ultimate pfSense web configurator guide

If you’re new to pfSense, the sheer number of menus in the web configurator can be intimidating, and you may also be wondering what a few of them are for. That’s why we put together this pfSense web configurator menu overview. It lists all of the menus found in a stock pfSense installation and provides a brief overview of each of them, with screenshots (IP and MAC addresses are blurred).

When a page is empty, because nothing is configured, we also show a screenshot of the configuration options for that service, underneath. The configuration options are typically displayed by clicking the green Add button.

To access the pfSense webconfigurator, open a web browser on a computer connected to your firewall and enter https://[your LAN IP address]. By default, it is 192.168.1.1. Enter your username and password in the login page. The defaults are admin/pfsense, respectively. Once logged in, you’re taken to the pfSense Dashboard, which displays useful high-level information about your firewall.

Two widgets are displayed by default: System Information and Interfaces. You can add more by clicking the + icon at the top right.

pfSense - Status - Dashboard

At the top of the web configurator are eight menus:

  • System
  • Interfaces
  • Firewall
  • Services
  • VPN
  • Status
  • Diagnostics
  • Help

It is through these eight menus (and their submenus) that you can configure all of your pfSense firewall’s settings. We’re going to look at all of them.

System

The System menu encompasses pages dedicated to configuring the pfSense system itself. That means things like configuring access to the GUI, setting up routes and gateways, managing users, setting up failover (requires multiple pfSense firewalls), updating the system to the latest version and managing optional packages, among other things.

Advanced

System/ Advanced
Click image to view
full resolution
Admin Access

From this page, you can configure how you access your system. Things like setting the port and protocol (HTTP / HTTPS) over which to access the GUI, enabling, disabling, and configuring SSH access, as well as configuring other parameters that affect access to your system.
pfSense-AdminAccess
Firewall & NAT

The Firewall & NAT page enables you to configure basic firewall behavior. Things like enabling and disabling packet filtering are done here, as are enabling and disabling certain default firewall rules. You can also set the maximum number of states, table entries and fragment entries.

Below the firewall settings, you can configure NAT reflection and state timeouts.
pfSense-Firewall&NAT
Networking

The Networking menu allows you to enable, disable, and configure IPv6. You can also enable or disable hardware offloading from here.
pfSense-Networking
Miscellaneous

This menu, as its name states, is a grouping of miscellaneous settings. Things like load balancing, power savings settings, cryptographic and thermal hardware settings, gateway monitoring, and RAM disk settings can be configured here.
pfSense-Miscellaneous
System Tunables

The System Tunables menu enables you to modify a subset of system settings. It is not recommended to play with these settings unless you know what you’re doing.

The menu consists of a list of parameters that can be modified by clicking the pencil icon to the right of each parameter.
pfSense-SystemTunables
Notifications

You can configure email and Growl notifications from here. You can also enable or disable the default startup / shutdown beep from here.
pfSense-Notifications

Cert. Manager

System/ Cert. Manager 
CAs

The CAs page lists all of the Certificate Authorities (CAs) configured on the system. This is also where you would create or import new CAs. You can also export CA certificates and keys, as well as delete unused CAs from the system.
pfSense-CAs
Certificates

The Certificates page lists all of the certificates that exist on the system. As with the CAs page, you can create, import, export (certificate & key), and delete certificates from here.
pfSense-Certificates
Certificate Revocation

From here you can create certificate revocation lists for each of the configured CAs on your system. If no CAs are configured, this page will be empty.
pfSense-Revocation

General Setup

System / General Setup 
General Setup

The General Setup page enables you to configure general settings on your system. This means things like the hostname and domain, the DNS servers for the firewall itself, localization settings, and various configuration options for the web GUI, such as the theme, the number of columns displayed, etc.
pfSense - GeneralSetup

High Availability Sync

System/ High Availability Sync 
High Availability Sync

This page enables you to configure HA Sync: syncing multiple firewalls together for stateful failover. You can configure state synchronization settings and configuration synchronization settings from here.
pfSense-HASync

Logout

System/ Logout 
Logout

Clicking this menu logs you out of the GUI.
pfSense - Login

Package Manager

System/Package Manager 
Installed Packages

This page lists all of the optional packages you’ve installed to your system. You can update or delete packages from here.
pfSense - InstalledPackages
Available Packages

This page lists the available packages and you can install them from here. The list excludes any packages already installed.

*The screenshot does not display the entire list of available packages.
pfSense - AvailablePackages_small

Routing

System/ Routing 
Gateways

The Gateways page lists all of the gateways on your system and provides detailed information on each of them. You can create and delete gateways from here, and edit them by clicking the pencil icon to the right of each one. You can also set the default gateway from here.
pfSense - System - Routing - Gateways
Static Routes

Static routes are defined to provide a route to networks that aren't directly attached to pfSense and that aren't reachable via the default gateway.

