You can obtain the ISOs from any mirror.
If you plan on installing pfSense on Compact Flash (CF) or other flash media please only use the embedded image (pfSense-Embedded.img.gz). It has been optimized to perform minimal writes to disk, as CF cards have limited write cycles.
The pfSense-LiveCD.iso can be used for running pfSense from CD or installation onto a hard disk. It is recommended that running pfSense from a CD is only used for trial purposes - for any production installations, the install to hard drive option should be used.
Please also download the matching .md5 file to verify that your downloads did not get corrupted or otherwise unusuable.
NOTE: We have a (possibly outdated) video-tutorial showing the process of installing pfSense on a CF card of 128 MB
NOTE: Embedded by default boots on the 1st serial port at 9600 8N1.
WARNING: There is a possibility to overwrite the wrong drive/device if you input the wrong number when prompted for what drive to write to. Read this tutorial carefully and only proceed if you are sure of what you are doing. (On the contrary physdiskwrite will not write to disks of more than 2 GB size, if you only have larger harddrives it is pretty safe to use!)
You will need Manuel Kasper's phydiskwrite to write the image to the CF card. Download it and put it in the same folder you stored the pfSense-Embedded.img.gz, we'll assume this is C:\pfsense.
C:\> cd C:\pfSense
C:\pfSense>physdiskwrite a physdiskwrite v0.5 by Manuel Kasper <email@example.com> Searching for physical drives... Information for \\.\PhysicalDrive0: Windows: cyl: 14596 tpc: 255 spt: 63 C/H/S: 16383/16/63 Model: SAMSUNG SP1203N Serial number: S00QJ10W504631 Firmware rev.: SN100-20 Which disk do you want to write? (0..0)
Use this command:
zcat pfsense-embedded.img.gz | dd of=/dev/sd[a] bs=16k
NB: a = device letter such as /dev/sda /dev/sdb
Use this command:
gzip -dc pfsense-embedded.img.gz | dd of=/dev/da[n] obs=64k
NB: n = the ad device number of your CF card (check dmesg)
Tested on 10.3.9 and later. It is recommended that you disconnect all disks except for your startup disk before carrying out this procedure, as an error in specifying the drive to be written to could cause data loss.
gzcat pfsense-embedded.img.gz | dd of=/dev/disk[n] bs=16k
NB: disk[n] is the Disk Identifier found above
Or an alternative to do it entirely from command line.
$ diskutil list /dev/disk0 #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *298.1 Gi disk0 1: EFI 200.0 Mi disk0s1 2: Apple_HFS Macintosh HD 297.8 Gi disk0s2 /dev/disk1 #: TYPE NAME SIZE IDENTIFIER 0: CD_partition_scheme 30 Days To Great French *521.4 Mi disk1 1: CD_DA 7.8 Mi disk1s1 2: CD_DA 7.8 Mi disk1s2 3: CD_DA 18.2 Mi disk1s3 4: CD_DA 13.8 Mi disk1s4 5: CD_DA 14.0 Mi disk1s5 6: CD_DA 12.1 Mi disk1s6 7: CD_DA 14.2 Mi disk1s7 8: CD_DA 21.5 Mi disk1s8 9: CD_DA 16.6 Mi disk1s9 10: CD_DA 14.7 Mi disk1s10 11: CD_DA 24.3 Mi disk1s11 12: CD_DA 16.6 Mi disk1s12 13: CD_DA 22.4 Mi disk1s13 14: CD_DA 14.7 Mi disk1s14 15: CD_DA 20.5 Mi disk1s15 16: CD_DA 19.4 Mi disk1s16 17: CD_DA 15.3 Mi disk1s17 18: CD_DA 17.9 Mi disk1s18 19: CD_DA 18.2 Mi disk1s19 20: CD_DA 16.0 Mi disk1s20 21: CD_DA 26.8 Mi disk1s21 22: CD_DA 18.8 Mi disk1s22 23: CD_DA 21.7 Mi disk1s23 24: CD_DA 14.5 Mi disk1s24 25: CD_DA 22.2 Mi disk1s25 26: CD_DA 16.7 Mi disk1s26 27: CD_DA 20.9 Mi disk1s27 28: CD_DA 16.0 Mi disk1s28 29: CD_DA 20.8 Mi disk1s29 30: CD_DA 17.1 Mi disk1s30 /dev/disk2 #: TYPE NAME SIZE IDENTIFIER 0: GUID_partition_scheme *90.0 Mi disk2 1: Apple_HFS Processing 90.0 Mi disk2s1 /dev/disk3 #: TYPE NAME SIZE IDENTIFIER 0: FDisk_partition_scheme *978.5 Mi disk3 1: DOS_FAT_32 UNTITLED 978.4 Mi disk3s1 $ diskutil umount disk3 $ gzcat pfsense-embedded.img.gz | dd of=/dev/disk3 bs=16k 7665+1 records in 7665+1 records out 125587456 bytes transferred in 188.525272 secs (666157 bytes/sec)
If you are trying to install pfSense to an embedded platform other than a PC-Engines WRAP or a Soekris 45XX/48XX, the pfSense wiki may have instructions or tips to help you.
