Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best way to set up and maintain a cold spare for pfSense 2.8.0 CE

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    6 Posts 5 Posters 698 Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      girkers
      last edited by

      Hi all,

      I’m running pfSense 2.8.0 CE on my main router and I’d like to build a cold spare in case the primary fails.

      Main box: 4 ports in use → WAN / LAN / IoT / Guest

      Spare box: Only 3 ports available → I’d drop the Guest network if I needed to switch over

      I know I can install pfSense cleanly on the spare, but I’m unclear on the best way to:

      1. Transfer my current configuration to the spare.

      2. Keep that configuration up to date as I make changes on the main router.

      Questions:

      • Is it best practice to back up and restore configs manually, or is there a cleaner way to sync across different hardware (since the interfaces don’t match)?

      • How do others handle maintaining a cold spare so it’s ready to go at short notice?

      Any practical tips, workflows, or “gotchas” to watch out for would be really appreciated.

      Thanks!

      S S P 3 Replies Last reply Reply Quote 0
      • provelsP Offline
        provels
        last edited by

        Never did this, but that's never stopped me before!

        First, as long as you already have the second hardware, install, restore and see what happens. if it's offline, you'll have plenty of time to sort things out. Just get DHCP on the WAN from your existing pfS and make the LAN a second internal net. You can change the LAN at conosle later. Back it up, take notes.

        Second, you could try editing out the Guest net parts in a backup config.xml, hand configure your interface drivers, etc., install, restore. More difficult IMO, and possible to muck things up.

        If I think of anything else... I love benchracing! But I'm sure others smarter than me will respond.

        Peder

        MAIN - pfSense+ 25.07.1-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
        BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

        1 Reply Last reply Reply Quote 0
        • S Offline
          SteveITS Rebel Alliance @girkers
          last edited by

          @girkers One can generally restore to the same or older version so one challenge will be keeping the spare updated. You can of course boot with an older config, update, then restore.

          Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 0
          • S Offline
            slu @girkers
            last edited by

            @girkers said in Best way to set up and maintain a cold spare for pfSense 2.8.0 CE:

            How do others handle maintaining a cold spare so it’s ready to go at short notice?

            We use the exactly same hardware and keep this cold spare up-to-date.
            In case of failure restore the last config or move the disk from the production system to the cold spare...

            pfSense Gold subscription

            1 Reply Last reply Reply Quote 0
            • provelsP Offline
              provels
              last edited by

              In regard to the updates, when there's a update for the primary for OS or packages, hook up the secondary behind the primary and update it. But rule changes you'd need to apply manually.

              Peder

              MAIN - pfSense+ 25.07.1-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
              BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

              1 Reply Last reply Reply Quote 0
              • P Offline
                Patch @girkers
                last edited by Patch

                @girkers said in Best way to set up and maintain a cold spare for pfSense 2.8.0 CE:

                How do others handle maintaining a cold spare so it’s ready to go at short notice?

                On my cold spare I

                • load the current version of pfsense (and maintain it in the current series so configuration import is compatible)

                • Load the configuration from the main unit. Most easily done via the GUI so interface reassignment can be easily seen. This is do both so plug and play will probably work but also as a dry run in-case a newer configuration has to be loaded in a hurry.

                • Back up the main units configuration to a location accessible without a functioning pfsense router (to enable use during an emergency restore).

                • I actually use my cold spare for other things when not needed as a router by running pfsense under Proxmox but configuring dual boot would achieve similar functionality

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.