How often should I update 2.4.0-BETA

  • Very simple question which must have been discussed, but I didn't find any related topic:

    How often should I update my home pfSense 2.4.0-BETA install? I'm looking for a reasonable balance between the risk of running into troubles during an update and the risk of running an outdated system missing security patches. I have absolutely no time to keep reading release notes to know if any of the fixes and enhancements are of importance to me. You might say that maybe BETA is not for me then, and you would probably be right. I installed it for the ZFS support, after having had repeated file system corruptions previously after power outages. ZFS was recommended as being more resilient.

    What do you do: Update weekly? Monthly?

  • LAYER 8 Global Moderator

    Sometimes I do daily ;)

    Sounds like your in a production setup?  Verse going to BETA software, I would think your better solution for protection against power loss would of been a UPS ;)

    Even if not in production setup, UPS is the best protection against power loss and issues that can come with that - much better than any file system ability to handle OFF before flush of data, etc.  Are you actually running a ZFS pool, or just 1 single disk?

  • I do weekly updates but not before read this forum and make sure i have a recent backup close and a installation pen with a working version!

    Simple answer for a simple question.

    Edit: I Use a UPS long time because on this position of Earth (north Portugal) electricity is not very friendly and don't remember have any problem UFS or now ZFS.

  • LAYER 8 Global Moderator

    I would say I am more free with updates, since I run VM it really takes 1 second to take a snapshot before doing an update.  If anything goes wrong simple enough to rollback, etc.

  • Thanks a lot for your quick replies!

    Yes, the box is in production, but it's only my home network I'm protecting so not too sensitive either. No ZFS pool, just a single disk. I completely agree about the UPS. In fact it used to be on a UPS (and technically still is, but that old UPS has a dead battery and only serves as overvoltage protection now). My goal is to move all my network and home-automation equipment to a common 12 V or 19 V DC supply with battery backup at some point - there just always seem to be more important things to do first.

    I guess this just shows that making a really solid setup here is not quite top priority yet for me and in the mean time I'm looking for the path of least resistance towards a mostly functioning firewall.

    What I get from the responses so far, is that

    1. Weekly backups are ok
    2. I should probably spend more time on making my setup more robust in order to potentially save time later.

    EDIT: Sorry, I meant "weekly updates are ok".

  • Rebel Alliance Developer Netgate

    The answer as always is "It depends".

    My edge router at home runs 2.4 and I update it every couple weeks or when I know something significant changed that I'd like it to pick up for testing.

    Lab and less important systems get updated anywhere from once a day to once every couple days depending on what I'm doing.

    As 2.4 progresses and stabilizes, less frequent updates are OK, though I wouldn't go more than a couple weeks between updates because you could get surprised when something doesn't work in your setup and there aren't any snapshots old enough to reinstall to get you back to a working state while reporting a regression. Thankfully that situation is super rare but still worth watching out for.

    So maybe even if you don't update that often, still grab a snapshot install image once a week and keep it somewhere nearby and keep the last few you grab.

  • I think this is a great question which I was also pondering.  I only started running the latest snapshots because I had converted to a virtualized setup and felt that FreeBSD 11 would be the best version to run as a VM.  I started with Xenserver which was fine, but I moved to the latest beta of Proxmox and everything is working great.  I am planning on updating once a week or so, taking snapshots as was previously mentioned.  When I embarked on my little mission I had reloaded my config into a fresh install at least 5 times and everything went really smoothly.  As long as you have a backup of your config along with a pfSense ISO file, you are golden.  The package install does take a long time, so I would budget an hour or two of downtime if you do end up doing a fresh install and restore.

Log in to reply