Security

Basic Pfsense Configuration Tutorial

This tutorial explains how to install and configure the Pfsense system.

pfSense is a firewall and router software you can install on a computer to create and manage your own router or firewall. It can be used from the command line or from a web graphical interface. This tutorial covers pfSense installation and basic configuration tips.

Installing Pfsense

To begin with Pfsense installation, insert the disk or USB drive containing the bootable Pfsense ISO image to boot. In the screenshot below you can see the first installation screen you’ll see. You don’t need to select an option, the installation process will start automatically.

The second screen contains a Copyright and distribution notice you need to accept by pressing the ACCEPT button, as shown below.

You can start a fresh Pfsense installation, launch a recovery console or restore a configuration file. To begin a new Pfsense installation, press the ENTER key on the Install option.

Now, you can select your keymap. For US English, press ENTER to choose the default option.

Recent Pfsense versions allow you to select ZFS as a filesystem. ZFS has many features including Inline Data Compression, Inline Data deduplication, ZFS Send/Receive, RAID Z and more. In this tutorial, we will select the ZFS option, but Auto UFS will work correctly if selected. Select the option you want and press ENTER to continue.

After selecting your filesystem, the installation process will allow you to edit some configuration and select additional options such as disk encryption, Swap size, etc. as shown in the image below. You can check the options, or you can proceed with the installation by pressing Install as shown in the following screenshot.

Now, you need to select the disk configuration. The available options include:

  • Stripe: With this configuration, Pfsense will work as with a single disk, even if you add multiple disks (RAID 0).
  • Mirror: By choosing this configuration, Pfsense will mirror all content to other disk/s.
  • RAID10: This option combines stripes and mirrors. This is the best option if you want to be able to add additional space while mirroring the content.
  • RAIDZ1: This option will implement a single RAID.
  • RAIDZ2: This option is used to implement double redundancy.
  • RAIDZ3: This option is used to implement triple redundancy.

In this tutorial, I selected the stripe (no redundancy) option, as shown below. Select your choice and press ENTER.

You need to select the disk on which Pfsense will be installed. In my case, I’m using Virtualbox for this tutorial. Select the disk unit you want and press ENTER.

Before starting the installation process, the installer will give you a last chance to stop or edit the installation. If you have nothing to change, press ENTER to start Pfsense installation.

As you can see in the screenshot below, the installation process will start. This may take a few minutes to finish.

Once the installation process ends, you will be offered to make changes. If you have no changes to do, press No to continue.

Finally, you will be asked to reboot into Pfsense. Select and press Reboot to continue to start Pfsense.

On the first reboot, Pfsense will offer you to set up the network/s interface/s. The first interface is virtual. The virtual network interface is em0. To configure the network interface up, press Y. You can select N and configure it later through the Web configurator as shown in the screenshot below.

Now, you need to select the WAN interface, you can type it or select ‘a’ for autodetection.

Then you’ll be asked to select the LAN interface. In my case, it fails because it’s unplugged. Like in the previous step, you can type your LAN interface name or select ‘a’ for autodetection.

If the autodetection was correct, press ‘y’ to set up your LAN interface. Then Pfsense will boot as shown in the following screenshot.

The Pfsense console allows you to execute configuration tasks,, as shown in the image below. The available options are:

  • Logout (ssh only):
  • Assign Interfaces: This option allows you to reconfigure your network interface(s).
  • Set interface (s) IP address: From this option you can define IP addresses for your network interfaces. It’s also useful to enable, disable and configure the DHCP service, to access the GUI through HTTP (Instead of HTTPS) and to disable the lockout rule if the user has been locked.
  • Reset webConfigurator password: Here you can reset the system user and password to default values (admin/pfsense). The script also can enable or generate the default account again, in case it was disabled or removed.
  • Reset to factory defaults: Use this option to restore the default system configuration, including the removal of added software.
  • Reboot system: This option offers different options to carry out a system reboot.
  • Halt system: Use this option to shut down the system.
  • Ping host: This option simply allows you to execute ping for testing purposes.
  • pfTop: pfTop displays the system state and transferred data. It is useful to monitor the system and diagnose problems.
  • Filter Logs: From this option you can check the firewall logs.
  • Restart webConfigurator: This option allows you to restart processes linked to the web GUI such as nginx.
  • PHP Shell + pfSense tools: This option allows you to execute PHP code. This option is useful for developers and users familiarized with PHP.
  • Update from console: This option is useful to upgrade your system to its last version.
  • Enable Secure Shell (sshd): Here you can enable or disable the SSH service.
  • Restore recent configuration: This option allows you to select between last system configurations for restoration.
  • Restart PHP-FPM: Restart the PHP service, useful to afford some webConfigurator problems.

All the previous options are also available through the GUI, which you can access from your browser using the IP address assigned to your pfSense system. In my case, as shown in the previous screenshot, the IP address is 10.0.2.15.

Conclusion

As you can see, installing and configuring pfSense isn’t a hard task even though pfSense is based on FreeBSD rather than Linux. Installing pfSense would be an interesting introduction to FreeBSD installation. The configuration menu makes easy tasks to improve, configure, and fix problems. PfSense is a great option to implement a fast and independent firewall device, since as you could confirm by following the previous instructions, it takes minutes to be installed and configured. This tutorial does not cover the webConfigurator because of its simplicity, it is pretty intuitive and any Linux level user can deal with it.

Thank you for reading this tutorial explaining Pfsense installation and basic configuration. Keep following us for additional Linux tutorials and tips.

About the author

David Adams

David Adams is a System Admin and writer that is focused on open source technologies, security software, and computer systems.