This page lists all of the static routes configured on your system. You can add, edit or delete static routes from here.
pfSense - System - Routes - StaticRoutes
Gateway Groups

The Gateway Groups page lists all of the gateway groups configured on your system. A gateway group is a group of gateways that can be used as a single gateway in your firewall rules. Gateway groups can be used for failover or load balancing. You can create, edit, or delete gateway groups from this page.

Setup Wizard

System/ Setup Wizard 
Setup Wizard

This is a setup wizard for configuring pfSense for the first time. You can follow the on-screen instructions and you’ll end up with a basic working pfSense configuration.
pfSense - SetupWizard

Update

System/ Update 
Update

This is where you perform operating system updates of pfSense.
pfSense - SystemUpdate
Update Settings

The Update Settings page enables you to select your update branch (beta or stable). You can also disable the Dashboard auto-update check from here.
pfSense - System - UpdateSettings

User Manager

System/ User Manager 
Users

The Users page lists all of the user accounts configured on your system. You can add, remove, or edit users from here.
pfSense - Users
Groups

The Groups page lists the user groups configured on your system. You can add, remove, or edit groups from here.
pfSense - Groups
Settings

From here, you can select your authentication server. The list is restricted to what is available on your system. By default, this is set to Local Database.
Authentication Servers

This is where you configure your authentication servers. Local Database is selected by default, but pfSense supports RADIUS and/or LDAP servers as well. You can add, remove, and edit your authentication servers from here.

Interfaces

The Interfaces menu is where you can configure the active interfaces on your system. Each physical network card present on your system is considered an interface, and can host a network segment (a subnet, such as your LAN – 192.168.1.0/24). Certain services, like VPNs, can also create virtual interfaces (implemented by software), which can also host a network segment. All interfaces, whether physical or virtual, are managed from here.

Interface Assignments

Interfaces/ Interface Assignments 
Interface Assignments

This page lists all of the configured interfaces on your system, as well as the available interfaces that haven’t been configured yet. You can assign, edit, or delete interfaces from here.

Clicking an interface name from this menu takes you to that interface’s settings, where you can edit things like the interface’s IPv4 and IPv6 configuration and the speed and duplex settings (physical interfaces), among other things.
pfSense - Interfaces - InterfaceAssignments
WANpfSense-Interfaces-WAN
LANpfSense - Interfaces - LAN

Interface Groups

Interfaces/ Interface Groups 
Interface Groups

Interface groups consist of a subset of existing interfaces on the system, which are defined as a group. Interface groups are used to apply firewall and NAT rules to a set of interfaces.

Interface groups are configured from here.
pfSense - Interface Groups

Wireless

Interfaces/ Wireless 
Wireless

pfSense also supports wireless interfaces. These are configured here.
pfSense - Interfaces - Wireless

VLANs

Interfaces/ VLANs 
VLANs

VLANs enable a switch to carry multiple discrete broadcast domains, allowing a single switch to function as if it were multiple switches, by tagging the traffic on each of the switch’s configured ports.

VLANs are configured from here. A VLAN-capable switch is required.
pfSense -Interfaces - VLANs

QinQs

Interfaces/ QinQs 
QinQs

QinQ (also referred to as IEEE 802.1ad) is a means of nesting VLAN tagged traffic inside of packets that are already VLAN tagged, or “double tagging” the traffic.
pfSense - Interfaces - QinQs

PPPs

Interfaces/ PPPs 
PPPs

Point-to-Point Protocol (PPP) interfaces link two routers together directly without any host or any other networking in between and can provide connection authentication, transmission encryption, and compression.

There are four types of PPP interfaces:


  • Plain PPP for 3G / 4G and modem devices

  • PPPoE for DSL or similar connections

  • PPTP and L2TP for ISPs that require them for authentication.


These are configured from here.
pfSense - Interfaces - PPPs

GREs

Interfaces/ GREs 
GREs

Generic Routing Encapsulation (GRE) is a method of tunneling traffic between two endpoints without encryption. It can be used to route packets between two locations that aren’t directly connected and which don’t require encryption. GRE supports both IPv4 and IPv6.

GRE interfaces are configured from here.
pfSense - Interfaces - GREs

GIFs

Interfaces/ GIFs 
GIFs

A Generic Tunneling Interface (GIF) is similar to GRE, in that it tunnels traffic between two hosts without encryption. However, GIF may be used to tunnel IPv6 over IPv4 networks and vice versa.

GIF interfaces are configured here.
pfSense - Interfaces- GIFs

Bridges

Interfaces/ Bridges 
Bridges

A Bridge interface consists of two existing interfaces on the system that are bridged together. Bridging interfaces allows you to combine multiple interfaces onto a single broadcast domain, where two ports on the firewall will act as if they are on the same switch, except that traffic between the interfaces can be controlled with firewall rules.

