INSTALL PFSENSE ON VMWARE ESXI
This article is about building a pfSense virtual machine on vSphere / ESXi. Article explains how to install any major pfSense version on VMware vSphere versions 5.x and 6.x. Article does not cover how to install vSphere or how to configure pfSense to do any of the many amazing things it can. A basic, working, pfSense virtual machine will exist by the end of this document.
Disclaimer/flame-retardant: If pfSense will be running as a perimeter firewall for an organization and the “attack surface” should be minimized, many will say it is preferable to run it unvirtualized on stand-alone hardware. That is a decision for the user and/or organization to make, however. Now back to the topic.
We're going to start at the point where we have a vanilla ESXi install and have connected to it using the vSphere client. If other VMs are already running on ESXi, then it is not likely necessary to follow the networking steps too closely. However, we recommend skimming through it to see what is suggested before building the pfSense virtual machine part.
Please report any errors or typos you may find.
Assumptions
- vSphere host is up and running
- The reader has an understanding of network addressing
- You have already uploaded pfSense installation .iso to the datastore.
Installing pfSense on vSphere 6.x using vSphere web client
The following steps include the necessary vSphere web client configuration required to get pfSense VM running. After getting to the pfSense setup step, switch to the guide for vSphere client bellow.
Basic vSphere web client networking setup
Before creating a new VM in vSphere web client, you will need to create two virtual switches and two port groups. We will first create Virtual switches for WAN and LAN and after that two port groups for the WAN and LAN.
From the vSphere web client navigator, click on Networking and then click on Virtual switches tab. From there, click on “Add a new standard virtual switch”.
Add two Virtual switches, one for WAN and another for LAN. For uplink select two separate available ports.
Creating port groups
After creating Virtual switches, click on Port groups tab. On the Port groups tab click on “Add port group”. Add WAN and LAN port groups, each using WAN and LAN switches respectively.
Creating a pfSense VM
Now that the networking part is done, we continue to create a virtual machine. From the dashboard click on “Create/Register VM”. On the first wizard screen select “Create a new virtual machine”. pfSense Gold subscribers can download pre-made VMware certified pfSense OVA and select the second option “Deploy a virtual machine from an OVF or OVA file”
On the second page of the wizard, enter a name for your VM and select correct Guest OS version.
On the third page of the wizard, select the datastore where you want to keep your pfSense VM.
On wizard page four, add another Network Adapter and select the WAN and LAN virtual switches for each of the network adapters. Modify other virtual machine settings to your liking. For best performance, we recommend using VMXNET 3 type of adapters instead of E1000. However, with VMXNET 3 interfaces type you will have to manually assign interfaces with the first boot. For the purpose of this guide we used E1000 adapter type.
On the final wizard screen confirm the settings and click finish.
pfSense installation
Once the pfSense virtual machine is created, under vSphere web client navigator click on “Virtual Machines” and select your newly created VM.
Power on the virtual machine.
On the next screen, press “I” to invoke installer mode.
After pfSense boots you will be greeted by the setup wizard. Select “Accept these settings”
On the following screen choose “Quick/Easy Install” after which installation starts.
When prompted, select “Standard Kernel”.
After that installation completes and pfSense boots up for the first time.
Installing Open-VM-Tools
Once pfSense installation is complete, upon first boot install the Open-VM-Tools. Reboot is not necessary afterwards, however make sure the Open-VM-Tools service is running under Status > Services.
Congratulations, you have successfully completed pfSense installation on ESXi!
Your ArtIT Team,