If you’re new to pfSense, the sheer number of menus in the web configurator can be intimidating, and you may also be wondering what a few of them are for. That’s why we put together this pfSense web configurator menu overview. It lists all of the menus found in a stock pfSense installation and provides a brief overview of each of them, with screenshots (IP and MAC addresses are blurred).
When a page is empty, because nothing is configured, we also show a screenshot of the configuration options for that service, underneath. The configuration options are typically displayed by clicking the green Add button.
To access the pfSense webconfigurator, open a web browser on a computer connected to your firewall and enter https://[your LAN IP address]. By default, it is 192.168.1.1. Enter your username and password in the login page. The defaults are admin/pfsense, respectively. Once logged in, you’re taken to the pfSense Dashboard, which displays useful high-level information about your firewall.
Two widgets are displayed by default: System Information and Interfaces. You can add more by clicking the + icon at the top right.
At the top of the web configurator are eight menus:
- System
- Interfaces
- Firewall
- Services
- VPN
- Status
- Diagnostics
- Help
It is through these eight menus (and their submenus) that you can configure all of your pfSense firewall’s settings. We’re going to look at all of them.
System
The System menu encompasses pages dedicated to configuring the pfSense system itself. That means things like configuring access to the GUI, setting up routes and gateways, managing users, setting up failover (requires multiple pfSense firewalls), updating the system to the latest version and managing optional packages, among other things.
Advanced
| System | / Advanced | full resolution |
|---|---|---|
| Admin Access From this page, you can configure how you access your system. Things like setting the port and protocol (HTTP / HTTPS) over which to access the GUI, enabling, disabling, and configuring SSH access, as well as configuring other parameters that affect access to your system. | 
|
|
| Firewall & NAT The Firewall & NAT page enables you to configure basic firewall behavior. Things like enabling and disabling packet filtering are done here, as are enabling and disabling certain default firewall rules. You can also set the maximum number of states, table entries and fragment entries. Below the firewall settings, you can configure NAT reflection and state timeouts. | 
|
|
| Networking The Networking menu allows you to enable, disable, and configure IPv6. You can also enable or disable hardware offloading from here. | 
|
|
| Miscellaneous This menu, as its name states, is a grouping of miscellaneous settings. Things like load balancing, power savings settings, cryptographic and thermal hardware settings, gateway monitoring, and RAM disk settings can be configured here. | 
|
|
| System Tunables The System Tunables menu enables you to modify a subset of system settings. It is not recommended to play with these settings unless you know what you’re doing. The menu consists of a list of parameters that can be modified by clicking the pencil icon to the right of each parameter. | 
|
|
| Notifications You can configure email and Growl notifications from here. You can also enable or disable the default startup / shutdown beep from here. | 
|
Cert. Manager
| System | / Cert. Manager | |
|---|---|---|
| CAs The CAs page lists all of the Certificate Authorities (CAs) configured on the system. This is also where you would create or import new CAs. You can also export CA certificates and keys, as well as delete unused CAs from the system. | 
|
|
| Certificates The Certificates page lists all of the certificates that exist on the system. As with the CAs page, you can create, import, export (certificate & key), and delete certificates from here. | 
|
|
| Certificate Revocation From here you can create certificate revocation lists for each of the configured CAs on your system. If no CAs are configured, this page will be empty. | 
|
General Setup
| System | / General Setup | |
|---|---|---|
| General Setup The General Setup page enables you to configure general settings on your system. This means things like the hostname and domain, the DNS servers for the firewall itself, localization settings, and various configuration options for the web GUI, such as the theme, the number of columns displayed, etc. | 
|
High Availability Sync
| System | / High Availability Sync | |
|---|---|---|
| High Availability Sync This page enables you to configure HA Sync: syncing multiple firewalls together for stateful failover. You can configure state synchronization settings and configuration synchronization settings from here. | 
|
Logout
| System | / Logout | |
|---|---|---|
| Logout Clicking this menu logs you out of the GUI. | 
|
Package Manager
| System | /Package Manager | |
|---|---|---|
| Installed Packages This page lists all of the optional packages you’ve installed to your system. You can update or delete packages from here. | 
|
|
| Available Packages This page lists the available packages and you can install them from here. The list excludes any packages already installed. *The screenshot does not display the entire list of available packages. | 
|
Routing
| System | / Routing | |
|---|---|---|
| Gateways The Gateways page lists all of the gateways on your system and provides detailed information on each of them. You can create and delete gateways from here, and edit them by clicking the pencil icon to the right of each one. You can also set the default gateway from here. | 
|
|
| Static Routes Static routes are defined to provide a route to networks that aren't directly attached to pfSense and that aren't reachable via the default gateway. This page lists all of the static routes configured on your system. You can add, edit or delete static routes from here. | 
