About pfSense backup and restore procedure. Some doubts...
-
Dear Users,
during the last year we set up a physical router based on pfSense CE v.2.7.0. It worked very well, but during the last hours we detect some important hardware failures. It is still running but with very poor performance.
Fortunately, we have an identical server with the same hardware configuration and we are planning to install v.2.7.0 on this new server, backup the current running configuration (on the old server) and restore it to the new one.
Anyway, I have some doubts about packages management, mac addresses, interfaces, BGP and so on. You can find below my doubts:
-
since the old server is still up & running, we need to restore the old configuration on the new server without connecting the cables (in order to avoid IP addresses conflict); but the official guide says that I should have a running network connection, is it correct?
-
on the old server, frr + pfblockerng + iperf and other packages are installed and used; restore procedure will download them again after the reboot (or before), right?
-
the interfaces MAC addresses in the new server will be different, how pfsense restore will manage this kind of mismatch?
My plan is the following one:
- disconnect management interface cable from the old running server;
- connect the management interface cable to the new server;
- assign a new and different IP address to the management interface of the new server;
- restore the configuration on the new server (after the reboot, the old management address will take place and pfsense will be able to reach internet)
- (pfsense packages will be downloaded after the reboot, I hope);
- reboot again the server in order to start from a clean situation with installed packages and services;
- update pfsense from 2.7.0 to 2.7.2
- replace the old server with the new one.
Could you please check if my plan is correct?
Thank you in advance,
Mauro -
-
doesn't have to be complicated. I have done this dozens of times without issues.
- Use Diagnostics, Backup/Restore GUI to backup the XML file on current appliance
- Connect new appliance WAN to your existing LAN and install 2.7.2 on new appliance.
- Use Diagnostics, Backup/Restore GUI to restore the XML file to new appliance. The GUI will prompt you which interface is WAN, LAN, etc on new appliance.
NOTE: you can temporarily disable the FW on new appliance so you can access the GUI from the WAN side using the following command
pfctl -d- Reboot
- Go back to Diagnostics, Backup/Restore GUI on new appliance. and click on Reinstall Packages.
- Reboot and check that it looks like everything was restored.
- Swap in new appliance.
NOTE: depending on your ISP kit, you may need to reboot the modem and/or if you configured ISP kit in IP passthrough mode, you may need to log into modem and set the MAC address for the new appliance.
-
@mauro-tridici said in About pfSense backup and restore procedure. Some doubts...:
disconnect management interface cable from the old running server;
connect the management interface cable to the new server;
assign a new and different IP address to the management interface of the new server;
restore the configuration on the new server (after the reboot, the old management address will take place and pfsense will be able to reach internet)
(pfsense packages will be downloaded after the reboot, I hope);That relies on the new firewall having a default route via the management interface. If it does that should work fine.
-
@stephenw10 during the installation/configuration phase (before restoring the config), only the management interface will be connected and we will set a "fake" IP for the WAN interface.
In order to be able to connect to internet using the management interface, should I simply create a default gateway pointing to the existing gateway for the management network?
Thank you,
Mauro -
Yes it will need a route via the management interface so add a gateway if one doesn't exist and set it default.
