UPDATE: New Guide to install pfSense 2.5.2

A basic pfSense can run with 500 Mhz CPU with 512 MB RAM. So if you have an old machine available, you can try the installation on it if this is your first time installing pfSense.

Please note that pfSense 2.4+ only supports 64-bit CPUs

IMPORTANT: This guide only demonstrates the installation of pfSense. How to configure pfSense and how pfSense fits in to your network infrastructure are beyond the scope of this post. Check out Protect home network using subnets with pfSense as an example on how pfSense can help secure your home network.

Recommended hardware

  • Modern 64-bit CPU at 1.0GHz+
  • 1GB+ RAM
  • 1GB+ Hard drive space
  • 2 or more Intel PCI-e NICs
  • for future compatibility (pfSense v2.5+), CPU that supports AES-NI encryption

You will need more powerful hardware if you have high Internet speed (100 Mbps+), a lot of video streaming or use more advance features.

Create USB flash drive installer

  • download pfSense Latest Stable Version (Community edition)
    • Architecture: AMD64 (64-bit)
    • Installer: USB Memstick Installer
    • Console: VGA
    • click DOWNLOAD
  • use 7-Zip to extract the .img from pfSense download (compressed with .gz extension)
  • insert a free 1GB+ USB flash drive (DON’T leave any data. The drive will be formatted)
  • install and run Rufus 3.4 (to create bootable USB drives in Windows)
    1. select USB Drive
    2. select pfSense .img file
    3. click START

Install pfSense

  • Boot the system using the USB flash drive.
pfSense boot up menu
  • pfSense will continue the boot up process in couple seconds. It will take a while.
  • when the Copyright and distribution notice shows up. Read and Accept.
pfSense copyright
  • Install pfSense is selected by default. select OK
pfSense install menu
  • select your keyboard map or use standard “US” default keymap
pfSense select keyboard map
  • Partitioning: just use the default Auto (UFS)
pfSense partitioning
  • Installation would start and only take a short while.
  • hit Enter when the installation is finished.
pfSense install complete
  • it Enter again to reboot
  • when the screen turn blank, remove your USB drive to avoid booting from it.
pfSense ready to reboot
  • When pfSense boots up for the first time, it will automatically configure the first NIC as the WAN port and the second NIC as the LAN interface with gateway
pfSense running

Using pfSense Web Configurator

Connect your computer to the second NIC port. Your computer should automatically receive an IP address from pfSense DHCP server.

Now you would finish the initial configuration using Web Configurator.

  • Go to at your browser
  • Your browser may complain about the connection is not private (not https). That’s ok. Just proceed to the web page.
  • Enter username ‘admin‘ and password ‘pfsense
pfsense web config sign in

The pfSense setup wizard will guide you through the steps. Click Next to begin.

pfsense setup wizard
  • Step 1: Netgate Global Support. It would then offer you their support subscription plans. Click Next to continue
pfsense support plans
  • Step 2: General Information. Customize the hostname and domain name if you like. Click Next.
setup general information
  • Step 3: Time Server. Set your timezone and click Next
setup time server and timezone
  • Step 4: WAN Interface. Use default settings. Click Next (scroll to bottom).
configure WAN Interface
  • Step 5: LAN Interface. Use default settings or enter LAN IP address of your choice.
configure LAN interface
  • Step 6: Password. Set your admin password.
setup your password
  • Step 7: Reload configuration. Just click Reload
reload configuration
  • Step 8: Reload in progress. Just wait.
reload in progress
  • Step 9: Complete. Click Finish and you are all set.
setup completed

This Post Has 16 Comments

  1. Congratulations!! I have a friend that builded a very similar home security network as yours. He’s also using pfsense and the Unifi AP but he set a vlan with RaspberryPi running Samba to LDAP authentication and a NAS synology to SYSLOG and Storage backup. Both are great projects. Unfortunatelly, it is a little expensive for us (brazilians) to buy some appliances from US (like sg-3100 or NetGear GS108Ev3 – in both cases, the final cost is triple the original or more) … Once again, congratulations by the article.

