Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Procedure to offline update hot spare to latest revision?

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    sg-1100
    10 Posts 4 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NGUSER6947
      last edited by NGUSER6947

      I have a spare SG-1100 that is several software revisions old. I would like to power it up, give it a fixed IP address that won't conflict with my other (active) SG-1100, update the software in it and restore a backup to it from my active SG-1100.

      Do we have a documented process for doing this? Also does the backup contain the default IP address, meaning once restored it would conflict with the active unit (I assume I'd do the restore from the console with the unit unplugged from the network)?

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @NGUSER6947
        last edited by

        @nguser6947 How old? If it’s several versions Netgate will usually say to just install new.

        Alternatively you could select the previous stable backup update branch and go to that version, then 23.01.

        Restores will restore IPs also. You can change it after, or edit the config file before restoring.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        N 1 Reply Last reply Reply Quote 0
        • N
          NGUSER6947 @SteveITS
          last edited by

          Happy to install new.

          Just looking for the procedure to follow so I do this correctly.

          Thanks.

          S keyserK 2 Replies Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @NGUSER6947
            last edited by

            @nguser6947 the 1100 is here
            https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/reinstall-pfsense.html

            You could get the firmware and try the self upgrade. If it works, great, if not, you have a backup plan. Also important is bug https://redmine.pfsense.org/issues/13967 , another reason to have an image ready to install.

            I would probably try 22.05 and then 23.01, vs direct to the latest.

            Also
            https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html
            Definitely save a backup of your config.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            S 1 Reply Last reply Reply Quote 0
            • S
              SteveITS Galactic Empire @SteveITS
              last edited by

              @steveits …and they paused 1100 due to that bug:
              https://forum.netgate.com/post/1087901

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              N 1 Reply Last reply Reply Quote 0
              • keyserK
                keyser Rebel Alliance @NGUSER6947
                last edited by

                @nguser6947 said in Procedure to offline update hot spare to latest revision?:

                Happy to install new.

                Just looking for the procedure to follow so I do this correctly.

                Thanks.

                Getting it up to speed in terms of firmware/config is not hard. The major problem is the possible packages you are using.

                If you request the latest image from TAC, you can easily write that to a USB key, and add your latest config to the key, before you boot and reinstall the box from the key.
                BUT: Part of completing the installation automatically, is that the box reboots and gets online to fetch any installed packages and reinstall them in the background. So if we are talking a completely offline backup box, you cannot complete the install.
                Worse yet, if you are running a pfSense primary with a static WAN IP, you cannot complete the offline install unless you temporarely can remove the primary and insert the secondary on your WAN link to let it complete install with Internet Access through it’s configured static IP.
                If your WAN is setup for DHCP, it can complete if you just connect WAN to a IP subnet that:

                1: Has Internet Access
                2: Is not an interface i the restored pfSense Config (because WAN and the Interface then will have the same IP subnet).

                What you can do is complete the first part by reinstalling the box with your config and the let it reboot and fail installing the packages. Shut it down and put it on the shelf as a backup.
                In case it needs to be put into service, the first thing you do after connecting it and powering it up with the WAN link connected, is goto: DIAGNOSTICS -> Backup/restore config, and press “Reinstall Packages”.
                But it will take a few additional minutes, and you are not 100% insured against issues with package installs

                Love the no fuss of using the official appliances :-)

                N 1 Reply Last reply Reply Quote 0
                • provelsP
                  provels
                  last edited by provels

                  I have a new pfS behind my prod pfS with the test's WAN port plugged into my prod LAN getting a DHCP address, gave the test LAN a different subnet and installed from there. You can start fresh on the second box, update it as far as you can, then restore the original config, or install, update, reinstall pkgs, then restore config. HTH

                  Peder

                  MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
                  BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

                  1 Reply Last reply Reply Quote 0
                  • N
                    NGUSER6947 @keyser
                    last edited by

                    @keyser The only package I'm using is pgblockerng.

                    keyserK 1 Reply Last reply Reply Quote 0
                    • N
                      NGUSER6947 @SteveITS
                      last edited by

                      @steveits

                      I'll hold tight for a while.

                      1 Reply Last reply Reply Quote 0
                      • keyserK
                        keyser Rebel Alliance @NGUSER6947
                        last edited by keyser

                        @nguser6947 said in Procedure to offline update hot spare to latest revision?:

                        @keyser The only package I'm using is pgblockerng.

                        That is the best package for pSense - period.
                        But it is also the worst for what you are looking ti do. Because depending on your setup that will either autocreate and sort your firewall rules or create aliasset that cannot resolve when it’s not installed

                        Love the no fuss of using the official appliances :-)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.