Which memstick images/BIOS updates to use for SG-2220?

funkrhythm

Greetings,

I'm unclear as to which version of the netgate provided pfSense-netgate-memstick images I should use to reflash my SG-2220.  First I tried using the

pfSense-netgate-memstick-ADI-2.3.3-RELEASE-amd64.img

which kinda worked, though the dashboard page reported the model as SG-2440 and the boot process was kinda screwy (trying to do PXE boots from 4 network interfaces).  This was a week or two ago.

Yesterday I tried reflashing with the

pfSense-netgate-memstick-serial-2.3.3-RELEASE-p1-amd64.img

This resulted in console output disappearing after the bootloader ran.  I typed "set comconsole_port = 0x2F8" (I think, this is from memory) at the bootloader prompt before booting, this time the serial console worked and I was able to complete the install.  Everything seems OK, though now the dashboard reports the system type as "Netgate RCC-DFF".

Is that OK or should I expect it to report SG-2220?

I did reflash the BIOS prior to doing the install, though I wasn't 100% certain about which BIOS version to use.  This is what was on the bios12.img flash image:

ADI Engineering RCCVE Bootrom Software Release Notes.pdf
ADI_DFF2-01.00.00.08-nodebug.rom
ADI_DFF2-01.00.00.12-nodebug.rom
ADI_RCCVE-01.00.00.08-nodebug.rom
ADI_RCCVE-01.00.00.12-nodebug.rom
adi_flash_util
bin
flash.sh
flash_08.sh
flash_12.sh
flash_dff.sh
flashrom
serial.sh
zerodisk.sh

I think I ran flash_dff.sh, which did

./adi_flash_util -u ADI_DFF2-01.00.00.12-nodebug.rom

Things seem to be working fine, but can someone confirm that I am using the correct/optimal BIOS & pfSense install image versions?

Thanks!!!

ivor

You had the correct image, pfSense-netgate-memstick-ADI-2.3.3-RELEASE-amd64.img

No need to reflash BIOS, simply install the right image. During the installation it asks you to select which SG unit you have. You most likely selected SG-2440.

Try it again and report back please. FYI, if this is a recent purchase from our pfSense store, you have support included. Feel free to contact our support!

funkrhythm

OK, I just tried to wipe the slate clean and install using

fSense-netgate-memstick-ADI-2.3.3-RELEASE-p1-am64.img

Things seemed to go alright but I suspect something is amiss with my setup.  First of all, it does not appear that the install disk was wiped complely, as I still see files with the same timestamps they had before I did the wipe, i.e:

[2.3.3-RELEASE][root@cerberus.localdomain]/root: ls -la /
total 17481
drwxr-xr-x  22 root  wheel        1024 Jan 21  2016 .
drwxr-xr-x  22 root  wheel        1024 Jan 21  2016 ..
-rw-r–r--  2 root  wheel          898 Mar  8 13:16 .cshrc
-rw-r--r--  1 root  wheel          188 Mar  8 13:16 .profile
drwxrwxr-x  2 root  operator      512 Feb  6 17:27 .snap
-r--------  1 root  wheel    14811136 Feb  6 17:27 .sujournal
-r--r--r--  1 root  wheel        6142 Mar  8 13:16 COPYRIGHT
drwxr-xr-x  2 root  wheel        1024 Mar  8 13:38 bin
drwxr-xr-x  8 root  wheel        1536 Jan 21  2016 boot
-rw-r--r--  1 root  wheel          12 Jan 21  2016 boot.config
drwxr-xr-x  3 root  wheel          512 Feb 11 05:49 cf
lrwxr-xr-x  1 root  wheel            8 Mar  8 13:38 conf -> /cf/conf
drwxr-xr-x  2 root  wheel          512 Feb  6 17:29 conf.default
dr-xr-xr-x  10 root  wheel          512 Jan 21  2016 dev
drwxr-xr-x  26 root  wheel        4096 Mar 11 16:14 etc
-rw-r--r--  1 root  wheel      2907157 Mar 11 15:02 find.log
drwxr-xr-x  2 root  wheel          512 Mar  8 13:38 home
drwxr-xr-x  3 root  wheel        1536 Mar  8 13:38 lib
drwxr-xr-x  3 root  wheel          512 Mar  8 13:38 libexec
drwxr-xr-x  2 root  wheel          512 Mar  8 13:15 media
drwxr-xr-x  2 root  wheel          512 Mar  8 13:15 mnt
dr-xr-xr-x  2 root  wheel          512 Mar  8 13:15 proc
drwxr-xr-x  2 root  wheel        2560 Mar  8 13:38 rescue
drwxr-xr-x  3 root  wheel          512 Mar 11 15:34 root
drwxr-xr-x  2 root  wheel        2560 Mar  8 13:38 sbin
drwxr-xr-x  2 root  wheel          512 Feb  6 17:29 scripts
lrwxr-xr-x  1 root  wheel          11 Mar  8 13:15 sys -> usr/src/sys
drwxrwxrwt  3 root  wheel        1024 Mar 11 16:40 tmp
drwxr-xr-x  14 root  wheel          512 Feb 11 05:49 usr
drwxr-xr-x  27 root  wheel          512 Feb  6 17:31 var

