Issues after uploading backup config
-
Hello all - new guy here! I have a Netgate firewall appliance at our Houston office that failed and needs to be replaced. I have a spare SG-3100 that I plan to use which I have restored the backup XML file but having some issues. I'm plugged directly into the firewall and have my computer set to a static address. I'm able to reach the admin portal for the firewall but it's as if the config only partially uploaded. I am missing quite a few things from users in user manager to firewall rules, aliases etc.
This spare firewall already had a config on it from a previous company. I did not factory restore prior to uploaded the config for Houston. Is best practice to factory reset and then upload the xml config file?
On the main dashboard I am seeing the following message which has been displayed for the one to two hours: Packages are currently being reinstalled in the background.
Do not make changes in the GUI until this is complete.
If the above message is still displayed after a couple of hours, use the 'Clear Package Lock' button on the Diagnostics > Backup & Restore page and reinstall packages manually.
Is there anyway to see what packages are being installed in the background? I also noticed that there are some processes that are sleeping and some that are waiting. How exactly would I start these processes?
last pid: 31101; load averages: 0.14, 0.28, 0.33 up 0+02:29:09 13:36:41
162 processes: 3 running, 138 sleeping, 21 waitingMem: 46M Active, 93M Inact, 112M Wired, 19M Buf, 1730M Free
-
I've reset the firewall back to factory defaults and re-applied the xml file for the config but the same issue happens. The config file uploads but it doesn't upload everything. There are a handful of entries missing from system, interfaces and firewall tabs. I'd rather not have to manually setup the firewall from the ground-up but if that's the only choice I have, so be it.
Any help would most definitely be appreciated. Curious if anyone has ran into a similar issue where the config uploads but doesn't upload all the entries.
-
@jkalber You should at least make sure the new one is updated...if any packages are in use in the backup config file, restoring will by default install them, and that will pull them from the current version's package list. If it crosses versions that may try to update PHP or other system files...see my sig.
You can ask Netgate for a copy of the firmware to install (go.netgate.com, free) and they will also help convert a config file if necessary to account for the switch in the 3100 or other models with a switch.
Package installation should not take very long, normally a few minutes for the ones we use.
-
@steveits The system version on the firewall in Houston that is having issues is the newest, v21.05.1-RELEASE however the backup config I have for that firewall is the previous version 2.4.5-RELEASE-p1. I do not have a backup of the current configuration unfortunately (the one that is running v21.05.1-RELEASE). So technically, the firmware should be the correct version on my backup - right? I'd assume the packages it's trying to install from the backup would be for version 2.4.5-RELEASE-p1.
Does the firewall that I am working on have to be connected to a network to update packages? I figured it would just install the packages from the config I backed up. Currently just have a/c power connected and I'm plugged into LAN1 with a static address set on my laptop.
-
@jkalber The config can be restored to a later version.
The package binaries are not in the config file which is just an XML file. It will try to download those and if the WAN isn't working then everything will be super slow while DNS queries attempt, and time out. Plus the downloads will fail. Plus the web GUI will be slow at times for the same reason. Basically it assumes there is a working WAN.
You could try changing the WAN IP in the config file, plugging WAN into your network, and letting it out that way. Then change the WAN IP after.
-
@jkalber said in Issues after uploading backup config:
I do not have a backup of the current configuration unfortunately (the one that is running v21.05.1-RELEASE). So technically, the firmware should be the correct version on my backup - right?
It doesn't have to be. You should always be able to import an older backup file into a newer firmware version. What you are attempting should work.
If the firewall has come from some other place where anything could have been done to it I would definitely start out by re-installing 21.05.1 clean. Open a ticket with us to get the recovery image: https://go.netgate.com/
Steve
-
@stephenw10 thanks! I’ve opened a ticket with Netgate. I am currently at the Houston office and have the firewall hooked up but still having network issues.
-
Alright I am back online after the help from Netgate support (huge freaking kudos to Alexey Prokofiev). He was able to edit my config from the SG-1000 I had and made it work for the SG-3100. Thanks again for everyone's help and recommendations. Office is back online!