Training: pfSense Introduction
Training Module: Phase 1, Day 1 — Introduction to pfSense Plus. Based on Netgate FUND001-LIVE-SLIDE-SEG1.
Learning Objectives
By the end of this module, you will be able to:
- Explain what pfSense Plus is and its core value proposition
- Describe the project history and difference between pfSense CE and pfSense Plus
- Identify supported platforms and hardware requirements
- Perform initial setup using the web-based setup wizard
- Create and restore configuration backups
- Understand upgrade procedures and risks
What is pfSense Plus?
pfSense Plus is a commercial, FreeBSD-based network firewall and routing platform developed by Netgate. It ties together multiple open-source networking components into a unified, entirely web-managed system.
Key Characteristics:
- FreeBSD-based — Uses the same trusted OS platform as Juniper, NetApp, Citrix, and Netflix
- Web-managed — Complete configuration through a browser-based GUI; no CLI required for day-to-day tasks
- Feature-rich — Richer feature set than most commercial firewalls at a fraction of the cost
- Open source core — Built on open-source components (pf, OpenVPN, WireGuard, etc.) made easy to use
Project History
| Year | Milestone |
|---|---|
| 2004 | Project started as a fork of m0n0wall |
| Feb 2008 | pfSense 1.2 released (FreeBSD 6.2) |
| Sept 2011 | pfSense 2.0 released (FreeBSD 8.1) |
| Oct 2017 | pfSense 2.4 released (FreeBSD 11.1) |
| Feb 2021 | pfSense Plus 21.02 forks from pfSense CE; commercial-only; adds WireGuard |
pfSense Plus vs pfSense CE:
- pfSense Plus — Commercial license; available on Netgate hardware or Home+Lab (non-commercial); receives updates first
- pfSense CE — Community Edition; open source; free for all uses
Platforms & Hardware
Installation Media:
- Full installer (CD or USB memstick)
- 64-bit only
- No Live CD or NanoBSD (deprecated)
Hardware Options:
- Netgate Official Hardware — Pre-installed, pre-configured, fully optimized
- DIY/Custom Build — Check compatibility list at docs.netgate.com
- Home+Lab Edition — Free for non-commercial use; available from pfsense.org
Key hardware considerations:
- CPU selection (AES-NI support recommended for VPN performance)
- NIC quality and driver support (Intel i210/i350 preferred)
- RAM (1 GB minimum; 2+ GB for packages/VPN)
- Storage (SSD recommended; 8 GB minimum)
Initial Setup
Default LAN configuration:
- LAN IP: 192.168.1.1/24
- DHCP server enabled on LAN
- Web interface: https://192.168.1.1
- Default credentials: admin / pfsense
Setup Wizard steps:
- Connect to LAN port; obtain DHCP address
- Browse to https://192.168.1.1
- Log in with default credentials
- Complete wizard: General Info → Time Server → WAN Config → LAN Config → Admin Password → Reload
Important: Always change the default admin password in production.
Configuration Backup & Restore
Why back up?
- Hardware failure recovery
- Pre-upgrade safety net
- Configuration migration to new hardware
- Rollback after misconfiguration
Backup methods:
| Method | Location | Retention | Notes |
|---|---|---|---|
| Manual download | Diagnostics → Backup/Restore | N/A (local file) | Full config.xml download |
| Config History | Diagnostics → Backup/Restore → Config History | 30 revisions (configurable) | Local to device |
| AutoConfigBackup (ACB) | Services → AutoConfigBackup | 100 revisions | Cloud backup; encrypted |
Backup best practices:
- Always backup before upgrades
- Store encryption password and Device ID safely (for ACB)
- Never restore to an older pfSense version; only equal or newer
- When restoring to different hardware, interface assignments will differ
Console restore (emergency):
- Option 15 at console menu — "Restore recent configuration"
- Useful when web interface is unreachable
- May require reboot after restore
Upgrades
Pre-upgrade checklist:
- Create configuration backup
- Read release notes
- Check upgrade guide at docs.netgate.com
- Verify auto-upgrade URL (for Plus)
Upgrade methods:
- Auto-Update — Web GUI: System → Update
- Console Update — Option 13 at console menu
Upgrade risks (rare but possible):
- Hardware failure during reboot
- Package complications
- Hardware-specific regressions
- Dependency on bug fixes from current version
Key Takeaways
- pfSense Plus is commercial-only; Home+Lab available for non-commercial use
- Always check hardware compatibility before DIY builds
- Backup before every upgrade — non-negotiable
- Restore only to equal or newer versions
- Use AutoConfigBackup for offsite, encrypted cloud backups
- Keep encryption password and Device ID in a safe place
Quiz (Self-Check)
- What operating system is pfSense Plus based on?
- What is the difference between pfSense Plus and pfSense CE?
- Why should you avoid restoring a backup to an older pfSense version?
- Where do you find the Config History feature?
- What two pieces of information must you save when using AutoConfigBackup?
Next Module
- Training: Interfaces and Firewall Rules — Phase 1, Day 2–3
- Training Lab 1: Introduction and Backup Restore — Hands-on lab
Source: Netgate FUND001-LIVE-SLIDE-SEG1-INTRO.pdf