Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    About pfSense backup and restore procedure. Some doubts...

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 491 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mauro.tridici
      last edited by

      Dear Users,

      during the last year we set up a physical router based on pfSense CE v.2.7.0. It worked very well, but during the last hours we detect some important hardware failures. It is still running but with very poor performance.

      Fortunately, we have an identical server with the same hardware configuration and we are planning to install v.2.7.0 on this new server, backup the current running configuration (on the old server) and restore it to the new one.

      Anyway, I have some doubts about packages management, mac addresses, interfaces, BGP and so on. You can find below my doubts:

      1. since the old server is still up & running, we need to restore the old configuration on the new server without connecting the cables (in order to avoid IP addresses conflict); but the official guide says that I should have a running network connection, is it correct?

      2. on the old server, frr + pfblockerng + iperf and other packages are installed and used; restore procedure will download them again after the reboot (or before), right?

      3. the interfaces MAC addresses in the new server will be different, how pfsense restore will manage this kind of mismatch?

      My plan is the following one:

      • disconnect management interface cable from the old running server;
      • connect the management interface cable to the new server;
      • assign a new and different IP address to the management interface of the new server;
      • restore the configuration on the new server (after the reboot, the old management address will take place and pfsense will be able to reach internet)
      • (pfsense packages will be downloaded after the reboot, I hope);
      • reboot again the server in order to start from a clean situation with installed packages and services;
      • update pfsense from 2.7.0 to 2.7.2
      • replace the old server with the new one.

      Could you please check if my plan is correct?
      Thank you in advance,
      Mauro

      E stephenw10S 2 Replies Last reply Reply Quote 0
      • E
        elvisimprsntr @mauro.tridici
        last edited by elvisimprsntr

        @mauro-tridici

        doesn't have to be complicated. I have done this dozens of times without issues.

        1. Use Diagnostics, Backup/Restore GUI to backup the XML file on current appliance
        2. Connect new appliance WAN to your existing LAN and install 2.7.2 on new appliance.
        3. Use Diagnostics, Backup/Restore GUI to restore the XML file to new appliance. The GUI will prompt you which interface is WAN, LAN, etc on new appliance.
          NOTE: you can temporarily disable the FW on new appliance so you can access the GUI from the WAN side using the following command
        pfctl -d
        1. Reboot
        2. Go back to Diagnostics, Backup/Restore GUI on new appliance. and click on Reinstall Packages.
        3. Reboot and check that it looks like everything was restored.
        4. Swap in new appliance.
          NOTE: depending on your ISP kit, you may need to reboot the modem and/or if you configured ISP kit in IP passthrough mode, you may need to log into modem and set the MAC address for the new appliance.
        1 Reply Last reply Reply Quote 1
        • stephenw10S
          stephenw10 Netgate Administrator @mauro.tridici
          last edited by

          @mauro-tridici said in About pfSense backup and restore procedure. Some doubts...:

          disconnect management interface cable from the old running server;
          connect the management interface cable to the new server;
          assign a new and different IP address to the management interface of the new server;
          restore the configuration on the new server (after the reboot, the old management address will take place and pfsense will be able to reach internet)
          (pfsense packages will be downloaded after the reboot, I hope);

          That relies on the new firewall having a default route via the management interface. If it does that should work fine.

          M 1 Reply Last reply Reply Quote 1
          • M
            mauro.tridici @stephenw10
            last edited by

            @stephenw10 during the installation/configuration phase (before restoring the config), only the management interface will be connected and we will set a "fake" IP for the WAN interface.

            In order to be able to connect to internet using the management interface, should I simply create a default gateway pointing to the existing gateway for the management network?

            Thank you,
            Mauro

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Yes it will need a route via the management interface so add a gateway if one doesn't exist and set it default.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.