This page contains affiliate links. If you purchase an item using an affiliate link I will receive a small commission at no cost to you. Affiliates do not influence my recommendations. Read my disclosures for more information.
You’ve decided that using a pfSense router is the best choice for you (there are many reasons it could be). Now you want to make sure you set it up correctly and make the most of your pfSense router configuration. Here are a few things to consider and some tips to get you off to a good start.
Make sure to plan your pfsense router hardware accordingly
One of the best things about pfSense is that you can choose your own hardware. A few things you’ll want to consider include:
- How big is your home network? If you have a smaller home network with fewer devices probably won’t require as fast of hardware as a larger network.
- How fast are your Internet and network speeds? Your router needs to be powerful enough (CPU and network card speeds) to handle the speed of your Internet connection and connection to your LAN.
- What services do you want to run on pfSense? Some packages, like Snort, require much more processing speed and disk space.
- How many network interfaces do you need? Do you just have a LAN and a WAN? Do you plan to run VLANs or setup a Multi-WAN configuration? Make sure you have enough network interfaces.
- Do you plan to use access points for WiFi? I highly recommend buying dedicated wireless access points, like the TP-Link EAP225/245. If you do, you don’t need to worry about pfSense compatibility with your hardwire’s wireless hardware. And access points will likely provide a better WiFi experience in your home.
- Do you feel comfortable putting together hardware? If you don’t, you’ll probably want to consider a prebuilt box.
- Are you comfortable installing an OS? If you don’t want to install pfSense yourself, then take a hard look at the Netgate products that come with pfSense preinstalled.
You have a lot of hardware choices. Maybe you even have some hardware or a spare computer lying around that you want to repurpose. I wrote an article that gives suggestions for pfSense router hardware, along with advantages and disadvantages. Alternatively, you could choose to go virtual, as I did. Just make sure you think through your requirements before deciding.
Are you migrating from an existing router?
Chances are you currently have a router and have some settings on that router that you need to work when you migrate to pfSense. Typical things you will want to document from your old router are:
- DHCP reservations and mappings (sometimes called static DHCP)
- DNS entries
- Port forwards
- Firewall rules
- Dynamic DNS settings
Plan your home network configuration
This step really isn’t specific to getting prepared for a pfSense router. Your router is the most important piece of network equipment in your home and might be the most important computer period. You should take some time to make sure you set it up as you want. At a minimum you want to plan out the following:
Network address spaces and VLANS
What IP address range or ranges do you want to use? Think about your reserved range for DHCP leases and static IPs as well as your DHCP range. Will you be using VLANs? Decide the address range for your VLANs.
Most people have on ISP providing Internet service for their home, but some ultra-paranoid people, like me, have a backup WAN provider. If so, you need to plan for how you want the multiple WAN connections to work together (failover, load balancing).
QoS (Quality of Service)
Do you do have a limited Internet bandwidth or do some torrenting or downloading files from Usenet? If so, you may want to plan to set up QoS to prioritize streaming video, video conferencing, VOIP and other services that can be negatively affected by constrained bandwidth
VPN (incoming and outgoing)
VPNs are a very popular way of adding privacy to your Internet activities. VPNs can also be used to provide a secure way to connect to your home network resources from a remote location. pfSense excels at VPN capabilities.
Plan your pfSense router security packages
I can’t talk about planning for a router install without talking about home network security. pfSense is built with security in mind, but there are also additional security-related packages you can install:
- Intrusion Detection/Protection System (IDS/IPS) – pfSense has Suricata and Snort which both do an excellent job of proactively monitoring and protecting your network.
- Block known bad actors from connecting to your network using pfBlocker-NG.
- ClamAV is a firewall antivirus that can add some protection from malicious web sites for your entire network.
Consider and plan additional pfSense router packages
pFSense has a ton of packages that can greatly enhance your firewall and your home network. Below are a few of my favorites that you should definitely look into:
- Service watchdog
Familiarize yourself with install and configuration documentation
pfSense can have a bit of a learning curve because it is so powerful. Luckily there are tons of sources for tutorials and information including Netgate’s official documentation, the pfSense book, Youtube videos, and the Netgate pfSense forums. You are only a google search away from help if you need it.
pfSense is among the best, if not the best, free router software you can use for your home network. To get the most out of it, make sure to do a little planning before setting up your own pfSense router. A little planning goes a long way! If you are interested in learning more about pfSense below is a list of my pfSense related resources:
- 6 Reasons to Use a pfSense Home Router
- 5 Tips To Help Get The Most Out of pfSense
- 6 pfSense Configurations To Do After Install
- 5 Great Choices for pfSense Hardware
- How and Why I Built a Virtual Router
- My Search For Cellular Backup Internet For My Home (dual WAN info)
- Moving from Xfinity to CenturyLink Fiber Internet (how to configure pfSense with CenturyLink Fiber without using their router)