Download Installation Media

Customers who have purchased firewalls from the pfSense Store can download tuned factory installation images from their account on the pfSense Portal. The Netgate Documentation site contains specific instructions for each model, so check that site first before downloading images based on the information in this chapter.

For hardware from the pfSense store that no longer has support, or for other hardware, continue reading.

  • Navigate to www.pfsense.org in a web browser on a client PC.
  • Click Downloads.
  • Select a File Type of Install.
  • Select an Architecture:
    AMD64 (64-bit):For 64-bit x86-64 Intel or AMD hardware.
    Netgate ADI:For most of the SG-series firewalls from the pfSense Store, specifically, models which contain a USB console port on COM2.
  • Select a Platform for a 64-bit install:
    USB Memstick Installer:
     A disk image which can be written to a USB memory stick (memstick) and booted on the target hardware for installation.
    CD Image (ISO) Installer:
     To install from optical media or for use with IPMI or hypervisors which can boot from ISO images.
  • Select a Console for USB Memstick Installer images:
    VGA:Installs using a monitor and keyboard connected to the target hardware.
    Serial:Installs using a serial console on COM1 of the target hardware. This option requires a physical console port.
  • Select a Mirror that is close to the client PC geographically.
  • Click fa-download Download.
  • Copy the SHA-256 sum displayed by the page to verify the download later.

Note

To view a listing of all files on the mirror, do not select any options from the drop-down menus except for a mirror then click Download.

Tip

For older versions of pfSense software, look in the Software Archive

The file names for pfSense software version 2.4.3-RELEASE-p1 are:

USB Memstick Installer (Netgate ADI):
 pfSense-CE-memstick-ADI-2.4.3-RELEASE-amd64.img.gz
USB Memstick Installer (VGA):
 pfSense-CE-memstick-2.4.3-RELEASE-amd64.img.gz
USB Memstick Installer (Serial):
 pfSense-CE-memstick-serial-2.4.3-RELEASE-amd64.img.gz
ISO Image installer:
 pfSense-CE-2.4.3-RELEASE-amd64.iso.gz

See also

At any point in the installation if something does not go as described, check Installation Troubleshooting.

Verifying the integrity of the download

The integrity of the installer image can be verified by comparing a computed hash value of the downloaded file against a hash computed by the pfSense project when the files were originally created. The current hashes provided by the project use SHA-256.

The SHA-256 sum displayed on the download page is the best source, as it is not pulled from the same directory as the download images. A file containing the SHA-256 sum is also available on the mirrors with the same filename as the chosen installer image, but ending in .sha256.

Use the accompanying SHA-256 sum from the download site or .sha256 file to verify that the download successfully completed and is an official release of pfSense software.

Warning

The SHA-256 sums are computed against the compressed versions of the downloaded files. Compare the hash before decompressing the file.

Hash verification on Windows

Windows users can install HashTab or a similar program to view SHA-256 hashes for any given file. The generated SHA-256 hash can be compared with the SHA-256 sum from the download site or the contents of the .sha256 file from the download server. The .sha256 file is viewable in any plain text editor such as Notepad.

With HashTab installed, to check the hash of a file:

  • Right click on the downloaded file.
  • Click the File Hashes tab. HashTab will take a few moments to calculate the hash.
  • Hover the mouse over the SHA-256 hash to view the full hash.
  • Paste the SHA-256 sum from the download site or from the .sha256 file into the Hash Comparison box to automatically check if the hash matches.
  • Click Cancel to dismiss the file properties dialog without making changes.

If a SHA-256 hash is not displayed in HashTab:

  • Click Settings
  • Check the box for SHA-256
  • Click OK

Hash verification on BSD and Linux

The sha256 command comes standard on FreeBSD and many other UNIX and UNIX-like operating systems. A SHA-256 hash can be generated by running the following command from within the directory containing the downloaded file:

# sha256 pfSense-CE-memstick-ADI-2.4.3-RELEASE-amd64.img.gz

Compare the resulting hash with the SHA-256 sum displayed on the download site or the contents of the .sha256 file downloaded from the pfSense website. GNU or Linux systems provide a sha256sum command that works similarly.

Hash verification on OS X

OS X also includes the sha256 command, the same as FreeBSD, but there are also GUI applications available such as QuickHash. HashTab is also available for OS X.