|
|
| Gateway Groups The Gateway Groups page lists all of the gateway groups configured on your system. A gateway group is a group of gateways that can be used as a single gateway in your firewall rules. Gateway groups can be used for failover or load balancing. You can create, edit, or delete gateway groups from this page. | 
|
Setup Wizard
| System | / Setup Wizard | |
|---|---|---|
| Setup Wizard This is a setup wizard for configuring pfSense for the first time. You can follow the on-screen instructions and you’ll end up with a basic working pfSense configuration. | 
|
Update
| System | / Update | |
|---|---|---|
| Update This is where you perform operating system updates of pfSense. | 
|
|
| Update Settings The Update Settings page enables you to select your update branch (beta or stable). You can also disable the Dashboard auto-update check from here. | 
|
User Manager
| System | / User Manager | |
|---|---|---|
| Users The Users page lists all of the user accounts configured on your system. You can add, remove, or edit users from here. | 
|
|
| Groups The Groups page lists the user groups configured on your system. You can add, remove, or edit groups from here. | 
|
|
| Settings From here, you can select your authentication server. The list is restricted to what is available on your system. By default, this is set to Local Database. | 
|
|
| Authentication Servers This is where you configure your authentication servers. Local Database is selected by default, but pfSense supports RADIUS and/or LDAP servers as well. You can add, remove, and edit your authentication servers from here. | 
|
Interfaces
The Interfaces menu is where you can configure the active interfaces on your system. Each physical network card present on your system is considered an interface, and can host a network segment (a subnet, such as your LAN – 192.168.1.0/24). Certain services, like VPNs, can also create virtual interfaces (implemented by software), which can also host a network segment. All interfaces, whether physical or virtual, are managed from here.
Interface Assignments
| Interfaces | / Interface Assignments | |
|---|---|---|
| Interface Assignments This page lists all of the configured interfaces on your system, as well as the available interfaces that haven’t been configured yet. You can assign, edit, or delete interfaces from here. Clicking an interface name from this menu takes you to that interface’s settings, where you can edit things like the interface’s IPv4 and IPv6 configuration and the speed and duplex settings (physical interfaces), among other things. | 
|
|
| WAN | 
|
|
| LAN | 
|
Interface Groups
| Interfaces | / Interface Groups | |
|---|---|---|
| Interface Groups Interface groups consist of a subset of existing interfaces on the system, which are defined as a group. Interface groups are used to apply firewall and NAT rules to a set of interfaces. Interface groups are configured from here. | 
|
Wireless
| Interfaces | / Wireless | |
|---|---|---|
| Wireless pfSense also supports wireless interfaces. These are configured here. | 
|
VLANs
| Interfaces | / VLANs | |
|---|---|---|
| VLANs VLANs enable a switch to carry multiple discrete broadcast domains, allowing a single switch to function as if it were multiple switches, by tagging the traffic on each of the switch’s configured ports. VLANs are configured from here. A VLAN-capable switch is required. | 
|
QinQs
| Interfaces | / QinQs | |
|---|---|---|
| QinQs QinQ (also referred to as IEEE 802.1ad) is a means of nesting VLAN tagged traffic inside of packets that are already VLAN tagged, or “double tagging” the traffic. | 
|
PPPs
| Interfaces | / PPPs | |
|---|---|---|
| PPPs Point-to-Point Protocol (PPP) interfaces link two routers together directly without any host or any other networking in between and can provide connection authentication, transmission encryption, and compression. There are four types of PPP interfaces:
These are configured from here. | 
|
GREs
| Interfaces | / GREs | |
|---|---|---|
| GREs Generic Routing Encapsulation (GRE) is a method of tunneling traffic between two endpoints without encryption. It can be used to route packets between two locations that aren’t directly connected and which don’t require encryption. GRE supports both IPv4 and IPv6. GRE interfaces are configured from here. | 
|
GIFs
| Interfaces | / GIFs | |
|---|---|---|
| GIFs A Generic Tunneling Interface (GIF) is similar to GRE, in that it tunnels traffic between two hosts without encryption. However, GIF may be used to tunnel IPv6 over IPv4 networks and vice versa. GIF interfaces are configured here. | 
|
Bridges
| Interfaces | / Bridges | |
|---|---|---|
| Bridges A Bridge interface consists of two existing interfaces on the system that are bridged together. Bridging interfaces allows you to combine multiple interfaces onto a single broadcast domain, where two ports on the firewall will act as if they are on the same switch, except that traffic between the interfaces can be controlled with firewall rules. Bridge interfaces are configured from here. | 
|
LAGGs
| Interfaces | / LAGGs | |
|---|---|---|
| LAGGs Link Aggregation (LAGG) combines multiple physical interfaces together as one logical interface, in order to increase throughput beyond what a single connection could sustain and to provide redundancy in case one of the links should fail. Link aggregation is handled by lagg(4) type interfaces (LAGG) in pfSense. Link Aggregation can be configured here. | 
|
Firewall
The Firewall menu enables you to configure elements pertaining to the firewall’s behavior as it transfers packets over the network. So things like defining aliases, configuring NAT and firewall rules, and traffic shaping, among other things, are done from here.