Bridge interfaces are configured from here.
pfSense - Interfaces - Bridges

LAGGs

Interfaces/ LAGGs 
LAGGs

Link Aggregation (LAGG) combines multiple physical interfaces together as one logical interface, in order to increase throughput beyond what a single connection could sustain and to provide redundancy in case one of the links should fail. Link aggregation is handled by lagg(4) type interfaces (LAGG) in pfSense.

Link Aggregation can be configured here.
pfSense - Interfaces - LAGGs

Firewall

The Firewall menu enables you to configure elements pertaining to the firewall’s behavior as it transfers packets over the network. So things like defining aliases, configuring NAT and firewall rules, and traffic shaping, among other things, are done from here.

Aliases

Firewall/ Aliases 
IP

This page lists all of the IP aliases you defined on your system. Aliases define a group of ports, hosts, or networks that can be used in firewall rules, affecting the entire group. You can create, edit, or delete IP aliases from this page. You can also import lists of IP addresses by clicking the Import button.
pfSense - Aliases - IP
Ports

This page lists all of the ports aliases you defined on your system. You can create, edit, or delete ports aliases from this page. You can also import lists of ports by clicking the Import button.
pfSense - Aliases - Ports
URLs

This page lists all of the URL aliases you defined on your system. URL aliases consist of URLs that link to a list of ports, hosts, or networks, that are imported and defined as an alias. You can create, edit, or delete URL aliases from this page.
pfSense - Aliases - URLs
All

This page lists all of the defined aliases on your system, regardless of type. You can create, edit, or delete aliases from this page. You can also import lists of IP addresses or ports by clicking the Import button.
pfSense - Aliases - All

NAT

Firewall/ NAT 
Port Forward

From this page, you can configure port forwarding on your system, by creating rules that define the traffic to forward and where. You can create, edit, or delete port forwarding rules from here.
pfSense - PortForwarding
1:1

1:1 NAT maps a specified public IP address to a specified private IP address (or subnet). 1:1 NAT is typically used to allow access to an internal server with a private IP address, from the outside (internet). This can be configured from here.
pfSense - 1to1NAT
Outbound

This is where you can create, edit, or delete your outbound NAT rules. You can choose between Automatic, Hybrid, or Manual NAT rule generation.

Outbound NAT rules are applied from top to bottom. You can also disable outbound NAT altogether from here.
pfSense - Firewall - OutboundNAT
NPt

IPv6 Network Prefix Translation (NPt) is used to translate one IPv6 prefix to another. NPt works similarly to 1:1 NAT but over IPv6. NPt is configured from here.
pfSense - NPt

Rules

Firewall/ Rules 
Rules

The Firewall/Rules menu defaults to displaying the WAN rules.

Clicking an interface name from this menu takes you to that interface’s firewall rules.

All firewall rules in pfSense are applied from top to bottom. You can create, edit, or delete firewall rules for the selected interface from here.
pfSense - Firewall - Rules menu
Floating

Floating firewall rules affect multiple interfaces at once and are applied before interface firewall rules. All firewall rules in pfSense are applied from top to bottom. You can create, edit, or delete floating firewall rules from this page.
pfSense - Floating Rules
WANpfSense - Rules - WAN
LANpfSense - LAN rules

Schedules

Firewall/ Schedules 
Schedules

You can define schedules for firewall rules to be enabled and disabled and add the defined schedule(s) to the rules of your choice. You can create, edit, or delete schedules from here.
pfSense - Rules - Schedules

Traffic Shaper

Firewall/ Traffic Shaper 
By Interface

pfSense includes a built-in traffic shaper that can be defined by interface from this page. By selecting an interface from the displayed list, you can configure traffic shaping for the selected interface. pfSense supports two types of traffic shaping: ALTQ and limiters.
pfSense - TrafficShaper - By Interface
By Queue

The ALTQ Traffic Shaper type works by creating traffic queues which it manages according to the defined parameters. All ALTQ traffic queues are displayed and can be edited here.
pfSense - TrafficShaper - By Queue
Limiters

Limiting bandwidth for defined hosts is another way pfSense can perform traffic shaping. You can create, edit, or delete limiters from here.
pfSense - TrafficShaper - Limiters
Wizards

pfSense includes a traffic shaping wizard. By following the on-screen instructions, pfSense will automatically configure traffic shaping for you. Bear in mind that the results are likely to require a bit of tweaking for optimal operation.
pfSense - TrafficShaper - Wizard

Virtual IPs

Firewall/ Virtual IPs 
Virtual IPs

Virtual IP addresses are IP addresses that are not assigned to any physical interface on your system, but that are still routable by the firewall. Virtual IPs are typically used for network address translation, mobility, fault-tolerance and failover.

pfSense supports four types of virtual IP addresses:

  • IP Alias

  • CARP

  • Proxy ARP

  • Other


These can be configured here.
pfSense - Firewall - Virtual IPs

Services

The Services menu, as its name states, is where you can manage the various services running on your pfSense system. So things like the Captive Portal, DHCP Servers or Relays, DNS Forwarder and Resolver, Dynamic DNS, etc., are all configured and managed from the Services menu.

