pfSense General Settings - System General Setup
The System > General Setup page contains foundational parameters for system identification, name resolution, and localization. All settings on this page take effect immediately upon saving, with the exception of the timezone, which requires a reboot for full activation. Configuring these parameters is typically one of the first steps after installing pfSense .
Hostname and Domain
The hostname and domain fields together form the fully qualified domain name (FQDN) of the firewall. This FQDN appears in log entries, DHCP responses, certificates, and system notifications.
Hostname
The short name identifying the device. Allowed characters are Latin letters, digits, and hyphens. The name must begin with a letter.
Examples of well-formed hostnames:
| Scenario | Hostname |
|---|---|
| Single firewall | firewall |
| Headquarters | hq-fw |
| Numbered branch office | branch-02 |
| HA cluster, node A | fw-node-a |
Domain
The network domain name where the firewall operates. Organizations without a registered domain should use the <identifier>.home.arpa format per RFC 8375, for example office.home.arpa.
Avoid using .local as the top-level domain (reserved for mDNS by RFC 6762) or .lan (not standardized and may conflict with future TLD allocations).
Where the FQDN Is Used
The FQDN constructed from hostname and domain appears in the following components:
- Subject CN in the automatically generated web GUI certificate
- DHCP server distributes the domain to clients as a search domain
- System logs identify the source of entries by hostname
- Email notifications include the FQDN in the From header
DNS Server Configuration
The DNS Servers section defines the external name resolution servers used by the firewall itself and, optionally, by network clients.
Adding DNS Servers
Each DNS server entry consists of three fields:
| Field | Purpose |
|---|---|
| Address | IP address of the DNS server |
| Hostname | Server FQDN for certificate validation when using DNS-over-TLS |
| Gateway | Routing gateway for queries to this server (essential for Multi-WAN setups) |
When the DNS Resolver operates in its default mode (recursive resolver), the DNS server fields can be left empty. The resolver will perform recursive queries directly against root name servers.
DNS Resolution Behavior
The DNS Resolution Behavior setting controls the priority between the local DNS service (DNS Resolver or DNS Forwarder) and external servers:
| Mode | Description | Use Case |
|---|---|---|
| Use Local DNS, fall back to remote | Queries go to 127.0.0.1 first; on failure, to external servers | Default; suitable for most deployments |
| Use Local DNS, ignore remote | Local resolver only; external servers ignored entirely | When all DNS traffic must pass through the resolver |
| Use remote DNS, ignore local | Direct queries to external servers | Troubleshooting local DNS issues |
DNS Server Override
The Allow DNS server list to be overridden by DHCP/PPPoE on WAN flag controls whether DNS servers received dynamically from an ISP via DHCP or PPPoE on the WAN interface can replace manually configured servers.
Configuration guidance:
- Enabled (default) - acceptable for home networks and small offices where ISP DNS is the primary resolver
- Disabled - recommended for enterprise environments using internal DNS servers or DNS filtering (for example, via pfBlockerNG )
Recommended DNS Configurations
Recursive resolver (maximum privacy):
In this mode the DNS Resolver operates as a full recursive resolver and does not forward queries to third parties. The DNS server fields remain empty. This approach suits organizations where DNS query confidentiality is a priority.
Forwarder with DNS-over-TLS (privacy and performance balance):
The DNS Resolver is set to forwarding mode with DNS-over-TLS enabled. Public resolvers supporting DoT are entered as DNS servers:
| Provider | IP Address | TLS Hostname |
|---|---|---|
| Cloudflare | 1.1.1.1 | one.one.one.one |
| Cloudflare | 1.0.0.1 | one.one.one.one |
| 8.8.8.8 | dns.google | |
| Quad9 | 9.9.9.9 | dns.quad9.net |
Multi-WAN with gateway binding:
In configurations with multiple WAN interfaces, each DNS server must be bound to the gateway of the corresponding interface. This ensures DNS queries are routed through the correct link, which is essential for proper Multi-WAN operation.
Localization
Timezone
The Timezone setting determines the time zone for system logs, firewall rule schedules, and time display in the web GUI. Select from geographically named zones (for example, Europe/London, America/New_York) or UTC.
After changing the timezone, a reboot is recommended for full activation. Without a reboot, some services may continue using the previous timezone setting.
Time Servers
The Time Servers field accepts NTP server addresses separated by spaces. The default value is 2.pfsense.pool.ntp.org. For enterprise environments, use internal NTP servers or geographically close pools:
0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.orgAccurate time synchronization is critical for the correct operation of:
- Log timestamps (required for event correlation in SIEM systems )
- Schedule-based firewall rules
- TLS certificate validation
- Authentication protocols (Kerberos, TOTP)
GUI Language
The Language setting selects the web interface language. pfSense supports several languages including English (default), Portuguese, Turkish, and others. Translation quality varies across languages, so English is recommended for professional use.
Web Interface Settings
The webConfigurator section configures the appearance and behavior of the graphical management interface.
Theme
The Theme setting controls the visual appearance of the interface. Available themes affect presentation only and do not alter functionality. The default theme is pfSense (dark navigation bar with white content background).
Navigation
| Setting | Values | Description |
|---|---|---|
| Top Navigation | Scrolls with page / Fixed | Behavior of the top bar during scrolling. Fixed may cause issues on small screens |
| Hostname in Menu | None / Hostname / FQDN | Displays the device identity in the navigation bar |
| Dashboard Columns | 1-4 | Number of columns on the dashboard. Default is 2 |
Interface Sorting
The Interfaces Sort setting determines the display order of interfaces in menus and the dashboard:
- Default - order follows the configuration (WAN, LAN, OPT1, OPT2…)
- Alphabetical - interfaces sorted by name, useful for deployments with many interfaces
Additional Display Options
| Setting | Description |
|---|---|
| Associated Panels Show/Hide | Controls visibility of auxiliary panels (widgets, log filters, monitoring settings) |
| Left Column Labels | Toggles text label display in the left column of forms |
| Alias Popups | Shows alias contents on hover within firewall rules |
| Drag and Drop | Enables drag-and-drop for reordering firewall rules |
| Login Page Color | Customizes the color scheme of the authentication page |
| Login Hostname | Displays the hostname on the login page |
Saving Changes
After making changes, click the Save button at the bottom of the page. Most settings take effect immediately. Exceptions include:
- Timezone - reboot recommended for full activation
- Hostname/domain changes - may require certificate regeneration if the CN is tied to the FQDN
To continue configuring the system, proceed to Advanced Settings , which covers administrator access, firewall optimization, and network stack tuning.