SG-1100 Small partition - reinstall process?
-
So my SG-1100 has the small partition (800K) so I understand that I'll need to reinstall which will reimage the device.
Where is the process for this that I can follow?
Also, will I need to reconfigure all of my settings (ports, 1 port forward) and reinstall and reconfigure pfblockerng (the only package I have installed)?
-
We're working on getting a combined document out with all of the relevant info in one place, but in the meantime:
If you take a backup first, you can restore that after reinstalling and have all your current settings. You'll probably need to trigger pfBlockerNG to re-download its lists and so on after the restore if you use those features.
To reinstall, follow the procedure in the product manual for the 1100:
https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/reinstall-pfsense.html
-
@jimp Thank you! I'll read over the information at the link you posted but probably wait for the consolidated document to perform the actual reinstall.
Thanks again.
-
I went ahead and requested & received the update file (thank you Netgate tech support for the awesome- quick response!) and did the reinstallation successfully.
This is on my spare SG-1100 so tomorrow I'll make a backup of the in-use SG-1100 and restore it into this one (the just-reinstalled spare) while it's not connected to my network. Then I'll swap devices and let this one connect and install pfblockerng.
At least, that's my plan. Since it won't be connected to the internet when I restore the backup config, will the restore fail when it tries to configure pfblockerng?
-
@nguser6947 It will try to install the package(s) but fail. You can later install them yourself though, since the data will be in the restored config file. Just like uninstalling pfBlocker and installing it again, for upgrades.
Since our lab has a different IP range than our clients' networks and they often have a DHCP WAN IP, we can do the restore in house, let it connect out as needed, then take it on site.
-
@steveits Thanks for your insight.
IIRC my pfblockerNG install is stock, meaning I just installed it and made no changes.
As long as the SG-1100 will continue past the pfblockerNG install and let me put it online I'm not too worried about reinstalling pfblocker.
-
So, I did the configuration restore. Plugging into the LAN port with my laptop everything seems to have restored correctly, except obviously pfBlockerNG isn't installed. So I get a handful of warning messages, and at the end:
General
Package reinstall process was ABORTED due to lack of internet connectivity @ 2023-02-10 16:14:38So... at this point, should I remove pfBlockerNG using the GUI, and then when I'm ready swap this one with the currently in use device, get it online and reinstall pfBlockerNG? Will removing it restore the firewall rules to the way they were before I ever installed pfBlockerNG?
My fear is that removing the package either won't work to begin with (since no internet connection) or that it won't revert the firewall rules, and thus when I do plug it into the router it'll be uncommunicating.
-
Those parts are better suited for a post in the pfBlockerNG category as it likely depends on your configuration in there.
Generally speaking it's OK to get it online without packages and reinstall them once you have connectivity. If it were going to have an error loading the firewall rules, you'd already be seeing that in the logs.
-
@jimp I'll post this question there, thanks.
