How to transfer settings from a 32-bit to 64-bit

  • I have a 32 bit computer with pfsense 2.3.4
    It has several packages, such as snort squid or anti virus
    The computers that are connected to it have a fixed IP (the address range is
    Is it possible to transfer all these settings to a 64 bit computer with pfsense 2.4.2?

    Or because it's a new system
    Need to do everything from scratch?

  • Make a complete backup of the 32bit firewall, sans RRD data and unencrypted to a safe spot locally on your workstation.  On the Interfaces->Assignments page, note the network port names for each interface.

    Connect the new 64bit firewall WAN interface to the existing LAN (possibly using the workstation's port if you don't have any free) and install pfSense.

    Move the workstation with backup file to the LAN of the 64bit firewall,  have the workstation get a new IP from DHCP, and access the 64bit firewall WebGUI (at the default IP).

    If the LAN has no DHCP server on it, assign a compatible IP address, subnet mask and default route to the 64bit firewall WAN interface.

    Use the Web GUI to install all your packages.  On the Interfaces->Assignments note the new network port names

    If you're comfortable editing XML, edit the interfaces section of the backup XML file to replace the old network ort names with the new.  If you're using VLANs, also update that section.  Beware of using find and replace indiscriminately, I found that the string for my old port identifier coincidentally showed up in the Base64 CA certificate.  If you're uncomfortable editing XML, you will need to later reassign the interfaces via a serial connection.

    Restore the XML backup file to the 64bit firewall and reboot.

    If you edited the XML file first, you should now be able to move all your network connections from the old to new firewall.  If not, do the interface reassignment via serial/console, then recable.

    Move the workstation back and restore it's old IP.

    Download a new backup from the 64bit firewall (encrypt it this time) and delete the old unencrypted backup.

    Note that this assumes you installed and configured all your packages through the pfSense GUI.  If not, then the backup file probably doesn't include the full configuration of your packages.  On the other hand you probably had to deal with this during pfSense updates and know what files to copy over.

  • I tried what you wrote and did not succeed

    So did most manually
    I reinstalled the packages
    I left the addresses in the new range
    The most annoying part is to add all addresses to a fixed address

    There is an access point
    Which does not appear in a list of addresses
    But it can be accessed

    In the old system it did appear on the list

    For some reason clamd ClamAV Antivirus Does not work
    i did```

    and i got this message

    ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
    ERROR: /var/log/clamav/freshclam.log is locked by another process

    How can I fix this problem?

Log in to reply