Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Noob question: How do you decide when to upgrade your pfSense?

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    4 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      J24
      last edited by

      I'm new to pfSense.  Been running v2.3.3 for about a month on a dedicated Protectli box.  Working well in my home network.  How do you all decide to upgrade to a new version?  Are new versions typically pretty safe or does it pay to wait for an incremental release?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        I have always upgraded as soon as new version comes out or even just a p1 for example.  Especially if on a home network - new version available, update would be my suggestion.  I am currently running 2.4 beta and update every few days to current snap.

        Take a backup of your config and pull the trigger!

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • P Offline
          phil.davis
          last edited by

          I do a bit of a "waterfall" immediately the release is available:

          1. Upgrade a test VM on VirtualBox in my laptop - zero pain option that verifies the general upgrade process

          2. Upgrade at home

          3. Upgrade a spare at the office (multiple spares if I have different sets of spare hardware matching production installs)

          4. Upgrade the office where I am (usually around 24 to 48 hours after the upgrade is available)

          5. Remotely upgrade offices that are "within reasonable distance/tie to get to" 1-by-1 and make sure they come back online, VPNs come back up to the main office.

          At this point I have good confidence that:

          • the general upgrade works
          • inter-office VPN functionality works (i.e. I will be able to get back in remotely and deal with any little things)
          • the new version boots and runs OK on the different hardware we have grown to have over the years
          1. Remotely upgrade other offices that will be a pain to get to if they do not come back!

          *** And always make sure you have a current config backup where you can get to it easily before doing anything ***

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • C Offline
            ChefRayB
            last edited by

            There are many views on upgrading…. I will share with you my general approach (Synology, Android, etc...)

            I currently still don't own a pfSense box  ??? :D

            Assuming it's only for home use, you don't have big secrets to protect, pfSense is not your full time hobby, you are not an active pfsense user in the community, you don't have a job in network routing domain and you don't want to spend too much time updating a router box.

            Below is my order (1st being the highest priority)

            1. ASAP if there is a major exploits or vulnerabilities that is trending online (e.g. Read on Apache struts)
            2. pfSense released a patch version that fixes a bug affecting you directly (feature) or indirectly (performance, high cpu or memory leaks)
            3. When pfSense release a minor version you really require (feature, performance)
            4. When your version is no longer supported, might be time to upgrade (if time permits)
            5. Major version changes, hardware supports it, it's time to upgrade to keep up  (if time permits)
            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.