Note: pfSense® CE is open source software developed for the benefit of the community. If you are using pfSense® CE with the Vault, please consider supporting the pfSense project. https://www.pfsense.org/get-involved
pfSense® CE is an open source network security solution that has been successfully installed on all of the Vault platforms. The pfSense® CE home page is at https://www.pfsense.org. Protectli recommends upgrading to the latest stable version of all application software. If there is an existing version of pfSense® on the Vault, it can be upgraded to version 2.4.1 from the Dashboard of pfSense® CE.
To either install or re-install a fresh instance of pfSense® CE onto the Vault, there is a relatively straight forward process that is very similar to installing any operating system onto any computer.
- Obtain the installation image
- Download software to transfer the installation image to a USB drive
- Install the new image
There are a few steps along the way that I’ll highlight so as to make sure that the process is very clear
Note: If using the Vault FW1x, FW2x, or FW4x, be sure to use a USB stick and the USB keyboard with a plug that is relatively skinny. The 2 USB ports on the Vault are very close to each other and if either the USB stick or the USB keyboard plug is too wide, you will not be able to plug both in at the same time, which will prevent you from doing the installation.
Obtain the Installation Image and Uncompress it
The pfSense® CE installation image (IMG) can be downloaded from https://www.pfsense.org/download/. The same image can be used to install pfSense® CE on any of the Vault platforms. It is important to choose the correct options when downloading the image including “File Type”, Architecture”, “Platform”, and “Console.” The proper selections are as follows and shown in the screenshot below:
File Type: Install
Architecture: AMD64 (64 bit)
Platform: USB Memstick Installer
Console: VGA or Serial as needed
Your download should begin immediately and when it is completed you should have a compressed IMG file (an example file name is: pfSense-CE-memstick-2.4.1-RELEASE-amd64.img.gz) downloaded that is ~300MB in size.
Now that the compressed image file has been downloaded, you will need to use a program like “7zip” or “winzip” to decompress the file. The resulting file should look the same, except that the file name will now end in “.img” instead of “.img.gz”.
Download software to transfer the installation image to a USB drive
The easiest way to transfer the installation image to a USB drive is by using a piece of software called “Rufus”. See this link for detailed instructions on how to create a bootable USB drive using Rufus.
Install the new image
Once the pfSense® CE installation image is properly copied to the USB drive, it is ready to be installed on the Vault. pfSense® CE is based on FreeBSD 11.1. One of the options when installing is to select the filesystem type. FreeBSD 11.1 has the option to install the ZFS filesystem. Protectli recommends installing ZFS as the type of filesystem, particularly to guard against data corruption. See https://en.wikipedia.org/wiki/ZFS for more information.
- Verify that the Vault is powered down.
- Verify that the VGA monitor or serial console is connected.
- Verify that the USB keyboard is plugged in.
- Insert the USB install drive into the other USB port on the Vault.
- While powering up the Vault, press “F11” key and hold it down until it boots to the BIOS and you see the boot options screen.
- Select the USB drive to boot from.
- Verify that the Vault boots and begins the installation process.
- Select “Install”
- Select Keyboard options
- At the filesytem prompt, select “Auto (ZFS)”
- Select “Install”
- At the ZFS configuration prompt, select “Stripe”
- Select “ada0 SSD” (hit the space bar)
- Continue the installation and verify that it completes successfully
Be sure to follow the procedures presented on the pfSense® CE website (Performing a Full Install ISO, Memstick image), here: https://doc.pfsense.org/index.php/Installing_pfSense#Performing_a_Full_Install_.28ISO.2C_Memstick.29.
Once rebooted, the Vault should be up and running. If you experience any issues, please feel free to reach out: firstname.lastname@example.org.