Upgrading from 5100 to 6100

louiannucci

Hi,

I just ordered a Netgate 6100, and currently have a Netgate 5100. Can I just download the configuration from the 5100 and upload it to the 6100, or will have to make changes.

Thanks,
Lou

mer

@louiannucci
The interfaces are different, that may cause problems. I think Netgate can help transfer configs for their appliances.

I have found it useful to actually configure the new device without it connected on WAN while the old/current device is in operation.
It lets me walk through everything and have a working config to compare against.
Once it looks like the config is correct/done a clean shutdown and swap a couple cables and power up the new one and it should be working.
Then keep the old device around on a shelf as a backup device if needed.

louiannucci

@mer Thanks for the information. I appreciate the feedback.

SteveITS

@louiannucci The 5100 doesn't have a built in switch so you should be able to just restore to the 6100, and assign interfaces at that time. The challenge is restoring a switch configuration and they will help with that if someone opens a (free) ticket.

Note if you have packages installed the restore will try to install the packages.

mer

@steveits Does the 6100 have a switch? I think on the website it talks about "8 independent and flexible WAN/LAN ports". Documentation indicates the 4 WAN (RJ45 and SFP) are ix, the others are igc. I could be misinterpreting things, but that's my understanding.

Here's what I'm looking at, scroll halfway down or so:
https://shop.netgate.com/products/6100-base-pfsense

your overall point about assigning interfaces when restoring config probably still holds.

SteveITS

@mer said in Upgrading from 5100 to 6100:

Does the 6100 have a switch

No, the 1100, 2100, 3100, and 7100 do: https://www.netgate.com/appliances?priceMin=179&priceMax=3148&user_profile=&software=pfSense+Plus&form_factor=#compare-products
-> "4-Port 1 GbE Marvell switch"

stephenw10

Exactly ^. Neither the 5100 or 6100 have a switch which makes this easy. Also the 6100 has more total interfaces so there won't be a problem there.
You should just be able to import the config and reassign the interfaces before rebooting.

The only thing to watch out for might be if there isn't an interface mismatch and it just accepts the config. For example if you were only using ix0-ix3 in the 5100 that would not trigger the interfaces reassignment since those NICs also exist in the 6100. If you want to reassign them that could be unexpected. It probably won't happen though since igb0/1 are used by default in the 5100.

Steve

swh

I just upgraded from the 5100 to the 6100.

The 6100 came with 21.05.2 already loaded. I upgraded the 5100 so everything was on the same release.

Then I backed up the 5100 and copied the XML file to the laptop that was connected to one of the LAN ports. (WAN was not connected to anything).

I applied the backup to the 6100, and the UI popped open the Interfaces page with a message that there were interface mismatches. It gave me the option to map the 6100's interfaces and then rebooted.

I'd never seen this before and I have to say, it was pretty awesome. All my packages and configs were on the 6100 and I was able to swap out the 5100 and go on with my day.

--SWH

stephenw10

Nice. Thanks for reporting back.

nimrod

I just want to confirm that this is absolutely same experience i had with two completely different machines.

I saved the XML configuration from my Protectli box. Then i got brand new desktop machine for my friend which is going to be used as a pfSense firewall. This machine has onboard Realtek NIC and PCIx Realtek NIC. I did fresh install of pfSense on this machine and i was able to access web UI. From there, i restored XML configuration from my Protectli box. Machine rebooted, and interface configuration wizard popped up. Once configured, pfSense booted up and i was again able to access web interface again. Only this time, i was notified that the packages are downloading in the background and that i should not touch anything until its done.

Keep in mind guys that Protectli box and this new desktop PC are completely different machines when it comes to hardware specs. The only thing they have in common is that they are x86 machines. Nothing else. And i was able to fully restore my Protectli configuration on it with zero issues. I just had to remove my oink ID in snort, and change web access UI access password and that was it. All packages were installed and configured exactly the same. Even interface assignment in Snort and Squid were correct. I was blown away.

The way that pfSense is handling configuration files is absolutely flawless.