The pfSense web GUI can only be accessed from another PC. If the WAN was the only interface assigned during the initial setup, then you will be able to access pfSense through the WAN IP address. Once one of the local interfaces is configured (typically the LAN interface), pfSense can no longer be accessed through the WAN interface. You will, however, be able to access pfSense from the local side of the firewall (typically through the LAN interface). In either case, you can access the web GUI by connecting another computer to the pfSense system, either directly (with a crossover cable) or indirectly (through a switch), and then typing either the WAN or LAN IP address into the connected computer's web browser.

1. When you initially log in to pfSense, the default username/password combination will be admin/pfsense, respectively.
2. On your first login, the Setup Wizard will begin automatically.
3. Click on the Next button to begin configuration.

4. The first screen provides a link for information about a pfSense Gold Netgate Global Support subscription. You can click on the link to sign up to learn more, or click on the Next button.
5. On the next screen, you will be prompted to enter the hostname of the router as well as the domain. Hostnames can contain letters, numbers, and hyphens, but must begin with a letter. If you have a domain, you can enter it in the appropriate field.
6. In the Primary DNS Server and Secondary DNS Server fields, you can enter your DNS servers. If you are using DHCP for your WAN, you can probably leave these fields blank, as they will usually be assigned automatically by your ISP.  However, your ISP's DNS servers may not be reliable. There are many third party DNS servers available, including OpenDNS (208.67.220.220 and 208.67.222.222) and Google Public DNS (8.8.8.8 and 8.8.4.4). Uncheck the Override DNS checkbox if you want to use third party DNS servers rather than the DNS servers used by your ISP.  Click on Next when finished.
7. The next screen will prompt you for the Network Time Protocol (NTP) server as well as the local time zone. The NTP server configuration will be covered in greater detail in the next chapter; you can keep the default value for the server hostname for now. For the Timezone field, you should select the zone which matches your location and click on Next.
8. The next screen of the wizard is the WAN configuration page.

In most scenarios, you won't need to make any further changes to the WAN in comparison to what was done at the console (at least initially; a multi-WAN setup is more involved and will be discussed more fully in Chapter 9, Multiple WANs).

If you need to make changes, however, there are several options on this page.

1. For Selected Type, you have several options, but the most commonly used options are DHCP (the default type) or Static.
   
   If your pfSense system is behind another firewall and it is not going to receive an IP address from an upstream DHCP server, then you probably should choose Static. If pfSense is going to be a perimeter firewall, however, then DHCP is likely the correct setting, since your ISP will probably dynamically assign an IP address (this is not always the case, as you may have an IP address statically assigned to you by your ISP, but it is the more likely scenario).

2. The other choices are Point-to-Point Protocol over Ethernet (PPPoE) and Point-to-Point Tunneling Protocol (PPTP). Your ISP may require that you use one of these options for the WAN interface; if you are not sure, check with them.
3. If you selected either PPPoE or PPTP, you will have to scroll down to the appropriate part of the page to enter parameters for these connections.
4. At a minimum, you will likely have to enter the Username and Password for such connections. In addition, PPTP requires that you enter a local IP address and a remote IP address.
5. The dial-on-demand checkbox for PPPoE and PPTP connections allows you to connect to your ISP only when a user requests data that requires an internet connection. Both PPPoE and PPTP support an Idle timeout setting, which specifies how long the connection will be kept open after transmitting data when this option is invoked. Leaving this field blank disables this function.

6. We can now turn our attention to the General Configuration section. The MAC address field allows you to enter a MAC address that is different from the actual MAC address of the WAN interface.
   
   This can be useful if your ISP will not recognize an interface with a different MAC address than the device that was previously connected, or if you want to acquire a different IP address (changing the MAC address will cause the upstream DHCP server to assign a different address).

7. If you use this option, make sure the portion of the address reserved for the Organizationally Unique Identifier (OUI) is a valid OUI – in other words, an OUI assigned to a network card manufacturer. (The OUI portion of the address is the first three bytes of a MAC-48 address and the first five bytes of an EUI-48 address).
8. The next few fields can usually be left blank. Maximum Transmission Unit (MTU) allows you to change the MTU size if necessary. DHCP hostname allows you to send a hostname to your ISP when making a DHCP request, which is useful if your ISP requires this.
9. The Block RFC1918 Private Networks checkbox, if checked, will block registered private networks (as defined by RFC 1918) from connecting to the WAN interface. The Block Bogon Networks option blocks traffic from reserved and/or unassigned IP addresses. For the WAN interface, you should check both options unless you have special reasons for not invoking these options. Click the Next button when you are done.
10. The next screen provides fields in which you can change the LAN IP address and subnet mask, but only if you configured the LAN interface previously.
11. You can keep the default, or change it to another value within the private address blocks. You may want to choose an address range other than the very common 192.168.1.x in order to avoid a conflict.
12. Be aware that if you change the LAN IP address value, you will also need to adjust your PC's IP address, or release and renew its DHCP lease when finished with the network interface. You will also have to change the pfSense IP address in your browser to reflect the change.
13. The final screen of the pfSense Setup Wizard allows you to change the admin password, which you should do now.
14. Enter the password, enter it again for confirmation in the next edit box, and click on Next.

15. Later on, you can create another administrator account with a username other than admin and disable the admin account, for additional security, unless you plan on setting up multiple firewalls for high availability, in which case you will need to retain the admin account.
16. On the following screen, there will be a Reload button; click on Reload. This will reload pfSense with the new changes.
17. Once you have completed the wizard, you should have network connectivity. Although there are other means of making changes to pfSense's configuration, if you want to repeat the wizard, you can do so by navigating to System | Setup Wizard. Completion of the wizard will take you to the pfSense dashboard.