Sorry for the late reply. This is more of a gee-wiz thing I wanted to try.

I'm currently running a Cisco ASA although it's an older device that's showing it's age compared to appliance potentials like pfSense and Sophos. My Cisco devices maybe see 1-2 restarts a year and always because of configuration changes on my behalf. Granted it's an overkill for a home network, but I do this for a living as-well not to mention the equipment was free.

I did bypass the 3825 and ran pfSense as a standalone router for the time being. It's nice to see an actual graphical interface for a change. Setup couldn't get any easier.  I am noticing a slight delay in loading webpages although that could be anything and I haven't really tried to troubleshoot it at all.

Anyways, I'll definitely be going back to a Cisco router behind some type of IDS/IPS. Just personal preference over anything else I guess.

When I use the backup/recovery option, is there everything included?
Also the package config?

What is missing?
thanks

For work like this I like these cables (look for original FTDI chipset!) https://www.amazon.com/dp/B01N0LMWGQ
together with two of those adapters https://www.amazon.com/dp/B0002J1JUE
one configured straight, one as Null Modem crossed.
Add a male/male gender changer to your toolbox and you should be able to connect to about any serial on db9 that comes along … as well as any Cisco style console port.

Trying to maintain multiple slices/partitions like that is going to be a giant PITA and not worth the effort.

Use the whole disk. Use swap.

If you want to play with other configurations just keep a config.xml backup and then factory reset and do whatever you want, you can always restore the other config and/or reinstall within a few minutes.

You'd waste more time tinkering with partitions compared to a reinstall+restore which only takes a few moments.

Thanks for the help guys.

Went out and yesturday:
Backed up config.
Wiped the appliance with a 2.4 installer disk.
Restored config.
From web ui I was able to update to 2.4.2_p1.

Never mind, it was easier to just do a fresh install of 2.4.2 than trying to recover from this mess. I will now have to reinstall OpenVPN on a few laptops, and hope that I configured the VPN properly.

If only…need to remember to do a snapshot next time I contemplate an upgrade. But they usually go so smoothly there hasn't been a need.

Guys,

Solved this for myself.

Even though dashboard said I was up to date, I wasn't.

Running console update [option 13] did a kernel update and two reboots.

After that, I was back in business.

Hope that helps someone …

Chip

These instructions solved the problem for me

https://forum.pfsense.org/index.php?topic=138564.msg757525#msg757525

It's very likely that pfSense disables the 32-bit emulation layer and runs only native 64-bit binaries from version 2.4 onwards.

The 32-bit emulation layer is a kernel option that needs to be on at compilation time, there is no workaround if the kernel option is not turned on.

I recommend replacing that disk with a new one.  My best guess is what's happening is that during the rules download (when the Snort GUI process is writing the downloaded blocks to disk in a temporary directory in /tmp), the disk write is randomly failing.  When that happens, the OS is probably stuck trying repeatedly to make the write of the failing block.  That would be why the process would seem to "freeze" at times when you are watching it (like during the package install when it downloads the rules).  With disk failures, it is not uncommon for the low-level I/O driver to repeatedly attempt the write operation.  It will eventually give up, but sometimes it takes a while depending on the particular operating system.

The fact you see whole parts of your configuration disappear lends further credence to bad hardware (in this case it appears to be the new SSD).  I know in the past I've unfortunately purchased new conventional hard disks that were dead out of the box (DOA).  The same thing can happen with an SSD.  In your case it appears as more "flakey" that just simply DOA.

Bill

Unlocked the topic. I'm not sure who locked it, it was probably done in mistake. Thanks!

Hi,

When you (re) install, pfSense is clean - and then you set it up with your local settings. This could be as simple as : have it read a copy of your earlier config.xml file.

If this config file contains info about packages that were present at that time when the copy was made, pfSense will re-install the packages in the background. If the related settings are 'wrong', well, then many things can happen.

Just have a look at the config.xml file - it's very readable by humans) and use the magic key shortcut Ctrl-F and look for "snort" and "suricate".

If these are present, I advise you to re install pfSense again, NOT importing your config.xml, but use it as a guideline to redo your setup like WAN access, networks, etc. You'll be done in several minutes, and winding up with a clean box.

@hsj18:

OK guys, need some help because the wife is mad I keep taking the wireless down lol.

Normally, you test drive first - hook up pfsense to your your device (router) that realizes your connection, activating DHCP client on WAN so it gets an IP like any other device, hook up your PC on the LAN side and play with it.
Then add a AP on the LAN segment, connect PC using Wifi to AP, test again.

When all is ok, you switch you home network to the new setup. For every user this instant change will be completely transparent.

@hsj18:

Question 1. Do I need a switch between the AP and the WAN port?

A schema, please ? But remember : did you ever saw such a setup like this on the net ?
APs, in this case, are just devices on your LAN that transport wireless data to cabled data. They are transparent.
An AP should not work in router mode - it should have an (static) IP on LAN, gateway should be the IP used by pfSense (192.168.1.1), as does it's DNS. Done.

@hsj18:

Question 2. After initial setup, should I have to change DNS?

This can be answered when you made up the inventory will all kind of requirements before you start.
Like, what is the type of connection you used before ? What is special ? What is classic ? What did you use before (OpenDNS, or do you like to sell all your DNS traffic to Google ? etc.)
In most cases, people should stick with the "keep it simple" rule. This means that pfSense need's be be installed, and you never touch DNS settings. It works perfectly out of the box.

Same question here.  I have a low-end laptop that has a bad SATA channel (so the HDD and DVD don't work).  I've run Linux and CloudReady from the USB fine, so I know those ports work.  I'd put a USB flash in one port and a USB ethernet in the other, until I can pick up some proper hardware.

Rebooting the SG-3100 via console fixed the issue after resetting.  The reboot did not fix the error initially, after I had changed the IP via GUI.

D'oh.

I had a GEOM mirror that I deactivated prior to upgrade for emergency fallback. Turns out everything is fine; after syncing the right kernel was booted from the primary ssd. Oooookay.

Thanks :)

-Chris.