====== PFSense - Install pfSense - Installation of pfSense ======

===== Download pfSense image =====

Go to https://www.pfsense.org/download/ and select the **USB Memstick Installer**.

{{:pfsense:pfsense_image_download_-_amd64_-_usb_-_vga.png?600|}}

<WRAP info>
**NOTE:**  The options here are what I use.

  * Architecture:  **AMD64 (64-bit)**.  As I use an AMD or Intel device as the router.
  * Installer:  **USB Memstick Installer**.  As I will install from a USB.
  * Console:  **VGA**.  As I will plug a Keyboard and Monitor into the router; and will not be setting this up via a Serial cable.

Choose different options as required.
</WRAP>

----

===== Burn the pfSense image on to a USB drive =====

<code bash>
sudo dd if=pfSense-CE-memstick-2.4.5-RELEASE-amd64.img of=/dev/sdb
</code>

<WRAP alert>
**ALERT**:  Make sure that **if=** specifies the exact location of the downloaded file and **of=** specifies your USB device.

If you make a mistake here, you might overwrite your hard drive!

There are many ways to check which device is connected to the USB including:

<code>
dmesg
</code>

returns:

<code bash>
...
[411849.265872] usb 3-2: new high-speed USB device number 6 using xhci_hcd
[411849.418209] usb 3-2: New USB device found, idVendor=048d, idProduct=1234
[411849.418210] usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[411849.418211] usb 3-2: Product: Disk 2.0
[411849.418212] usb 3-2: Manufacturer: USB
[411849.418212] usb 3-2: SerialNumber: 2146711134684684
[411849.418481] usb-storage 3-2:1.0: USB Mass Storage device detected
[411849.418603] scsi host12: usb-storage 3-2:1.0
[411850.422697] scsi 12:0:0:0: Direct-Access     VendorCo ProductCode      2.00 PQ: 0 ANSI: 4
[411850.422989] sd 12:0:0:0: Attached scsi generic sg1 type 0
[411850.423703] sd 12:0:0:0: [sdb] 3891200 512-byte logical blocks: (1.99 GB/1.86 GiB)
[411850.423817] sd 12:0:0:0: [sdb] Write Protect is off
[411850.423819] sd 12:0:0:0: [sdb] Mode Sense: 03 00 00 00
[411850.423936] sd 12:0:0:0: [sdb] No Caching mode page found
[411850.423941] sd 12:0:0:0: [sdb] Assuming drive cache: write through
[411850.426796]  sdb: sdb1 sdb2 sdb3
                 sdb2: <bsd: sdb5 >
[411850.427528] sd 12:0:0:0: [sdb] Attached SCSI removable disk
</code>

In this example, the device is shown as **sdb**.
</WRAP>

<WRAP info>
**NOTE:**  If you are using Windows, use Rufus: https://rufus.akeo.ie/.

For creating a bootable USB with a Mac, try Etcher: https://etcher.io/,
</WRAP>


----

===== Verify the BIOS settings for Booting =====

Ensure BIOS is set to boot from USB.

While powering up the device, press the **DEL** key and verify that it boots to the BIOS.

<WRAP info>
**NOTE:**  If **DEL** does not boot into the BIOS, try other keys such as **F2**, **F11**, **F12**.
</WRAP>

----

===== Verify the BIOS settings for Power Cuts =====

Make sure the power state is set to **ON** after a power cut.

<WRAP info>
**NOTE:**  This ensures that pfSense functions like a normal router and maintains your network connectivity by bringing the router backup as soon as there is power cut.
</WRAP>

----

===== Boot from the USB =====

Connect USB drive.

Start the router device.

{{:pfsense:pfsense_-_boot.png?800|}}

<WRAP info>
**NOTE:**  This menu will time out after a few seconds and option 1 will be used by default.
</WRAP>


<WRAP info>
**NOTE:** An alternative to booting up from USB is to connect using a Console Cable.

See: [[PFSense:Install pfSense:Installation of pfSense:Connect using a Console Cable|Connect using a Console Cable]]

</WRAP>

----

===== Determine Networks =====

By default, only 2 networks will be set up.  WAN and LAN.

<code>
WAN (wan) -> igb0 -> DHCP
LAN (lan) -> igb1 -> v4: 192.168.1.1/24
</code>

<WRAP info>
**NOTE:**  By default, the installer configures the first hardware NIC as the WAN port obtaining an address via DHCP from your modem.

The second NIC will be configured as your local LAN interface at 192.168.1.1.


</WRAP>

<WRAP tip>
**TIP:**  You may want to leave the WAN connection modem disconnected until the configuration is finished. 

There is a DHCP server running on the LAN interface so if you connect your PC to this port, you should be able to obtain an IP address which will allow you to access the pfSense web configurator to continue the configuration process.

</WRAP>


<WRAP info>
**Optional:** At the Console (WebConfigurator), but easier to do in the WebGUI, which is next.

  * Assign Interfaces
    * No VLANs
      * WAN, Autodetect, Plug the WAN (PPPoE modem) cable into the onboard network socket, Press enter
      * LAN, Autodetect, Plug the LAN cable into the top socket (port 0) on the Intel low profile NIC, press enter
      * Add no more
      * Accept settings
  * Set Interface(s) IP address
    * Set LAN
    * IPv4 = 192.168.1.1
    * Subnet: 24 (255.255.255.0)
    * No LAN IPv6 (enable at a later date)
    * Enable DHCP on LAN
    * Client address range = 192.168.1.100 --> 192.168.1.199
    * Do you want to revert to HTTP as the webConfigurator protocol?
      * Currently the web-server is using HTTPS and this is asking if you want to downgrade to HTTP
      * Select No

</WRAP>

----

Return to [[PFSense:Install pfSense|Install pfSense]] or continue to [[PFSense:Install pfSense:Initial Configuration|Initial Configuration]].

----

===== References =====

https://docs.netgate.com/pfsense/en/latest/install/download-installer-image.html#performing-a-full-install-iso-memstick