UPDATE: New Guide to install pfSense 2.5.2
A basic pfSense can run with 500 Mhz CPU with 512 MB RAM. So if you have an old machine available, you can try the installation on it if this is your first time installing pfSense.
Please note that pfSense 2.4+ only supports 64-bit CPUs
IMPORTANT: This guide only demonstrates the installation of pfSense. How to configure pfSense and how pfSense fits in to your network infrastructure are beyond the scope of this post. Check out Protect home network using subnets with pfSense as an example on how pfSense can help secure your home network.
Recommended hardware
- Modern 64-bit CPU at 1.0GHz+
- 1GB+ RAM
- 1GB+ Hard drive space
- 2 or more Intel PCI-e NICs
- for future compatibility (pfSense v2.5+), CPU that supports AES-NI encryption
You will need more powerful hardware if you have high Internet speed (100 Mbps+), a lot of video streaming or use more advance features.
Create USB flash drive installer
- download pfSense Latest Stable Version (Community edition)
- Architecture: AMD64 (64-bit)
- Installer: USB Memstick Installer
- Console: VGA
- click DOWNLOAD
- use 7-Zip to extract the .img from pfSense download (compressed with .gz extension)
- insert a free 1GB+ USB flash drive (DON’T leave any data. The drive will be formatted)
- install and run Rufus 3.4 (to create bootable USB drives in Windows)
- select USB Drive
- select pfSense .img file
- click START

Install pfSense
- Boot the system using the USB flash drive.

- pfSense will continue the boot up process in couple seconds. It will take a while.
- when the Copyright and distribution notice shows up. Read and Accept.

- Install pfSense is selected by default. select OK

- select your keyboard map or use standard “US” default keymap

- Partitioning: just use the default Auto (UFS)

- Installation would start and only take a short while.
- hit Enter when the installation is finished.

- it Enter again to reboot
- when the screen turn blank, remove your USB drive to avoid booting from it.

- When pfSense boots up for the first time, it will automatically configure the first NIC as the WAN port and the second NIC as the LAN interface with gateway 192.168.1.1

Using pfSense Web Configurator
Connect your computer to the second NIC port. Your computer should automatically receive an IP address from pfSense DHCP server.
Now you would finish the initial configuration using Web Configurator.
- Go to http://192.168.1.1 at your browser
- Your browser may complain about the connection is not private (not https). That’s ok. Just proceed to the web page.
- Enter username ‘admin‘ and password ‘pfsense‘

The pfSense setup wizard will guide you through the steps. Click Next to begin.

- Step 1: Netgate Global Support. It would then offer you their support subscription plans. Click Next to continue

- Step 2: General Information. Customize the hostname and domain name if you like. Click Next.

- Step 3: Time Server. Set your timezone and click Next

- Step 4: WAN Interface. Use default settings. Click Next (scroll to bottom).

- Step 5: LAN Interface. Use default settings or enter LAN IP address of your choice.

- Step 6: Password. Set your admin password.

- Step 7: Reload configuration. Just click Reload

- Step 8: Reload in progress. Just wait.

- Step 9: Complete. Click Finish and you are all set.