Auto Configuration Backup

Services/ Auto Configuration Backup 
Settings

pfSense provides a free encrypted cloud backup tool that backs up your firewall configurations to Netgate servers. The service can be enabled, disabled, and configured from this page.
pfSense - AutoBackup - Settings
Restore

From this page, you can restore your system using one of your backed-up configurations.
pfSense - AutoBackup - Restore
Backup now

You can perform a manual backup to Netgate’s servers from here.
pfSense - AutoBackup - BackupNow

Captive Portal

Services/ Captive Portal 
Captive Portal Zones

A captive portal is software that forces users on the network to authenticate themselves before obtaining network/internet access. This authentication step occurs after a user has entered the WiFi password and has connected to the router, by redirecting their connection to an authentication HTML page. Once properly authenticated, network/internet access is granted. This is common in hotels, for example.

When a captive portal is running on a network segment (a subnet), it is referred to as a captive portal zone.

This page displays any captive portal zones you configured on your system. When you click Add to create one or when you edit an existing zone, the following pages are displayed.
pfSense - Services - CaptivePortalZones
Configuration

This is where you set up your captive portal zone. You can configure things such as the interface on which it runs, authentication, accounting and the HTML page contents of the captive portal redirect page.
pfSense - CP - Configuration
MACs

You can filter access to the captive portal (block or bypass the captive portal) as well as limit up and down bandwidth for specific clients, by MAC address, from here.
pfSense - CP - MACs
Allowed IPs

The Allowed IPs page works exactly like the MACs page, but it filters by IP address rather than by MAC address. You can filter access to the captive portal as well as limit up and down bandwidth for specific clients by IP address from here.
pfSense - CP - AllowedIPs
Allowed Hostnames

The Allowed Hostnames page works exactly like the Allowed IPs page, but it filters by hostname rather than by IP address. You can filter access to the captive portal as well as limit up and down bandwidth for specific clients, by hostname from here.
pfSense - AllowedHostnames
Vouchers

You can grant access to the captive portal by issuing time-based vouchers. These are generated from this page.
pfSense - CP - Vouchers
File Manager

From this page, you can upload or delete assets to be used to create a custom captive portal HTML page.
pfSense - CP - FileManager

DHCP Relay

Services/ DHCP Relay 
DHCP Relay

From this page, you can configure the IPv4 DHCP Relay service for the selected interface. A DHCP Relay is used to allow a DHCP server on one segment of the network to provide IP addresses to clients on other network segments. Make sure that DHCP Server is disabled. DHCP Relay and DHCP Server cannot be used concurrently.
pfSense - Services - DHCP Relay

DHCP Server

Services/ DHCP Server 
DHCP Server

From this page, you can configure the IPv4 DHCP Server for the selected interface. Make sure that DHCP Relay is disabled. DHCP Relay and DHCP Server cannot be used concurrently.
pfSense - Services - DHCP Server

DHCPv6 Relay

Services/ DHCPv6 Relay 
DHCPv6 Relay

From this page, you can configure the IPv6 DHCP Relay service for the selected interface. Make sure that DHCP Server is disabled. DHCP Relay and DHCP Server cannot be used concurrently.
pfSense - Services - DHCPv6 Relay

DHCPv6 Server & RA

Services/ DHCPv6 Server & RA 
DHCPv6 Server

From this page, you can configure the IPv6 DHCP Server for the selected interface. Make sure that DHCP Relay is disabled. DHCP Relay and DHCP Server cannot be used concurrently.
pfSense - Services - DHCPv6 Server
Router Advertisements

From this page, you can set your router advertisements for the DHCPv6 server. For the DHCPv6 server to be active on the network, router advertisements must be set to either Managed or Assisted mode here.
pfSense - Services - DHCPv6 RA

DNS Forwarder

Services/ DNS Forwarder 
DNS Forwarder

This page is where you can enable, disable, and configure the DNS Forwarder. The DNS Forwarder forwards your DNS requests to the DNS servers you configured in System / General Setup. You can also configure domain and host overrides for the DNS Forwarder from here.
pfSense - Services - DNS Forwarder

DNS Resolver

Services/ DNS Resolver 
General Settings

The DNS Resolver in pfSense uses unbound, a validating, recursive, caching DNS resolver, and is favored over the DNS Forwarder. The DNS resolver can either query the root servers or be configured in forwarding mode and forward your requests to the DNS servers you configured in System / General Setup.

From this page, you can enable, disable, and configure the DNS Resolver. You can also configure domain and host overrides for the DNS Resolver from here.
pfSense - DNSResolver - General
Advanced Settings

As the name suggests, this is where you can further configure the DNS Resolver, using the advanced options.
pfSense - DNSResolver - Advanced
Access Lists

You can configure access lists to filter access to the DNS Resolver from here. You can set the action (deny, refuse, allow, allow snoop, deny nonlocal, refuse nonlocal) and the networks to which the list applies.
pfSense - DNSResolver - Access Lists

Dynamic DNS

Services/ Dynamic DNS 
Dynamic DNS Clients

Dynamic DNS enables you to reach your pfSense firewall from the internet by using a hostname rather than its IP address. The hostname always remains the same even if the underlying IP address changes. This can be useful for VPN access, for example.