Aliases
| Firewall | / Aliases | |
|---|---|---|
| IP This page lists all of the IP aliases you defined on your system. Aliases define a group of ports, hosts, or networks that can be used in firewall rules, affecting the entire group. You can create, edit, or delete IP aliases from this page. You can also import lists of IP addresses by clicking the Import button. | 
|
|
| Ports This page lists all of the ports aliases you defined on your system. You can create, edit, or delete ports aliases from this page. You can also import lists of ports by clicking the Import button. | 
|
|
| URLs This page lists all of the URL aliases you defined on your system. URL aliases consist of URLs that link to a list of ports, hosts, or networks, that are imported and defined as an alias. You can create, edit, or delete URL aliases from this page. | 
|
|
| All This page lists all of the defined aliases on your system, regardless of type. You can create, edit, or delete aliases from this page. You can also import lists of IP addresses or ports by clicking the Import button. | 
|
NAT
| Firewall | / NAT | |
|---|---|---|
| Port Forward From this page, you can configure port forwarding on your system, by creating rules that define the traffic to forward and where. You can create, edit, or delete port forwarding rules from here. | 
|
|
| 1:1 1:1 NAT maps a specified public IP address to a specified private IP address (or subnet). 1:1 NAT is typically used to allow access to an internal server with a private IP address, from the outside (internet). This can be configured from here. | 
|
|
| Outbound This is where you can create, edit, or delete your outbound NAT rules. You can choose between Automatic, Hybrid, or Manual NAT rule generation. Outbound NAT rules are applied from top to bottom. You can also disable outbound NAT altogether from here. | 
|
|
| NPt IPv6 Network Prefix Translation (NPt) is used to translate one IPv6 prefix to another. NPt works similarly to 1:1 NAT but over IPv6. NPt is configured from here. | 
|
Rules
| Firewall | / Rules | |
|---|---|---|
| Rules The Firewall/Rules menu defaults to displaying the WAN rules. Clicking an interface name from this menu takes you to that interface’s firewall rules. All firewall rules in pfSense are applied from top to bottom. You can create, edit, or delete firewall rules for the selected interface from here. | 
|
|
| Floating Floating firewall rules affect multiple interfaces at once and are applied before interface firewall rules. All firewall rules in pfSense are applied from top to bottom. You can create, edit, or delete floating firewall rules from this page. | 
|
|
| WAN | 
|
|
| LAN | 
|
Schedules
| Firewall | / Schedules | |
|---|---|---|
| Schedules You can define schedules for firewall rules to be enabled and disabled and add the defined schedule(s) to the rules of your choice. You can create, edit, or delete schedules from here. | 
|
Traffic Shaper
| Firewall | / Traffic Shaper | |
|---|---|---|
| By Interface pfSense includes a built-in traffic shaper that can be defined by interface from this page. By selecting an interface from the displayed list, you can configure traffic shaping for the selected interface. pfSense supports two types of traffic shaping: ALTQ and limiters. | 
|
|
| By Queue The ALTQ Traffic Shaper type works by creating traffic queues which it manages according to the defined parameters. All ALTQ traffic queues are displayed and can be edited here. | 
|
|
| Limiters Limiting bandwidth for defined hosts is another way pfSense can perform traffic shaping. You can create, edit, or delete limiters from here. | 
|
|
| Wizards pfSense includes a traffic shaping wizard. By following the on-screen instructions, pfSense will automatically configure traffic shaping for you. Bear in mind that the results are likely to require a bit of tweaking for optimal operation. | 
|
Virtual IPs
| Firewall | / Virtual IPs | |
|---|---|---|
| Virtual IPs Virtual IP addresses are IP addresses that are not assigned to any physical interface on your system, but that are still routable by the firewall. Virtual IPs are typically used for network address translation, mobility, fault-tolerance and failover. pfSense supports four types of virtual IP addresses:
These can be configured here. | 
|
Services
The Services menu, as its name states, is where you can manage the various services running on your pfSense system. So things like the Captive Portal, DHCP Servers or Relays, DNS Forwarder and Resolver, Dynamic DNS, etc., are all configured and managed from the Services menu.
