pfSense Documentation - Configuration and Administration Guides
pfSense Documentation - Configuration and Administration Guides
Guides for installing, configuring, and administering pfSense. Written for experienced network administrators, including those migrating from Cisco ASA, FortiGate, and MikroTik.
Sections
Installation and Upgrading
- System Requirements - minimum and recommended hardware, virtualization compatibility
- Installation Guide - step-by-step installation from media preparation to initial setup
- Upgrading pfSense - version upgrades, backup, and rollback procedures
Firewall
- Firewall Rules - rule creation, processing order, floating rules, state tracking
- Aliases - grouping hosts, networks, ports, and URL tables
- Schedules - time-based rule activation and deactivation
- Best Practices - rule organization, common mistakes, migration from other platforms
NAT
- Port Forwarding - redirecting inbound traffic to internal servers
- 1:1 NAT - bidirectional static address translation
- Outbound NAT - automatic, hybrid, and manual modes
VPN
- IPsec Site-to-Site - inter-site tunnels, connecting to third-party equipment
- IPsec Mobile Clients - IKEv2 VPN for Windows, macOS, iOS, and Android
- IPsec Troubleshooting - log analysis, common Phase 1 and Phase 2 errors
- OpenVPN Remote Access - VPN server for remote workers
- OpenVPN Site-to-Site - SSL VPN tunnels between offices
- OpenVPN Client Export - generating client configs and installers
- WireGuard VPN - tunnel setup and client configuration
Routing and Networking
- Static Routes - configuring static routes and gateways
- Policy Routing - policy-based routing through firewall rules
- VLANs - creating VLANs, trunk configuration, and inter-VLAN routing
- Multi-WAN Load Balancing - distributing traffic across ISPs
- Multi-WAN Failover - automatic switchover on link failure
High Availability
- CARP and Virtual IPs - HA cluster with CARP
- Configuration Sync - XMLRPC sync and pfsync between nodes
- Failover Scenarios - designing HA clusters for different topologies
Traffic Management
- Limiters - per-IP and per-subnet bandwidth limiting
- Traffic Shaper Wizard - QoS setup via wizards and manual configuration
Services
- DHCP Server - DHCP server configuration, static mappings, and DHCP Relay
- DNS (Resolver and Forwarder) - Unbound DNS Resolver, DNS Forwarder, and host overrides
- Dynamic DNS - updating DNS records with dynamic WAN addresses
- NTP Server - time synchronization for network devices
Management and Security
- Certificates - CA management, certificates, and ACME/Let’s Encrypt
- Users and Authentication - local users, LDAP, RADIUS
- Backup and Recovery - configuration backup, restore, and AutoConfigBackup
Monitoring
- Monitoring Graphs - RRD graphs, traffic, system resources
- System Logs - log management, remote syslog, filtering
- Diagnostics Tools - ping, traceroute, packet capture, pfInfo
Packages and Extensions
- Package Management - installing, updating, and removing packages
- Suricata IDS/IPS - intrusion detection and prevention system
- pfBlockerNG - IP and DNS blocking, GeoIP filtering
- HAProxy - reverse proxy and load balancing
Network Interfaces and Protocols
- Interface Types - PPPoE, GRE, GIF, LAGG, QinQ, and wireless
- Bridging - network bridges and transparent firewall
- Captive Portal - authentication portal for guest networks
- IPv6 - IPv6 configuration, dual-stack, DHCPv6, SLAAC, and NPt
Virtualization and Operations
- Virtualization - ESXi, Proxmox, Hyper-V, KVM, and cloud platforms
- Troubleshooting - systematic diagnostics and common issue resolution
- Configuration Recipes - ready-made scenarios for common tasks
System Configuration
- General Settings - hostname, DNS, timezone, UI theme
- Advanced Settings - Admin Access, Firewall/NAT, networking, notifications
- Console Access - console, SSH, access recovery
- Wireless - access point, WPA2/WPA3, multiple SSIDs
Development and Automation
- API and Automation - REST API, Ansible, Terraform, xmlrpc
- Custom Scripts - shellcmd, cron, PHP scripts, startup commands
- Package Development - package structure, XML manifest, FreeBSD ports
- Building pfSense - building from source, System Patches, pull requests
Reference Materials
- Menu Guide - complete web GUI menu reference
- Glossary of Terms - networking and pfSense-specific terminology
- VPN Recipes - IPsec with Cisco/AWS/Azure, OpenVPN with AD, WireGuard
- Network Recipes - VLAN isolation, proxy, IPv6, LAGG
- Security Recipes - hardening, 2FA, IDS/IPS, PCI DSS, CIS
- Service Recipes - HAProxy, SNMP, NetFlow, captive portal
Integrations
- Monitoring pfSense with Wazuh - configuring Wazuh Agent in pfSense for Yandex Cloud or VK Cloud
- pfSense Packages and ISOs - binary package repository and ISOs mirror
Last updated on