Config restore on new hardware - maintaining 'interfaces'

saqibs

Hi all,

I'm throwing out a few ideas here to see if anyone has any suggestions, or options to help.

Issue: Moving config from one machine to another, losing interfaces (and firewall rules)
I have a few interfaces, (vlans mainly) along with LAN, WAN, and associated firewall rules. I move my config from my bare metal machine onto a virtual machine and I recall the vlan interfaces were still there after the restore, and I was able to assign then interfaces to different 'hardware' in the assignments section.
Recently when moving my config to another vm (similar physical interfaces) I loose all the vlans interfaces (GUEST / LAB / DEV etc), I still have the VLAN but nothing in the assignments sections so I need to recreate the interface and associated firewall rules.

Questions:
Editing XML config
I hear I can manually edit the config xml file and can probably save the interfaces or re-create them on the new machine, but I am wondering if anyone has any experience with this and if there any other easier ways to do this?

Pfsense feature req?
Can we have pfsense 'keep' any interfaces & firewall rules that are associated with them, and just have them unassigned, and choose to assign them in the assignments section? I believe I had a version of this when moving my config from my hardware machine to my vm.

I am currently on CE 2.8.1.

JKnott

@saqibs said in Config restore on new hardware - maintaining 'interfaces':

Editing XML config
I hear I can manually edit the config xml file and can probably save the interfaces or re-create them on the new machine, but I am wondering if anyone has any experience with this and if there any other easier ways to do this?

A few years ago, I moved pfSense to a new mini PC. I copied over the config file and then, in a shell, configured the interfaces. That was all I had to do. I did not edit the file manually.

saqibs

@JKnott
Can you elaborate on what you did, or can you point me to any online references to do so.

SteveITS

@saqibs if you edit the config file be careful a search and replace does not replace text in certificates etc. done correctly you can just restore.

saqibs

@SteveITS

I was thinking of feeding the xml into powershell and use that to analyse and modify the config. To your point I will be careful as to which sections the find and replace edits.

stephenw10

Unless you have a very large number of vlans you probably just edit the xml file by hand.

If you have a number of sub-interface types, like VLANs, that's often the easiest way.

It should be possible to resave the VLANs in the gui to the new parent NICs and then reassign the interfaces to those in the gui before rebooting. However it's easy to get the ordering wrong there and end up in the CLI with invalid interfaces.

saqibs

@stephenw10
thanks for your response, that's really helpful.

JKnott

@saqibs

Boot the computer running pfSense and use the keyboard & monitor as the console. Go into the menu and select 1 to assign interfaces and then, if needed, 2 to assign IP addresses.