From this page, you can enable, disable, and configure Dynamic DNS on your system. By selecting your dynamic DNS provider from the list, the options on the page are updated accordingly.
pfSense - DynamicDNS - Clients
RFC 2136 Clients

RFC 2136 Dynamic DNS registers a hostname on any DNS server supporting RFC 2136 style updates. These dynamic DNS clients can be configured here.
pfSense - DynamicDNS - RFCClients
Check IP Services

This page displays the IP address checking service used by Dynamic DNS. By default, dyndns.org is used. But you can disable it and add your own from here.
pfSense - DynamicDNS - CheckIP

IGMP Proxy

Services/ IGMP Proxy 
IGMP Proxy

The IGMP Proxy enables you to proxy multicast traffic between network segments. This can be configured from this page.
pfSense - Services - IGMP Proxy

Load Balancer

Services/ Load Balancer 
Pools

pfSense natively supports server load balancing and failover, using relayd.

From this page, you can create load balancing/failover pools and define the web servers that are part of each pool.
pfSense - LoadBalancer - Pools
Virtual Servers

The Virtual Servers page is where you define a public-facing IP address and port for the web server(s).
pfSense - LoadBalancer - VirtualServers
Monitors

From here, you can configure the different monitors to be used by relayd. Many are already configured. You can add, edit, or delete monitors from here.
pfSense - LoadBalancer - Monitors
Settings

From here, you can configure a few additional settings, such as the timeout, interval, and prefork values.
pfSense - LoadBalancer - Settings

NTP

Services/ NTP 
Settings

The Services / NTP pages enable you to configure pfSense as a Network Time Protocol (NTP) server to synchronize the clocks of systems connected to the firewall.

From the Settings page, you can select the interfaces the NTP server will listen on and define the time servers used by your local NTP server, among other settings.
pfSense - NTP - Settings
ACLs

From this page, you can define access restrictions to your local NTP server.
pfSense - NTP - ACLs
Serial GPS

You can use a GPS connected via a serial port as a reference clock for NTP. This is configured here.
pfSense - NTP - GPS
PPS

You can use a device with a Pulse Per Second (PPS) output as a PPS reference for NTP. This is configured here.
pfSense - NTP - PPS

PPPoE Server

ServicesPPPoE Server 
PPPoE Server

pfSense can be used as a Point-to-Point Protocol over Ethernet (PPPoE) server and accept and authenticate connections from PPPoE clients on a local interface. This is configured here.
pfSense - Services - PPPoE

SNMP

Services/ SNMP 
SNMP

You can monitor your pfSense firewall using the Simple Network Management Protocol (SNMP). The SNMP service can be enabled, disabled, and configured from this page.
pfSense - Services - SNMP

UPnP & NAT-PMP

Services/ UPnP & NAT-PMP 
UPnP & NAT-PMP

Universal Plug & Play (UPnP) and NAT Port Mapping Protocol (NAT-PMP) allow software and devices to configure each other for proper communication when attaching to a network. Both are natively supported by pfSense and are configured from this page. You can also configure an ACL (access control list) for UPnP from here.
pfSense - Services - UPnP&NAT

Wake-on-LAN

Services/ Wake-on-LAN 
Wake-on-LAN

Wake-on-LAN (WoL) is a service that can be used to remotely power-on computers on your network, by sending what is referred to as “magic packets”. The network card in the computer you want to power-on must support WoL and its BIOS must be configured for support as well.

From this page, you can dynamically power-on one of the computers on your network by entering its MAC address.

You can also add computers to the Wake-on-LAN Devices list (by MAC address) and turn them all on at once, using the Wake All Devices button.
pfSense - Services - WoL

VPN

pfSense natively supports three Virtual Private Network (VPN) protocols: IPsec (IKEv1 & IKEv2), L2TP/IPsec, and OpenVPN. All three are configured from the VPN menu.

IPsec

VPN/ IPsec 
Tunnels

This is where you can configure pfSense to act as an IPsec VPN server.

From the Tunnels page, you can create, edit, or delete IPsec tunnels. The Tunnels page displays any Phase 1 tunnels configured on your system and their associated Phase 2 tunnels.
pfSense - IPsec - Tunnels
Mobile Clients

This is where you enable/disable and configure IPsec mobile client support. From this page, you can configure things such as authentication sources, virtual IP addresses, and more.
pfSense - VPN - IPsecMobileClients
Pre-Shared Keys

This page displays your IPsec pre-shared keys (if any). From here, you can create, edit, or delete your IPsec pre-shared keys.
pfSense - VPN - IPsecPSK
Advanced Settings

From this page, you can set up miscellaneous IPsec options, such as IP compression and strict interface binding, among other settings.
pfSense - VPN - IPsecAdvanced

L2TP

VPN/ L2TP 
Configuration

L2TP is a tunneling protocol which is used in conjunction with IPsec (IKEv1), in the L2TP/IPsec VPN protocol. L2TP does not provide encryption in itself. IPsec encrypts the the packets transiting through the L2TP tunnel in L2TP/IPsec.