Auto Configuration Backup
| Services | / Auto Configuration Backup | |
|---|---|---|
| Settings pfSense provides a free encrypted cloud backup tool that backs up your firewall configurations to Netgate servers. The service can be enabled, disabled, and configured from this page. | 
|
|
| Restore From this page, you can restore your system using one of your backed-up configurations. | 
|
|
| Backup now You can perform a manual backup to Netgate’s servers from here. | 
|
Captive Portal
| Services | / Captive Portal | |
|---|---|---|
| Captive Portal Zones A captive portal is software that forces users on the network to authenticate themselves before obtaining network/internet access. This authentication step occurs after a user has entered the WiFi password and has connected to the router, by redirecting their connection to an authentication HTML page. Once properly authenticated, network/internet access is granted. This is common in hotels, for example. When a captive portal is running on a network segment (a subnet), it is referred to as a captive portal zone. This page displays any captive portal zones you configured on your system. When you click Add to create one or when you edit an existing zone, the following pages are displayed. | 
|
|
| Configuration This is where you set up your captive portal zone. You can configure things such as the interface on which it runs, authentication, accounting and the HTML page contents of the captive portal redirect page. | 
|
|
| MACs You can filter access to the captive portal (block or bypass the captive portal) as well as limit up and down bandwidth for specific clients, by MAC address, from here. | 
|
|
| Allowed IPs The Allowed IPs page works exactly like the MACs page, but it filters by IP address rather than by MAC address. You can filter access to the captive portal as well as limit up and down bandwidth for specific clients by IP address from here. | 
|
|
| Allowed Hostnames The Allowed Hostnames page works exactly like the Allowed IPs page, but it filters by hostname rather than by IP address. You can filter access to the captive portal as well as limit up and down bandwidth for specific clients, by hostname from here. | 
|
|
| Vouchers You can grant access to the captive portal by issuing time-based vouchers. These are generated from this page. | 
|
|
| File Manager From this page, you can upload or delete assets to be used to create a custom captive portal HTML page. | 
|
DHCP Relay
| Services | / DHCP Relay | |
|---|---|---|
| DHCP Relay From this page, you can configure the IPv4 DHCP Relay service for the selected interface. A DHCP Relay is used to allow a DHCP server on one segment of the network to provide IP addresses to clients on other network segments. Make sure that DHCP Server is disabled. DHCP Relay and DHCP Server cannot be used concurrently. | 
|
DHCP Server
| Services | / DHCP Server | |
|---|---|---|
| DHCP Server From this page, you can configure the IPv4 DHCP Server for the selected interface. Make sure that DHCP Relay is disabled. DHCP Relay and DHCP Server cannot be used concurrently. | 
|
DHCPv6 Relay
| Services | / DHCPv6 Relay | |
|---|---|---|
| DHCPv6 Relay From this page, you can configure the IPv6 DHCP Relay service for the selected interface. Make sure that DHCP Server is disabled. DHCP Relay and DHCP Server cannot be used concurrently. | 
|
DHCPv6 Server & RA
| Services | / DHCPv6 Server & RA | |
|---|---|---|
| DHCPv6 Server From this page, you can configure the IPv6 DHCP Server for the selected interface. Make sure that DHCP Relay is disabled. DHCP Relay and DHCP Server cannot be used concurrently. | 
|
|
| Router Advertisements From this page, you can set your router advertisements for the DHCPv6 server. For the DHCPv6 server to be active on the network, router advertisements must be set to either Managed or Assisted mode here. | 
|
DNS Forwarder
| Services | / DNS Forwarder | |
|---|---|---|
| DNS Forwarder This page is where you can enable, disable, and configure the DNS Forwarder. The DNS Forwarder forwards your DNS requests to the DNS servers you configured in System / General Setup. You can also configure domain and host overrides for the DNS Forwarder from here. | 
|
DNS Resolver
| Services | / DNS Resolver | |
|---|---|---|
| General Settings The DNS Resolver in pfSense uses unbound, a validating, recursive, caching DNS resolver, and is favored over the DNS Forwarder. The DNS resolver can either query the root servers or be configured in forwarding mode and forward your requests to the DNS servers you configured in System / General Setup. From this page, you can enable, disable, and configure the DNS Resolver. You can also configure domain and host overrides for the DNS Resolver from here. | 
|
|
| Advanced Settings As the name suggests, this is where you can further configure the DNS Resolver, using the advanced options. | 
|
|
| Access Lists You can configure access lists to filter access to the DNS Resolver from here. You can set the action (deny, refuse, allow, allow snoop, deny nonlocal, refuse nonlocal) and the networks to which the list applies. | 
|
Dynamic DNS
| Services | / Dynamic DNS | |
|---|---|---|
| Dynamic DNS Clients Dynamic DNS enables you to reach your pfSense firewall from the internet by using a hostname rather than its IP address. The hostname always remains the same even if the underlying IP address changes. This can be useful for VPN access, for example. From this page, you can enable, disable, and configure Dynamic DNS on your system. By selecting your dynamic DNS provider from the list, the options on the page are updated accordingly. | 
|
|
| RFC 2136 Clients RFC 2136 Dynamic DNS registers a hostname on any DNS server supporting RFC 2136 style updates. These dynamic DNS clients can be configured here. | 
|
|
