Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Always use img for updates?

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 2 Posters 581 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dennis100
      last edited by

      Like many others posting here I became complacent with upgrades. They always worked flawlessly. Then came 21.02. I'm on site (thank goodness) dealing with another AT&T install nightmare and since I had some down time why not do a quick upgrade on their SG-3000? It locked. I was suddenly getting uncomfortable. Fortunately I was able to get it to come back up after a couple reboots. Whew! Now however I'm a little shy on 21.02.

      This weekend I tried to upgrade my home SG-2440. What a disaster. After the upgrade the system wasn't responding to pings, no GUI, and the console would go to the command line but no console menu. Other than a crappy cell phone connection I had no internet thus little to no ability to do any research. Fortunately I had a spare FW at work which I drove out and picked up. I was able to get that going, then download a img for the 2440 and reload the OS and finally the config.

      So all this indicates I need a new method to do upgrades. Offsite upgrades are no longer an option. I'm thinking the most reliable method would be to download the latest img for the appliance, backup the config, then install the img and finally restore the config.

      Thoughts? Would this be any riskier than doing a GUI upgrade or doing a console upgrade? It seems it would be better as any filesystem inconsistencies, corruptions, or whatever would be eliminated.

      I'm looking at 2 more SG-3000s that should be upgraded as well as a XG-1537. I'd rather plan on the extra time for on site installs and prep than risk any more excitement.

      ? 1 Reply Last reply Reply Quote 0
      • ?
        A Former User @Dennis100
        last edited by

        @dennis100 it is definitely cleaner doing it this way and safer, just perhaps not so convenient. It tends be something I often do now, just feels like I'm getting a fresh system at the new version, rather than something hacked around with to drag it up to the latest version.

        Also an upgrade scenario is harder to test and debug all eventualities, whereas a clean install with an image file means it installs from a clean slate.

        Interesting to hear what others think.

        1 Reply Last reply Reply Quote 0
        • D
          Dennis100
          last edited by

          After a discussion with support I decided my new upgrade procedure will be:

          1. Download img for current install version (if I don't already have it).
          2. Download img for new release.
          3. Backup my config.
          4. Run the upgrade from the console.
          5. If it is successful -> done
          6. If it fails install the img from the new release with the retain config option.
          7. If the new img is successful but the config failed restore the config from backup.
          8. If the new img install fails do #6/7 using the old img.

          Determining what is successful can be subjective or could take a while to realize. Fortunately our firewall configuration is somewhat static so we can run on a new release for a while and still roll back relatively easily.

          For major releases (21.02) I'm leaning towards going directly to a img install on those.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.