To pfSense or not



  • I am new to pfSense and was feeling quite excited. After trying to install on an old HP G5 and coming across a thread hashing out the debacle over 2.4.4 breaking stuff for people and not being able to get official access to previous version I figured I should ask some questions.

    I currently have a Protectii Intel i5 7200U, AES-NI, Barebone. 2.4.4 installed and seems to run great. Approximately how long before this is obsolete and gets broken from an update?

    And if I understand correctly from the other thread if it does stop working at some point, I won't be able to roll back to a previous version (even if I still have the installer in some cases due to packages not being available) to get up and running at least until such a time that I can get newer supported equipment, if that is the route we choose?

    I am assuming that there would be ample notification if I continue to do my due diligence and stay up with notifications and such?

    Would there be a difference in the above scenario (assuming it is correct) between running the Community Edition or the Paid Support Edition?

    Probably will have more questions, just not experience enough yet to know them. Thanks for your time.

    Bill


  • LAYER 8 Rebel Alliance

    Which debacle over 2.4.4?
    Most of the updates went just fine. Or is this going to be just some bashing thread?
    You should be interested for any device you run as your edge Firewall/Security device to keep the software up to date and not run any EOL software.
    And there is really no reason for it, you can alyways just install the newest version of vanilla pfSense, pop in your latest backup and be fine with all your settings.
    Of course before any update you read the release notes and take a backup first: https://www.netgate.com/blog/category.html#releases

    -Rico


  • Moderators and Staff Rebel Alliance Netgate Administrator

    I am new to pfSense and was feeling quite excited.

    Great, welcome to the club!

    After trying to install on an old HP G5 and coming across a thread hashing out the debacle over 2.4.4 breaking stuff for people and not being able to get official access to previous version I figured I should ask some questions.

    We don't allow back access not because it's insecure. We are a security company; each of our updates contains security patches and fixes. It would be irresponsible of us, hurt our customer's relationship and trust with us if we willingly allowed insecure software to be officially distributed.

    I currently have a Protectii Intel i5 7200U, AES-NI, Barebone. 2.4.4 installed and seems to run great. Approximately how long before this is obsolete and gets broken from an update?

    No one really know's, We are not going to force you to purchase a new piece of hardware. If something fails because of poor manufacturing that is not our responsibility. The only hardware support we have retired was our 32 bit OS support. We don't intentionally 'break' updates or willing try and cause our customer's pain. If you follow the steps in our posts at time of update; you should be fine. I would recommend you attempt restoring a backup before you are forced to do so. Now is a great time.

    If you are on 2.4.4 please consider updating to 2.4.4-p2.

    And if I understand correctly from the other thread if it does stop working at some point, I won't be able to roll back to a previous version (even if I still have the installer in some cases due to packages not being available) to get up and running at least until such a time that I can get newer supported equipment, if that is the route we choose?

    This is not always the case; the update from 2.4.3 to 2.4.4 we migrated from PHP5.6 to PHP7.2. That was a large project, and we could not keep our packages running both versions of PHP.

    Most of the time the jump in version, 2.3 to 2.4 allows us to have both package servers running, you would be able to rollback, but again we would prefer you not too, as it's insecure.

    I am assuming that there would be ample notification if I continue to do my due diligence and stay up with notifications and such?

    Yes, Please keep in touch:
    Follow our
    Twitter
    Feeds
    Youtube Channel
    Our blog
    sign up for our Newsletter

    Please become involved more in our forum.

    Would there be a difference in the above scenario (assuming it is correct) between running the Community Edition or the Paid Support Edition?

    Yes, and No. The bigger difference is if you had our hardware, we don't have the resources to test every iteration of hardware our customer base uses. We, the Global Support team tests our hardware, updates, new install and packages a multitude of times. We want this to be a smooth process for all of our customer base.

    The biggest issues we have see "update xxx broke my machine it won't boot now."
    That is a symptom of our success, it's unfortunately is timing issue. As an OS pfSense is incredibly stable, we see people brag about their large up time. During the up time a component of hardware failed, and it won't work after the power is shut off or rebooted. This is why when you read our update guide, step 1 is to backup, step 2 is have a fallback plan, step 3 is reboot, only after then do we discuss running the backup.

    The paid support is for you to be able to contact the Global Support team at Netgate.

    Probably will have more questions, just not experience enough yet to know them. Thanks for your time.

    I hope I have answered your questions. Please let me know if you have any more.