| Check IP Services This page displays the IP address checking service used by Dynamic DNS. By default, dyndns.org is used. But you can disable it and add your own from here. | 
|
IGMP Proxy
| Services | / IGMP Proxy | |
|---|---|---|
| IGMP Proxy The IGMP Proxy enables you to proxy multicast traffic between network segments. This can be configured from this page. | 
|
Load Balancer
| Services | / Load Balancer | |
|---|---|---|
| Pools pfSense natively supports server load balancing and failover, using relayd. From this page, you can create load balancing/failover pools and define the web servers that are part of each pool. | 
|
|
| Virtual Servers The Virtual Servers page is where you define a public-facing IP address and port for the web server(s). | 
|
|
| Monitors From here, you can configure the different monitors to be used by relayd. Many are already configured. You can add, edit, or delete monitors from here. | 
|
|
| Settings From here, you can configure a few additional settings, such as the timeout, interval, and prefork values. | 
|
NTP
| Services | / NTP | |
|---|---|---|
| Settings The Services / NTP pages enable you to configure pfSense as a Network Time Protocol (NTP) server to synchronize the clocks of systems connected to the firewall. From the Settings page, you can select the interfaces the NTP server will listen on and define the time servers used by your local NTP server, among other settings. | 
|
|
| ACLs From this page, you can define access restrictions to your local NTP server. | 
|
|
| Serial GPS You can use a GPS connected via a serial port as a reference clock for NTP. This is configured here. | 
|
|
| PPS You can use a device with a Pulse Per Second (PPS) output as a PPS reference for NTP. This is configured here. | 
|
PPPoE Server
| Services | PPPoE Server | |
|---|---|---|
| PPPoE Server pfSense can be used as a Point-to-Point Protocol over Ethernet (PPPoE) server and accept and authenticate connections from PPPoE clients on a local interface. This is configured here. | 
|
SNMP
| Services | / SNMP | |
|---|---|---|
| SNMP You can monitor your pfSense firewall using the Simple Network Management Protocol (SNMP). The SNMP service can be enabled, disabled, and configured from this page. | 
|
UPnP & NAT-PMP
| Services | / UPnP & NAT-PMP | |
|---|---|---|
| UPnP & NAT-PMP Universal Plug & Play (UPnP) and NAT Port Mapping Protocol (NAT-PMP) allow software and devices to configure each other for proper communication when attaching to a network. Both are natively supported by pfSense and are configured from this page. You can also configure an ACL (access control list) for UPnP from here. | 
|
Wake-on-LAN
| Services | / Wake-on-LAN | |
|---|---|---|
| Wake-on-LAN Wake-on-LAN (WoL) is a service that can be used to remotely power-on computers on your network, by sending what is referred to as “magic packets”. The network card in the computer you want to power-on must support WoL and its BIOS must be configured for support as well. From this page, you can dynamically power-on one of the computers on your network by entering its MAC address. You can also add computers to the Wake-on-LAN Devices list (by MAC address) and turn them all on at once, using the Wake All Devices button. | 
|
VPN
pfSense natively supports three Virtual Private Network (VPN) protocols: IPsec (IKEv1 & IKEv2), L2TP/IPsec, and OpenVPN. All three are configured from the VPN menu.
IPsec
| VPN | / IPsec | |
|---|---|---|
| Tunnels This is where you can configure pfSense to act as an IPsec VPN server. From the Tunnels page, you can create, edit, or delete IPsec tunnels. The Tunnels page displays any Phase 1 tunnels configured on your system and their associated Phase 2 tunnels. | 
|
|
| Mobile Clients This is where you enable/disable and configure IPsec mobile client support. From this page, you can configure things such as authentication sources, virtual IP addresses, and more. | 
|
|
| Pre-Shared Keys This page displays your IPsec pre-shared keys (if any). From here, you can create, edit, or delete your IPsec pre-shared keys. | 
|
|
| Advanced Settings From this page, you can set up miscellaneous IPsec options, such as IP compression and strict interface binding, among other settings. | 
|
L2TP
| VPN | / L2TP | |
|---|---|---|
| Configuration L2TP is a tunneling protocol which is used in conjunction with IPsec (IKEv1), in the L2TP/IPsec VPN protocol. L2TP does not provide encryption in itself. IPsec encrypts the the packets transiting through the L2TP tunnel in L2TP/IPsec. From this page, you can enable, disable, and configure L2TP. | 
|
|
| Users This page lists all of your L2TP users. You can create, edit, and delete L2TP users from here. | 
|
OpenVPN
| VPN | / OpenVPN | |
|---|---|---|
| Servers The Servers page is where you can create and configure a local OpenVPN server. You can also delete OpenVPN servers from here. | 
|
|
| Clients The Clients page is where you can create and configure a local OpenVPN client. You can also delete OpenVPN clients from here. | 
|
|
| Client Specific Overrides From here you can override some OpenVPN settings by enabling some of the available options in the GUI or by adding additional OpenVPN directives that apply to a specific user of one of your configured OpenVPN servers. An example would be to assign a specific IP address to a user (ifconfig-push 10.10.0.10). | 
|
|
| Wizards pfSense includes an OpenVPN server wizard. By following the on-screen instructions, pfSense will automatically configure an OpenVPN server for you. | 
|
See also:Best VPNs for pfSense
Status
The Status pages display status information on various services running on your pfSense system. You’ll find many of the same submenus in the Status menu as in the Services menu. But while the Services menu allows you to edit the services’ settings, the Status menu provides status information on the configured services. Some pages may be empty depending on your configuration and the services running.
