We want to upgrade so please suggest the stable version of pfsense



  • Hi, we are using 2.3.5-RELEASE version of pfsense but we are facing some issue with existing version and now we want to upgrade our pfsense firewall so please suggest the stable version of pfsense.


  • Netgate

    pfSense 2.4.4



  • Hi Las Vegas,

    But when we update with 2.4.4 then getting web filtering, traffic shaper and PPPoE related issue. As well we have seen lots of issues on posts for 2.4.4 version.


  • Netgate

    The latest stable version is 2.4.4.


  • Rebel Alliance Global Moderator

    @shiv_znet said in We want to upgrade so please suggest the stable version of pfsense:

    As well we have seen lots of issues on posts for 2.4.4 version.

    As well as you so lots of posts when 2.x.y came out as well as 2.x.z and 2.a.b etc. etc. etc...

    To be honest most of them are self inflicted ;)

    We see lots of posts here, even when there is not a new version - again most of the time its self inflicted ;) Or lack of understanding of how something works in the first place.. If I have to go over another port forwarding thread I might scream! Those are always PEBKAC... in the 11 years been here I do not recall an actual problem with port forwarding that was not PEBKAC..

    If there is an actual bug in 2.4.4 that you are effected by - where is the link to redmine.. Maybe there already a patch, or will be in 2.4.4p1 or 2.4.5 etc..

    Please link to the bugs with web filtering - which is package related and not pfsense.. And your other issues your saying - if there is no bug report.. Then its not a bug and self inflicted.. It is only a bug once its has been validated as actual problem.. Until such time there is no way its going to ever get fixed until someone actually reports it.

    Say you have issues with xyz doesn't help anyone - let alone yourself.

    The current stable release is 2.4.4, I suggest you move to it since 2.3.x is EOL and no longer support. And there are no fixes for anything with it coming. No package updates either.. it is dead.. Move on!!



  • @johnpoz while I agree with you, in my case we are using our firewall in a live environment with our business relying on this firewall to be stable for many reasons. Therefore just upgrading willy nilly can have a huge impact on our business and cause us to lose a ton of money, or even clients of ours completely for something as simple as a big that is having issues being fixed. For instance the ppppoe issues I've seen recently on the forum that did in fact turn into a bug.


  • Netgate

    If there is a ton of money at stake you should be running an HA pair.

    And have a lab testing environment to test new releases.



  • @derelict in my case personally, we acquired a client who didnt have much knowledge and a terrible IT MSP who put this current system in place and didnt think these things through, and they are using antiquated technology. So were having to do research on the device they have in place before transitioning them to something more stable.


  • Netgate

    Everything I said applies to everything, not just pfSense.

    Running an old, unsupported release is no good for anyone.


  • Rebel Alliance Global Moderator

    Here is the thing if there is so much money involved.. Get your new hardware install current stable release 2.4.4 currently... Take you config from your old hardware and put in on the new.. Or build config from scratch no matter..

    Swap the hardware... 5 minute change.. Call out of longer window say 4 hours.. If you seen problems roll back to the old hardware. Or even if days later you run into X that is problem, then you roll back.. But in that case you will need to prob call out another change..

    I have been in this biz for long time, we have taken over new customers with just utter CRAP of a network.. Have also worked in production company that took over other companies and had to migrate their entire network to company standards, etc... I know how this stuff goes... Only reason your not updating is no body wants to do the freaking change control ;)

    Or the higher ups are not approving it - because it was not sold correctly on the importance of being current.. Especially on your FIREWALL...

    Sorry but there is zero excuse for not being current... I can understand you just took over this network that was running 2.3 and find that it EOL, and this network was not under control in 2 years of notification that it was coming to EOL and all support to move.. So you lost that runway for planning out the change.. But you are here now asking what is the current stable version... Which is 2.4.4 - this is what you should be moving to... If you want to wait til 2.4.4p1 that is up to you... But your question has been asked and answered ;)

    You not moving to it - is on you... But don't come asking for help when your not on current release or even in the line of 2.4.x

    Just like when you call Cisco or Riverbed or Palo or any other major player with an issue - even when you pay them 1000's in support and you have a problem.. Update to current and then get back to us ;)



  • @kmonteagudo said in We want to upgrade so please suggest the stable version of pfsense:

    @johnpoz while I agree with you, in my case we are using our firewall in a live environment with our business relying on this firewall to be stable for many reasons. Therefore just upgrading willy nilly can have a huge impact on our business and cause us to lose a ton of money, or even clients of ours completely for something as simple as a big that is having issues being fixed. For instance the ppppoe issues I've seen recently on the forum that did in fact turn into a bug.

    Since I was the first to get bitten by that, I found out about the issue right after upgrading a HA setup.
    Quickly moved back to previous version where I remained waiting for a fix.
    It did take some time to actually understand the exact sequence of events that led to the issue
    however the fix was very quick once all parties were on the same page
    Lab setup was updated to 2.4.4 and this is where the fix was confirmed.
    Now I know that 2.4.4 will work in production and it will be done on next available maintenance window.
    Only the latest version is considered stable. You can delay the update, allowing others to get things running smoothly, or always go for some point release, like 2.4.4p1 when available.
    But never stay behind more than this.
    In all cases were bussines is involved, a solid backup plan is adamant
    And since maintenance windows are often available during weekends and nights, running a HA setup, allows to do much more critical things remotely. (Having a pair of building keys available is called plan B)

    p.s. Now, if pf also had a mechanism to install packages for previous versions we would all be extremely happy too.



  • p.s. Now, if pf also had a mechanism to install packages for previous versions we would all be extremely happy too.

    I strongly agree!