Netgate Configuration Export (6100 MAX)
-
Hello.
I recently had a lightning strike that fried some of the parts inside my 6100 MAX. I did have the unit plugged into a APC UPS but the surge came through the cable internet and through the ethernet. It also fried the ethernet port on one of my PCs.
The 6100 MAX will boot up for a bit but then shuts down after about 3 minutes. I do not get any sort of login to the box, and my PC does not receive an IP. I am assuming it is stuck in a boot loop and then times out.
My question, is there any way to get the configuration off the unit to be imported to a new 6100 MAX unit?
My assumptions is no, since I read in the online manuals that the configuration is stored on an internal chip and not the SSD that comes with the 6100 MAX. Worst case is I will have to go through and set up the new unit.
A couple of lessons I have learned that I can pass along to new users:
-
The importance of off device backups of your configuration
-
The importance of making sure the power cables AND ethernet/cable from your ISP run through a surge protector
-
-
@Burizado said in Netgate Configuration Export (6100 MAX):
online manuals that the configuration is stored on an internal chip and not the SSD
I don't think that to be true, the config is the directory
/confwhich is on the same device as the pfSense installation. pfSense can't handle multiple disks.For restore there are a few options:
- If you connect to the serial console you can at least see if the SSD can be accessed (if ithe 6100 powers up at all). If you can access the SSD, copy the complete
/confdirectory to an USB stick - Another option is if you have enabled the auto configuration backup and saved away the device key and encryption password you can enter these infos in the new 6100 and restore the last backuped configuraton
- Or you remove the SSD and connect it to a PC (with an FreeBSD based OS) and if the SSD is intact you'll be able to backup the
/confdirectory
- If you connect to the serial console you can at least see if the SSD can be accessed (if ithe 6100 powers up at all). If you can access the SSD, copy the complete
-
@patient0 Thank you for the suggestions!
I did open the unit and saw that I could remove the 128GB SSD storage. If I removed that, and put it into a new 6100 MAX unit, would that effectively transfer my old configuration to the new unit?
-
@Burizado said in Netgate Configuration Export (6100 MAX):
If I removed that, and put it into a new 6100 MAX unit, would that effectively transfer my old configuration to the new unit?
I would say so, yes.But I think opening the 6100 will void the warranty, you may want to check that with Netgate.
-
@patient0 Thank you for the quick replies!
I had to open the broken one to take pictures of the damage for insurance purposes. I will have to check with Netgate on replacing the SSD on the new unit I just received. I am guessing they will say it will void the warranty on the new unit. Then I will have to weigh whether it is worth it or not to go that route.
Thanks again!
-
@Burizado you still could connect the SSD of the broken 6100 to a computer. At this moment I assume you are not sure if the SSD did survive?
-
@patient0 Yes, true.
I do believe it is fine, as I see no physical damage like I see on the main board (see image; you can actually see where it left a mark on the white lid as well).
I do have a few external cases I can put it in and connect to my PC or UNRAID server to see if it is still good (I know you mentioned before it needs to be a FreeBSD based OS).
-
@Burizado said in Netgate Configuration Export (6100 MAX):
you can actually see where it left a mark on the white lid as well
Wow, no doubt about the damage there.
...you mentioned before it needs to be a FreeBSD based OS
Actually, if pfSense was installed on a ZFS file system, a Linux based OS probably works too. If it's UFS then Linux won't be of much help.
-
@Burizado said in Netgate Configuration Export (6100 MAX):
The importance of off device backups of your configuration
We save the file after every time making changes. Sometimes I add a note to the filename like " (added VLAN)".
For the more, or maybe less, paranoid, there is https://docs.netgate.com/pfsense/en/latest/backup/autoconfigbackup.html.
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote 👍 helpful posts! -
@SteveITS Thanks for the reply!
Yes, that is one of my 'lessons learned', that I need to do a backup of the configuration at a MINIMUM every time I make any changes.
If I look on the positive side, if I do need to reconfigure it, this will allow me an opportunity to correct any non-optimal setups I did as a new Netgate owner 8 months ago.
-
Yes the config file is on the SSD and would be present on the new device.
Do you see any output on the console when booting the old 6100?
If it boots there you can probably extract the config from the console directly.
-
@SteveITS said in Netgate Configuration Export (6100 MAX):
We save the file after every time making changes. Sometimes I add a note to the filename like " (added VLAN)".
Revision Control Systems are your friend. My current RCS has pfSense configs back through 2013.
Unfortunately, configs prior to that were discarded along with my prior RCS.
-
@dennypage Well hopefully you won't need to track down many changes made in 2012.
We have several clients with pfSense, and don't make that many changes, but it's nice to have a copy in our office in case of hardware failure. We can grab a replacement and quickly restore, or use ECL to restore without even connecting a laptop.
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote 👍 helpful posts! -
@stephenw10 said in Netgate Configuration Export (6100 MAX):
Yes the config file is on the SSD and would be present on the new device.
Great! Thanks for confirming!
Do you see any output on the console when booting the old 6100?
I did not try connecting the console cable up yet. I have not done that before and have to review how to do it and if I have the equipment to view the console.
If it boots there you can probably extract the config from the console directly.
Right now it seems to be in a boot loop (just from external observation), and shuts down after about 3 minutes. The blue light on the front flashes the entire time, then only red. I don't get an IP address on the PC I had directly connected to the device. I will see if I can get the config directory that way before opening the case back up. It sounds like I have options from all the suggestions here. Thanks!
-
@SteveITS said in Netgate Configuration Export (6100 MAX):
Well hopefully you won't need to track down many changes made in 2012.
It's more of an emotional problem for me at this point.
-
@stephenw10 Thank you for the great suggestion! I was able to get my /conf directory off the old device via the console cable. I tried several other methods to no avail.
Next question, I only copied the /conf directory thinking I would only need the configuration. I did have pfBlocker and some other packages loaded onto my old 6100. Do I need to copy anything other than the /conf directory to restore those to the new 6100?
Also, my assumption is that the /conf directory has all my firewall and NAT rules in the configuration that I can restore to the new 6100. Is that correct?
-
@Burizado A restore will install packages that were in/from the config file. (it's easier to think of this as "will install missing packages" but I think it reinstalls them all anyway)
If you just plug in the WAN cable and use the above ECL method you don't even need to log in to it, to restore. WAN will be configured at that point, and it will install the packages. Plug in LAN and log in via your browser. You might need to reboot once, for instance, enabling the RAM disk setting needs a reboot.
-
@SteveITS Thank you for the quick reply, and confirming all the packages should get reinstalled!
So if I am understanding the ECL process from the documentation you linked (THANKS!), I just copy the config.xml in the 'conf' directory on my USB, to a 'config' directory, then insert it into the new 6100 and start it up? Seems easy enough.
Since I have the console cable configured on my PC, I might just use that on the new 6100 to watch the boot and restore process. I have not booted the new 6100 yet. I was waiting to see if I could get the old configuration back, so I wouldn't have to set everything up from scratch.
Sorry for all the questions. This is my first time with a full restore and I don't want to 'brick' the new device, if that is possible.
-
Yup, you only need the config.xml file from /conf to get back all your config.
-
@Burizado Yes. Or you can do it the "long way," log in, get WAN working, and then restore from the web GUI.
