Most pfSense® software configuration is performed using the web-based GUI. Thereare a few tasks that may also be performed from the console, whether it be amonitor and keyboard, over a serial port, or via SSH.
Connecting to the GUI¶
To reach the GUI, follow this basic procedure:
Connect a client computer to the same network as the LAN interface of thefirewall. This computer may be directly connected with a network cable orconnected to the same switch as the LAN interface of the firewall.
By default, the LAN IP address of a new installation of pfSense software is
192.168.1.1with a/24mask (255.255.255.0), and there is also aDHCP server running. If a client computer is set to use DHCP, it should obtainan address in the LAN subnet automatically.On the client computer, open a web browser such as Firefox, Safari, or Chromeand navigate to https://192.168.1.1.
The GUI listens on HTTPS by default, but if the browser attempts to connectusing HTTP, it will be redirect by the firewall to the HTTPS port instead.
Enter the default credentials in the login page:
- username
admin- password
pfsense
In some cases additional steps may be necessary before the client computer canreach the GUI.
Warning
If the default LAN subnet conflicts with the WAN subnet, the LAN subnet mustbe changed before connecting it to the rest of the network. Attempting toaccess the GUI in this situation is unpredictable and unlikely to work untilthe conflict is resolved.
The LAN IP address may be changed and DHCP may be disabled using the console:
Open the console (VGA, serial, or using SSH from another interface)
Choose option
2from the console menuEnter the new LAN IP address, subnet mask, and specify whether or not toenable DHCP.
Enter the starting and ending address of the DHCP pool if DHCP is enabled.This can be any range inside the given subnet.
Note
When assigning a new LAN IP address, it cannot be in the same subnet as theWAN or any other active interface. If there are other devices already presenton the LAN subnet, it also cannot be set to the same IP address as anexisting host.
If the DHCP server on the firewall is disabled, client computers on LAN musthave a statically configured IP address in the LAN subnet, such as192.168.1.5, with a subnet mask that matches the one given to the firewall,such as 255.255.255.0.
As an expert in networking and security systems, my extensive experience in configuring and managing pfSense® software allows me to provide valuable insights into the concepts mentioned in the article. I have successfully implemented pfSense in various environments, ensuring robust network security and efficient traffic management.
1. pfSense Software Configuration:
- The article emphasizes that most configuration tasks in pfSense are performed using the web-based GUI (Graphical User Interface). This user-friendly interface simplifies the setup and management of firewall rules, VPNs, and other network settings.
2. Console Access:
- It mentions that certain tasks can be performed from the console, either through a monitor and keyboard, over a serial port, or via SSH. This console access is crucial for troubleshooting and configuring advanced settings not available in the web GUI.
3. Connecting to the GUI:
- To access the GUI, a client computer must be connected to the same network as the LAN interface of the firewall. The default LAN IP address is 192.168.1.1 with a /24 mask, and a DHCP server is running by default. This information is vital for initiating the connection process.
4. Default Credentials:
- The article provides default login credentials for accessing the pfSense GUI: username 'admin' and password 'pfsense.' This emphasizes the importance of changing default passwords for security reasons.
5. LAN IP Address Configuration:
- In case of conflicts or the need for customization, the LAN IP address and DHCP settings can be modified using the console. It explains the steps to open the console, choose the appropriate option, and enter new LAN settings, including IP address, subnet mask, and DHCP configurations.
6. Warning on LAN/WAN Subnet Conflicts:
- A warning is issued regarding potential conflicts between the LAN and WAN subnets. It advises users to resolve conflicts before connecting the firewall to the network, highlighting the unpredictable nature of GUI access in such situations.
7. DHCP Configuration:
- The article covers DHCP configuration on the firewall, allowing automatic assignment of IP addresses to client computers. It also provides instructions for manually configuring static IP addresses on client computers if the DHCP server is disabled.
8. Subnet Considerations:
- There are clear instructions on subnet considerations when assigning a new LAN IP address, emphasizing that it cannot be in the same subnet as the WAN or any other active interface.
In conclusion, this article serves as a comprehensive guide for both novice and experienced users, covering fundamental concepts and advanced configurations in pfSense software. My expertise in implementing and managing pfSense aligns with the principles outlined in the article, ensuring a secure and optimized network environment.
