A little while ago, we published a note detailing installation of pfSense on Sophos SG 105 and SG 115 models (and, by extension, on hardware-identical XG 105 and XG 115). Since then, pfSense 2.7 was released. For some reason, the final phase of installation described in that note doesn't work with 2.7; edits to the /boot/loader.conf file cannot be saved because the file is read-only during installation. This requires a slight modification to the installation procedure, so here's the procedure for pfSense 2.7 in its entirety. We assume you have a monitor and a keyboard connected to the router during installation; the variations for using the console are noted where appropriate. Please note that this procedure is not necessary on Revision 3 units; on those, you can install pfSense normally. You may also be able to install pfSense normally on Revision 2 units that have BIOS version 2.17 or newer. If, on the other hand, you have a Revision 2 unit with BIOS version 2.16 or a Revision 1 unit (those, as far as we can tell, all come with BIOS version 2.16), this procedure if for you.
Start by connecting installation media (usually, a USB stick) to the router while it's powered off. Turn the router on and repeatedly press Del on the keyboard to enter the BIOS (when using console, Tab or Esc may work better for this purpose). In BIOS, navigate to Advanced >> USB Configuration and set Port 60/64 emulation to Disable. Then, save and exit by pressing F4 (if using console, you may have to use menus instead). The router will proceed to the installation sequence.
Very soon, you will see the welcome screen that looks like this:
_ __ / _|___ ___ _ __ ___ ___
| '_ \| |_/ __|/ _ \ '_ \/ __|/ _ \
| |_) | _\__ \ __/ | | \__ \ __/
| .__/|_| |___/\___|_| |_|___/\___|
|_|
+---------- Welcome to pfSense -----------+ __________________________
| | / ___\
| 1. Boot Multi user [Enter] | | /`
| 2. Boot Single user | | / :-|
| 3. Escape to loader prompt | | _________ ___/ /_ |
| 4. Reboot | | /` ____ / /__ ___/ |
| 5. Cons: Dual (Serial primary) | | / / / / / / |
| | | / /___/ / / / |
| Options: | | / ______/ / / |
| 6. Kernel: default/kernel (1 of 2) | |/ / / / |
| 7. Boot Options | / /___/ |
| | / |
| | /_________________________/
+-----------------------------------------+ /
Boot in 3 seconds. [Space] to pause When you see it, press 3 on the keyboard to escape to the bootloader's command prompt. At the command prompt, enter two commands, ending each with Enter:
set kern.vty="sc"
bootpfSense will install normally. At the end of installation, as usual, there will be the Manual Configuration dialog. When you see it, choose Yes to get command prompt.
At the command prompt, type halt to stop the router. When it stops (power indicator should change from blue to red), unplug the device from power, remove the installation media, and plug the router back in. pfSense should start normally and proceed to the standard first boot sequence.
When you see the welcome screen, press 3 again to escape to the command prompt. Enter the same two commands:
set kern.vty="sc"
bootThis will allow pfSense to complete the first boot seqience. When you have the main pfSense screen, choose option 8 to get command prompt. Now you should be able to edit the /boot/loader.conf file. Use vi to open the file for editing:
vi /boot/loader.confWhen the file opens, press i to go into the editing (or insert, hence, i) mode and add a new line to the end of the file:
kern.vty="sc" (Here, we're saving for future use the directive we used at installation and at first boot.)
Save and exit (press Esc to return to the read-only mode, then type :x). If you want to make sure your edits were saved, output the bootloader configuration file to screen and see if they are present:
cat /boot/loader.confType exit to return to the main menu. Then, use the main menu to halt the router. When the router halts, start it again to check if it boots normally without interference (it should).