Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best way to set up and maintain a cold spare for pfSense 2.8.0 CE

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    4 Posts 4 Posters 46 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      girkers
      last edited by

      Hi all,

      I’m running pfSense 2.8.0 CE on my main router and I’d like to build a cold spare in case the primary fails.

      Main box: 4 ports in use → WAN / LAN / IoT / Guest

      Spare box: Only 3 ports available → I’d drop the Guest network if I needed to switch over

      I know I can install pfSense cleanly on the spare, but I’m unclear on the best way to:

      1. Transfer my current configuration to the spare.

      2. Keep that configuration up to date as I make changes on the main router.

      Questions:

      • Is it best practice to back up and restore configs manually, or is there a cleaner way to sync across different hardware (since the interfaces don’t match)?

      • How do others handle maintaining a cold spare so it’s ready to go at short notice?

      Any practical tips, workflows, or “gotchas” to watch out for would be really appreciated.

      Thanks!

      S S 2 Replies Last reply Reply Quote 0
      • provelsP Offline
        provels
        last edited by

        Never did this, but that's never stopped me before!

        First, as long as you already have the second hardware, install, restore and see what happens. if it's offline, you'll have plenty of time to sort things out. Just get DHCP on the WAN from your existing pfS and make the LAN a second internal net. You can change the LAN at conosle later. Back it up, take notes.

        Second, you could try editing out the Guest net parts in a backup config.xml, hand configure your interface drivers, etc., install, restore. More difficult IMO, and possible to muck things up.

        If I think of anything else... I love benchracing! But I'm sure others smarter than me will respond.

        Peder

        MAIN - pfSense+ 25.07.1-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
        BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

        1 Reply Last reply Reply Quote 0
        • S Offline
          SteveITS Rebel Alliance @girkers
          last edited by

          @girkers One can generally restore to the same or older version so one challenge will be keeping the spare updated. You can of course boot with an older config, update, then restore.

          Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 0
          • S Offline
            slu @girkers
            last edited by

            @girkers said in Best way to set up and maintain a cold spare for pfSense 2.8.0 CE:

            How do others handle maintaining a cold spare so it’s ready to go at short notice?

            We use the exactly same hardware and keep this cold spare up-to-date.
            In case of failure restore the last config or move the disk from the production system to the cold spare...

            pfSense Gold subscription

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.