See also
Most pfSense® software configuration is performed using the web-based GUI. Thereare a few tasks that may also be performed from the console, whether it be amonitor and keyboard, over a serial port, or via SSH.
Connecting to the GUI¶
To reach the GUI, follow this basic procedure:
Connect a client computer to the same network as the LAN interface of thefirewall. This computer may be directly connected with a network cable orconnected to the same switch as the LAN interface of the firewall.
By default, the LAN IP address of a new installation of pfSense software is
192.168.1.1
with a/24
mask (255.255.255.0
), and there is also aDHCP server running. If a client computer is set to use DHCP, it should obtainan address in the LAN subnet automatically.On the client computer, open a web browser such as Firefox, Safari, or Chromeand navigate to https://192.168.1.1.
The GUI listens on HTTPS by default, but if the browser attempts to connectusing HTTP, it will be redirect by the firewall to the HTTPS port instead.
Enter the default credentials in the login page:
- username:
admin
- password:
pfsense
In some cases additional steps may be necessary before the client computer canreach the GUI.
Warning
If the default LAN subnet conflicts with the WAN subnet, the LAN subnet mustbe changed before connecting it to the rest of the network. Attempting toaccess the GUI in this situation is unpredictable and unlikely to work untilthe conflict is resolved.
The LAN IP address may be changed and DHCP may be disabled using the console:
Open the console (VGA, serial, or using SSH from another interface)
Choose option
2
from the console menuEnter the new LAN IP address, subnet mask, and specify whether or not toenable DHCP.
Enter the starting and ending address of the DHCP pool if DHCP is enabled.This can be any range inside the given subnet.
Note
When assigning a new LAN IP address, it cannot be in the same subnet as theWAN or any other active interface. If there are other devices already presenton the LAN subnet, it also cannot be set to the same IP address as anexisting host.
If the DHCP server on the firewall is disabled, client computers on LAN musthave a statically configured IP address in the LAN subnet, such as192.168.1.5
, with a subnet mask that matches the one given to the firewall,such as 255.255.255.0
.