Installing Pfsense 2.5.1 From USB using Rufus Tool | Easy Guide | 2021

A quick answer to Installing Pfsense from USB? is to go to the Pfsense download site, select the latest Pfsense version, which is right now 2.5.1, select architecture, installer type, console, nearest location, and then select the Download button. After this, download the Rufus USB tool and prepare a Pfsense bootable USB. After this, insert this USB into a target machine and boot this machine from USB. Once you can boot from USB then Pfsense Installation will begin. Let us now understand and execute these steps in detail.

Brief info about 2.5.1 Pfsense release

The Pfsense 2.5.1 is the best release to install, as it has overcome various bugs/issues experienced in the previous releases and the install size is so small that it can fit into any USB. Although you can get more detail on issues on the Pfsense official site here is a brief info about fixed issues.

• Fixed issues with IPv6 Dhcp, VTI Interfaces, Mobile IPSEC DNS Server, Router Advertisements, Packets MSS value
• Fixed Issues for IPv4 Ca Certs, Switch Uplinks Interface status, Wan firewall rules, Alias Tables, SSH Authentication, and many more.

Pfsense hardware requirements

There is a lot of debate on what hardware should be used or shouldn’t be used, but this is not in the scope of this article, however, here is the minimum and recommended requirements that may help you to build your own machine.

Mnimum:

• CPU – 500 Mhz
• RAM – 512 MB

Recommended:

• CPU – 1 GHz
• RAM – 1 GB

The Pfsense firewall software is a beauty when it comes to installing on hardware, you may either, choose an old forgotten desktop for home Setup, or you may look for a workstation or the beefiest hardware to set up for a small to medium organization.

When deciding on any machine just make sure it has two NICs (Lan Cards) or at least supports multiple LAN Cards. This is because, while installing Pfsense, one LAN Card will be used for WAN (Internet) traffic, while the other will be used for LAN or private traffic. You can still use a machine that supports only one LAN card but for this, you will need to configure VLANs, and configuring VLANs is not in the scope of this Article.

Downloading Pfsense 2.5.1

in order to download Pfsense, just go to the Pfsense official download page, then the latest version is already selected, which at the time of writing this article is 2.5.1. Select Architecture as AMD 64bit, Select Installer as USB Memstick Installer, Select console to be VGA, Select Mirror to be your nearest location e.g Frankfurt, Germany or Newyork City, USA, etc. After this select, the Download button, and your download will begin.

Create A Pfsense Bootable USB With Rufus Tool

Once our Pfsense image is downloaded then we will download a windows tool called Rufus. This tool will help us make a Pfsense bootable USB, and later we will install Pfsense on our target machine by booting from this USB.

I have read many forums before using Rufus Tool, In the forums, a lot of people are complaining that their Pfsense USB is not booting, in this case, the Rufus tool is the best tool for creating bootable Pfsense USB. I have tested it with multiple hardware and found the installation to be successful further, I have mentioned a few solutions to known Installation related problems at bottom of this post.

I am using a windows machine to create a bootable USB, so I will be downloading the Rufus tool for windows. Here is a good read if you are using Mac or Linux to create bootable USB installation media.

Having Problems? Here is more for further assistance.

If you are using a windows machine then Rufus will download it into your windows Downloads folder. The Pfsense downloaded image is hardly under 500 MB so any 8 GB USB device will do.

Just insert the USB device into your windows machine and open the Rufus program. Once the program is opened then Select the Pfsense Image from the Downloads folder.

Once the image is selected the Rufus tool will auto-select some settings for you, which is further discussed.

Once the Pfsense image is selected then the Pfsense will auto-update the following settings, Partition scheme as MBR, Target system as BIOS (or UEFI-CSM), and File System as FAT32 (Default). It is important to note that there are some old machines that do not support the UEFI system, but this auto-selection will work for both, older and newer ones in most cases.

Once the Image is selected then just press the START button, this will firstly, make the selected USB device bootable and then copy the necessary Pfsense installation files on it.

Since the Pfsense install image is just under 500MB then writing the image to USB should take under 5 minutes but again that depends on your system speed. Once the image is written to the USB then close the Rufus wizard.

Run the Pfsense Installation Setup from the USB

Now that our Pfsense bootable USB is ready, it’s time to boot our targeted Pfsense machine from it. To install Pfsense from USB, we need to select “Boot from USB” from the machine’s boot menu at the machine startup time or if this option is not available then we need to enter the Bios setup and reach the boot order and select “Boot from the USB” as the first option.

I am using an old dell pc and I can access its boot menu using the F12 key and I can also enter the BIOS setup using the F2 key. You may be using a different brand such as HP, Lenovo, or others, so just follow your machine’s manual accordingly.

So once you are able to boot from Pfsense Bootable USB then you will see a copyright and distribution notice screen.

Just Accept the notice, After this, you will be presented with a Welcome screen, and by default, Install Pfsense is selected, so just press Ok to start the installation.

Next, just select the default standard Us keyboard unless using a non-standard keyboard.