    1. That’s awesome. I also incorporated AAA (Radius) authentication for better security. With our daily life so closely tied with the web these days, it really is important to be more security aware to keep us safe.
      Wow tripling cost can get expensive real quick. Hopefully you can find some cheaper alternative there.
      Cheers and thanks for your feedback!

      1. Hi Alan,
        I’m new to pfsense and would like to get your help in setting up a home net. I have a tplink c5400 i want to use as AP. ISP router is in modem mode only. I have netgate sg1100 I want as firewall. I can’t get any internet access with the tplink as AP.

        1. Hi nick,
          First thing is to make sure you have Internet access through sg1100 LAN port. Your ISP router should connect to sg1100’s WAN port. Since your ISP router is modem mode only, you would need to configure sg1100 with your ISP settings to enable Internet access. Once sg1100 LAN port has Internet access, adding AP should be easy.

          For tplink c5400, make sure it’s configure as AP mode and double check IP address. Is that hard coded or obtain through DHCP? Make sure it’s IP address is correct (i.e. in same subnet as sg110 LAN) and you can ping c5400. Setup DHCP server at pfSense/sg1100 to give out IP addresses for your LAN network and Wi-Fi devices.

          Then check your Wi-Fi Devices’ IP-addresses and are they correct? If correct, they should have Internet access.

          Note: for sg1100, the LAN port & OPT port are NOT in the same network. So don’t treat them as switch ports. If you have more than 1 device to connect to LAN network through wire, use a switch to connect to sg1100’s LAN port and connect your devices (e.g. wired computer & c5400) to the switch instead.

          That’s what I can think of. Hope this help. thanks Alan

  2. I just built a USB memstick with Rufus using the .img file and it appeared to all work, but when I try to boot from a HP Laptop the system attempts to start but reboots back to POST. I do have a new piece of hardware on order but I want to have the memstick ready when it arrives. I have tried building this stick from Linux Mint and Win10 (Rufus & Win32 imager) all with the same results.
    Do you know if it could be something to do with my HP laptop and not the stick?

    1. This may have to do with the type of partition table used in your HP laptop: MBR or GPT.
      Select the same type in Rufus to create compatible USB boot.

  3. Hi Alan,
    I have a mesh inside which does NAT already. Now my connection with pfsense will be modem-pfsense-router. How do I configure pfsense to run as a bridge but have all the goodies that it provides here please?

    1. Based on your description, you have NAT at pfsense and NAT at your mesh router.

      My suggestion is to configure your mesh as access point mode to remove NAT at your mesh instead of at pfsense.
      pfsense is your gateway separating Internet and your private network. NAT should be configured at pfsense.

      1. Thanks Alan. Unfortunately google doesnt allow me to move it into access mode if I need mesh. Any other way please?

        1. You can disable NAT at pfSense if you want. Check out Firewall > NAT > Outbound.

  4. Hello Alan,

    I have a PC with two 1Gig NICs and another Ethernet port on the motherboard. The motherboard port is only 100Mb. Would like to install pfSense on this PC. Is there anyway that I can choose which NIC is used for WAN and LAN, so the motherboard port is not automatically selected?


    1. Yes, you can manually select which ethernet port to be used when configuring the WAN & LAN interfaces.

      1. Thanks much. Great instruction.

  5. Alan, your knowledge and efforts are really appreciated! Pfsense is something im working on too and was happy to find your site with adding the VPN for PIA. im hopeful the same concept will work with other VPN’s with not too many config changes needed… Anyways, i wanted to say to you, Thank you for posting this type of info on so many levels and making it simplified to really understand. The fact your not asking for anything in return, is very kind. If we had more that cared like this, this would be alot safer out here… So im writing just a big Kudos to you!
    Thank you kindly,

    1. You are welcome. I am happy if my guides/writeups help anyone make one’s network more secure and safer to use! Cheers. Alan

  6. hello. topic for me thanks kelly

Leave a Reply

Close Menu