Captive Portal
| Status | / Captive Portal | |
|---|---|---|
| Captive Portal The Captive Portal Status page displays all of the active users of your Captive Portal Zones. | 
|
CARP
| Status | / CARP | |
|---|---|---|
| CARP The Cache Array Routing Protocol (CARP) enables you to create virtual IP addresses to be used to set up High Availability Sync in pfSense. The CARP Status page displays the current status of all configured CARP virtual IP addresses. You can also enable and disable CARP from here. | 
|
Dashboard
| Status | / Dashboard | |
|---|---|---|
| Clicking this menu takes you to the pfSense Dashboard. |
|
DHCP Leases
| Status | / DHCP Leases | |
|---|---|---|
| DHCP Leases The DHCP Leases Status page displays all of your IPv4 DHCP leases and their status (active, expired, static). | 
|
DHCPv6 Leases
| Status | / DHCPv6 Leases | |
|---|---|---|
| DHCPv6 Leases The DHCPv6 Leases Status page displays all of your DHCPv6 leases and their status (active, expired, static). | 
|
DNS Resolver
| Status | / DNS Resolver | |
|---|---|---|
| DNS Resolver The DNS Resolver Status page lists caching statistics for each configured DNS server on the System / General Setup page. | 
|
Filter Reload
| Status | / Filter Reload | |
|---|---|---|
| Filter Reload This page shows the status of the last filter reload request and enables you to force reload the packet filter, by clicking the Reload Filter button. | 
|
Gateways
| Status | / Gateways | |
|---|---|---|
| Gateways The Gateways Status page lists all of your configured gateways and provides high-level statistics for each one. | 
|
|
| Gateway Groups The Gateways Groups Status page lists all of your configured gateway groups and lists the tier of each member of the gateway group. | 
|
Interfaces
| Status | / Interfaces | |
|---|---|---|
| Interfaces This page lists all of the configured interfaces on your system and displays high-level information for each one. | 
|
IPsec
| Status | / IPsec | |
|---|---|---|
| Overview The Overview page lists all active IPsec connections and provides high-level information on each connection. It also displays information on each connection’s child security association (SA) entries. | 
|
|
| Leases This page lists the active IPsec leases. | 
|
|
| SADs The Security Association Databases (SADs) page lists all active IPsec security associations. | 
|
|
| SPDs The Security Policies Databases (SPDs) Status page displays all active IPsec security policies. | 
|
Load Balancer
| Status | / Load Balancer | |
|---|---|---|
| Pools The Load Balancer / Pools page lists your existing load balancing / failover pools and displays high-level information on them. | 
|
|
| Virtual Servers The Load Balancer / Virtual Servers page lists your existing virtual servers (public IP and port) and displays high-level information on them. | 
|
Monitoring
| Status | / Monitoring | |
|---|---|---|
| Monitoring The Monitoring Status page allows you to create a custom graph to monitor your system using the provided metrics, such as bandwidth used, CPU usage, firewall states, etc. Once you have selected your parameters, click Update Graphs and your custom graph is displayed with a data summary below. | 
|
NTP
| Status | / NTP | |
|---|---|---|
| NTP This page displays information on the NTP servers used by your system. | 
|
OpenVPN
| Status | / OpenVPN | |
|---|---|---|
| OpenVPN The OpenVPN Status page lists all of the active OpenVPN client connections to local and remote OpenVPN servers. | 
|
Package Logs
| Status | / Package Logs | |
|---|---|---|
| Package Logs Certain optional packages’ logs can be viewed from this page. No native pfSense logs are displayed here. | 
|
Queues
| Status | / Queues | |
|---|---|---|
| Queues The Queues Status page lists information about your active traffic shaping queues. The queue graphs sample data at regular intervals. | 
|
Services
| Status | / Services | |
|---|---|---|
| Services This page displays the status of the various services configured on your firewall. You can also stop or restart each service, as well as a few other options, according to the service. | 
|
System Logs
| Status | / System Logs | |
|---|---|---|
| System Logs This is where you can view the various native logs produced by pfSense. The logs are organized by service. Some sections may be empty depending on your configuration and the services you’re running. | 
|
|
| Settings There is also a Settings page within the System Logs page. From the Settings page, you can configure things like log rotation, enable or disable logging of certain default firewall rules, and configure pfSense to log to a remote Syslog server. | 
|
Traffic Graph
| Status | / Traffic Graph | |
|---|---|---|
| Traffic Graph From the Traffic Graph Status page, you can create a real-time graph for any configured interface on your system. You can display bandwidth in or bandwidth out data and set a few other additional options. | 
|
UPnP & NAT-PMP
| Status | / UPnP & NAT-PMP | |
|---|---|---|
| UPnP & NAT-PMP This page displays the list of currently active UPnP port forwards. | 
|
Diagnostics
The Diagnostics menu contains tools that allow you to troubleshoot, test, and measure your system’s performance. It’s also where you can perform local configuration backups and restores, as well as edit system files, restore the system to factory settings, and reboot and power-off pfSense.