Next, you will see the partition screen.

Here you will be asked to Erase the entire disk, and Pfsense will select a hard disk partition other than your USB device so select Entire Disk.

After this, it will default select GPT so press OK.

After this, you need to enter the Partitioning Information, for this just select the default selected option which can be Auto UFS BIOS (Legacy BIOS) or it can be Auto (UFS) UEFI. After you select Ok you will be presented with the following screen.

After this, it will display the Partition Editor Screen with the default Partition selected.

So if all looks ok to you, then press Finish then select Commit to start the installation.

Since the Installation File is just under 500MB, the installation doesn’t take much time to complete, mine hardly took under 5 minutes.

Once the installation is complete the last prompt asks you to enter any shell information (CMD Line Information), but if you are installing Pfsense for the first time then selecting NO will suffice.

After selecting NO, you will be asked to reboot your Pfsense firewall, so just take the USB Device out of your system and then select reboot.

Once we are done with installing Pfsense from USB, it is time to access its web interface so that we can further configure our firewall. To do this, first, we need to make sure that our firewall has LAN and WAN Access, and then we can access our firewall’s web interface on its LAN address. Assuming, that you have inserted both Lan and Wan Cable in your Pfsense firewall, then after the reboot, you will see the following screen.

Having Problems? Here is more for further assistance.

As shown, on the screen there are two interfaces namely Wan and LAN, by default, Pfsense selects the first machine interface as the wan interface and the second as the LAN interface. let me discuss these settings a little bit more with the help of the underneath network diagram.

The following screen shows a general home network topology. You may be using an internet device such as a router or modem and this wan device has DHCP enabled. In this case, when a cable is attached from your wan device to your Pfsense wan interface, then your Pfsense wan interface will get an IP address through DHCP, and this will enable your Pfsense firewall to reach the Internet.

The Pfsense LAN interface by default has an IP address 192.168.1.1 and has a DHCP server enabled. If you have a similar network topology then any device, such as your laptop or pc connected to the LAN switch will get an IP address through DHCP from the Pfsense LAN interface.

Assuming that Pfsense has allocated an IP address to the user device through DHCP, Let us then open the Pfsense web interface. For this just enter the default Pfsense LAN IP address, 192.168.1.1.

Initial Setup Pfsense, Using Web Interface (Web GUI)

Now that we are able to boot and install Pfsense from USB then is time to access the Pfsense web Interface, just type 192.168.1.1 on your web browser then it will open the Pfsense login page for you, you may get a warning page before the Pfsense login page, so just proceed without worry. After this enter the default username and password, the Pfsense default username is admin and the password is Pfsense. Here is a good future read for you, if you need to remote access the Pfsense web interface from wan.

Let us start changing the default password to something strong, so follow the screenshots below.

Once you have access to Pfsense login page, then enter the default username and password.

Next, you will see the welcome screen, so just select Next. After this you will see the Netgate® Global Support page, if you are looking for a subscription then select Learn more, else just select Next.

After this you will be presented with General Information Page, Just select a suitable hostname and domain and then select Next.

After this, the Time Server information page is presented, Pfsense already chooses the best time server for you, but you may need to choose a different timezone, the default is Etc/UTC.

After this, Configure WAN Interface Page is shown, If your Wan interface gets an IP address automatically through DHCP, then choose WAN Selected Type as DHCP. If you need to statically assign an IP address then choose Selected Type as Static and type in the related settings, after this scroll down and select Next.

After this you will see Configure LAN Interface page, By default, Pfsense enables DHCP server on the LAN interface, so just adjust the IP address and the subnet mask according to your need, or else, If you are happy with the default settings then hit the Next button.

Next, you will see the Set Admin WebGUI Password page, just type a strong password which will overwrite the default Pfsense password. After this, retype the new password again, and then Hit the Next button.

Next, you will be asked to reload so just select the Reload button, then it will reload Pfsense. And lastly, it will show Wizard completed Page, so now just press the Finish button.

After you press the Finish button, this will take you to the pfsense Dashboard page. If you get into any trouble booting from the USB or installing pfsense from USB, then check the last section for help.

Having Problems? Here is more for further assistance.

Troubleshooting, In case Pfsense won’t boot from a USB

Installing Pfsense from USB is very easy and simple, but sometimes, while preparing your USB device to be bootable, you may miss a few important details, which are discussed below.

• You may be using a UEFI-supported system, while you have created a non-UEFI/MBR Image that supports only legacy BIOS.
• Your system may support only legacy Bios that do not support UEFI, in this case, you may not able to boot the Pfsense Setup from USB, the workaround is to use the Rufus Tool with Partition Scheme as MBR and Target System as BIOS.
• You may try to create a bootable USB using software other than Rufus, such is the case with Unetbootin software, many people complained that their USB boot doesn’t work.

My final thoughts on installing the Pfsense from USB are, whenever you are stuck with booting from the Pfsense bootable USB, always look for Partition Scheme, most of the time, its is about UEFI or Legacy, so good luck.