From this page, you can enable, disable, and configure L2TP.
pfSense - VPN - L2TPConfiguration
Users

This page lists all of your L2TP users. You can create, edit, and delete L2TP users from here.
pfSense - VPN - L2TPUsers

OpenVPN

VPN/ OpenVPN 
Servers

The Servers page is where you can create and configure a local OpenVPN server. You can also delete OpenVPN servers from here.
pfSense - OpenVPN - Servers
Clients

The Clients page is where you can create and configure a local OpenVPN client. You can also delete OpenVPN clients from here.
pfSense - OpenVPN - Clients
Client Specific Overrides

From here you can override some OpenVPN settings by enabling some of the available options in the GUI or by adding additional OpenVPN directives that apply to a specific user of one of your configured OpenVPN servers. An example would be to assign a specific IP address to a user (ifconfig-push 10.10.0.10).
pfSense - OpenVPN - Overrides
Wizards

pfSense includes an OpenVPN server wizard. By following the on-screen instructions, pfSense will automatically configure an OpenVPN server for you.
pfSense - OpenVPN - Wizards

See also:Best VPNs for pfSense

Status

The Status pages display status information on various services running on your pfSense system. You’ll find many of the same submenus in the Status menu as in the Services menu. But while the Services menu allows you to edit the services’ settings, the Status menu provides status information on the configured services. Some pages may be empty depending on your configuration and the services running.

Captive Portal

Status/ Captive Portal 
Captive Portal

The Captive Portal Status page displays all of the active users of your Captive Portal Zones.
pfSense - Status - CP

CARP

Status/ CARP 
CARP

The Cache Array Routing Protocol (CARP) enables you to create virtual IP addresses to be used to set up High Availability Sync in pfSense.

The CARP Status page displays the current status of all configured CARP virtual IP addresses. You can also enable and disable CARP from here.
pfSense - Status - CARP

Dashboard

Status/ Dashboard 
Clicking this menu takes you to the pfSense Dashboard.pfSense - Status - Dashboard

DHCP Leases

Status/ DHCP Leases 
DHCP Leases

The DHCP Leases Status page displays all of your IPv4 DHCP leases and their status (active, expired, static).
pfSense - Status - DHCP

DHCPv6 Leases

Status/ DHCPv6 Leases 
DHCPv6 Leases

The DHCPv6 Leases Status page displays all of your DHCPv6 leases and their status (active, expired, static).
pfSense - Status - DHCPv6Leases

DNS Resolver

Status/ DNS Resolver 
DNS Resolver

The DNS Resolver Status page lists caching statistics for each configured DNS server on the System / General Setup page.
pfSense - Status - DNSResolver

Filter Reload

Status/ Filter Reload 
Filter Reload

This page shows the status of the last filter reload request and enables you to force reload the packet filter, by clicking the Reload Filter button.
pfSense - Status - FilterReload

Gateways

Status/ Gateways 
Gateways

The Gateways Status page lists all of your configured gateways and provides high-level statistics for each one.
pfSense - Status - Gateways
Gateway Groups

The Gateways Groups Status page lists all of your configured gateway groups and lists the tier of each member of the gateway group.
pfSense - Status - GatewayGroups

Interfaces

Status/ Interfaces 
Interfaces

This page lists all of the configured interfaces on your system and displays high-level information for each one.
pfSense - Status - Interfaces

IPsec

Status/ IPsec 
Overview

The Overview page lists all active IPsec connections and provides high-level information on each connection. It also displays information on each connection’s child security association (SA) entries.
pfSense - Status - IPsecOverview
Leases

This page lists the active IPsec leases.
pfSense - Status - IPsecLeases
SADs

The Security Association Databases (SADs) page lists all active IPsec security associations.
pfSense - Status - IPsecSADs
SPDs

The Security Policies Databases (SPDs) Status page displays all active IPsec security policies.
pfSense - Status - IPsecSPDs

Load Balancer

Status/ Load Balancer 
Pools

The Load Balancer / Pools page lists your existing load balancing / failover pools and displays high-level information on them.
pfSense - Status - LBalancerPools
Virtual Servers

The Load Balancer / Virtual Servers page lists your existing virtual servers (public IP and port) and displays high-level information on them.
pfSense - Status - LBalancerVServers

Monitoring

Status/ Monitoring 
Monitoring

The Monitoring Status page allows you to create a custom graph to monitor your system using the provided metrics, such as bandwidth used, CPU usage, firewall states, etc. Once you have selected your parameters, click Update Graphs and your custom graph is displayed with a data summary below.
pfSense - Status - Monitoring

