Jump to content

Training: pfSense Introduction

From MediawikiCIT
Revision as of 06:50, 23 April 2026 by Justinaquino (talk | contribs) (Convert FUND001 SEG1 Introduction slides to wiki training module)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Training Module: Phase 1, Day 1 — Introduction to pfSense Plus. Based on Netgate FUND001-LIVE-SLIDE-SEG1.

Learning Objectives

By the end of this module, you will be able to:

  • Explain what pfSense Plus is and its core value proposition
  • Describe the project history and difference between pfSense CE and pfSense Plus
  • Identify supported platforms and hardware requirements
  • Perform initial setup using the web-based setup wizard
  • Create and restore configuration backups
  • Understand upgrade procedures and risks

What is pfSense Plus?

pfSense Plus is a commercial, FreeBSD-based network firewall and routing platform developed by Netgate. It ties together multiple open-source networking components into a unified, entirely web-managed system.

Key Characteristics:

  • FreeBSD-based — Uses the same trusted OS platform as Juniper, NetApp, Citrix, and Netflix
  • Web-managed — Complete configuration through a browser-based GUI; no CLI required for day-to-day tasks
  • Feature-rich — Richer feature set than most commercial firewalls at a fraction of the cost
  • Open source core — Built on open-source components (pf, OpenVPN, WireGuard, etc.) made easy to use

Project History

Year Milestone
2004 Project started as a fork of m0n0wall
Feb 2008 pfSense 1.2 released (FreeBSD 6.2)
Sept 2011 pfSense 2.0 released (FreeBSD 8.1)
Oct 2017 pfSense 2.4 released (FreeBSD 11.1)
Feb 2021 pfSense Plus 21.02 forks from pfSense CE; commercial-only; adds WireGuard

pfSense Plus vs pfSense CE:

  • pfSense Plus — Commercial license; available on Netgate hardware or Home+Lab (non-commercial); receives updates first
  • pfSense CE — Community Edition; open source; free for all uses

Platforms & Hardware

Installation Media:

  • Full installer (CD or USB memstick)
  • 64-bit only
  • No Live CD or NanoBSD (deprecated)

Hardware Options:

  1. Netgate Official Hardware — Pre-installed, pre-configured, fully optimized
  2. DIY/Custom Build — Check compatibility list at docs.netgate.com
  3. Home+Lab Edition — Free for non-commercial use; available from pfsense.org

Key hardware considerations:

  • CPU selection (AES-NI support recommended for VPN performance)
  • NIC quality and driver support (Intel i210/i350 preferred)
  • RAM (1 GB minimum; 2+ GB for packages/VPN)
  • Storage (SSD recommended; 8 GB minimum)

Initial Setup

Default LAN configuration:

  • LAN IP: 192.168.1.1/24
  • DHCP server enabled on LAN
  • Web interface: https://192.168.1.1
  • Default credentials: admin / pfsense

Setup Wizard steps:

  1. Connect to LAN port; obtain DHCP address
  2. Browse to https://192.168.1.1
  3. Log in with default credentials
  4. Complete wizard: General Info → Time Server → WAN Config → LAN Config → Admin Password → Reload

Important: Always change the default admin password in production.

Configuration Backup & Restore

Why back up?

  • Hardware failure recovery
  • Pre-upgrade safety net
  • Configuration migration to new hardware
  • Rollback after misconfiguration

Backup methods:

Method Location Retention Notes
Manual download Diagnostics → Backup/Restore N/A (local file) Full config.xml download
Config History Diagnostics → Backup/Restore → Config History 30 revisions (configurable) Local to device
AutoConfigBackup (ACB) Services → AutoConfigBackup 100 revisions Cloud backup; encrypted

Backup best practices:

  • Always backup before upgrades
  • Store encryption password and Device ID safely (for ACB)
  • Never restore to an older pfSense version; only equal or newer
  • When restoring to different hardware, interface assignments will differ

Console restore (emergency):

  • Option 15 at console menu — "Restore recent configuration"
  • Useful when web interface is unreachable
  • May require reboot after restore

Upgrades

Pre-upgrade checklist:

  1. Create configuration backup
  2. Read release notes
  3. Check upgrade guide at docs.netgate.com
  4. Verify auto-upgrade URL (for Plus)

Upgrade methods:

  • Auto-Update — Web GUI: System → Update
  • Console Update — Option 13 at console menu

Upgrade risks (rare but possible):

  • Hardware failure during reboot
  • Package complications
  • Hardware-specific regressions
  • Dependency on bug fixes from current version

Key Takeaways

  • pfSense Plus is commercial-only; Home+Lab available for non-commercial use
  • Always check hardware compatibility before DIY builds
  • Backup before every upgrade — non-negotiable
  • Restore only to equal or newer versions
  • Use AutoConfigBackup for offsite, encrypted cloud backups
  • Keep encryption password and Device ID in a safe place

Quiz (Self-Check)

  1. What operating system is pfSense Plus based on?
  2. What is the difference between pfSense Plus and pfSense CE?
  3. Why should you avoid restoring a backup to an older pfSense version?
  4. Where do you find the Config History feature?
  5. What two pieces of information must you save when using AutoConfigBackup?

Next Module

Source: Netgate FUND001-LIVE-SLIDE-SEG1-INTRO.pdf

Retrieved from "https://mediawiki.comfac.net/index.php?title=Training:_pfSense_Introduction&oldid=225"