Upgrading an EOL Netgate SG-2440

Eric Carroll

I have a SG-2440 currently running 2.4.3-RELEASE-p1 using BIOS ADI_RCCVE-01.00.00.17-nodebug

Dashboard tells me no further upgrades are available, which is understandable as it is EOL.

It has been until recently a rock solid performer. A recent very annoying issue is IPv6 forwarding simply stops, cause undetermined.

What is the best way to continue to make use of the SG-2440? Is there any version of pfsense I can continue to use? Or do I need to install another firewall?

Options I see include:

1. Upgrade to pfsense 2.4.5 (DEPRECATED) branch in the System / Update / System Update list
2. Upgrade to 21.02.x as listed in System / Update / System Update
3. Install pfSense CE 2.7
4. Install an open source firewall

I see a bunch of Reddit posts about the 2.4.3 -> 2.4.5 not going smoothly. Any words of wisdom on upgrade procedure?

Looking into deploying pfSense CE I had some questions:

1. can SG-2440 run pfsense CE?
2. what is the best way to deploy pfsense CE?
3. Which image do I need to use to upgrade the 2440 - the ADI image or the AMD64 image?
4. Do I need to use the console cable/USB stick upgrade path or can the web interface do it?

Thanks for any help.

stephenw10

You can use the ADI image to install CE 2.7.

Or open a ticket with us to get the 23.05.1 installer image:
https://www.netgate.com/tac-support-request

You need access to the serial console to reinstall from either image though:
https://docs.netgate.com/pfsense/en/latest/solutions/sg-2440/connect-to-console.html

Steve

SteveITS

@Eric-Carroll What Steve wrote but just know there is something wrong with the updating since it will work with later versions. We have one on the shelf that was working until replaced a year or so ago, because the 2440 was going to go to a new branch office.

https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors

Since it’s really old I’d get the reinstall image anyway just in case the upgrade hiccups. Or to save a few upgrade steps.

stephenw10

Yes, it should be possible to upgrade from that still. But I would always choose to reinstall from something that old unless there's no other way.

johnpoz

@Eric-Carroll yeah I was not aware that hardware could not run current. If you have an appliance you should always just contact tac for image. If your model can not run what your requesting sure they would let you know.

Have always been very impressed with tac support for what I have used them for - normally have a response in a few minutes.

SteveITS

@johnpoz it can, was the point I was trying to make. Being on the EOL list by itself doesn’t mean newer software won’t work. IIRC their position is they’ll have it run until it can’t work, like the 1000 this year. (Noted in release notes)

rcoleman-netgate

@SteveITS said in Upgrading an EOL Netgate SG-2440:

IIRC their position is they’ll have it run until it can’t work, like the 1000 this year.

Indeed this is the case.

mer

I've got one of those 2440, rock solid. I did the "open a ticket and get a latest image, backup the config, reinstall, restore config" and worked just fine.

I don't recall what the internal storage is, but if you're going to reinstall, look at adding/upgrading the storage at the same time.
Just looked at the docs for it, onboard eMMC but a slot for mSATA. I went and added an mSATA and installed on that. It's likely the onboard device is nearing end of cycles :)

rcoleman-netgate

@mer said in Upgrading an EOL Netgate SG-2440:

I don't recall what the internal storage is, but if you're going to reinstall, look at adding/upgrading the storage at the same time.

They shipped with 4GB eMMC and 8 GB eMMC depending on the time of purchase.

Adding a mSATA drive is recommended, but these systems also have a tendency to fail if they're older C2000 Atom CPUs so your mileage may vary long-term on the system's lifespan.

mer

@rcoleman-netgate said in Upgrading an EOL Netgate SG-2440:

Adding a mSATA drive is recommended, but these systems also have a tendency to fail if they're older C2000 Atom CPUs so your mileage may vary long-term on the system's lifespan.

Yep. My SG2440 is actually a "red light RMA that was just barely under warranty", so it's sitting in the closet as a spare, but it's behind a 5100 in the rotation, with a 4100 in service.