NTP

Status/ NTP 
NTP

This page displays information on the NTP servers used by your system.
pfSense - Status - NTP

OpenVPN

Status/ OpenVPN 
OpenVPN

The OpenVPN Status page lists all of the active OpenVPN client connections to local and remote OpenVPN servers.
pfSense - Status - OpenVPN

Package Logs

Status/ Package Logs 
Package Logs

Certain optional packages’ logs can be viewed from this page. No native pfSense logs are displayed here.
pfSense - Status - PackageLogs

Queues

Status/ Queues 
Queues

The Queues Status page lists information about your active traffic shaping queues. The queue graphs sample data at regular intervals.
pfSense - Status - Queues

Services

Status/ Services 
Services

This page displays the status of the various services configured on your firewall. You can also stop or restart each service, as well as a few other options, according to the service.
pfSense - Status - Services

System Logs

Status/ System Logs 
System Logs

This is where you can view the various native logs produced by pfSense. The logs are organized by service. Some sections may be empty depending on your configuration and the services you’re running.
pfSense - Status - SystemLogs
Settings

There is also a Settings page within the System Logs page. From the Settings page, you can configure things like log rotation, enable or disable logging of certain default firewall rules, and configure pfSense to log to a remote Syslog server.
pfSense - SystemLogs - Settings

Traffic Graph

Status/ Traffic Graph 
Traffic Graph

From the Traffic Graph Status page, you can create a real-time graph for any configured interface on your system. You can display bandwidth in or bandwidth out data and set a few other additional options.
pfSense - Status - TrafficGraph

UPnP & NAT-PMP

Status/ UPnP & NAT-PMP 
UPnP & NAT-PMP

This page displays the list of currently active UPnP port forwards.
pfSense - Status - UPnP&NAT-PMP

Diagnostics

The Diagnostics menu contains tools that allow you to troubleshoot, test, and measure your system’s performance. It’s also where you can perform local configuration backups and restores, as well as edit system files, restore the system to factory settings, and reboot and power-off pfSense.

ARP Table

Diagnostics/ ARP Table 
ARP Table

The Address Resolution Protocol (ARP) Table page displays all of the ARP entries configured on the system, listing the IP & MAC addresses, along with the status and link type for each one.

You can also delete ARP entries from here.
pfSense - Status - ARP Table

Authentication

Diagnostics/ Authentication 
Authentication

The Authentication Diagnostics page allows you to perform authentication tests on any of your configured authentication servers. Select an authentication server and enter a username and password to perform an authentication test.
pfSense - Diagnostics - Authentication

Backup & Restore

Diagnostics/ Backup & Restore 
Backup & Restore

From this page, you can perform a manual local backup or restore of your pfSense configuration. You can also choose to only reinstall the additional packages listed in your configuration when performing a restore.
pfSense - Diagnostics - Backup&Restore
Config History

pfSense automatically creates a backup of its configuration file every time a change is made in the GUI. The Config History page lists the last 30 configuration backups and displays the action that triggered the backup.

You can restore any of the saved configurations from here, as well as download, or delete a saved configuration file. You may need to reboot your system for the restored configuration to take effect.
pfSense - Diagnostics - ConfigHistory

Command Prompt

Diagnostics/ Command Prompt 
Command Prompt

From the Command Prompt page, you can execute a shell command, upload or download a file to/from the pfSense file system, and execute PHP commands.
pfSense - Diagnostics - CommandPrompt

DNS Lookup

Diagnostics/ DNS Lookup 
DNS Lookup

This page allows you to perform a DNS lookup. When performing a DNS lookup, pfSense queries all of the DNS servers configured on the System / General Setup page. Simply type the hostname you want to lookup and its IP address is displayed, along with the query time for each DNS server.
pfSense - Diagnostics - DNSLookup

Edit File

Diagnostics/ Edit File 
Edit File

From this page, you can browse to any file on the file system and make edits. This can be destructive and is not recommended unless you know what you are doing.
pfSense - Diagnostics - EditFile

Factory Defaults

Diagnostics/ Factory Defaults 
Factory Defaults

Clicking this menu item resets pfSense to its default settings.
pfSense - Diagnostics - FactoryDefaults

Halt System

Diagnostics/ Halt System 
Halt System

Clicking this menu item powers off pfSense.
pfSense - Diagnostics - HaltSystem

Limiter Info

Diagnostics/ Limiter Info 
Limiter Info

This page displays each configured limiter and child queue in text format.
pfSense - Diagnostics - LimiterInfo

NDP Table

Diagnostics/ NDP Table 
NDP Table

The NDP Table page displays the IPv6 Neighbour Discovery Protocol list. The list contains all of the current IPv6 peers and is essentially equivalent to the ARP Table for IPv4.
pfSense - Diagnostics - NDPTable

Packet Capture

Diagnostics/ Packet Capture 
Packet Capture

The Packet Capture page allows you to perform packet captures for any configured interface on the system. You can set various options, such as the protocol, port, and packet count, among others. Once the packet capture has stopped, you can view or download the capture.
pfSense - Diagnostics - PacketCapture

pfInfo

Diagnostics/ pfInfo 
pfInfo

The pfInfo page displays statistics and counters for the firewall packet filter. These statistics and counters serve as metrics to judge how the packet filter is processing data.
pfSense - Diagnostics - pfInfo

pfTop

Diagnostics/ pfTop 
pfTop

This page lists all of the connections in the state table. There is also a filter panel on the page, enabling you to search for specific connections.

