Firewall Failed - Bus Clock Bug - How to upload XML backup config file



  • Hello,

    I am in need of expert information in diagnosing a matter with our firewall gateway appliance.
    Today our SG firewall abruptly shut down and would not reboot successfully and showed red led status indicator.
    It was determined to be some hardware bus clock outputs bug that prevented the system boot function.
    I went to netgate facility ( we are both in Austin) and they were aware of this problem and confirmed it ->
    https://www.extremetech.com/computing/244074-intel-atom-c2000-bug-killing-products-multiple-manufacturers

    It was covered by warranty and within an hour it was ready for me to pick it up. They informed me they replaced the board, updated the BIOS, and installed the latest version of pfSense. What I forgot to ask them was if in doing that it erased all config metadata and settings! Amateur of me.

    Since the firewall is used for dhcp and dns resoltuion and has static ip assignment from att, I had to utilize our att router port 2 for these dynamic services and connect it directly to our juniper switch during the time our netgate device was being repaired.

    When I returned to the office with it I attempted to redo the set up exactly as it was prior to the incident. I reconneced the router to the firewall via port 1 which is for our static public ip that was set up in the firewall...yet no internet was the result. I rebooted in different sequences to no avail.

    So here is my question I need help with - either the firewall was erased when it was repaired and I must upload the backup config file I have on my desktop, or it was not erased and something else is preventing it from being detected by att engineers endpoint and thus it could be in a different mode that is not static and not dhcp/dns enabled anymore.

    How do I determine this? I noticed the console cable to the firewall is micro-usb which I do not have (I only have serial to usb to rj45 console cables) so I would have to get that specific console cable? Or can I use the usb port on the devce and boot it and it will auto implement the backup config file? Or how do I determine if the firewall has been erased of all the settings and ip numberings ?

    I very much appreciate any insight provided



  • @VirtuousMight said in Firewall Failed - Bus Clock Bug - How to upload XML backup config file:

    How do I determine this? I noticed the console cable to the firewall is micro-usb which I do not have (I only have serial to usb to rj45 console cables) so I would have to get that specific console cable?

    If it's anything like the Cisco USB console cable, then the RS232 adapter is built into the equipment and all you need is the USB cable. Cisco uses mini USB though. If you have a micro USB cable from a cell phone or tablet, that would probably be OK.


  • LAYER 8 Rebel Alliance

    Are you able to access the pfSense WebGUI? You can easy recover the backup XML then: https://docs.netgate.com/pfsense/en/latest/backup/configuration-backup-and-restore.html

    -Rico



  • @Rico

    I should have specified this:

    When I connected everything how it was prior I could not access the firewall static private IP 10.235.17.1 anymore nor were any of the layer 2 juniper switches getting any ip addresses and dns resolving to nodes in our lan as before. I dont know why. I have no access to the webGUI even thought the led status indicator is now green. As such, I just reverted back to using our att router port 2 for these services but this has its limitations and it is degrading our wlan connectivity performance.

    So I did read from the pfSense docs how use the config.xml file on the same hardware but I am just not sure if all the data that was in it before is still there or not as the netgate technician has not responded yet. So I am not sure if I should do this:

    Configuration from USB during Install -> https://docs.netgate.com/pfsense/en/latest/backup/automatically-restore-during-install.html

    Please advise. Thanks.


  • LAYER 8 Rebel Alliance

    With the factory settings pfSense is using 192.168.1.1 as default IP.
    Plug your laptop with DHCP enabled to the pfSense LAN port directly and try to connect to the WebGUI (192.168.1.1), then restore your config.

    -Rico



  • @Rico

    Okay rico,I will attempt to do this tomorrow when no one is in the office. .

    So with my back up config.xml file once I connect to the lan port via dhcp with my laptop and access the web portal at the default IP of the machine then I should refer to which pfsense documentation for restoring my configuration? the one you linked already or the one I linked?


  • LAYER 8 Rebel Alliance

    If you have access to the GUI it's just Diagnostics > Backup & Restore

    restore1.png

    restore2.png

    -Rico


Log in to reply