Which memstick images/BIOS updates to use for SG-2220?

  • Greetings,

    I'm unclear as to which version of the netgate provided pfSense-netgate-memstick images I should use to reflash my SG-2220.  First I tried using the


    which kinda worked, though the dashboard page reported the model as SG-2440 and the boot process was kinda screwy (trying to do PXE boots from 4 network interfaces).  This was a week or two ago.

    Yesterday I tried reflashing with the


    This resulted in console output disappearing after the bootloader ran.  I typed "set comconsole_port = 0x2F8" (I think, this is from memory) at the bootloader prompt before booting, this time the serial console worked and I was able to complete the install.  Everything seems OK, though now the dashboard reports the system type as "Netgate RCC-DFF".

    Is that OK or should I expect it to report SG-2220?

    I did reflash the BIOS prior to doing the install, though I wasn't 100% certain about which BIOS version to use.  This is what was on the bios12.img flash image:

    ADI Engineering RCCVE Bootrom Software Release Notes.pdf

    I think I ran flash_dff.sh, which did

    ./adi_flash_util -u ADI_DFF2-

    Things seem to be working fine, but can someone confirm that I am using the correct/optimal BIOS & pfSense install image versions?


  • Galactic Empire

    You had the correct image, pfSense-netgate-memstick-ADI-2.3.3-RELEASE-amd64.img

    No need to reflash BIOS, simply install the right image. During the installation it asks you to select which SG unit you have. You most likely selected SG-2440.

    Try it again and report back please. FYI, if this is a recent purchase from our pfSense store, you have support included. Feel free to contact our support!

  • OK, I just tried to wipe the slate clean and install using


    Things seemed to go alright but I suspect something is amiss with my setup.  First of all, it does not appear that the install disk was wiped complely, as I still see files with the same timestamps they had before I did the wipe, i.e:

    [2.3.3-RELEASE][root@cerberus.localdomain]/root: ls -la /
    total 17481
    drwxr-xr-x  22 root  wheel        1024 Jan 21  2016 .
    drwxr-xr-x  22 root  wheel        1024 Jan 21  2016 ..
    -rw-r–r--  2 root  wheel          898 Mar  8 13:16 .cshrc
    -rw-r--r--  1 root  wheel          188 Mar  8 13:16 .profile
    drwxrwxr-x  2 root  operator      512 Feb  6 17:27 .snap
    -r--------  1 root  wheel    14811136 Feb  6 17:27 .sujournal
    -r--r--r--  1 root  wheel        6142 Mar  8 13:16 COPYRIGHT
    drwxr-xr-x  2 root  wheel        1024 Mar  8 13:38 bin
    drwxr-xr-x  8 root  wheel        1536 Jan 21  2016 boot
    -rw-r--r--  1 root  wheel          12 Jan 21  2016 boot.config
    drwxr-xr-x  3 root  wheel          512 Feb 11 05:49 cf
    lrwxr-xr-x  1 root  wheel            8 Mar  8 13:38 conf -> /cf/conf
    drwxr-xr-x  2 root  wheel          512 Feb  6 17:29 conf.default
    dr-xr-xr-x  10 root  wheel          512 Jan 21  2016 dev
    drwxr-xr-x  26 root  wheel        4096 Mar 11 16:14 etc
    -rw-r--r--  1 root  wheel      2907157 Mar 11 15:02 find.log
    drwxr-xr-x  2 root  wheel          512 Mar  8 13:38 home
    drwxr-xr-x  3 root  wheel        1536 Mar  8 13:38 lib
    drwxr-xr-x  3 root  wheel          512 Mar  8 13:38 libexec
    drwxr-xr-x  2 root  wheel          512 Mar  8 13:15 media
    drwxr-xr-x  2 root  wheel          512 Mar  8 13:15 mnt
    dr-xr-xr-x  2 root  wheel          512 Mar  8 13:15 proc
    drwxr-xr-x  2 root  wheel        2560 Mar  8 13:38 rescue
    drwxr-xr-x  3 root  wheel          512 Mar 11 15:34 root
    drwxr-xr-x  2 root  wheel        2560 Mar  8 13:38 sbin
    drwxr-xr-x  2 root  wheel          512 Feb  6 17:29 scripts
    lrwxr-xr-x  1 root  wheel          11 Mar  8 13:15 sys -> usr/src/sys
    drwxrwxrwt  3 root  wheel        1024 Mar 11 16:40 tmp
    drwxr-xr-x  14 root  wheel          512 Feb 11 05:49 usr
    drwxr-xr-x  27 root  wheel          512 Feb  6 17:31 var

    also, when doing the installation, it partitioned the disk such that roughly half the capacity was allocated for swap, which seemed odd to me.  mount reports the following:

    [2.3.3-RELEASE][root@cerberus.localdomain]/root: mount
    /dev/ufsid/58992273db1e0fb2 on / (ufs, local, journaled soft-updates)
    devfs on /dev (devfs, local)
    /dev/md0 on /var/run (ufs, local)
    devfs on /var/dhcpd/dev (devfs, local)

    I would (perhaps naively) have expected something like

    /dev/da0s1a on /
    /dev/da0s1b swap

    instead (I don't have much experience with FreeBSD but I am quite familiar with Linux and to a lesser extent Solaris)

    something smells fishy… or maybe I'm just paranoid, but with cause: the reason I bought the SG-2220 in the first place was because I discovered my previous AP/router (ASUS RT-AC66U with asuswrt-merlin) had been hacked, along with some devices on my home network (rootkits in BIOS, all kinds of nasty stuff).  I replaced the ASUS with an SG-2220 + Unifi AP-AC Pro (and got rid of all compromised devices I think...) and I'm trying to reassure myself that things are back to normal.

    I'm attaching a few other files that may be relevant (I have plenty more logs, etc) - I would appreciate a heads up if something seems terribly wrong.  In any case I will open a support incident ASAP.



  • Rebel Alliance Netgate

    I would reach out to the support desk, we can help you there.

  • I'd like to suggest the readme.txt from the USB Memstick Installer Image page (on portal.pfsense.org) be re-worded to be more clear.  Currently it says:

    Factory Recovery images for pfSense Hardware:
      SG-8860, SG-4860, SG-2440, SG-2220, XG-1540, C2758, and others

    This will reinstall the factory default image to a replacement hard drive or SSD.
    This will erase any current configuration.

    Decompress and write the image to a USB stick, then boot the stick.
    The software will install to the local hard drive.

    For SG series units using ADI boards, please use:

    Without the "using ADI boards" text, I'd have had no problem selecting the correct one for my SG-4860.  But, those words made me pause and worry since I have no idea what board the SG unit uses.  Also, it might be nice if that readme were updated with the correct release numbers or made more generic so it wouldn't become outdated as the posted releases were updated.

  • I had to call to pick out the right image. I'm sure the support person thought I was being obtuse because it's all there in the readme. The readme may be obvious to pfSense support but it's completely non obvious to us. I also didn't know which board the units had and it wasn't in the invoice. I shouldn't be expected to take the units apart to determine the board maker.

    What that readme needs is a chart with units, years, and the proper image for them.

  • Galactic Empire

    I agree with you. We are working on a new page that will make it more easier and less scary! :)