ARP Table
| Diagnostics | / ARP Table | |
|---|---|---|
| ARP Table The Address Resolution Protocol (ARP) Table page displays all of the ARP entries configured on the system, listing the IP & MAC addresses, along with the status and link type for each one. You can also delete ARP entries from here. | 
|
Authentication
| Diagnostics | / Authentication | |
|---|---|---|
| Authentication The Authentication Diagnostics page allows you to perform authentication tests on any of your configured authentication servers. Select an authentication server and enter a username and password to perform an authentication test. | 
|
Backup & Restore
| Diagnostics | / Backup & Restore | |
|---|---|---|
| Backup & Restore From this page, you can perform a manual local backup or restore of your pfSense configuration. You can also choose to only reinstall the additional packages listed in your configuration when performing a restore. | 
|
|
| Config History pfSense automatically creates a backup of its configuration file every time a change is made in the GUI. The Config History page lists the last 30 configuration backups and displays the action that triggered the backup. You can restore any of the saved configurations from here, as well as download, or delete a saved configuration file. You may need to reboot your system for the restored configuration to take effect. | 
|
Command Prompt
| Diagnostics | / Command Prompt | |
|---|---|---|
| Command Prompt From the Command Prompt page, you can execute a shell command, upload or download a file to/from the pfSense file system, and execute PHP commands. | 
|
DNS Lookup
| Diagnostics | / DNS Lookup | |
|---|---|---|
| DNS Lookup This page allows you to perform a DNS lookup. When performing a DNS lookup, pfSense queries all of the DNS servers configured on the System / General Setup page. Simply type the hostname you want to lookup and its IP address is displayed, along with the query time for each DNS server. | 
|
Edit File
| Diagnostics | / Edit File | |
|---|---|---|
| Edit File From this page, you can browse to any file on the file system and make edits. This can be destructive and is not recommended unless you know what you are doing. | 
|
Factory Defaults
| Diagnostics | / Factory Defaults | |
|---|---|---|
| Factory Defaults Clicking this menu item resets pfSense to its default settings. | 
|
Halt System
| Diagnostics | / Halt System | |
|---|---|---|
| Halt System Clicking this menu item powers off pfSense. | 
|
Limiter Info
| Diagnostics | / Limiter Info | |
|---|---|---|
| Limiter Info This page displays each configured limiter and child queue in text format. | 
|
NDP Table
| Diagnostics | / NDP Table | |
|---|---|---|
| NDP Table The NDP Table page displays the IPv6 Neighbour Discovery Protocol list. The list contains all of the current IPv6 peers and is essentially equivalent to the ARP Table for IPv4. | 
|
Packet Capture
| Diagnostics | / Packet Capture | |
|---|---|---|
| Packet Capture The Packet Capture page allows you to perform packet captures for any configured interface on the system. You can set various options, such as the protocol, port, and packet count, among others. Once the packet capture has stopped, you can view or download the capture. | 
|
pfInfo
| Diagnostics | / pfInfo | |
|---|---|---|
| pfInfo The pfInfo page displays statistics and counters for the firewall packet filter. These statistics and counters serve as metrics to judge how the packet filter is processing data. | 
|
pfTop
| Diagnostics | / pfTop | |
|---|---|---|
| pfTop This page lists all of the connections in the state table. There is also a filter panel on the page, enabling you to search for specific connections. If a connection is active, you can connect to the pfSense console (ssh or physical access) and select option 9 from the menu to view the traffic flowing in real-time. | 
|
Ping
| Diagnostics | / Ping | |
|---|---|---|
| Ping This page enables you to ping hosts from pfSense. You can select your IP protocol, source address, and the number of pings. | 
|
Reboot
| Diagnostics | / Reboot | |
|---|---|---|
| Reboot Clicking this menu item reboots pfSense. | 
|
Routes
| Diagnostics | / Routes | |
|---|---|---|
| Routes This page displays all of the IPv4 and IPv6 routes configured on your system. | 
|
S.M.A.R.T Status
| Diagnostics | / S.M.A.R.T Status | |
|---|---|---|
| S.M.A.R.T Status This page enables you to perform hard drive health tests on your pfSense hard drive(s). You can view your drive’s S.M.A.R.T. status, perform a self-test, and view the test logs from here. | 
