pfsense/ You should get the login screen as shown below
Enter in admin as username and pfsense as password. Do yourself some good and change these defaults as soon as possible in the user manager tab.
Click next after login to allow the wizard work you through the process of configuring PFsense.
Image pfsense wizard
Click next two times.
In the general information screen, enter in the name you will like to assign to your PFsense router and a domain name. If you run a windows, samba4, openldap domain controller in your corporate environment, you should enter in the domain name for your environment here. E.g carehealth.com
For the primary DNS server, you could use your ISP DNS generated server or enter in google’s DNS server which is more reliable. E.g 220.127.116.11.
Also, untick override DNS so that the system can use the DNS server from google. Then hit the next button. The diagram below will help you visualize this better.
Image general information seciton
For the ‘time server information’ section, simply Accept the network time server given and enter in your timezone e.g Africa/Lagos.
and then hit the next button.
I will advise that you click your way through to the set admin WebGUI password screen as all the individual settings can be changed later.
In the set admin password, enter in a new admin password and click reload to finish the basic setup of the system.
So far, so good. You will now be presented with your dashboard.
In this ‘How To Install PFsense Step By Step with Initial Configurations’ guide, we have successfully installed PFsense router and configured some basic settings.
In case you missed: Introduction to PFsense Firewall 2020 Guide
In the next chapter, we will configure some services on pfsense like DHCP, DNS, DDNS, SSH and so on. Please, don’t go anywhere.