Also see Microdrive embedded installations.
Alternative way to upgrade without having to use serial console, initially configure and upload .xml file. Intended for those too lazy to connect the serialcable and configure NICs at boot like me. It works by mounting the embedded image file and overwriting the conf/config.xml file. I managed to do it in FreeBSD (*BSD i guess), and using a stunt in Mac OS X.
1. BSD users jump to step 3 get FreeBSD 6.1 vmware player image from http://www.thoughtpolice.co.uk/vmware/#freebsd6.1 2. read howto guide (use dhcp for network, and install openssh to copy files) http://www.thoughtpolice.co.uk/vmware/howto/1-minute-guide.html#freebsd6.1 3. copy and mount the unpacked images configuration partition # scp user@hostname:pfSense-*-Embedded.img.gz pfsense.img.gz # gunzip pfsense.img.gz # mkdir /mnt/pfsense # mdconfig -a -t vnode -f pfsense.img -u 0 # mount /dev/md0d /mnt/pfsense 4. copy backup.xml over existing config.xml # scp user@hostname:backup.xml /mnt/pfsense/conf/config.xml 5. unmount # umount /mnt/pfsense 6. detach and free ressources of md0 # mdconfig -d -u 0 7. pack it # bzip2 -k pfsense.img 8. copy to windows/linux and write to CF # scp pfsense.img.bz2 user@hostname: # dd if=pfsense.img of=/dev/sdc bs=16k 9. put new CF card into WRAP board and boot
1. configure the qemu environment like this: hardware tab: platform: x86 PC Hard Disk: choose the pfSense-*-Embedded.img file Network card: DO NOT choose rtl8139 (networking doesn't work anyways, but this will crash pfSense on boot) Advanced tab: Harddisk 2: choose config.xml.img QEMU arguments: -serial telnet::7890,server,nowait 2. start pfSense in Q and connect to "serial console" by doing this in Terminal.app # telnet localhost 7890 3. wait for the boot stuff to finish and enter the shell (menu 8) - mount read/write # mount -u /cf # cd /conf 4. "copy" the xml - copy to temporary file first (read from disk only works with blocksize>=512) - NOTE: count = ceil(<.xml file size in bytes> / 512) # dd if=/dev/ad1 count=95 > config2.xml - copy to targetfile - NOTE: count = <.xml file size in bytes> # dd if=config2.xml of=config.xml bs=1 count=48277 5. exit shell, reboot pfSense in Q and watch output if config.xml can be read 6. halt pfSense and exit Q "without saving PC" 7. write image to CF card
Connecting to pfSense for the first time will need to be done via minicom in Linux or Hyperterminal from Windows.
Terminal settings for the wrap are 9600 8 N 1, while the Soekris defaults to 19200 8 N 1.
You will need to configure your LAN Interface with an IP address. The LAN interface is the one next to the power cable.
You may then connect via the web interface and continue configuration of pfSense.
First connection via SSH If you would like to connect to your firewall with an SSH shell then you will need to enable SSH in the Web Gui under the System tab Advanced.