Inherited ancient pfsense hardware
-
so i have a new client, that has about 25 sites. their previous consultant non-managed their network for a very long time, and never updated anything. (everything… computers, firewalls, turned off all update services deliberately... ugh)
so i have a roster of very old netgate firewalls, that are all running 1.2.3. what is the odds that i can successfully update these relics to 2.1.5 or even 2.2.3?
-
Theoretically, it should just work. :P
-
yeah… im hoping for some anecdotal evidence that someone can chime in with "yeah tried it... wasnt a problem" hehe
-
yeah… im hoping for some anecdotal evidence that someone can chime in with "yeah tried it... wasnt a problem" hehe
I'd proceed with caution. I have absolutely no fear in upgrading my home firewall, but for a production system, I'd plan to have either hands on to the system, or a an out of band console connection. I'd also back up the config, make sure I have 1.2.3 images on hand, and a way to flash them.
I love pfsense, but have had issues with upgrading systems especially with going for long shots, both with embedded and full install systems.
-
so i have a new client, that has about 25 sites. their previous consultant non-managed their network for a very long time, and never updated anything. (everything… computers, firewalls, turned off all update services deliberately... ugh)
Perhaps here matches the following: "You get what you pay for" can this be?
so i have a roster of very old netgate firewalls, that are all running 1.2.3. what is the odds that i can successfully update these relics to 2.1.5 or even 2.2.3?
- First eMail to Netgate they will knowing it best from us all, pending on the unknown name of these firewalls
- Backup you config and system files before you are updating to a newer version of pfSense
- The first unit I would only change the install medium and do a fresh install there to see if its working
Are this NanoBSD installs (embedded) or full installs on HDD/SSD/mSATA or something else?
-
I would start with a hardware audit if you don't already have it. CPU, RAM, disk, free disk space, interface cards (or motherboard if your using the embedded ethernet ports.
Check if each of the host systems is supported by the release (I know that interface card support has changed) and if the hardware still matches the current an foreseeable usage profile. Maybe a site has grown since the original installation or maybe a site has specific throughout needs.
Once you have a list of the kit at each site, it may be that some of it gets totally replaced, and in doing so could become spare / backup for the other sites while your upgrading, or alternatively get one new system. Set it up and install at one site. then take the hardware from that site, upgrade it at in your office / workshop and then swap the next site and repeat. This method means if theres a problem at the site then you still have the old hardware to swap back in.
HTH
Andy