Which ports need to be open for Update detection ?

  • On an AWS installarion of 2.3 I have the "Obtaining update status " continuously spinning, probably due to restrictive blocking on the NetworkACL or SecurityGroup. Do you know which ports (and possible target IPs) need to be open for Update checks to work ?

  • It's probably
    This means : port 443, not a port that could be blocked.

    But I guess your  issue is different.
    DNS is working ?
    Can you
    ping updates.pfsense.org
    from the webgui ? Does it resolve to an IP ?

    PING updates.pfsense.org ( 56 data bytes
    64 bytes from icmp_seq=0 ttl=49 time=114.551 ms
    64 bytes from icmp_seq=1 ttl=49 time=142.796 ms
    64 bytes from icmp_seq=2 ttl=49 time=114.759 ms
    --- updates.pfsense.org ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 114.551/124.035/142.796/13.266 ms

  • In addition to the information on the above post, you should also check if your pfSense install can access https://pkg.pfsense.org. This is the repository where the 2.3.x+ updates come from.

  • For AWS, you need 80 and 443 to firmware.netgate.com only.