{SOLVED} Amazon PF sense

MeneM

@cmb:

The latest 2.2.2 AMI has been submitted, hopefully it will make it through review soon.

In the mean time, uninstalling ttf-mscorefonts-installer on your Linux system will make the problem go away.

Excellent! Eagerly awaiting the release ;-)

And yes, removing those fonts, cleared the issue. It's all working now. Thanks!

cmb

FYI since some of you had asked in this thread - 2.2.2 is now up on AWS, finally!
https://aws.amazon.com/marketplace/pp/B00G6P8CVW

I expect it won't take weeks for future releases as we've hopefully worked out some of the kinks with Amazon (like their test process failing because it's not Linux).

amiskell

@cmb:

FYI since some of you had asked in this thread - 2.2.2 is now up on AWS, finally!
https://aws.amazon.com/marketplace/pp/B00G6P8CVW

I expect it won't take weeks for future releases as we've hopefully worked out some of the kinks with Amazon (like their test process failing because it's not Linux).

Is there an established upgrade process from older 2.1 AMIs to 2.2.2? We have a few 2.1.x installations in our AWS environment and would like to upgrade them to 2.2.2 but it appears the auto-updater is broken.

KOM

Is there an established upgrade process from older 2.1 AMIs to 2.2.2?

If the auto-updater is not working for whatever reason, you could always try doing a backup of your 2.1.x config.xml (Diagnostics - Backup/Restore), then deploy the new 2.2.2 and restore the old config.  All of the basics should work as is.  Some packages may need to be reinstalled.  I prefer to create backups without the package details, but if you have a lot of complex packages with lots of settings (Squid/Snort/pfBlocker etc) then a full backup may be best.

Mr. Jingles

I'm sure you will all bash me - the eternal noob - (and please do bash, but be creative, I'm used by now to the standard flame words  ;D ), but as an economist I have not the slightest idea what the concept of putting your firewall in the cloud means. I mean: so I got out from my LAN unprotected, connect to AWS, and only from there I am protected. It seems to me the firewall should be at the local perimeter, not somewhere in 'da cloud'. Of course, I know I am wrong since you all do it and you know much more about it than I do, but where is the protection if you skip the very first part?

Giga-flame-war @ me starts in 3,2,1…

( ;D ;D ;D ;D )

amiskell

@Mr.:

I'm sure you will all bash me - the eternal noob - (and please do bash, but be creative, I'm used by now to the standard flame words  ;D ), but as an economist I have not the slightest idea what the concept of putting your firewall in the cloud means. I mean: so I got out from my LAN unprotected, connect to AWS, and only from there I am protected. It seems to me the firewall should be at the local perimeter, not somewhere in 'da cloud'. Of course, I know I am wrong since you all do it and you know much more about it than I do, but where is the protection if you skip the very first part?

Giga-flame-war @ me starts in 3,2,1…

( ;D ;D ;D ;D )

Mostly the AWS setup is for people that are running their systems in the AWS cloud and want to use pfSense as their router/firewall (instead of the AWS security tools which can be somewhat confusing). In that instance the pfSense machine would be the perimeter device of their private cloud network.

Not really for people to put their firewalls in the cloud to protect their local LAN (you still want a local firewall for that).

Mr. Jingles

@amiskell:

@Mr.:

I'm sure you will all bash me - the eternal noob - (and please do bash, but be creative, I'm used by now to the standard flame words  ;D ), but as an economist I have not the slightest idea what the concept of putting your firewall in the cloud means. I mean: so I got out from my LAN unprotected, connect to AWS, and only from there I am protected. It seems to me the firewall should be at the local perimeter, not somewhere in 'da cloud'. Of course, I know I am wrong since you all do it and you know much more about it than I do, but where is the protection if you skip the very first part?

Giga-flame-war @ me starts in 3,2,1…

( ;D ;D ;D ;D )

Mostly the AWS setup is for people that are running their systems in the AWS cloud and want to use pfSense as their router/firewall (instead of the AWS security tools which can be somewhat confusing). In that instance the pfSense machine would be the perimeter device of their private cloud network.

Not really for people to put their firewalls in the cloud to protect their local LAN (you still want a local firewall for that).

I just hit you with da karma stick for this utterly clear answer: thank you  :P

amiskell

@cmb:

FYI since some of you had asked in this thread - 2.2.2 is now up on AWS, finally!
https://aws.amazon.com/marketplace/pp/B00G6P8CVW

I expect it won't take weeks for future releases as we've hopefully worked out some of the kinks with Amazon (like their test process failing because it's not Linux).

Do you know if Netgate plans to allow the auto-updater to ever work? Since we couldn't upgrade from 2.1.4/5 to 2.2.2 we deployed a new 2.2.2 instance and started migrating. Now 2.2.3 is available and fixes a couple security issue, but the auto updater reports that the auto-update URL preconfigured in the AMI doesn't exist.

It would be nice to be able to actually use the auto-updater to update instead of constantly deploying and migrating to new AMIs every time there's an update.

cmb

Support for upgrades is something we'll get added for a future release. No specific target version in mind at this instant, but hopefully something we can have done for 2.3.

amiskell

@cmb:

Support for upgrades is something we'll get added for a future release. No specific target version in mind at this instant, but hopefully something we can have done for 2.3.

Do you know if this is coming with the 2.3 release? Is there a existing bug number or shall I file a bug for tracking?