|
Sockets
| Diagnostics | / Sockets | |
|---|---|---|
| Sockets This page displays the list of active TCP/IP sockets for IPv4 and IPv6 that are used by the firewall itself. By default, only listening sockets are listed, but you can click Show all connections to display sockets in use by the system making external connections. | 
|
States
| Diagnostics | / States | |
|---|---|---|
| States The States page displays the firewall state table, listing the interface, protocol, source and destination, and more. There is also a filter panel on the page, enabling you to search the state table contents. | 
|
|
| Reset States From this page, you can reset the state table by ticking the Reset the firewall state table box and clicking Reset. When you reset the state table, all existing connections are broken and will need to be re-established. | 
|
States Summary
| Diagnostics | / States Summary | |
|---|---|---|
| States Summary The States Summary page provides statistics on the state table and its connections. | 
|
System Activity
| Diagnostics | / System Activity | |
|---|---|---|
| System Activity This page displays a list of the top active processes running on the system. | 
|
Tables
| Diagnostics | / Tables | |
|---|---|---|
| Tables From the Tables page, you can select any of the configured Host or URL aliases on your system from a list and display its contents. Aliases are converted to tables when they’re used in active firewall rules. | 
|
Test Port
| Diagnostics | / Test Port | |
|---|---|---|
| Test Port The Test Port page enables you to test whether or not a host is up and accepting connections on a specified TCP port. Enter the required fields and click Test. | 
|
Traceroute
| Diagnostics | / Traceroute | |
|---|---|---|
| Traceroute The Traceroute page enables you to perform a traceroute (like using the traceroute command available on many platforms). It sends a special packet that traces the route it travels from the pfSense host to a remote host and displays the list of hops in-between. | 
|
Help
The Help menu provides you with additional resources to learn about pfSense.
About this Page
| Help | / About this Page | |
|---|---|---|
| About this Page Clicking this menu item from anywhere in the pfSense UI opens the relevant pfSense documentation section in your browser, based on the page you’re on in the pfSense GUI. | 
|
Bug Database
| Help | / Bug Database | |
|---|---|---|
| Bug Database Clicking this menu item takes you to the pfSense bug tracker page in your browser. | 
|
Documentation
| Help | / Documentation | |
|---|---|---|
| Documentation Clicking this menu item opens the pfSense documentation in your browser. | 
|
FreeBSD Handbook
| Help | / FreeBSD Handbook | |
|---|---|---|
| FreeBSD Handbook Clicking this menu item opens the FreeBSD documentation in your browser. | 
|
Paid Support
| Help | / Paid Support | |
|---|---|---|
| Paid Support Clicking this menu item opens the Netgate web page in your browser. You can purchase paid support from there. | 
|
pfSense Book
| Help | / pfSense Book | |
|---|---|---|
| pfSense Book Clicking this menu item opens the pfSense book in your browser. Though similar, the book and the documentation have different content. | 
|
User Forum
| Help | / User Forum | |
|---|---|---|
| User Forum Clicking this menu item opens the pfSense user forum in your browser. | 
|
User Survey
| Help | / User Survey | |
|---|---|---|
| User survey Clicking this menu item opens the pfSense survey in your browser. It is hosted by surveymonkey.com. | 
|
I installed PFSense on a thin client so I could have a standalone router and then I planned to move the wifi elsewhere in the home. I only have 2 network ports so I’ve tried it both ways but I cannot get the router to work when I put it in place of my existing router. I am not sure what I am missing; most likely or hopefully something simple.
You need to put your router in access-point mode and create a dhcp server on the pfsense for that particulair interface it is connected to. The assigned subnet needs to be natted in order to get outside and een rule should exist before working.
pfSense doesn’t support WiFi very well. The list of wireless cards it supports is extremely short – and even then, performance is far from optimal. Most pfSense users put an off-the-shef router in “bridge mode” and use it as a wireless access point, while pfSense handles DHCP. That’s what I would recommend you try.