also, when doing the installation, it partitioned the disk such that roughly half the capacity was allocated for swap, which seemed odd to me.  mount reports the following:

[2.3.3-RELEASE][root@cerberus.localdomain]/root: mount
/dev/ufsid/58992273db1e0fb2 on / (ufs, local, journaled soft-updates)
devfs on /dev (devfs, local)
/dev/md0 on /var/run (ufs, local)
devfs on /var/dhcpd/dev (devfs, local)

I would (perhaps naively) have expected something like

/dev/da0s1a on /
/dev/da0s1b swap

instead (I don't have much experience with FreeBSD but I am quite familiar with Linux and to a lesser extent Solaris)

something smells fishy… or maybe I'm just paranoid, but with cause: the reason I bought the SG-2220 in the first place was because I discovered my previous AP/router (ASUS RT-AC66U with asuswrt-merlin) had been hacked, along with some devices on my home network (rootkits in BIOS, all kinds of nasty stuff).  I replaced the ASUS with an SG-2220 + Unifi AP-AC Pro (and got rid of all compromised devices I think...) and I'm trying to reassure myself that things are back to normal.

I'm attaching a few other files that may be relevant (I have plenty more logs, etc) - I would appreciate a heads up if something seems terribly wrong.  In any case I will open a support incident ASAP.

Thanks!!

find.txt
ps.axuww.txt
dmesg.boot.txt
installer.log.txt

chrismacmahon

I would reach out to the support desk, we can help you there.

beremonavabi

I'd like to suggest the readme.txt from the USB Memstick Installer Image page (on portal.pfsense.org) be re-worded to be more clear.  Currently it says:

Factory Recovery images for pfSense Hardware:
  SG-8860, SG-4860, SG-2440, SG-2220, XG-1540, C2758, and others

This will reinstall the factory default image to a replacement hard drive or SSD.
This will erase any current configuration.

Decompress and write the image to a USB stick, then boot the stick.
The software will install to the local hard drive.

For SG series units using ADI boards, please use:
  netgate-memstick-ADI-2.2.5-RELEASE-amd64.img.gz

…

Without the "using ADI boards" text, I'd have had no problem selecting the correct one for my SG-4860.  But, those words made me pause and worry since I have no idea what board the SG unit uses.  Also, it might be nice if that readme were updated with the correct release numbers or made more generic so it wouldn't become outdated as the posted releases were updated.

severach

I had to call to pick out the right image. I'm sure the support person thought I was being obtuse because it's all there in the readme. The readme may be obvious to pfSense support but it's completely non obvious to us. I also didn't know which board the units had and it wasn't in the invoice. I shouldn't be expected to take the units apart to determine the board maker.

What that readme needs is a chart with units, years, and the proper image for them.

ivor

I agree with you. We are working on a new page that will make it more easier and less scary! :)