Should I Upgrade NOW to 2.4.5 or better wait a few weeks.
-
I would also note that, because of COVID, it is really not a good idea to upgrade remote systems now, as there is social distance and limited mobility!!!
-
Hi
What are your field experiences upgrading to 2.4.5 on APU2 Boards in the past weeks?
regards
-
Hi,
We upgraded all our devices (pcEngines) and had no serious problems.
In two cases, it was necessary to reinstall pfBlockerNG-devel, but this problem was probably not due to the base package.brgds,
K -
I recommend NOT upgrading anything to v2.4.5 due some serious issues but instead waiting for v2.4.5-p1.
The good news is the development team have been hard at work and v2.4.5-p1 has had a lot of progress and is nearly completed.
As of writing this, there is only 10 outstanding issues to be solved. v2.4.5-p1 is not going to be too far way, so, unless you absolutely must upgrade, I would wait. If I were pushed to guess, probably sometime in late June or early July, but do note;
- I'm not pfSense a developer - these are my own observations
- More issues could be added to v2.4.5-p1 and delay the release
- Testing could also reveal issues and require more work
- There is not an actual release date
-
@nzkiwi68 Limping along on 1 core only since it keeps the FW stable.
Cannot push more than 200Mbit with Suricata, so we are definately limited...
-
@Cool_Corona said in Should I Upgrade NOW to 2.4.5 or better wait a few weeks.:
Cannot push more than 200Mbit with Suricata, so we are definately limited...
Just an observation : if you need Suricata after the apprentice phase **, what about isolating the hopeless cases into a departed network where they can explode themself's and others. This way, ditch Suricata, and both trusted on untrusted can do what they do best at the fastest speed available ?!
You, as an admin, explaining to your clients that loading and executing trojans is no good - neither illegal video content, etc etc
-
Just a completely private opinion:
if everyone likes to sit as safe as you do, how do you think the Netgate guys can get feedback for improvements or next step.....
All I can say is that the APU boards are not sensitive to the update in the above setting (which I have already described)
-
I haven't pulled the trigger on this yet either.
I have an SG-1100 that I consider mission-critical (I'm a home user but work at home 100% of the time. Work PC is on the OPT port.) I cannot afford to have downtime while troubleshooting an update.
I am using the SG-1100 right out of the box with the exception of a few firewall rules. Zero packages installed.
Should I update now? I am not opposed to buying a 2nd SG-1100 so that I always have a working fallback.
What say you, group? And thanks.
-
@NGUSER6947 I'm running 2.4.5 at home, on an SG-4860, and I am having absolutely no troubles. I know, you've got different hardware, but I just wanted to make a point.
I have only 1 extra package installed - NUT. I want the firewall to shut down gracefully on a power loss, since I've got it plugged into a UPS box close by.
I have been running like this for about a month now, maybe. Can't remember when I did the upgrade. The box is showing 14 days of uptime. I must have rebooted for some reason 2 weeks ago, but I can't remember why.
Hope that helps.
Also, if your SG-1100 is "mission critical" like you say, and your work depends on it, I would get an extra spare, just in case. Not trying to get you to spend extra money right now, but important is important, right?
Jeff
-
Also to chime in, I updated to 2.4.5 hours after it came out on my sg4860, zero issues.. Zero.. And I have lots of packages..
Uptime 64 Days 04 Hours 55 Minutes 33 Seconds
Even had a few minor power outages.. But all of my networking gear is on ups.. So as long as the outage is say less than 20 minutes or so - internet still works, even the wifi ;)
I have not updated any of the sg3100 at work, because nobody in the office.. And just doesn't make sense to do an update remotely - even on the slightest chance something could go wrong.. Once back in the office and can get to the devices on the worse case scenario something goes wonky... But normally I just pull the trigger on these devices... But sure don't want something going wrong and someone going into the office and the internet to be down because I couldn't wait a few weeks to do an update ;)
2.4.5p1 will prob be out before we get back into the office as well ;)
-
Updated two boxes on the same day 2.4.5 was released. The latency / high CPU usage issue related to pfctl is a it of an annoyance on one of the boxes. However, I see that a fix is already in the works for 2.4.5 P1 by following the the issues and discussion on Redmine. Other than that, everything has been very running smoothly.
-
As long as you upgrade the OS then upgrade the packages you should be fine and also reboot first before you do anything, I had zero issues upgrading my pfSense box
-
@ikifar whatif the packages are already on the latest Version?
-
@tohil you probably would have already ran into issues as those updates are meant for the new version. I would just take a backup now and then update you should be fine and worse case you just restore from that backup file and you will stay on the latest version and it will reinstall your packages. There is really no reason to wait at this point my pfSense box has never had issues with any update
-
I have a lot of Netgate units, updated almost all of them. No issues so far. Also no issues with ESXi instances.
-
I will update soon to 2.4.5-p1 https://docs.netgate.com/pfsense/en/latest/releases/2-4-5-p1-new-features-and-changes.html
-
hi,
ive upgraded to 2.4.5-p1 without issues. I then reinstalled the box from scratch with that release. just had issues with auto install of avahi and pfblockerng packages. the rest seems to work normaly.