If a connection is active, you can connect to the pfSense console (ssh or physical access) and select option 9 from the menu to view the traffic flowing in real-time.
pfSense - Diagnostics - pfTop

Ping

Diagnostics/ Ping 
Ping

This page enables you to ping hosts from pfSense. You can select your IP protocol, source address, and the number of pings.
pfSense - Diagnostics - Ping

Reboot

Diagnostics/ Reboot 
Reboot

Clicking this menu item reboots pfSense.
pfSense - Diagnostics - Reboot

Routes

Diagnostics/ Routes 
Routes

This page displays all of the IPv4 and IPv6 routes configured on your system.
pfSense - Diagnostics - Routes

S.M.A.R.T Status

Diagnostics/ S.M.A.R.T Status 
S.M.A.R.T Status

This page enables you to perform hard drive health tests on your pfSense hard drive(s). You can view your drive’s S.M.A.R.T. status, perform a self-test, and view the test logs from here.
pfSense - Diagnostics - SMARTStatus

Sockets

Diagnostics/ Sockets 
Sockets

This page displays the list of active TCP/IP sockets for IPv4 and IPv6 that are used by the firewall itself.

By default, only listening sockets are listed, but you can click Show all connections to display sockets in use by the system making external connections.
pfSense - Diagnostics - Sockets

States

Diagnostics/ States 
States

The States page displays the firewall state table, listing the interface, protocol, source and destination, and more.

There is also a filter panel on the page, enabling you to search the state table contents.
pfSense - Diagnostics - States
Reset States

From this page, you can reset the state table by ticking the Reset the firewall state table box and clicking Reset.

When you reset the state table, all existing connections are broken and will need to be re-established.
pfSense - Diagnostics - ResetStates

States Summary

Diagnostics/ States Summary 
States Summary

The States Summary page provides statistics on the state table and its connections.
pfSense - Diagnostics - StatesSummary

System Activity

Diagnostics/ System Activity 
System Activity

This page displays a list of the top active processes running on the system.
pfSense - Diagnostics - SystemActivity

Tables

Diagnostics/ Tables 
Tables

From the Tables page, you can select any of the configured Host or URL aliases on your system from a list and display its contents.

Aliases are converted to tables when they’re used in active firewall rules.
pfSense - Diagnostics - Tables

Test Port

Diagnostics/ Test Port 
Test Port

The Test Port page enables you to test whether or not a host is up and accepting connections on a specified TCP port. Enter the required fields and click Test.
pfSense - Diagnostics - TestPort

Traceroute

Diagnostics/ Traceroute 
Traceroute

The Traceroute page enables you to perform a traceroute (like using the traceroute command available on many platforms). It sends a special packet that traces the route it travels from the pfSense host to a remote host and displays the list of hops in-between.
pfSense - Diagnostics - Traceroute

Help

The Help menu provides you with additional resources to learn about pfSense.

About this Page

Help/ About this Page 
About this Page

Clicking this menu item from anywhere in the pfSense UI opens the relevant pfSense documentation section in your browser, based on the page you’re on in the pfSense GUI.
pfSense - Help - AboutPage

Bug Database

Help/ Bug Database 
Bug Database

Clicking this menu item takes you to the pfSense bug tracker page in your browser.
pfSense - Help -BugDatabase

Documentation

Help/ Documentation 
Documentation

Clicking this menu item opens the pfSense documentation in your browser.
pfSense - Help - Documentation

FreeBSD Handbook

Help/ FreeBSD Handbook 
FreeBSD Handbook

Clicking this menu item opens the FreeBSD documentation in your browser.
pfSense Help - FreeBSDHandbook

Paid Support

Help/ Paid Support 
Paid Support

Clicking this menu item opens the Netgate web page in your browser. You can purchase paid support from there.
pfSense - Help - PaidSupport

pfSense Book

Help/ pfSense Book 
pfSense Book

Clicking this menu item opens the pfSense book in your browser. Though similar, the book and the documentation have different content.
pfSense - Help - Book

User Forum

Help/ User Forum 
User Forum

Clicking this menu item opens the pfSense user forum in your browser.
pfSense - Help - Forum

User Survey

Help/ User Survey 
User survey

Clicking this menu item opens the pfSense survey in your browser. It is hosted by surveymonkey.com.
pfSense - Help - Survey