[SOLVED]Changes made to WebGui not saving. 2.3.1

  • I have restored a working config from a 2.3.1 firewall to another 2.3.1 firewall.  I have changed the IP addresses on the config and the hostname previous to restoring it to the firewall.  All goes well and the firewall comes online and processes traffic just fine, however, when I go to make changes in the WebGui, it seems to work(gives the "The changes have been applied successfully" message after clicking apply), but the changes are not applied and the original configuration remains.  I have tried this in several different parts of the WebGui(Alias, Gateway Groups, OpenVPN, ect…).

    I have around 20 interfaces and vlans on the firewalls so I don't want to have to build the second one from scratch.  Is there something I am missing?

  • In testing, I updated a 2.3-Release firewall to 2.3.1 and was unable to make changes there as well.  It was working fine before I updated it.  Thankfully it's sitting on vmware so I took a snapshot before I upgraded and reverted it back to 2.3-Release and all is well again on that firewall.

    I reinstalled 2.3-Release on the second firewall and imported the same config that wouldn't work on 2.3.1 and it is working fine now.  I guess I will be staying on 2.3-Release for now.

  • @Broncoman:

    …. to have to build the second one from scratch.  Is there something I am missing?

    This will help you : YOUR pfSense version is exactly the same as mine (2.3.1).
    And, guess what : I never saw what you just described …..

    So : Just guessing : your file system is read only.
    In that case, in the logs something should be logged about that ...... (but, some thinking makes me say : it could even NOT log anymore if it wasn't logging to a ram disk...)
    Note : file systems that are read only normally makes OS's really panic !

    So : try this : SSH in.
    Option 8.
    Launch this command :

    touch test.txt

    and then

    ls -al

    did you saw the file test.txt ?

  • Guessing you're not using the default admin account, and you assigned privileges to a group that include deny config write. That wasn't being obeyed in some circumstances pre-2.3.1, and now is. Remove the deny config write privileges where you don't want them.

  • Guessing you're not using the default admin account

    cmb, you are correct.  I didn't even think of that since it told me that changes were applied successfully and didn't give an error.  Thanks for pointing me in the right direction!  :)

    I had created a group that is identical to my AD group and used my AD credentials to log into the firewall using LDAP for my authentication server.  I gave the group all permissions under the Effective Privileges.

    This morning I took a snapshot of the firewall and upgraded it to the latest available (2.3.1_1) release.  It still behaved the same way.  So I tried logging into the firewall with the default admin account and everything worked fine.  I deleted the group from the firewall and then created it again, giving it all permissions, and it is still behaving the same way as before.

    I am able to get to any page using my AD login without issue, and even clear alerts.  I am not seeing any related errors in the logs.  I am able to create a file on the system as suggested by Gertjan.  I will continue to look at my AD settings in the firewall to see if I am missing something there.

  • After going over this post again, I feel like an idiot.  :-[

    [quote]you assigned privileges to a group that include deny config write.

    I looked through the permissions once again and found that this was the cause.  I looked back in some older firewall configs and can see that the deny config write setting has been there for awhile in that group but didn't work, as cmb had stated.

    All is working well now with that setting removed from the group.  Thanks for your help!

    I think its time for a vacation.  :)

  • Glad that was it. It could really use a better message in that case, rather than looking like it was successful and leaving you wondering what the deal is.

Log in to reply