Luis Piacesi
18 Apr 2019Congratulations!! I have a friend that builded a very similar home security network as yours. He’s also using pfsense and the Unifi AP but he set a vlan with RaspberryPi running Samba to LDAP authentication and a NAS synology to SYSLOG and Storage backup. Both are great projects. Unfortunatelly, it is a little expensive for us (brazilians) to buy some appliances from US (like sg-3100 or NetGear GS108Ev3 – in both cases, the final cost is triple the original or more) … Once again, congratulations by the article.
Alan Chan
18 Apr 2019That’s awesome. I also incorporated AAA (Radius) authentication for better security. With our daily life so closely tied with the web these days, it really is important to be more security aware to keep us safe.
Wow tripling cost can get expensive real quick. Hopefully you can find some cheaper alternative there.
Cheers and thanks for your feedback!
nick
6 Nov 2019Hi Alan,
I’m new to pfsense and would like to get your help in setting up a home net. I have a tplink c5400 i want to use as AP. ISP router is in modem mode only. I have netgate sg1100 I want as firewall. I can’t get any internet access with the tplink as AP.
nick
Alan Chan
6 Nov 2019Hi nick,
First thing is to make sure you have Internet access through sg1100 LAN port. Your ISP router should connect to sg1100’s WAN port. Since your ISP router is modem mode only, you would need to configure sg1100 with your ISP settings to enable Internet access. Once sg1100 LAN port has Internet access, adding AP should be easy.
For tplink c5400, make sure it’s configure as AP mode and double check IP address. Is that hard coded or obtain through DHCP? Make sure it’s IP address is correct (i.e. in same subnet as sg110 LAN) and you can ping c5400. Setup DHCP server at pfSense/sg1100 to give out IP addresses for your LAN network and Wi-Fi devices.
Then check your Wi-Fi Devices’ IP-addresses and are they correct? If correct, they should have Internet access.
Note: for sg1100, the LAN port & OPT port are NOT in the same network. So don’t treat them as switch ports. If you have more than 1 device to connect to LAN network through wire, use a switch to connect to sg1100’s LAN port and connect your devices (e.g. wired computer & c5400) to the switch instead.
That’s what I can think of. Hope this help. thanks Alan
Paul
14 Jun 2020I just built a USB memstick with Rufus using the .img file and it appeared to all work, but when I try to boot from a HP Laptop the system attempts to start but reboots back to POST. I do have a new piece of hardware on order but I want to have the memstick ready when it arrives. I have tried building this stick from Linux Mint and Win10 (Rufus & Win32 imager) all with the same results.
Do you know if it could be something to do with my HP laptop and not the stick?
Alan Chan
19 Jun 2020This may have to do with the type of partition table used in your HP laptop: MBR or GPT.
Select the same type in Rufus to create compatible USB boot.
Ram
27 Oct 2020Hi Alan,
I have a mesh inside which does NAT already. Now my connection with pfsense will be modem-pfsense-router. How do I configure pfsense to run as a bridge but have all the goodies that it provides here please?
Alan Chan
1 Nov 2020Based on your description, you have NAT at pfsense and NAT at your mesh router.
My suggestion is to configure your mesh as access point mode to remove NAT at your mesh instead of at pfsense.
pfsense is your gateway separating Internet and your private network. NAT should be configured at pfsense.
Ram
7 Nov 2020Thanks Alan. Unfortunately google doesnt allow me to move it into access mode if I need mesh. Any other way please?
Alan Chan
27 Nov 2020You can disable NAT at pfSense if you want. Check out Firewall > NAT > Outbound.
Amir
2 Dec 2020Hello Alan,
I have a PC with two 1Gig NICs and another Ethernet port on the motherboard. The motherboard port is only 100Mb. Would like to install pfSense on this PC. Is there anyway that I can choose which NIC is used for WAN and LAN, so the motherboard port is not automatically selected?
Thanks
Alan Chan
6 Dec 2020Yes, you can manually select which ethernet port to be used when configuring the WAN & LAN interfaces.
Anonymous
24 Dec 2020Thanks much. Great instruction.
Max
16 Jan 2021Alan, your knowledge and efforts are really appreciated! Pfsense is something im working on too and was happy to find your site with adding the VPN for PIA. im hopeful the same concept will work with other VPN’s with not too many config changes needed… Anyways, i wanted to say to you, Thank you for posting this type of info on so many levels and making it simplified to really understand. The fact your not asking for anything in return, is very kind. If we had more that cared like this, this would be alot safer out here… So im writing just a big Kudos to you!
Thank you kindly,
Michael
Alan Chan
15 Feb 2021You are welcome. I am happy if my guides/writeups help anyone make one’s network more secure and safer to use! Cheers. Alan
kellyepise
11 Dec 2021hello. topic for me thanks kelly