Configuration

Most pfSense configuration is performed using the web-based GUI configurator (webConfigurator), or WebGUI for short. There are a few tasks that may also be performed from the console, whether it be a monitor and keyboard, over a serial port, or via SSH.

Connecting to the WebGUI

In order to reach the WebGUI, connect with a web browser from a computer connected to the LAN. This computer may be directly connected with a network cable or connected to the same switch as the LAN interface of the firewall. By default, the LAN IP address of a new pfSense system is 192.168.1.1 with a /24 mask (255.255.255.0), and there is also a DHCP server running. If the computer is set to use DHCP, it should obtain an address in the LAN subnet automatically. Then open a browser and navigate to https://192.168.1.1.

Warning

If the default LAN subnet conflicts with the WAN subnet, the LAN subnet must be changed before connecting it to the rest of the network.

The LAN IP address may be changed and DHCP may be disabled using the console:

  • Open the console (VGA, serial, or using SSH from another interface)
  • Choose option 2 from the console menu
  • Enter the new LAN IP address, subnet mask, and specify whether or not to enable DHCP.
  • Enter the starting and ending address of the DHCP pool if DHCP is enabled. This can be any range inside the given subnet.

Note

When assigning a new LAN IP address, it cannot be in the same subnet as the WAN or any other active interface. If there are other devices already present on the LAN subnet, it also cannot be set to the same IP address as an existing host.

If the DHCP server is disabled, client computers on LAN must have an IP address in the pfSense LAN subnet statically configured, such as 192.168.1.5, with a subnet mask that matches the one given to pfSense, such as 255.255.255.0.

Once the computer is connected to the same LAN as pfSense, navigate to the firewall LAN IP address. The GUI listens on HTTPS by default, but if the browser attempts to connect using HTTP, it will be redirect by the firewall to the HTTPS port instead. To access the GUI directly without the redirect, use https://192.168.1.1.

When loading the WebGUI, the firewall first presents a login page. On this page, enter the default credentials:

username:admin
password:pfsense